Pages: 1 2

 

2010-05-17 15:34:53
presidentsheep
Back to the Fuhrer
+208|6219|Places 'n such
Got a problem with a virus that i can't seem to get rid of...
I've wiped everything that i can think of that it could be: all my temp files, cookies, appdata and some others.

At the moment i get pop ups every few minutes via internet explorer (which i never use) to random add sites, or to just oddly named websites which return an error.

avg also sees anything i do or open as a threat:
https://i236.photobucket.com/albums/ff180/presidentsheep/Untitled-4.jpg

halp me bf2s.
I'd type my pc specs out all fancy again but teh mods would remove it. Again.
2010-05-17 15:35:48
King_County_Downy
shitfaced
+2,791|6855|Seattle

malwarebytes.org for a free scan
Sober enough to know what I'm doing, drunk enough to really enjoy doing it
2010-05-17 15:36:45
presidentsheep
Back to the Fuhrer
+208|6219|Places 'n such

King_County_Downy wrote:

malwarebytes.org for a free scan
cheers, will give it a go.
Thought it was just AVG being funny until I started to get the popups.
I'd type my pc specs out all fancy again but teh mods would remove it. Again.
2010-05-17 15:39:48
presidentsheep
Back to the Fuhrer
+208|6219|Places 'n such
Fuck, antispyware soft stuff is everywhere. I genuinely cant get anywhere but this page...
Its blocking me opening programs or doing anything on my pc atm.
I'm far too tired for this.
I'd type my pc specs out all fancy again but teh mods would remove it. Again.
2010-05-17 15:40:36
King_County_Downy
shitfaced
+2,791|6855|Seattle

presidentsheep wrote:

Fuck, antispyware soft stuff is everywhere. I genuinely cant get anywhere but this page...
Its blocking me opening programs or doing anything on my pc atm.
I'm far too tired for this.
Try booting into safe mode with networking
Sober enough to know what I'm doing, drunk enough to really enjoy doing it
2010-05-17 15:41:22
King_County_Downy
shitfaced
+2,791|6855|Seattle

Better yet, download the app on another computer and burn to CD/transfer via USB stick etc. to the infected computer. You may have to install in safe mode. (Should work)
Sober enough to know what I'm doing, drunk enough to really enjoy doing it
2010-05-17 15:42:19
presidentsheep
Back to the Fuhrer
+208|6219|Places 'n such
cant cntrl alt delete to close it or get cmd.exe up i get "application cannot be executed. The file cmd.exe blah blah"
It's obviously whatever this is, i cant get rid of it though malwarebytes just says an error occured when i load the page.
I'd type my pc specs out all fancy again but teh mods would remove it. Again.
2010-05-17 15:43:39
King_County_Downy
shitfaced
+2,791|6855|Seattle

Reboot the computer and keep hitting F8 on start up. Select Safe Mode with Networking
Sober enough to know what I'm doing, drunk enough to really enjoy doing it
2010-05-17 15:43:55
presidentsheep
Back to the Fuhrer
+208|6219|Places 'n such

King_County_Downy wrote:

Better yet, download the app on another computer and burn to CD/transfer via USB stick etc. to the infected computer. You may have to install in safe mode. (Should work)
Going to try that now, will post results.

#edit: if i can XD

Last edited by presidentsheep (2010-05-17 15:44:17)

I'd type my pc specs out all fancy again but teh mods would remove it. Again.
2010-05-17 16:14:12
presidentsheep
Back to the Fuhrer
+208|6219|Places 'n such
right, installed and scanning, 2 infected files atm.
I'd type my pc specs out all fancy again but teh mods would remove it. Again.
2010-05-17 16:36:05
King_County_Downy
shitfaced
+2,791|6855|Seattle

Good luck brutha
Sober enough to know what I'm doing, drunk enough to really enjoy doing it
2010-05-17 16:45:25
presidentsheep
Back to the Fuhrer
+208|6219|Places 'n such
Got this:

Registry Keys Infected:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Windows MSI (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ychkmdwi (Rogue.AntispywareSoft) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.20,93.188.161.244 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3b38eb04-907f-4f91-bd38-26dfb82a6868}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.163.20,93.188.161.244 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3b38eb04-907f-4f91-bd38-26dfb82a6868}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.20,93.188.161.244 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3cf50bf2-f70f-4f16-b241-8b1498091afb}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.20,93.188.161.244 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Joe\AppData\Local\thjefawog\gbjbclqtssd.exe (Rogue.AntispywareSoft) -> No action taken.
C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1MM1XTU\n008106201318r0809J0f000601R06c53eddW160c5afaXc049b604Y8bb87014Z0100f0700[1] (Rogue.AntispywareSoft) -> No action taken.
C:\Users\Joe\AppData\Local\Temp\ktQV.exe (Rogue.AntispywareSoft) -> No action taken.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\Users\Joe\AppData\Local\Temp\Owh.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Users\Joe\AppData\Local\asam.exe (Trojan.Agent) -> No action taken.

looks bad =\
I'd type my pc specs out all fancy again but teh mods would remove it. Again.
2010-05-17 16:46:48
King_County_Downy
shitfaced
+2,791|6855|Seattle

Clean that shit dog!

Select all and remove!
Sober enough to know what I'm doing, drunk enough to really enjoy doing it
2010-05-17 16:52:53
presidentsheep
Back to the Fuhrer
+208|6219|Places 'n such
Done it, seems to all be gone now, gonna run a final scan with AVG and malwarebytes then hopefully go to sleep
I'd type my pc specs out all fancy again but teh mods would remove it. Again.
2010-05-17 17:16:44
SonderKommando
Eat, Lift, Grow, Repeat....
+564|6918|The darkside of Denver
Malwarebytes is awsm. I use it at work all the time. Othe protips if you ever need em:
-Some viruses won't let you install malwarebytes cause they know it'll pwn em. So rename the installer somethingelse.exe. 
-they can also drop the executable so go into the mb directory and rename the exe whareve you want.exe
-keep the installer on a pen drive. You'll need it again
2010-05-17 17:24:32
King_County_Downy
shitfaced
+2,791|6855|Seattle

1 more protip. Keep Windows updated with all critical/security updates.

Start - Run - MRT <enter>

I should have suggested that first.... I think there's a malicious removal tool for this fake virus alert thing... malwarebytes is better though.
Sober enough to know what I'm doing, drunk enough to really enjoy doing it
2010-05-17 19:37:37
pirana6
Go Cougs!
+692|6549|Washington St.
my tip:

I know those shitty viruses that don't let you open anything (like ctrl+alt+dlt). If you don't go into safe mode (which you should but anyway) and as soon as you start-up, hit ctrl+alt+dlt and find the infected file/virus as it's loading and end process you should be able to work in normal mode (i.e. run stuff like cmd.exe and malwarebytes.exe and stuff you've downloaded that helps) until you've got it removed or know how to remove it (or restart and it loads again).
2010-05-17 21:04:39
HaiBai
Your thoughts, insights, and musings on this matter intrigue me
+304|5742|Bolingbrook, Illinois

pirana6 wrote:

my tip:

I know those shitty viruses that don't let you open anything (like ctrl+alt+dlt). If you don't go into safe mode (which you should but anyway) and as soon as you start-up, hit ctrl+alt+dlt and find the infected file/virus as it's loading and end process you should be able to work in normal mode (i.e. run stuff like cmd.exe and malwarebytes.exe and stuff you've downloaded that helps) until you've got it removed or know how to remove it (or restart and it loads again).
lol any good virus will either a) hide its process b) prevent it from being ended with task manager or c) load up and prevent task manager from opening way before any of the other processes start

anyway, use combofix
2010-05-17 21:25:31
TopHat01
Limitless
+117|6163|CA
Backup important files, and then reformat.  Only sure way of getting rid of it.
Check out my YouTube channel
2010-05-18 07:45:14
ghettoperson
Member
+1,943|6907

TopHat01 wrote:

Backup important files, and then reformat.  Only sure way of getting rid of it.
"I say we take off and nuke the entire site from orbit. It's the only way to be sure."
2010-05-18 07:49:28
Jaekus
I'm the matchstick that you'll never lose
+957|5437|Sydney

TopHat01 wrote:

Backup important files, and then reformat.  Only sure way of getting rid of it.
I've got a mate who reformats at the drop of the hat. That's not you is it Doug?
2010-05-18 10:45:53
Ilocano
buuuurrrrrrppppp.......
+341|6925

Reformat?  Pfft.  Image backups are much easier.  Check out Windows Home Server for ease of use PC image incremental backups.
2010-05-18 15:40:52
TopHat01
Limitless
+117|6163|CA

Jaekus wrote:

TopHat01 wrote:

Backup important files, and then reformat.  Only sure way of getting rid of it.
I've got a mate who reformats at the drop of the hat. That's not you is it Doug?
Nope.   In all seriousness though, when I have a virus/infection that is removing functionality from Windows, I typically reformat.  Not worth dealing with trying to remove it (and Like HaiBai points out, some of them hide themselves) when I can simply back-up and start over.

Last edited by TopHat01 (2010-05-18 15:41:34)

Check out my YouTube channel
2010-05-18 19:01:15
HaiBai
Your thoughts, insights, and musings on this matter intrigue me
+304|5742|Bolingbrook, Illinois

TopHat01 wrote:

Jaekus wrote:

TopHat01 wrote:

Backup important files, and then reformat.  Only sure way of getting rid of it.
I've got a mate who reformats at the drop of the hat. That's not you is it Doug?
Nope.   In all seriousness though, when I have a virus/infection that is removing functionality from Windows, I typically reformat.  Not worth dealing with trying to remove it (and Like HaiBai points out, some of them hide themselves) when I can simply back-up and start over.
The thing is, a virus that is trying to hide itself that badly won't do something stupid like disable the task manager.  Then again, it depends on the virus.  However, if someone puts a Trojan on your computer, it's because they want something from you.  So the trojan will hide, and maybe after detecting that the user of the computer is idle, the trojan will start a upload to some dudes computer.  After a minute, it'll be done, and the user will never know.

So in that case, you should reformat everyday.

Or better yet, remove your network card from your computer.
2010-05-18 21:05:00
TopHat01
Limitless
+117|6163|CA
^Great idea, I'll start reformatting everyday.

Last edited by TopHat01 (2010-05-18 21:05:09)

Check out my YouTube channel

 

Pages: 1 2

Board footer

Privacy Policy - © 2025 Jeff Minard