Pages: 1

 

2007-05-26 22:56:10
some_random_panda
Flamesuit essential
+454|6855

I got some trojan on my comp about two days ago, and only realised yesterday, when I tried XFire, found neither it nor the site was connecting, and I couldn't access a help site about common viruses/spyware.  Then began a campaign of 3 anti-spyware/malware scans, 4 antivirus scans, one Norton Antivirus full system check, and about four hours of research.
Finally I seem to have removed all working traces of the virus, mostly by careful manual deletion (fortunately most files and .ddls were stored in the one folder) and XFire has resumed working, the sites have become unblocked, and none of the spyware scans have turned up anything, except for a few standard tracking cookies every site seems to have.

However, there is one thing I haven't deleted - the registry keys.  I know I can use REGEDIT to do that, but that would void my warranty - not something I want on a 5 month old computer.  If I've deleted all traces save for the registry values (which actually may have been deleted by registry mechanic, as they no longer link to anything), will the virus still be crippled/destroyed?  This is the first time I've had to root out something like this, usually it's a simple worm.

And finally, let that be a lesson.  ALWAYS research internet programs before using them, and if possible get a friend to use it on his own computer for an extended period before trying it as well.  Just my luck he directed me to a program that came bundled with a trojan Browser Helper Object.
P.S.  If you want a download manager, use GetRight.  NEVER try FlashGet.  Also, can anyone tell me if Fresh Download is any good?


/rant  Panda

Last edited by some_random_panda (2007-05-26 22:57:00)

2007-05-26 23:02:26
lavadisk
I am a cat ¦ 3
+369|7294|Denver colorado

some_random_panda wrote:

And finally, let that be a lesson.  ALWAYS research internet programs before using them, and if possible get a friend to use it on his own computer for an extended period before trying it as well.  Just my luck he directed me to a program that came bundled with a trojan Browser Helper Object.
P.S.  If you want a download manager, use GetRight.  NEVER try FlashGet.  Also, can anyone tell me if Fresh Download is any good?


/rant  Panda
I'm glad I do that. I'm proud that Ive never let one piece of shit get on my computer.
2007-05-26 23:05:04
Cheez
Herman is a warmaphrodite
+1,027|6903|King Of The Islands

What's wrong with Flashget now?
My state was founded by Batman. Your opinion is invalid.
2007-05-26 23:07:12
some_random_panda
Flamesuit essential
+454|6855

Cheez wrote:

What's wrong with Flashget now?
It comes bundled with a trojan.  Get rid of it NOW.

McAfee has it labelled as a virus/spyare too.

Last edited by some_random_panda (2007-05-26 23:07:56)

2007-05-26 23:08:41
gene_pool
Banned
+519|7085|Gold coast, Aus.
I don't understand how people get virii. I have not used a spyware detector thing for a year and still haven't had a virus.
2007-05-26 23:09:17
Vub
The Power of Two
+188|6958|Sydney, Australia
Reminds me of that time when a trojan turned up in my computer. It was a smart virus that one, it basically invaded my Norton Antivirus, Windows Help and Support and System Restore, which all stopped working. So I was left without help and without a fix. It was then a white knight came along called AVG Free, and shot the trojan into smithereens of trace electronic impulses.

So now I use AVG and Zonealarm, and run a virus check on everything I download.
2007-05-26 23:13:37
Vub
The Power of Two
+188|6958|Sydney, Australia

gene_pool wrote:

I don't understand how people get virii. I have not used a spyware detector thing for a year and still haven't had a virus.
Normally, most viruses(?) come when you download email attachments, unsolicited programs like warez, or download files from P2P software. However, a few years ago there was that MSNBlaster worm (I think it was called) and it seemed like you were infected just by having been connected to the internet at that time.

If you don't use a firewall and anti-virus software, I suggest you get these. A spyware detector might also be useful but it generally doesn't detect viruses(?) I think.

Last edited by Vub (2007-05-26 23:14:06)

2007-05-26 23:17:29
Cheez
Herman is a warmaphrodite
+1,027|6903|King Of The Islands

some_random_panda wrote:

Cheez wrote:

What's wrong with Flashget now?
It comes bundled with a trojan.  Get rid of it NOW.

McAfee has it labelled as a virus/spyware too.
What phag version you using? Mines clean.

Oh, oh wait I think I got it. BHO right?

Bwhahahaha. That's the 'oh you clicked the link, I'll put that in Flashget' helper object. It actually is legitimate.

GG.
My state was founded by Batman. Your opinion is invalid.
2007-05-26 23:19:13
some_random_panda
Flamesuit essential
+454|6855

Cheez wrote:

some_random_panda wrote:

Cheez wrote:

What's wrong with Flashget now?
It comes bundled with a trojan.  Get rid of it NOW.

McAfee has it labelled as a virus/spyware too.
What phag version you using? Mines clean.

Oh, oh wait I think I got it. BHO right?

Bwhahahaha. That's the 'oh you clicked the link, I'll put that in Flashget' helper object. It actually is legitimate.

GG.
Except for the fact that it blocks all my internet connections to certain servers.  Highly legit.
http://vil.nai.com/vil/content/v_131043.htm

Last edited by some_random_panda (2007-05-26 23:21:33)

2007-05-26 23:20:34
jsnipy
...
+3,277|6986|...

also try running suspect software as a limited user.
2007-05-26 23:22:35
Cheez
Herman is a warmaphrodite
+1,027|6903|King Of The Islands

As I said before, what phag version you got, mine works fine (Flashget, IE, Firefox, or otherwise).

You got it from their site or Softpedia, right? People can bundle trojans afterwards and redistribute that.

And did the scan specifically say Flashget was the cause? As I said its BHO is real. Don't forget masquerades.

Edit: as for your edit,

It has been reported because it adds a toolbar and BHO. As I said, for legitimate purposes.

As for the "adware", choosing Shareware avoids that whole scenario. It IS clean if installed correctly. It does NOT redirect or block traffic of any sort.

Maybe I should say it once more so it sinks in: MINE WORKS FINE.

Scans of Program Files\Flashget, the Registry and System all turn up the same result:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:    16:31:02 27/05/2007

+ Scan result:   



    Nothing found.



::Report end

Last edited by Cheez (2007-05-26 23:31:35)

My state was founded by Batman. Your opinion is invalid.
2007-05-26 23:24:54
some_random_panda
Flamesuit essential
+454|6855

Cheez wrote:

As I said before, what phag version you got, mine works fine (Flashget, IE, Firefox, or otherwise).

You got it from their site or Softpedia, right? People can bundle trojans afterwards and redistribute that.

And did the scan specifically say Flashget was the cause? As I said its BHO is real. Don't forget masquerades.
I got it from their site.  Flashget is not the cause, but ti does come with some nasty monitoring stuff that stops you from accessing sites they don't want you to access - as soon as I got rid of it I could use the sites again.

For example, try this link:  www.xfire.com
I assumed it was down, but Poseidon told me it wasn't, so I made a few investigations.

Last edited by some_random_panda (2007-05-26 23:28:30)

2007-05-26 23:44:04
Cheez
Herman is a warmaphrodite
+1,027|6903|King Of The Islands

https://img89.imageshack.us/img89/3484/untitledgs3.jpg


Anything else? (Not being arrogant, I'm trying to figure out why your net wasn't working)
My state was founded by Batman. Your opinion is invalid.
2007-05-27 00:05:24
some_random_panda
Flamesuit essential
+454|6855

Cheez wrote:

http://img89.imageshack.us/img89/3484/untitledgs3.jpg


Anything else? (Not being arrogant, I'm trying to figure out why your net wasn't working)
Hmmm...must be an IE thing.
2007-05-27 00:08:05
Cheez
Herman is a warmaphrodite
+1,027|6903|King Of The Islands

some_random_panda wrote:

Cheez wrote:

http://img89.imageshack.us/img89/3484/untitledgs3.jpg


Anything else? (Not being arrogant, I'm trying to figure out why your net wasn't working)
Hmmm...must be an IE thing.
Hence why I opened an IETab too.
My state was founded by Batman. Your opinion is invalid.
2007-05-27 00:12:39
some_random_panda
Flamesuit essential
+454|6855

Cheez wrote:

some_random_panda wrote:

Cheez wrote:

http://img89.imageshack.us/img89/3484/untitledgs3.jpg


Anything else? (Not being arrogant, I'm trying to figure out why your net wasn't working)
Hmmm...must be an IE thing.
Hence why I opened an IETab too.
You can run IE with FF?

Must have gotten an imitation download then.

Isn't this the site?
http://www.flashget.com/en/download.htm

Last edited by some_random_panda (2007-05-27 00:16:44)

2007-05-27 00:16:11
Cheez
Herman is a warmaphrodite
+1,027|6903|King Of The Islands

IETab

One last question, are you running IE7? I don't have it on this computer but I have Flashget and IE7 on my laptop yet I haven't noticed any problems there either.

Oh and McAfee reports files that aren't Flashget, like flashget1.exe, etc.
But they are still knarked that it had banner ads in the program.

Edit: Yes, that is the site. Are you using Classic (the one that has the 'ads') or the new version (I'm still a little suss about)?

In either case: http://www.flashget.com/en/awards.htm

Last edited by Cheez (2007-05-27 00:48:28)

My state was founded by Batman. Your opinion is invalid.

 

Pages: 1

Board footer

Privacy Policy - © 2025 Jeff Minard