Strange Virus Problems

2007-05-27 11:57:11

#1

bobby177: Member; +129|6944|Texas.. getting out asap

I have been running for about 2 weeks without AV or Spyware protection enabled so I decided to install and scan everything today since there was some weird crap going on (All of my shortcuts on desktop having /data/resources/ added into their path).
So I scan with hijackthis and Spybot S&D and it finds a couple tracking cookies and 1 web activity monitoring thing. So I delete those.
Then, I run a scan with AVG free and it says every single .exe I have on my computer is a Trojan horse BackDoor.Small.53.U and there are thousands of them lol.

So, did a virus infect every .exe in my computer or is my AVG messing up?

2007-05-27 11:57:55

#2

Shem: sɥǝɯ; +152|6998|London (At Heart)

I think there is high possiblity you have, have been owned

Last edited by Shem (2007-05-27 12:10:25)

2007-05-27 11:58:35

#3

farmerfez: o wut?; +78|7001

this is why you have anti virus stuff kids.

2007-05-27 12:00:00

#4

bobby177: Member; +129|6944|Texas.. getting out asap

Now every single one of those .exes is trying to run so I am clicking heal on every one.... all thousand of then.

2007-05-27 12:00:15

#5

jsnipy: ...; +3,277|6993|...

i call pr0n.

Give us a sampling of the executables.

2007-05-27 12:00:57

#6

GC_PaNzerFIN: Work and study @ Technical Uni; +528|6885|Finland

PWNT

3930K | H100i | RIVF | 16GB DDR3 | GTX 480 | AX750 | 800D | 512GB SSD | 3TB HDD | Xonar DX | W8

2007-05-27 12:03:07

#7

bobby177: Member; +129|6944|Texas.. getting out asap

Yeah I am pretty much owned.

jsnipy wrote:
i call pr0n.

Give us a sampling of the executables.

https://i60.photobucket.com/albums/h11/bobby177/untitledviruses.jpg

lollll

2007-05-27 12:05:27

#8

bobby177: Member; +129|6944|Texas.. getting out asap

Note /data/resources/ in every single shortcut

Hahahaha yes I have clicked heal on all 234 of those popup boxes.

Last edited by bobby177 (2007-05-27 12:06:27)

2007-05-27 12:06:33

#9

UnknownRanger: Squirrels, natures little speedbump.; +610|6816|Cali

Shem wrote:
I think there is high possiblity you have have been owned

2007-05-27 12:07:13

#10

jsnipy: ...; +3,277|6993|...

Can it clean them?

It is safe to say that if you are to the point of asking about this then you you should keep your av running.

Last edited by jsnipy (2007-05-27 12:08:18)

2007-05-27 12:07:36

#11

buLLet_t00th: Mr. Boombastic; +178|6913|Stealth City, UK

Why did you take the Virus Protection off?

2007-05-27 12:09:33

#12

bobby177: Member; +129|6944|Texas.. getting out asap

jsnipy wrote:
Can it clean them?

Each time I clicked heal the box just went away so I hope so.
When the scan is done we will see though. I am also scanning for rootkits, could it possibly be that?
And the only 2 that aren't the infected .exes are dll6wise.dll, dllhost32.exe, and op32.exe, so it might be one of those doing all this. Or it might be my copy of XP because I had to find a torrent of an OEM version because I lost my cds. It's all good now though cause I found the CDs so I might have to reinstall.

2007-05-27 12:10:38

#13

bobby177: Member; +129|6944|Texas.. getting out asap

jsnipy wrote:
It is safe to say that if you are to the point of asking about this then you you should keep your av running.

buLLet_t00th wrote:
Why did you take the Virus Protection off?

Yeah I definitely will keep it running, I haven't installed it yet because there was just so much stuff to do lol.

Rootkit scan finished, none found.

Last edited by bobby177 (2007-05-27 12:10:58)

2007-05-27 12:11:15

#14

farmerfez: o wut?; +78|7001

reinstall windows XD

2007-05-27 12:11:16

#15

max: Vela Incident; +1,652|7038|NYC / Hamburg

/reformat

it the only way out

EDIT: 1 second

Last edited by max (2007-05-27 12:12:03)

_{once upon a midnight dreary, while i pron surfed, weak and weary, over many a strange and spurious site of ' hot xxx galore'. While i clicked my fav'rite bookmark, suddenly there came a warning, and my heart was filled with mourning, mourning for my dear amour, " 'Tis not possible!", i muttered, " give me back my free hardcore!"..... quoth the server, 404.}

2007-05-27 12:13:05

#16

jsnipy: ...; +3,277|6993|...

bobby177 wrote:
jsnipy wrote:
Can it clean them?
Each time I clicked heal the box just went away so I hope so.
When the scan is done we will see though. I am also scanning for rootkits, could it possibly be that?
And the only 2 that aren't the infected .exes are dll6wise.dll, dllhost32.exe, and op32.exe, so it might be one of those doing all this. Or it might be my copy of XP because I had to find a torrent of an OEM version because I lost my cds. It's all good now though cause I found the CDs so I might have to reinstall.

I use a sysinternals tool to look for rootkits on systems ...
http://www.microsoft.com/technet/sysint … ealer.mspx

If you find the issue over and over again ... and you get frustrated ... just reinstall ... I rarely suggest it, but in this case it seems applicable, it will just save you time.

Also if you want to dabble in "acquisitions", research the topic of running a virtual machine, just you test whatever software you acquire be introducing it into your main ssytem.

Last edited by jsnipy (2007-05-27 12:15:02)

2007-05-27 12:14:09

#17

mcgid1: Meh...; +129|7187|Austin, TX/San Antonio, TX

Ouch...good luck with cleaning all that out.

If not...*Lone bugler plays taps*

2007-05-27 12:17:58

#18

bobby177: Member; +129|6944|Texas.. getting out asap

jsnipy wrote:
bobby177 wrote:
jsnipy wrote:
Can it clean them?
Each time I clicked heal the box just went away so I hope so.
When the scan is done we will see though. I am also scanning for rootkits, could it possibly be that?
And the only 2 that aren't the infected .exes are dll6wise.dll, dllhost32.exe, and op32.exe, so it might be one of those doing all this. Or it might be my copy of XP because I had to find a torrent of an OEM version because I lost my cds. It's all good now though cause I found the CDs so I might have to reinstall.
I use a sysinternals tool to look for rootkits on systems ...
http://www.microsoft.com/technet/sysint … ealer.mspx

If you find the issue over and over again ... and you get frustrated ... just reinstall ... I rarely suggest it, but in this case it seems applicable, it will just save you time.

Also if you want to dabble in "acquisitions", research the topic of running a virtual machine, just you test whatever software you acquire be introducing it into your main ssytem.

sysinternals is down i think

2007-05-27 13:11:47

#19

Titch2349: iz me!; +358|6823|uk

just reformat.... much safer, completely get rid of it

AVG wrote:
A Threat was found during the scan

no shit.

Last edited by Titch2349 (2007-05-27 13:11:56)

2007-05-27 14:55:40

#20

bobby177: Member; +129|6944|Texas.. getting out asap

I think I may have fixed it... all the bad shortcuts were deleted and all the scans I have done are clean (AVG, Spybot S&D, HijackThis, RootKit Scanner)

2007-05-27 17:46:32

#21

ReDevilJR: Member; +106|6822

I'd just get a new HD, my co-worker has formatted a HD before and still had a left-over spyware...

2007-05-27 17:53:37

#22

bobby177: Member; +129|6944|Texas.. getting out asap

ReDevilJR wrote:
I'd just get a new HD, my co-worker has formatted a HD before and still had a left-over spyware...

How is that possible?

And I am pretty sure I fixed the problem.

2007-05-27 17:56:00

#23

Surgeons: U shud proabbly f off u fat prik; +3,097|6960|Gogledd Cymru

you deserve it after you spoiled the ending of pirates of the caribbean 3

2007-05-27 17:59:17

#24

russ)=spetsnaz: Banned; +131|6926|the guy in the hind on gator

ReDevilJR wrote:
I'd just get a new HD, my co-worker has formatted a HD before and still had a left-over spyware...

then the spyware must have come with whatever os shes running

Last edited by russ)=spetsnaz (2007-05-27 18:01:26)

2007-05-27 18:06:10

#25

Mitch: 16 more years; +877|6996|South Florida

farmerfez wrote:
reinstall windows XD

Yes reformatation is the best way. Who knows what will be left over of that shit once you "think" its removed.
I also recommend running a program called Nod32
It uses a different method of scanning for viruses.
Instead of contacting a server to get updates for the latest virus names (which means if only you are infected (custom virus meant just for you) you wont detect the virus)
Like i said, instead of that, Nod32 searches your comp for viruses by the signatures they leave and they way they act. If they act malicious in any way, there flagged. Ive never had a problem with it before and im virus free.

15 more years! 15 more years!

BF2S Forums Strange Virus Problems

jsnipy wrote:

Shem wrote:

jsnipy wrote:

jsnipy wrote:

buLLet_t00th wrote:

bobby177 wrote:

jsnipy wrote:

jsnipy wrote:

bobby177 wrote:

jsnipy wrote:

AVG wrote:

ReDevilJR wrote:

ReDevilJR wrote:

farmerfez wrote:

Board footer