PDA

View Full Version : Crazy Virus.



Gingersnap
12-28-2010, 02:03 PM
I got infected with a fake alert virus (from a knitting pattern site of all things) and also a Google redirect virus.

The virus prevented me from using Malwarebytes until I figured out a workaround. I ran Rkill and Malwarebytes as well as my usual firewall stuff. Now things seem normal but I'm hesitant to reboot since when I did before (midway through the scouring process), the fake alert returned.

Is there anything else I should run before rebooting? I use this notebook every day so theoretically, I could just let it sleep and never reboot until replacing the battery. ;)

Rockntractor
12-28-2010, 02:15 PM
I got infected with a fake alert virus (from a knitting pattern site of all things) and also a Google redirect virus.

The virus prevented me from using Malwarebytes until I figured out a workaround. I ran Rkill and Malwarebytes as well as my usual firewall stuff. Now things seem normal but I'm hesitant to reboot since when I did before (midway through the scouring process), the fake alert returned.

Is there anything else I should run before rebooting? I use this notebook every day so theoretically, I could just let it sleep and never reboot until replacing the battery. ;)

If it was me I would reformat the drive and reload Windows.

megimoo
12-28-2010, 02:26 PM
I got infected with a fake alert virus (from a knitting pattern site of all things) and also a Google redirect virus.

The virus prevented me from using Malwarebytes until I figured out a workaround. I ran Rkill and Malwarebytes as well as my usual firewall stuff. Now things seem normal but I'm hesitant to reboot since when I did before (midway through the scouring process), the fake alert returned.

Is there anything else I should run before rebooting? I use this notebook every day so theoretically, I could just let it sleep and never reboot until replacing the battery. ;)

I had the same problem with that virus.My daughter uses AVAST PRO and after a couple of running it days the virus was locked in the Virus vault .
VIRUS NAME
WIN 32:FakeAV-ANH
JS:FakeWarn-E

there were five of them scattered in various directories but they are gone now.I hate to pay for software but that thing had me all locked up.

The symptoms that you describe are much the same,as long as you are in an executable no problem but going back to the exec the virus locks you out.

The virus was smart enough to corrupt my system restore files disabling my ability to restart at an earlier uncorrupted date.


http://www.avast.com/pro-antivirus

megimoo
12-28-2010, 02:40 PM
If it was me I would reformat the drive and reload Windows.
I tried that but the Virus was in SyS$Root .I swapped drives to an older smaller XP backup and the virus jumped to that drive.After I installed AVAST I was able to delouse both drives !

Gingersnap
12-28-2010, 02:42 PM
.

The virus was smart enough to corrupt my system restore files disabling my ability to restart at an earlier uncorrupted date.

This is something I'm kind of worried about. :(

hampshirebrit
12-28-2010, 02:48 PM
If it was me I would reformat the drive and reload Windows.

If it was me, I'd get a mac.

But then, it is me, so I don't need to.

Rockntractor
12-28-2010, 02:51 PM
I tried that but the Virus was in SyS$Root .I swapped drives to an older smaller XP backup and the virus jumped to that drive.After I installed AVAST I was able to delouse both drives !

Avast is what I use.

megimoo
12-28-2010, 03:04 PM
This is something I'm kind of worried about. :(

It didn't disturb any of my data but tried to get me to load their so called anti virus crap.With my new anti virus suite running it blasts a warning when ever I visit a virus honey pot site by accident .

This Trojan uses psychological warfare and accuses me of visiting 'X' rated sites displaying pages from hard core sites to drive me to load their software with a larger virus load.

But I am innocent of those charges...honest !

After running it for a few days I changed the scan parameters and did a deep system scan on both drives that ran for several days.That picked up two more 'sleeper' viruses and locked them up in the vault !I'm sure there are a few more lurking somewhere on the drives but time will tell !

Zafod
12-28-2010, 05:03 PM
If it was me, I'd get a mac.

But then, it is me, so I don't need to.

yawn

Rockntractor
12-28-2010, 05:05 PM
yawn

I don't think a Mac could run something as complicated as a virus!

Zafod
12-28-2010, 05:09 PM
I don't think a Mac could run something as complicated as a virus!

bwahahahahahahahahahahaha!!!!!!

megimoo
12-28-2010, 05:18 PM
I don't think a Mac could run something as complicated as a virus!Watch out for Mac Fans all over you.

hampshirebrit
12-28-2010, 05:48 PM
yawn


LOL. I thought you probably would say that, you PeeCee dweeb. :D

Zafod
12-28-2010, 06:36 PM
LOL. I thought you probably would say that, you PeeCee dweeb. :D

check out my thread in tech.

Rockntractor
12-28-2010, 06:44 PM
check out my thread in tech.

He saw it but it will take the Mac a while to bring it up, he always has kind of a delay and it isn't the pond between us.:D

megimoo
12-28-2010, 08:22 PM
He saw it but it will take the Mac a while to bring it up, he always has kind of a delay and it isn't the pond between us.:D

If you keep baiting them they'll spatter Mac Bits all over you.Btw..Why doesn't Apple sue McDonald's over the Big Mac Name ?

Rockntractor
12-28-2010, 08:25 PM
http://www.youtube.com/watch?v=oglueOxXTSQ

Lager
12-28-2010, 08:30 PM
Those stupid redirect viruses were some of the most troublesome I've had to deal with. They kept coming back. I downloaded hitman pro, as well as combo fix. I turned off restore points before running the programs because somebody told me some crap could hide in there. Afterwards, I recreated a restore point right after the cleaning. Another program I've heard good things about is TDSS killer. A redirect virus is basically a TDSS virus that is very good at hiding.

Gingersnap
12-28-2010, 08:33 PM
Those stupid redirect viruses were some of the most troublesome I've had to deal with. They kept coming back. I downloaded hitman pro, as well as combo fix. I turned off restore points before running the programs because somebody told me some crap could hide in there. Afterwards, I recreated a restore point right after the cleaning. Another program I've heard good things about is TDSS killer. A redirect virus is basically a TDSS virus that is very good at hiding.

Can you tell me more about TDSS killer? Frankly, I'm afraid to run Combofix without somebody holding my hand. :eek:

Lager
12-28-2010, 08:45 PM
Can you tell me more about TDSS killer? Frankly, I'm afraid to run Combofix without somebody holding my hand. :eek:

TDSS killer is a kaspersky labs product, which is supposed to be good anti virus stuff. I downloaded a free trial version and ran the exe file. It does a pretty quick scan since it's geared to looking specifically for this type of bug which always hides in the same place in windows system files. Even after I got malware bytes running, it was never too successful with this type of virus. I use symantec software for basic AV. It would alert me that the virus was there, but was poor at removing it.

SaintLouieWoman
12-28-2010, 09:03 PM
Those stupid redirect viruses were some of the most troublesome I've had to deal with. They kept coming back. I downloaded hitman pro, as well as combo fix. I turned off restore points before running the programs because somebody told me some crap could hide in there. Afterwards, I recreated a restore point right after the cleaning. Another program I've heard good things about is TDSS killer. A redirect virus is basically a TDSS virus that is very good at hiding.

I was in St Louis and stayed with a friend. She was on Facebook and was caught by that virus. I was unable to post on CU for some time, as her computer was being repaired (or attempted) by a mutual friend's husband. He is a total computer geek/wizard, but could never get rid of that virus. He finally had to reload everything. So far she's ok.

He said when he went into the office, there were 6 people who had brought in their laptops with the same virus. Other friends have also fallen victim to it.

My friend got a message that she had a virus and was directed by the virus to follow the links to fix it. Naturally, it just took over her system. I'm glad she didn't follow the further directions to give her credit card number to pay the virus to fix itself. :rolleyes:

megimoo
12-28-2010, 09:07 PM
Can you tell me more about TDSS killer? Frankly, I'm afraid to run Combofix without somebody holding my hand. :eek:

Best to be careful with that free anti virus stuff.There are a number of them that actually install Trojans along with their so called virus fixes.Spend some time on the anti virus boards and read what they say.There's some good information available there.

Many folks are infected by the same Trojans as you and they have lots to say about how they finally fixed their problems.They also know which software houses actually install viruses and Trojans on your system.

Think about it ,Who benefits the most by you having a Trojan and are unable to use your laptop ?The people who write and sell the anti_virus software .They know that eventually you will buy software to clean out the bugs and it may be theirs.

Just about every home in America has at least one PC and if they are all Infected over time that's hundreds of million of dollars per anti virus house .

Gingersnap
12-28-2010, 09:51 PM
I went ahead and ran TDSS killer (it didn't find anything) so I took a deep breath and rebooted. All is well. (I think.)

For others with this problem, here's what I did:

Run rKill and then run Malwarebytes (do a full scan). If you can't run those programs because the virus is preventing it, create a desktop shortcut for rKill, reboot, and hit the shortcut before all your normal shields kick in.

Follow the instructions and then update and run your normal anti-virus stuff. Run TDSS too - it can't hurt (thanks Lager!).

PoliCon
12-28-2010, 10:07 PM
I don't think a Mac could run something as complicated as a virus!

:D

PoliCon
12-28-2010, 10:09 PM
Another Virus help is to not do daily work on an admin account - save the admin account for when you have to install something - something you know is safe. If you don't have admin privileges most viruses cannot install themselves.

Gingersnap
12-28-2010, 10:32 PM
Another Virus help is to not do daily work on an admin account - save the admin account for when you have to install something - something you know is safe. If you don't have admin privileges most viruses cannot install themselves.

I wasn't in Admin mode and it got me. I wasn't even downloading anything. The virus got me when I clicked on an image of a pattern to enlarge it. :(

PoliCon
12-28-2010, 10:34 PM
I wasn't in Admin mode and it got me. I wasn't even downloading anything. The virus got me when I clicked on an image of a pattern to enlarge it. :(

IE?

Gingersnap
12-28-2010, 10:37 PM
IE?

Firefox. In fact, Firefox got totally corrupted and I had to use IE to get to Bleeping Computer for insight on the virus.

PoliCon
12-28-2010, 10:44 PM
Firefox. In fact, Firefox got totally corrupted and I had to use IE to get to Bleeping Computer for insight on the virus.

wow that is crazy! Just goes to show you can't trust knitters.

Lager
12-29-2010, 03:56 PM
I wasn't in Admin mode and it got me. I wasn't even downloading anything. The virus got me when I clicked on an image of a pattern to enlarge it. :(

They're getting sneakier. I seldom use Admin mode and I got one. I still am not sure how or where.

megimoo
12-29-2010, 04:11 PM
They're getting sneakier. I seldom use Admin mode and I got one. I still am not sure how or where.The people who write this code are all young kids steeped in bit hacking.They get their 'Jollies' hacking each other .They pack a lot of code into a small kernel and hide it in unsuspecting sites usually hidden at the edges of Photos/Pictures .It's the modern day version of 'I'm Smarter Than You ' !And these days some of them even get paid to write their code .