Page 1 of 3 1 2 3 LastLast
Results 1 to 30 of 65
  1. #1
    Join Date
    Apr 2007
    Location
    The magical Kingdom.... of Fife
    Posts
    4,468
    Thanks
    1,135
    Thanked 1,584 Times in 1,007 Posts

    I would like to thank

    ... the computer programmer who wrote the virus that took FOUR HOURS of my time tonight to combat. If I ever meet him/her I would like to shake them warmly and firmly by the throat... from the inside.... going in through the smallest and lowest orifice available.

    There are still probably parts of the exoskeleton of the bug that I need to remove before I risk emailing anybody. I still can't access certain programmes on my pc.

    I am now firmly in touch with my darker side, and the only advice I can give to anybody who has the av protection suite pop up on their screen looking like a genuine Windows Security warning is DON'T click on any buttons there; none at all, unless you want it to access your browser and try to load your pc with porn. Took me the best part of an hour to realise that....

    ... btw, since it is a virus, it probably wouldn't be a good idea to click on the porn sites


  2. Hide this ad by registering as a member
  3. #2
    Join Date
    Oct 2008
    Posts
    536
    Thanks
    477
    Thanked 774 Times in 261 Posts
    I had a friend who got the same virus; this will fix it quickly, unless it's mutated since.

    The free version is all that's necessary.

    edit:

    does the exoskeleton you mentioned have to do with problems running .exe files (as in, they don't run but instead ask you what program you want to associate them with?) Because that's a leftover registry error I saw, too. If that's your problem, I think I can still find the fix for it, if you want.
    Last edited by jcpahl; June 16th, 2010 at 07:22 PM.

  4. The Following User Says Thank You to jcpahl For This Useful Post:


  5. #3
    Join Date
    Sep 2005
    Posts
    3,430
    Thanks
    643
    Thanked 1,484 Times in 719 Posts
    Al, this is maybe a bit late and you may already have this lot but..

    1) Do not use Internet Explorer for anything other than Windows update.. Safari, Firefox, Opera, Chrome, they are all better, safer, faster, take your pick. I like Firefox with Noscript.
    http://www.mozilla-europe.org/en/firefox/
    https://addons.mozilla.org/en-US/firefox/addon/722/

    2) Spybot. The resident protection will block most of these things from ever getting hold in your browser once you run "immunise". It'll blacklist 100,000 or so common bad things..
    http://www.safer-networking.org/index2.html

    3) Set up a "non admin" user profile in Windows and use that. If you don't have admin rights, nothing will install or run.
    Edit: you'll need to move any files you need to a shared docs folder though..

    You probably know all this, just saying though..
    Last edited by Flake; June 16th, 2010 at 07:23 PM.

  6. The Following User Says Thank You to Flake For This Useful Post:


  7. #4
    Join Date
    Apr 2007
    Location
    The magical Kingdom.... of Fife
    Posts
    4,468
    Thanks
    1,135
    Thanked 1,584 Times in 1,007 Posts
    I tried that; it displayed 4 bugs. Slowed things down a bit. Then I ran my normal anti-virus over again. Showed about 20 bugs, but wouldn't let me click the button to fix them. I rebooted and tried again. Showed 4 bugs and let me click to fix. Ran a short scan on Malwarebytes which showed nothing.

    I guess it has mutated. Seems to have altered Firefox settings. I'm having to use IE, and it's making me uneasy . I'll blitz it again tomorrow. If you get it, ignore the windows that pop up. Click on nothing; it just seems to make things worse. Don't even click the security balloon or you'll get a message about penile extension.

    Could be worse, I suppose. It could have made a noise like a vuvuzela....

  8. The Following User Says Thank You to alesoun For This Useful Post:


  9. #5
    Join Date
    Apr 2007
    Location
    The magical Kingdom.... of Fife
    Posts
    4,468
    Thanks
    1,135
    Thanked 1,584 Times in 1,007 Posts
    Flake, I normally use Firefox, but I'm getting a message about proxy server not responding; and I've uninstalled and re-installed firefox twice. Haven't run Spybots yet... four hours is enough.

    Anybody getting this; I'd have saved a lot of time signing off and rebooting. If you don't, you can't access any protection you have no matter how much you swear. Also has a nasty habit of having windows pop up in positions that make it difficult to see what you're doing if you do get onto your own virus protection.

    DON'T, whatever you do, click on the security balloons. I have the feeling that they're being used to load something.

  10. #6
    Join Date
    Sep 2005
    Posts
    3,430
    Thanks
    643
    Thanked 1,484 Times in 719 Posts
    Sounds nasty.

    If you can get in, a full Spybot scan should be about half an hour.

    Might not catch it though, these days Spybot is set up more as prevention than cure..

  11. The Following User Says Thank You to Flake For This Useful Post:


  12. #7
    Join Date
    Oct 2008
    Posts
    536
    Thanks
    477
    Thanked 774 Times in 261 Posts
    IIRC, there was a single process that you can terminate in the task manager (ctrl-alt-del to access in Windows) that will disable the virus temporarily (I think it was just av.exe), and after terminating it, you can delete the virus itself; it was a hidden executable in a Windows system file directory, I remember that much. I found it by searching the hard disk for the process I disabled to terminate the virus, but you have to change the security settings to show hidden files and folders before it will be visible.

    I wish I could remember better, but it was months ago that I dealt with this.

    If you Google AV virus, there are tons of links on how to fix it.

    Quote Originally Posted by alesoun View Post
    Ran a short scan on Malwarebytes which showed nothing.

    Try running the long scan; I'm almost positive that's what I had to do before it showed up.

  13. The Following User Says Thank You to jcpahl For This Useful Post:


  14. #8
    Join Date
    Apr 2007
    Location
    The magical Kingdom.... of Fife
    Posts
    4,468
    Thanks
    1,135
    Thanked 1,584 Times in 1,007 Posts
    I'll update before I do it in the morning. Guess I'll have to borrow daughter's pc if I need to email until I'm sure it's clear. I'd hate to pass it on to anyone else.

  15. #9
    Join Date
    Jun 2006
    Location
    Torrance, CA
    Posts
    6,797
    Thanks
    2,276
    Thanked 4,262 Times in 2,074 Posts
    Please run this in SAFE mode btw. It's going to be worse if you're just using it regularly and allowing more trojans to drop in.

    It has probably also buried itself in the recycling bin/system restore files.

  16. The Following User Says Thank You to Arshes Nei For This Useful Post:


  17. #10
    Join Date
    Apr 2007
    Location
    The magical Kingdom.... of Fife
    Posts
    4,468
    Thanks
    1,135
    Thanked 1,584 Times in 1,007 Posts
    I ran system restore when I thought I'd cleared it, so that's possible. Bugger!

  18. #11
    Join Date
    Sep 2005
    Posts
    3,430
    Thanks
    643
    Thanked 1,484 Times in 719 Posts
    Slightly off topic, but has anyone got "System restore" to do anything useful ever?

    I think it fixed my video codecs about 9 years ago, other than that, nowt..

  19. The Following User Says Thank You to Flake For This Useful Post:


  20. #12
    Join Date
    Apr 2008
    Posts
    69
    Thanks
    11
    Thanked 66 Times in 18 Posts
    Alesoun, sorry to hear...

    As soon as you are aware that you have a virus, you might consider downloading any anti-virus software / anti-malware software you might consider using, then disconnecting from the internet.

    MBAM is a rather nice scanner.
    Avira many consider to have one of the higher detection rates
    Personally, i use avast! with Web Shield, Network Shield, and File Shield...

    Avast also has "boot-time scanning", something that may prove useful for clearing traces, currently...

    Other anti viruses may also have boot time scanning, though, you might consider it...

    Many viruses desguise themselves as system critical files, and thus, access is often denied to those files via anti-virus software. a boot time scan can scan the computer before the operating system boots, allowing for scanning access to files which might otherwise be unavailable...

    Luck to you ...

    Also,

    Flake,
    System restore seems largely to be one of those "you never know..." things, personally, i disable it, though there are occasions when it might have been handy...
    i often prefer to do such troubleshooting manually ...
    ...

  21. The Following User Says Thank You to ws.iono For This Useful Post:


  22. #13
    Join Date
    Aug 2005
    Location
    In my own thoughts.
    Posts
    1,359
    Thanks
    434
    Thanked 561 Times in 256 Posts
    Format c:/
    Fixed.

  23. The Following 3 Users Say Thank You to Hyskoa For This Useful Post:


  24. #14
    Join Date
    Apr 2007
    Location
    The magical Kingdom.... of Fife
    Posts
    4,468
    Thanks
    1,135
    Thanked 1,584 Times in 1,007 Posts
    I have Avira, Spybots, AntiMalwarebytes and Adaware. The thing kept telling me my antivirus was out of date (it was updated last night).

    I'll admit to being a techno-numpty, but I'm a cynical techno-numpty. Seriously, guys, be careful. It really only does take one click. I really think that all you have to do is click on the security balloon and it has an "in". Avira identified it as a worm. Can't remember the code, but there was an 8 in it. It really does look like a genuine Windows warning, shield logo and all.

  25. #15
    Join Date
    Sep 2005
    Posts
    3,430
    Thanks
    643
    Thanked 1,484 Times in 719 Posts
    Yeah, I've seen them on friends pcs. They look pretty authentic.

    My old school response was usually to switch off at the mains. You're risking hard drive sectors getting a bit messed up (and looks of horror from said friends..)if it happened to be writing at that second but it's hard to top the sheer effectiveness of yanking the plug..

  26. #16
    Join Date
    Apr 2008
    Posts
    69
    Thanks
    11
    Thanked 66 Times in 18 Posts
    Well, maybe try a boot time scan with Avira, should it offer one, or maybe install avast! temporarily, and give it a go, and thank you for the warnings...

    I've sunk nearly entire days hunting viruses, it can really be a butt...

    Luck to you ...
    ...

  27. #17
    Join Date
    Apr 2007
    Location
    The magical Kingdom.... of Fife
    Posts
    4,468
    Thanks
    1,135
    Thanked 1,584 Times in 1,007 Posts
    Hiya, H. I'm just not clever enough or patient enough to reformat. I'll have to bribe somebody...

  28. #18
    Join Date
    Oct 2008
    Posts
    536
    Thanks
    477
    Thanked 774 Times in 261 Posts
    Quote Originally Posted by alesoun View Post
    Hiya, H. I'm just not clever enough or patient enough to reformat. I'll have to bribe somebody...
    That's a pretty drastic solution for a little virus like this one. As frustrating as the AV virus is, it's really only trying to sell you something; it's not nearly as malicious as some of the other ones.

    Before you take any extreme measures like erasing your entire hard disc, do try the long scan on Malwarebytes; I still hold confidence that it will fix your problem.

  29. #19
    Join Date
    Jun 2006
    Location
    Torrance, CA
    Posts
    6,797
    Thanks
    2,276
    Thanked 4,262 Times in 2,074 Posts
    A boot scan with Avast or Avira. In addition, do a scan with SuperantiSpyware but make sure whatever other virus program you have going is TURNED off so they don't fight with each other.

    http://www.superantispyware.com/

    Bleeping Computer forums usually help users out with malware

  30. #20
    Join Date
    Dec 2007
    Location
    Germany!
    Posts
    2,529
    Thanks
    859
    Thanked 1,849 Times in 636 Posts
    Dude, back up your files, then nuke the harddrive, then when reinstalling the OS make a partition JUST for the system, and seperate partitions for all the other stuff. I had some rootkit virus a few days ago that knocked out all the defenders I had, even going as far as blocking websites with anitivirus stuff or security updates. Sometimes it's just the safest way to go with a fresh OS install. But for that it's important that your data is uninfected, that's why you shouldn't keep it anywhere near the system files.

  31. The Following User Says Thank You to algenpfleger For This Useful Post:


  32. #21
    Join Date
    Feb 2008
    Location
    Orlando, Florida
    Posts
    2,363
    Thanks
    837
    Thanked 665 Times in 381 Posts
    Quote Originally Posted by jcpahl View Post
    I had a friend who got the same virus; this will fix it quickly, unless it's mutated since.

    The free version is all that's necessary.

    edit:

    does the exoskeleton you mentioned have to do with problems running .exe files (as in, they don't run but instead ask you what program you want to associate them with?) Because that's a leftover registry error I saw, too. If that's your problem, I think I can still find the fix for it, if you want.
    I had the same thing happen to me a few weeks ago. The virus mutated so it could block MalwareBytes, but restart it in safe mode and you should be able to access it.

  33. #22
    Join Date
    Sep 2007
    Location
    Wacko Tejas
    Posts
    113
    Thanks
    107
    Thanked 79 Times in 30 Posts
    The people at spywareinfoforum are really good at helping one clean up computer viruses. http://www.spywareinfoforum.com

    And geekstogo.com
    Here is a good list of Preventing Malware and Safe Computing...
    http://www.geekstogo.com/forum/Preve...g-t225044.html

    The 2 best things for Firefox browsing is the WOT add-on, it rates safe websites
    and
    NoScript add-on, it protects yourself against XSS and Clickjacking attacks..

  34. #23
    Join Date
    Apr 2007
    Location
    The magical Kingdom.... of Fife
    Posts
    4,468
    Thanks
    1,135
    Thanked 1,584 Times in 1,007 Posts
    Thanks for the help guys. 90 minutes more work this morning and I think I cracked it; even managed to sort out where it had set up a proxy server for my browser. Mind you, I'll be doing a scan whenever I start the machine up for the next few days, just to make sure.

    I can't thank you all enough.

  35. #24
    Join Date
    May 2003
    Location
    Austria
    Posts
    10,430
    Thanks
    2,870
    Thanked 2,063 Times in 830 Posts
    *immediately goes scanning*
    sorry to hear.
    Sketchbook

    Sketchbooks of inspiration:
    Marc Taro|Maxetormer|ZhuZhu|Jeri|Dobu]


    Always think about:
    lighting! design! perspective! proportion!
    And (self)motivation is still everything.

  36. #25
    Join Date
    Jan 2005
    Location
    Australia
    Posts
    3,556
    Thanks
    1,340
    Thanked 1,017 Times in 286 Posts
    buy a mac?

    but seriously, i feel for ya mate. hope you crush the bug and the low life responsible!

  37. #26
    Join Date
    Oct 2009
    Location
    Nebraska
    Posts
    1,727
    Thanks
    80
    Thanked 576 Times in 500 Posts
    *stepping out of the shadows*

    The Computer Cartel will gladly accept your thank you and platitudes for this "learning exercise" aimed at educating the masses on backing up their data, having routine virus protection, and a digital fire wall. We hope you enjoy this test, and rest assured, what you saw today was just a test.

    *steps back into the shadows*

    On a more amusing note - I have chatted with a few virus writers that talk about their programs with the same love, and terms, as folks do about their art here. Eye of the beholder and what not.

  38. #27
    Join Date
    Jul 2008
    Location
    Rotterdam, The Netherlands
    Posts
    693
    Thanks
    307
    Thanked 326 Times in 182 Posts
    Quote Originally Posted by stoph View Post
    buy a mac?

    but seriously, i feel for ya mate. hope you crush the bug and the low life responsible!
    Oh dear...suddenly I feel like hugging my mac.

    It's funny how everyone talked about the virus like it's something alive. I know it can spread and do weird stuff, but still. I had to giggle.

    On a serious note, stoph may have a point...I haven't got any problems like this since I got an iMac.

  39. #28
    Join Date
    Jun 2006
    Location
    Torrance, CA
    Posts
    6,797
    Thanks
    2,276
    Thanked 4,262 Times in 2,074 Posts
    Quote Originally Posted by LostFayth View Post
    Oh dear...suddenly I feel like hugging my mac.

    On a serious note, stoph may have a point...I haven't got any problems like this since I got an iMac.
    Because less hackers give a crap about the Mac until it is a major market There is malware out for macs, and higher rate for other apple products like iPods and iPhones because there's a larger market for making consumers miserable.

  40. #29
    Join Date
    Jun 2008
    Location
    Savannah, GA
    Posts
    3,091
    Thanks
    1,795
    Thanked 1,558 Times in 608 Posts
    When Windows becomes niche, there will be less viruses to worry about for it. Until then...

  41. #30
    Join Date
    Apr 2006
    Location
    San Diego
    Posts
    2,867
    Thanks
    1,131
    Thanked 1,406 Times in 562 Posts
    Quote Originally Posted by Flake View Post
    Slightly off topic, but has anyone got "System restore" to do anything useful ever?

    I think it fixed my video codecs about 9 years ago, other than that, nowt..
    then again, has any "helpful" function in windows really done anything useful ever?
    -Set to wallpaper defaults to "stretch to desktop"
    -when i installed windows 7, windows "color corrected" my monitor to +40% saturation
    -windows error report: pointless? yes
    -a fun one in vista was during video game loading screens it would lock the game up and say "THIS GAME HAS STOPPED RESPONDING, WOULD YOU LIKE TO "CLOSE IT" or "CLOSE THIS WINDOW, THUS CLOSING IT"
    -Windows Tablet Service: everyone with windows vista and 7 should be aware of how useful this is.
    -Stickeykeys:
    -update driver: "could not find driver" -50/50 chance to actually get the right driver or get one at all
    -windows update *taps me on shoulder* "hey would your like to restart your computer now?" *time passes* windows update: "hey would your like to restart your computer now?"*time passes* windows update: "hey would your like to restart your computer now?"*time passes* windows update: "hey would your like to restart your computer now?"*time passes* windows update: "hey would your like to restart your computer now?"*time passes* windows update: "hey would your like to restart your computer now?"*time passes* windows update: "hey would your like to restart your computer now?"*time passes* windows update: "hey would your like to restart your computer now?"*time passes* windows update: "hey would your like to restart your computer now?" FINE FINE FINE!! YES I WILL RESTART MY COMPUTER!

    somehow still i like windows software better than apple...ok i'll be specific, itunes.

    /rant
    "I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain."
    --- Frank Herbert, Dune - Bene Gesserit Litany Against Fear

    Check out my Sketchbook! Critique and Criticism welcomed.

    or my Artstation

    Or my stream on Twitch! http://www.twitch.tv/wwsketch

  42. The Following User Says Thank You to ArtZealot For This Useful Post:


Page 1 of 3 1 2 3 LastLast

Members who have read this thread: 0

There are no members to list at the moment.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Designed by The Coldest Water, we build the coldest best water bottles, ice packs and best pillows.