bad virus
in [Anti-Virus]
|
From: Dustin Cook on 21 Mar 2010 15:39 sfdavidkaye2(a)yahoo.com (David Kaye) wrote in news:ho51v9$g21$1(a)news.eternal-september.org: > Xray <pl(a)yer.com> wrote: > >>malwarebytes refuses to run, I even tried running it from an entirely >>different drive - If I try to name it something.com, it won't run >>unless its an exe extension. >>I can change it to donaldduck.exe or whatever, doesn't seem to do any >>good. This infection seems geared to stop most programs, either by >>corrupting the install or not letting them run. > > I've seen this a lot; the malware appears to look at the size of the > file. There are some older tools I can use, such as a copy of > SpySweeper from about 3 years ago that most malware won't shut down, > though they'll shut down more recent versions. > > But try installing it in safe mode and you might have better success. > Also, try rolling back the registry manually (copy and paste) to at > least a week before the infection was first noticed. > > You did notice he has a running (as in ,live, functional; it sets the rules everyone else has to play by) TDSS rootkit right? They aren't viral mind you, but they aren't a joke either. If you don't deal with it first, everything else you do is a wasted effort. Rootkits hook at the kernel/OS levels. -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: Xray on 21 Mar 2010 16:17 "David W. Hodgins" <dwhodgins(a)nomail.afraid.org> wrote in news:op.u9xnaluka3w0dxdave(a)hodgins.homeip.net: > On Sun, 21 Mar 2010 15:12:10 -0400, Xray <pl(a)yer.com> wrote: > > > Regarding the original problem, with the unreadable dvd, have > you tried polishing it? > http://www.wikihow.com/Fix-a-Scratched-CD > > The scratches on the bottom of the cd/dvd can sometimes be > polished out, allowing the data (on the top layer, usually > protected by the label), to be read. > > I've succeeded polishing an old install cd this way, in the > past. > > Regards, Dave Hodgins Yeah, I have a top of the line cd polished, motor driven. No joy, if it had worked this never would have happened.
From: David H. Lipman on 21 Mar 2010 16:18 From: "Xray" <pl(a)yer.com> | "David W. Hodgins" <dwhodgins(a)nomail.afraid.org> wrote in | news:op.u9xnaluka3w0dxdave(a)hodgins.homeip.net: >> On Sun, 21 Mar 2010 15:12:10 -0400, Xray <pl(a)yer.com> wrote: >> Regarding the original problem, with the unreadable dvd, have >> you tried polishing it? >> http://www.wikihow.com/Fix-a-Scratched-CD >> The scratches on the bottom of the cd/dvd can sometimes be >> polished out, allowing the data (on the top layer, usually >> protected by the label), to be read. >> I've succeeded polishing an old install cd this way, in the >> past. >> Regards, Dave Hodgins | Yeah, I have a top of the line cd polished, motor driven. | No joy, if it had worked this never would have happened. Does it ever work ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Xray on 21 Mar 2010 16:31 Dustin Cook <bughunter.dustin(a)gmail.com> wrote in news:Xns9D429FAA96CDAHHI2948AJD832(a)69.16.185.250: > Xray <pl(a)yer.com> wrote in news:ho48u611ar6(a)news3.newsguy.com: > > >> Computer functions Ok, but god knows whats going on behind the scenes. >> My ISP already stopped my ability to send email, it detected the virus >> like behavior. Can still receive at least. >> Can't connect to google, it also detected the shenanigans of the >> virus. Pressing ctrl/alt/delete doesn't bring up the process box >> anymore, other than that things seem normal. > > Your PC is actually in danger at this point of assisting in infecting > other machines or possibly being a zombie box if it's not already. > > At this point, I'd have to go with David lipmans suggestion. Seriously, > it's time to wipe and reload. If you hadn't of taken such ... drastic if > you will steps to try and stop this, it might not have taken much real > effort to fix; but at this point, I can't trust the machine at all. > > Really man, your not just putting your information in danger, your being > a very irresponsible netizen by allowing that computer to continue with > an internet connection in it's current state. If your ISP has already > blocked outbound email, it should just be a matter of time before your > connection is disabled until you verify the machine is clean. > > Atleast, that's what happens in this area. When your ISP turns you off, > you have to have a licensed technician contact them and claim it's clean > and is okay. And if it's not, it falls back on the tech who did the work. > Fines, etc are possible here. > > Several years ago when I worked for an ISP, I'd start by turning your > email off, and then I'd give you 24 hours. If your machine was still > spewing trojans and mass mailing worms; your connection was terminated > until you cleaned up your mess or took your business to a less > responsible ISP. You seem to have contradicted yourself. You said you'd start by turning off email, and if its still spewing mass mailing worms 24 hrs later, the connection is terminated. How is it going to be spewing mass mailing worms if the ability to send email is terminated ? How is anyone else in danger of being infected, since this machine can't email ?
From: gufus on 21 Mar 2010 16:46
From: gufus Subj: Re: bad virusSun, 21 Mar 2010 14:45:27 -0600 From: David H. Lipman---? To: Xray Subj: Re: bad virusSat, 20 Mar 2010 22:25:56 -0400 Hello, David! You wrote on Sat, 20 Mar 2010 22:25:56 -0400: ??|> Looks like I'm looking at a fresh OS reinstall about now, this thing ??|> is insidious and is always one step ahead. DHL> ** At this point, my advice is now to WIPE and RE-INSTALL the OS. Can you suggest a /good/ wipe app? Kev -- With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca |