bad virus
in [Anti-Virus]
|
From: Xray on 19 Mar 2010 23:01 Ok heres what happened, I feel like quite an idiot. A few months ago my hard drive died a natural death, so I got a new one of course ... I have been meaning to reinstall my favorite game, Dark Crusade, and finally got around to doing it, I was just jonsin to play. Wouldn't install, there were errors on the disc, I got 3 CD/DVD players in my computer, tried all 3 and they all couldn't install it. Tried cleaning it, still no luck, I was fixated on playing this game so I decided to download it, and of course using my legit serial #, there would be no problems. So I found it and downloaded it, pretty big file 3.5 gb, took a few hours, so I put the image in my ******* drive, and right off the bat Avast popped up a virus warning. I thought it was a false alarm, I figured why would anyone hide a virus in a 3gb file ? So like an idiot I disable the virus and tried it again, clicked on setup and all hell broke lose. Pop up windows galore, warnings left and right from programs I never installed, this disabled that disabled. In a panic I reactivated the anti virus, but it was too late. This program, called Windows XP virus removal tool, popped up and started running a scan, finding dozens of virus and malicious programs, flashing all kinds of warnings. At first I thought cool, never knew I had this program, it looks official, right from Microsoft. But it has a button that says "click here to get the full version so you can be fully protected", so I got suspicious and figured it was the virus trying to get me to do something. Couldn't stop this program, ctrl/alt/delete had no affect, closed down my firewall ect, and who knows what else. So I ran spybot, took quite a while to scan, but it found a load of problems, including malicious registry entries, malware, spyware, bots, you name it. So I clicked "fix the problems", and spybot froze right up. This damn virus disabled any preventive measures I was trying to take. So I tried running Avast again, it said warning, virus detected in memory. It is dangerous to work in this state, recommend reboot so Avast can scan and remove files before they load". Sounded good to me, so I rebooted and Avast ran, found at least a dozen infections, and cleared them out. So I booted normally, and hell was still breaking lose, damn. So I tried botting in safe mode, I ran spybot again and it found all those probelms again, including the bogus registry entries. Apparently the virus couldn't affect it in safe mode, and it deleted most of them, it said there was 1 it couldn't delete, and would do it on next boot up. So I restarted again, and spybot started scanning, a deep scan, took damn near 4 hours. Found more problems, deleted them so I ran Avast again, and now Avast is corrupted, won't run. Tried installing AVG, it said Avast needs to be uninstalled first. Fine - But the virus has got that covered, it won't uninstall. Same with Kaspery or whatever its called, tried to install that, but it needs Avast unistalled, which ain't happening. Tried rebooting in safe mode again, and was greeted by a blank screen. So now, I ran spybot again and it found 100's on infections, they seem to regenerate. This virus seems to want to trick me into thinking everythings Ok, right now I can browse around almost normal, but I'm going to pull the internet connection as soon as I post this, who knows what its trying to do ? So any advice to get rid of this thing ? Edit - Did it again, all of those problems above, spybot is unable to get rid of. Oh, and tried system restore, virus has got that covered too. Only 1 restore point, and thats today - Got this virus about 3am this morning. Edit - Booted into safe mode sucessfully, spybot found the infections again, and deleted all but 1, which was apparently running. 1 is in a folder c/windows/system32/lowsec I could see the actul files in safe mode, tried to manually delete them but I couldn't. In normal mode they aren't visible.
From: Beauregard T. Shagnasty on 19 Mar 2010 23:58 Xray wrote: > Ok heres what happened, I feel like quite an idiot. > > In a panic I reactivated the anti virus, but it was too late. It was too late the microsecond you ran whatever it is you ran -- though you were probably infected from a web site. Get these two free-for-home-use programs. Download, install, update, scan. MalwareBytes AntiMalware: http://malwarebytes.org/ SUPERAntiSpyware: http://superantispyware.com/ Use a better browser. Get a firewall. -- -bts -Four wheels carry the body; two wheels move the soul
From: Xray on 20 Mar 2010 01:57 "Beauregard T. Shagnasty" <a.nony.mous(a)example.invalid> wrote in news:ho1h63 $3fd$1(a)news.eternal-september.org: > Xray wrote: > >> Ok heres what happened, I feel like quite an idiot. >> >> In a panic I reactivated the anti virus, but it was too late. > > It was too late the microsecond you ran whatever it is you ran -- though > you were probably infected from a web site. Yes, I realize it was too late - And so do most people who slam on the brakes before slamming into a light pole. I didn't get infected from a web site, I got infected from a 3gb file I downloaded from the usenet, after I carelessly turned off my anti virus. > Get these two free-for-home-use programs. > Download, install, update, scan. > MalwareBytes AntiMalware: http://malwarebytes.org/ > SUPERAntiSpyware: http://superantispyware.com/ > > Use a better browser. Get a firewall. Browsers fine, firewalls fine, thanks.
From: Beauregard T. Shagnasty on 20 Mar 2010 04:44 Xray wrote: > "Beauregard T. Shagnasty" wrote: >> Xray wrote: >>> Ok heres what happened, I feel like quite an idiot. >>> >>> In a panic I reactivated the anti virus, but it was too late. >> >> It was too late the microsecond you ran whatever it is you ran -- though >> you were probably infected from a web site. > > Yes, I realize it was too late - And so do most people who slam on the > brakes before slamming into a light pole. > I didn't get infected from a web site, I got infected from a 3gb file > I downloaded from the usenet, after I carelessly turned off my anti > virus. I sorta doubt is was the 3GB file. I personally know of no instances where a malware-doer purposely set out to infect files of that size. Who would download them? Oh wait! I know who would!!! ;-) What was the website (so it can be examined)? Post the URL - but mung it so it is not clickable. http://www.bleepingcomputer.com/virus-removal/remove-antivirus-2010 (please excuse the IntelliTXT ads on this otherwise okay page) -- -bts -Four wheels carry the body; two wheels move the soul
From: David H. Lipman on 20 Mar 2010 07:54
From: "Xray" <pl(a)yer.com> | "Beauregard T. Shagnasty" <a.nony.mous(a)example.invalid> wrote in news:ho1h63 | $3fd$1(a)news.eternal-september.org: >> Xray wrote: >>> Ok heres what happened, I feel like quite an idiot. >>> In a panic I reactivated the anti virus, but it was too late. >> It was too late the microsecond you ran whatever it is you ran -- though >> you were probably infected from a web site. | Yes, I realize it was too late - And so do most people who slam on the brakes | before slamming into a light pole. | I didn't get infected from a web site, I got infected from a 3gb file I | downloaded from the usenet, after I carelessly turned off my anti virus. >> Get these two free-for-home-use programs. >> Download, install, update, scan. >> MalwareBytes AntiMalware: http://malwarebytes.org/ >> SUPERAntiSpyware: http://superantispyware.com/ >> Use a better browser. Get a firewall. | Browsers fine, firewalls fine, thanks. All the software won't protect you if you don't practice Safe Hex -- YOU DIDN'T ! Usenet binaries are FULL of injected trojans. Either the binary is the trojan, a legitimate application is repackaged with a trojan or some other methos but Usenrt binaries can NOT be trusted -- EVER. As for you problem ... What virus ? It sounds like you got infected alright but NOT with a "virus" ? %windir%\system32\lowsec is indicative of a Zeus bit (zbot) trojan. A bank account compramising trojan. And other non-viral malware. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |