Creepy virii Created 20 years ago2004-11-26 19:26:59 UTC by PTS PTS

Created 20 years ago2004-11-26 19:26:59 UTC by PTS PTS

Posted 20 years ago2004-11-26 19:26:59 UTC Post #74933
Hey guys, I'm having this problem:

Some stupid dudes (friends of my brother) entered porn sites while I was not at home and as it is usual for such places I've got a bunch of trojans and adware shit on my machine. I ran a few antivirus programs and I thought I got rid of the bastards but now it seems like I haven't. I'm encountering serious problems shutting down my computer (it starts checking the floppy and when it's over it's stuck right there and I have to restart it), banner ads keep comming out of nowhere (even when seemingly nothing is running) and they are usually regarding some security stuff (some sort of a trick I guess) and the system load is very high - even my trusted Aftermath started running slowly. The mofo seems to have messed with my browser since it indicates all pages as trusted sites (obviously to get my security lowered automatically so new baddies can have a clear entry). I checked the trusted sites list and it's empty. Someone please tell me how on Earth do I get rid of that son of a bitch? (preferably for free)
Posted 20 years ago2004-11-26 19:35:00 UTC Post #74934
reinstall your browser, that should put your trusted/blocked sites back to normal.. get adaware and spybot and check over your computer. never put your trust in just one virus scanner/spyware scanner.
Posted 20 years ago2004-11-26 20:00:07 UTC Post #74936
Trash Windows, install Linux. :P
Posted 20 years ago2004-11-26 20:02:14 UTC Post #74937
NAV + ZAPRO + SS&D + Adaware + Defrag
Posted 19 years ago2004-11-26 21:24:34 UTC Post #74971
jaardsi's proposition seems the best, but then I wouldn't be able to run Aftermath neither GC2 :-(

I downloaded Zone Alarm Pro from the official site but when I run it it says it couldn't find some DLL libraries in one of the temporal archives. I tried downloading one of the not so full packages and it gave the same error. What could be wrong?

I also scanned using Ad-aware and AVP (this unbrela thingy). They cleared some of them but the big fat bastard is stil present. BTW, how do I update Ad-aware definitions file? When I click on WebUpdate nothing happens (just the button sinking and then it's back). What's that SS&D thing (ZL, you always use such abreviations only you can read :-( for Christmass I'm gonna get a gun and shoot ya!)?

PS:Wow! System resources dropping below 30%... I'll have to turn off the machine after a while.
Posted 19 years ago2004-11-26 21:28:54 UTC Post #74973
Hey I forgot! I've installed some a^2 Guard and I have no idea what it actually does. It has process monitoring wich allows me to terminate every unneeded thing but nothing seems...

<My computer is falling appart I can't even click the start menu without a warning popping out. I'll see what I can do from safe mode>
Posted 19 years ago2004-11-26 21:35:48 UTC Post #74975
Try installing SpySweeper - It's better than Ad-Aware at eliminating Spyware - When I first ran it, it eliminated about 600 different traces of spyware and adware. That oughta help quite a bit.
RabidMonkey RabidMonkeymapmapmapfapmap
Posted 19 years ago2004-11-26 22:20:59 UTC Post #74985
SS&D: Spybot Search and Destroy. Get it now.
Posted 19 years ago2004-11-26 22:24:15 UTC Post #74988
Ok.. you're screwed and let me tell you how I know. I spent the last two weeks straightening out mine, my mother's, aunt's, cousin's, freind's computers from what you got going. It's hell, but you can get through it. At least you can get to a point you can move.

You need these programs and/or links that can be found here:
http://www.lavasoft.com/ = Ad Aware SE
http://www.safer-networking.org/en/download/index.html = Spybot Search & Destroy
http://www.mozilla.org/ = Mozilla Firefox 1.0 browser
http://housecall.trendmicro.com/housecall/start_corp.asp = online virus scan

Ok... you didn't mention the operating system, and it's a little different for each. It boils down to using all these above, plus your own virus program, in safe mode and in regular mode. Only use Ad-Aware and Spybot Search & Destroy. There are other good ones, but I know these to be free of spy and adware. Alot of programs masquerade as "removal" tools, but are really spyware.

Depending on which version of Windows you have, you should disable "System Restore". You don't want to restore the bugs, once you're free of them. Then go through and update Spybot and Ad-Aware.

Now setup for each. Spybot is easy. It pretty much runs itself. AdAware has some things you need to adjust:

1. Open AdAware
2. Click "Start"
3. Select the "Use custom scanning options" radio button and hit the customize link.
3a. On the left are a selection of choices. Start with "Scanning".
4. Check "scan within archives" in the "Drives, Folders, & Files" section. In the lower section, "Memory and Registry", activate all those choices.
5. On the left, hit Advanced. Under "Shell Integration", make "Move deleted files to Recycle Bin" is active. "Logfile Detail Level" should all be active.

First you want to go to "Safe Mode". Hold down "F8" during startup. Now I'm not sure if this works in all versions of Windows, but go to your Find Files and Folders and search for "%temp%". In XP, it shows all your temporary folders. Select them all and delete them. Then navigate to ...Windowstemp folder. Open it and delete the contents.

Second, in safe mode, go to Control Panels/Add and Remove Programs. Remove all the programs that you didn't install. And if it argues with you, or wants you to reconsider or makes you fill out a questionaire before it will "remove", that's a sure sign of spyware. It's really re-planting itself in the registry so it can spawn on restart. Do it anyway, you have no choice.

Third, in safe mode, run your updated Ad-Aware over and over, until you show 0 bugs. It might not happen, but get it as low as you can. Three or four times, usually. (Side note: My aunt had 350+ bugs, my freind had 450+, and the Verizon help desk has a record of 1387 bugs in one scan posted on their whiteboard.)

Fourth, in safe mode, run Spybot Search and Destroy. When it's done, run it again. Then delete any quarantined "restore" files it creates.

Now, before you restart to go into "Normal" windows, unplug your internet connection from your computer.

Restart.

Now, install your ZoneAlarm, if it will let you, and/or turn on your windows firewall, if you're in XP. With a firewall in place, you can plug your internet back in. Go to Housecall (link above) and scan for viruses. Use your own virus scan, also. Run Ad-Aware and Spybot again and fix what it finds. Now if you keep finding hits in Normal mode, restart in safe mode and do it again.

Worst case: download the service pack updates installer from the microsoft site. (don't "update" the computer, just get the installers. They are for IT personell) Copy your ZoneAlarm installer, updated Lavasoft folder, and updated Spybot folder to a disk. Re-install windows without being connected to the internet. Update it and install the firewall. Then you will be free.

I have had to do the worst case scenario to four out of five of the comps I fixed these last three weeks.

Once you are free, download Mozilla Firefox 1.0 and install it. It is much less of a target for adware and spyware.

Good luck fighting the good fight!
Posted 19 years ago2004-11-27 00:55:29 UTC Post #75022
yah, get Ad-Ware, Spy Sweeper, and McAfee VirusScan Professional. (good for constant check ups on e-mail, downloads, etc. Monitors all incoming files.) (try to get for free)

Thats what i use. If you had this at the time of the pr0n incedent, so many messages of incoming viruses wouldve scared the freak kid away.

Thats my opinion. Of course, there is jaarsdi's idea, the best one. :P

PS: I never get logged out...
PPS: oh, and maybe try to get a nice firewall. I dont have one but i hear they are good to have.
Luke LukeLuke
Posted 19 years ago2004-11-27 01:34:32 UTC Post #75032
http://computercops.biz/downloads.html

If you keep having hassles with it, post in their forums.
Trapt Traptlegend
Posted 19 years ago2004-11-27 02:02:24 UTC Post #75037
Oh, and I had a suggestion too. Take out your hard drive and hook it up as a slave on another system that is running perfectly with fully updated virus protection and do a scan of your drive. That will get those buggers!
Did that once and ended up tossing both hard drives. It usually works, though....
Posted 19 years ago2004-11-27 07:46:50 UTC Post #75060
Some stupid dudes (friends of my brother) entered porn sites while I was not at home = It was you.
Posted 19 years ago2004-11-27 08:25:26 UTC Post #75062
Do a google search for CWShredder. It's a program that can help get rid of some of the CoolWebSearch (CWS) trojans from porn sites. Also search for HijackThis! but don't fix anything with it without expert help from a site such as
http://newbie.org/help
You can scan as much as you like, but DO NOT fix without help, or you may get rid of stuff which is vital for your computer.

I use the following to protect my system:

Anti-virus: Sophos Anti-virus
Anti-adware/spyware: Ad-aware SE Personal
Anti-CWS: CWShredder
Anti-everything else: HijackThis!

Hope this helps.
Also, do not use Internet Explorer, since it is very vulnerable to attacks. Use a browser such as Opera or Mozilla Firefox, which can block cookies that download trojans, viruses, spyware, CWS etc.
Posted 19 years ago2004-11-28 18:33:34 UTC Post #75287
Rad Brad, I used almost the same method. Here's what I did:
Downloaded and installed Symanec AntiVirus, downloaded latest definitions for Ad-aware, Symantec, AVP. Started the machine from Safe Mode and ran Ad-aware three times. After I got the same two dlls undeletable all the three times I went to Command Prompt and deleted them manually. Then (still Safe Mode) I ran the other two programs and set them for autoscnas. Unplugged the cable and started normally. After a few more buggers where captured (and brought up the number of total 90 - 70 for Ad-aware, 11 for AVP and 9 for Syamntec) it now seems like I can keep going without being afraid of my system crashing anymore. But the ZA package still refuses to work... Maybe I have to get one from my friends. And, btw, I installed Firefox the day after I started the topic.

dajuppi: Do you think I'm so stupid to go over and visit porn sites without having any protection? Also the fact I can get free porn from almost any of my friends and the fact I have a TV porn channel somehow excludes the possibility of me being the visitor.
Posted 19 years ago2004-11-28 21:36:36 UTC Post #75338
Zone alarm is also EZFirewall nowadays.

Sometimes I leave the .dll or .exe there, but edit it in DOS so that it has nothing in it. That way, an installer can still see it's baby is there so it doesn't need to re-install it. Sometimes deleting them just gets them resurrected.
Posted 19 years ago2004-11-29 01:54:16 UTC Post #75394
I need a good process watcher so I can identefy and kill unwanted stuff. I had such thing, but it's trial expired and I'm stuck with Ctrl-Alt-Del-ing, wich gives me nothing.
Posted 19 years ago2004-11-29 11:00:48 UTC Post #75423
Process Explorer is the best, sysinternals.com, freeware (of course).
Seventh-Monkey Seventh-MonkeyPretty nifty
Posted 19 years ago2004-11-29 12:27:42 UTC Post #75441
You get p0rn from your friends? That's just sick
Posted 19 years ago2004-11-29 12:36:27 UTC Post #75443
Sick, maybe. Practical, yes. :P
Posted 19 years ago2004-11-29 14:57:55 UTC Post #75464
Do you call your friend and say: "Hey man, i want some porn!"
Then follows a detailed list of what you want.

Download it yourself, like everyone else does! or even better. Get a girlfriend ;)
Posted 19 years ago2004-11-29 15:27:26 UTC Post #75470
Yeah, but girlfriends are not always "in the mood".
satchmo satchmo“Ever tried. Ever failed. No matter. Try again. Fail again. Fail better. -- Samuel Beckett”
Posted 19 years ago2004-11-29 15:37:09 UTC Post #75473
[quote]<Dude1> Hey Dude2, how much porn have ya got?
<Dude2> About 4 gb
<Dude1> Burn me some that shit will ya
<Dude2> Sure.
<Dude1> Thanks!
  • Dude2 is now know as Dude2^pr0n[/quote]
Posted 19 years ago2004-11-29 15:54:48 UTC Post #75478
It's like "Ey.. send a "nice movie"" - "ok" - NAME IS TRYING TO SEND KINKY_PR0N_BARELY_LEGAL.mpg
Posted 19 years ago2004-11-29 17:22:59 UTC Post #75495
Ad-Aware SE rulez. Spy Sweeper rulez. Spybot rulez.
Posted 19 years ago2004-12-03 17:38:38 UTC Post #76167
See, in my country things are a little diffirent about this legal stuff... It usually is like that:
1. Someone with fast internet connection downloads a completely ilegal (not barely legal) game or program or movie or whatever
2. Burn it to CD-s and give it to friends for free or sell it to some people (usually for about 2-3 euro)
3. They also give it to friends and if they've got a burner they also sell
4. The software gets its way to shared network
5. Everybody now has access to it for free

Cool, isn't it? And you never get to worry about authorities, because noone really gives a damn (unless you own a firm or something).

And, btw, I never said I watch porn, I just mentioned a few facts to prove my version.

Thanks for the help everyone!
Posted 19 years ago2004-12-03 17:59:50 UTC Post #76169
Wtf, who buys downloaded games? Noobs.

1. Download cd images (.bin, .iso etc)
2. Mount them with your local generic DVD drive (DaemonTools be what I use)
3. Crack the .exe (from a file usually in the cd mount)
4. Play
Posted 19 years ago2004-12-03 18:16:09 UTC Post #76177
Hmm, seems like you didn't get it...

[quote]1. Someone with fast internet connection downloads a completely ilegal (not barely legal) game or program or movie or whatever[quote]

Wich translates "people here don't usually have fast internet connection".

I use the Daemon too.
Posted 19 years ago2004-12-03 21:08:03 UTC Post #76185
haha, no-fast-connection-land.
We swedes shine with our cheap 1gigabit lines.
Posted 19 years ago2004-12-08 02:46:40 UTC Post #76946
nonags has plenty of free power tools with 0 ads. In addition to many of the good suggestions, i'd like to ad:

1. Get a good registry scrubber--regvac is the best i've seen, and it does many other things than just delete broken keys.

2. Procinfo from ALM is excellent for identifying processes.

3. Ad-Aware is superior to spybot, but not better than spy sweeper. However, you have to buy spy sweeper.

4. Startup Inspector is a neat, quick utility to identify and easily get rid of resident or junk living in the quicklaunch area.

5. If your machine was as messed up as you say it was, save your important files and format your hdd. It's a pain in the butt, but well worth the piece of mind.
Posted 19 years ago2004-12-08 11:19:06 UTC Post #76989
Go here, get Hijack This, and post your log there.
Seventh-Monkey Seventh-MonkeyPretty nifty
You must be logged in to post a response.