Infection! (Doesn't spread, AFAIK ;D)

Firefox11 · 07-04-2008, 12:43 PM

So yesterday I was searching for some stuff and downloaded a .exe that now fucked up my PC. No, I wasn't looking for pr0n but for a no-CD illegality stuff.

The issue is the PC. I've run Panda 2007, but it seems that the virus (or whatever it is) disabled or at least hid the Hard Drive, so I guess that's where it's installed. I can't neither go back to a previous config since my Start Menu doesn't show any programs nor folders. Also, Control Panel, Run, Search and any other application linked to the Start Menu is also gone, except the last used programs.

Any ideas? Should I go with a direct reformat?

Hammock · 07-04-2008, 01:29 PM

Have you tried starting up in safemode with networking? If you can get booted up in safe mode you could try running your antivirus there.

Pixel · 07-04-2008, 01:34 PM

Windows Key + R? Try that.

msconfig, check your start up programs.

Innoc · 07-04-2008, 02:54 PM

Probably a trojan that doesn't quite match the signature of a virus.

Spybot Search and Destroy (this will probably be the one that finds it)

Windows Defender (Doesn't do much that's useful beyond outbound port filtering and watchdog work...I doubt it would ID and corral your infection)

Ad Aware Free Edition (also somewhat worthless...but not a bad idea to scan your system with it

General protocol with all 3...install and then update them...reboot into safe mode and let it go to town. Once you reboot into normal mode let SBSD immunize your system.

I didn't mention anything that you had to pay to use as the fact that you were searching for things of questionable legality suggests to me that you might be reluctant to pay for that which you need...In which case...these 3 packages aren't a bad way to go.

edit: wow...for posting while sleepy first thing in the morning...If you cannot boot into safe mode and do anything useful and the Windows Recovery mode when booting from the CD doesn't help then a reformat and reinstall is the only way to recover this...

Firefox11 · 07-04-2008, 07:10 PM

Thanks for all the replies!

No, I didn't try starting in safe mode because I'm a bit newb about computer issues, and didn't exactly know what to do (and my Comp Nerd Friend is out, holiday trip). I'll try those things and let you know.

Firefox11 · 07-04-2008, 07:50 PM

Alright, tried booting in safe mode, both normal and with networking. However, I still can't see the hard drive. Because of my newbiness, I don't know which are the normal start up programs - I can recognize Panda, Steam, etc. but ones like RHT and a few more letters, I don't. Also, since the hard drive doesn't show up, scanning with Panda would be futile - tried already, but since it can't scan the HD, it doesn't find a problem.

Other symptoms include:
- The time at the lower right corner displays a "VIRUS ALERT!" message.
- Three additional icons appeared when the problem started, all three being relative to virus/spyware busting, all of them shortcuts (didn't try them though).
- I can't access Internet with that computer, and I am a bit scared to download AV programs in this computer, then to a pen drive and then to the other PC - I don't want to lose a portable hard drive, to be honest D=
- The first boot after installing that program, the screen got flooded (literally) with tons of popups, virus alerts from websites asking to download stuff and even a weird wallpaper, red with a infection symbol, also reading somewhat along the "Virus Alert" message. All these don't show up anymore, though.

פֿяαιп βαмαgεפ · 07-04-2008, 08:19 PM

Oh god you got screwed good, hang on, I had to tame one of those bastards too, I have a solution here somewhere, just gimme a sec.

*edit*

Step 1:
Delete your CacAfee/Borton scanner you probably are using.

Step 2:
Download Avast Anti-Virus.
Download AVG Anti-Virus.
Download SpyBot S&D.
Download Ad-Aware.

Step 3:
Update all the scanners.

Step 4:
Restart computer and put into safe mode.

Step 5:
Set all of them onto thorough scan or however the heck you spell that word.

Step 6:
Scan overnight/any time 2 times using all of them. Repeat as your paranoia desires.

Step 7:
Delete AVG so Steam won't bitch and crash because you have it on the comp.

Step 8:
Continue using Avast as your main scanner.
Continue using Spybot as your secondary spyware scanner.
Continue using Ad-Aware as your secondary spyware scanner.

Firefox11 · 07-04-2008, 09:24 PM

Ok.

So is it safe to actually download them into the infected comp with a portable HD/pen drive? Won't it get infected too?

(Mainly because the only "portable HD" I have is my MP4 player, which I just got recently after getting it replaced for the 2nd time, so you can guess I don't want to lose it again =S)

פֿяαιп βαмαgεפ · 07-04-2008, 09:35 PM

You can't be 100% sure but I think when you download all programs and smack 'em on the hard drive it shoudn't be a problem.

Firefox11 · 07-05-2008, 05:20 PM

Alright, did all what פֿяαιп βαмαgεפ suggested, here's the report:
- Started in safe mode, couldn't correctly fire AVG because it needs to run in normal mode. However, it did a MS-DOS screen scan, notifying all the Virus/Trojans/Spyware. Wrote some of them down.
- Installed Spybot: S&D and made a scan, fixed all the errors.
- Couldn't install Ad-Aware, because the System Admin was blocking that action (wtf? There's only one account in this PC... well, w/e)
- Restarted - normal mode.
- Ran AVG. Updated to the max, ran a scan. Fixed all I could. However! The hard drive still doesn't show, and the "VIRUS ALERT!" message still appears to the right of the time. Some progress was made, though: now the Programs tab in the Start menu shows up. However, Run, Search and other functions still aren't available. I can now use the Proccess Admin (CTRL + ALT + DEL, in case I didn't get the name right). Also, I could install Ad-Aware.
- I'm running AVG again, and it seems that there are some errors that it didn't fix before, so I guess it is not fixing the problem that cause the C: drive to not show up, as well as the Start Menu problem too.
- Now that I can use the Proccess Admin, I can see how one of the programs detected as Trojans when I ran AVG in Safe Mode is still running. However, since it is a System proccess, I'm told that the program is critical and can't be stopped.

So, what now? AVG is still scanning, but just in case it can't fix the problem, what should I do next?

GeoKill-----> · 07-05-2008, 08:36 PM

I had the same problem and what i did I installed hijackthis
http://www.download.com/Trend-Micro-...-10227353.html
and removed the virus the manual way but if you don't know which one to remove then do a google search for each process running. Once you know which one is a virus, disable it then delete it. Once you did that run AVG again.

Dospac · 07-06-2008, 10:14 PM

The Combofix package was the only thing finding and removing this, last I cleaned a system w/something similar.(about 4 months ago)

Just google it.

v3rtigo · 07-06-2008, 11:21 PM

I agree with the googling, fixing these bastards usually involves a proces that isn't handled by automatic scanners. Identify and fix them one by one.

darksoul · 07-07-2008, 01:55 AM

ty for the link dos, been banging my head against my keyboard for the last ten hours trying to find a fix.

Firefox11 · 07-07-2008, 01:37 PM

I've been trying to get the last parts of the Infection, but it looks I'm not successful. AVG doesn't find anymore viruses that I can identify and kill with HijackThis, and I tried finding them with TuneUP Utilites and the Task Manager it has, to locate a Windows look-a-like file out of place. I've noticed that sometimes the file directory is a bit different (as in c:/windows/system32 instead of C:/WINDOWS/system32), but I don't think this can be relevant.

Will try the combofix package now. I hope I'm more lucky than a friend, who had the same problem and had to reformat (though he didn't get past Step #1, disabling at least a part of it)

*EDIT*High five, mate. ComboFix killed everything that still was in the Computer (or at least this is what it looks like). I can access the Hard Drive, everything is back in the Start Menu and no more "Current Time VIRUS ALERT!"

Thanks everyone for the help!

פֿяαιп βαмαgεפ · 07-07-2008, 07:01 PM

Glad it worked!

Dospac · 07-11-2008, 03:43 AM

Yeah. I never tracked down the guys who put Combofix together. Those are some badass dudes though. Talented folks who can really pull apart windows to fix it hahah.

Also, a good utility disk is Winborg. Can google/torrent that too. Awesome combo dvd w/tons of cool repair shit on it+custom windows installs, and it gets updated still afaik.

פֿяαιп βαмαgεפ · 07-14-2008, 08:35 PM

YEah, one thing I use too is Hiren's boot cd, that solves some heavy shit too sometimes!

07-04-2008, 02:54 PM	#4
Innoc Hitman 2 1 Actual Join Date: Mar 2007 Location: "Oscar Mike" Gametype: FPS or RTS (just say NO to MMO) Affiliations: Your Mom Posts Rated Helpful 8 Times	Probably a trojan that doesn't quite match the signature of a virus. Spybot Search and Destroy (this will probably be the one that finds it) Windows Defender (Doesn't do much that's useful beyond outbound port filtering and watchdog work...I doubt it would ID and corral your infection) Ad Aware Free Edition (also somewhat worthless...but not a bad idea to scan your system with it General protocol with all 3...install and then update them...reboot into safe mode and let it go to town. Once you reboot into normal mode let SBSD immunize your system. I didn't mention anything that you had to pay to use as the fact that you were searching for things of questionable legality suggests to me that you might be reluctant to pay for that which you need...In which case...these 3 packages aren't a bad way to go. edit: wow...for posting while sleepy first thing in the morning...If you cannot boot into safe mode and do anything useful and the Windows Recovery mode when booting from the CD doesn't help then a reformat and reinstall is the only way to recover this... __________________ Mooga on Obama: He can cut taxes. Actually do something useful. Punch Nancy Pelosi in the face. Just to name a few. You eventually run out of other people's money to spend.

07-04-2008, 08:19 PM	#7
פֿяαιп βαмαgεפ Annoying people since 1986 Join Date: Sep 2007 Location: Belgium a.k.a. absurdistan Class/Position: O fatty, pyro - D engy, pyro Gametype: CTF Affiliations: This space for rent. Posts Rated Helpful 1 Times	Oh god you got screwed good, hang on, I had to tame one of those bastards too, I have a solution here somewhere, just gimme a sec. edit Step 1: Delete your CacAfee/Borton scanner you probably are using. Step 2: Download Avast Anti-Virus. Download AVG Anti-Virus. Download SpyBot S&D. Download Ad-Aware. Step 3: Update all the scanners. Step 4: Restart computer and put into safe mode. Step 5: Set all of them onto thorough scan or however the heck you spell that word. Step 6: Scan overnight/any time 2 times using all of them. Repeat as your paranoia desires. Step 7: Delete AVG so Steam won't bitch and crash because you have it on the comp. Step 8: Continue using Avast as your main scanner. Continue using Spybot as your secondary spyware scanner. Continue using Ad-Aware as your secondary spyware scanner. Last edited by פֿяαιп βαмαgεפ; 07-04-2008 at 08:40 PM.

07-05-2008, 08:36 PM	#11
GeoKill-----> Community Member Server Owner Beta Tester Forum Moderator Join Date: Mar 2007 Location: Hawthorne, California Class/Position: Soldier/Spy/Scout Gametype: AvD Affiliations: :e0:Eternal Order Leader Posts Rated Helpful 12 Times	I had the same problem and what i did I installed hijackthis http://www.download.com/Trend-Micro-...-10227353.html and removed the virus the manual way but if you don't know which one to remove then do a google search for each process running. Once you know which one is a virus, disable it then delete it. Once you did that run AVG again. __________________ Fortress-Forever Guides All Your Mapping Needs :e0: Will live on Forever Support FF:

07-07-2008, 01:37 PM	#15
Firefox11 Join Date: Dec 2007 Class/Position: O&D: Pyro, Sniper Gametype: AvD Affiliations: FF.AvD [FF AvD/ID guild] Posts Rated Helpful 0 Times	I've been trying to get the last parts of the Infection, but it looks I'm not successful. AVG doesn't find anymore viruses that I can identify and kill with HijackThis, and I tried finding them with TuneUP Utilites and the Task Manager it has, to locate a Windows look-a-like file out of place. I've noticed that sometimes the file directory is a bit different (as in c:/windows/system32 instead of C:/WINDOWS/system32), but I don't think this can be relevant. Will try the combofix package now. I hope I'm more lucky than a friend, who had the same problem and had to reformat (though he didn't get past Step #1, disabling at least a part of it) EDITHigh five, mate. ComboFix killed everything that still was in the Computer (or at least this is what it looks like). I can access the Hard Drive, everything is back in the Start Menu and no more "Current Time VIRUS ALERT!" Thanks everyone for the help! Last edited by Firefox11; 07-07-2008 at 01:55 PM.

07-04-2008, 12:43 PM	#1
Firefox11 Join Date: Dec 2007 Class/Position: O&D: Pyro, Sniper Gametype: AvD Affiliations: FF.AvD [FF AvD/ID guild] Posts Rated Helpful 0 Times	Infection! (Doesn't spread, AFAIK ;D) So yesterday I was searching for some stuff and downloaded a .exe that now fucked up my PC. No, I wasn't looking for pr0n but for a no-CD illegality stuff. The issue is the PC. I've run Panda 2007, but it seems that the virus (or whatever it is) disabled or at least hid the Hard Drive, so I guess that's where it's installed. I can't neither go back to a previous config since my Start Menu doesn't show any programs nor folders. Also, Control Panel, Run, Search and any other application linked to the Start Menu is also gone, except the last used programs. Any ideas? Should I go with a direct reformat?

07-04-2008, 01:29 PM	#2
Hammock D&A Member Join Date: Sep 2007 Posts Rated Helpful 13 Times	Have you tried starting up in safemode with networking? If you can get booted up in safe mode you could try running your antivirus there.

07-04-2008, 01:34 PM	#3
Pixel if(0>1){printf("broked");} Beta Tester Join Date: Mar 2007 Location: Amerika Class/Position: O Posts Rated Helpful 3 Times	Windows Key + R? Try that. msconfig, check your start up programs.

07-04-2008, 07:10 PM	#5
Firefox11 Join Date: Dec 2007 Class/Position: O&D: Pyro, Sniper Gametype: AvD Affiliations: FF.AvD [FF AvD/ID guild] Posts Rated Helpful 0 Times	Thanks for all the replies! No, I didn't try starting in safe mode because I'm a bit newb about computer issues, and didn't exactly know what to do (and my Comp Nerd Friend is out, holiday trip). I'll try those things and let you know.

07-04-2008, 07:50 PM	#6
Firefox11 Join Date: Dec 2007 Class/Position: O&D: Pyro, Sniper Gametype: AvD Affiliations: FF.AvD [FF AvD/ID guild] Posts Rated Helpful 0 Times	Alright, tried booting in safe mode, both normal and with networking. However, I still can't see the hard drive. Because of my newbiness, I don't know which are the normal start up programs - I can recognize Panda, Steam, etc. but ones like RHT and a few more letters, I don't. Also, since the hard drive doesn't show up, scanning with Panda would be futile - tried already, but since it can't scan the HD, it doesn't find a problem. Other symptoms include: - The time at the lower right corner displays a "VIRUS ALERT!" message. - Three additional icons appeared when the problem started, all three being relative to virus/spyware busting, all of them shortcuts (didn't try them though). - I can't access Internet with that computer, and I am a bit scared to download AV programs in this computer, then to a pen drive and then to the other PC - I don't want to lose a portable hard drive, to be honest D= - The first boot after installing that program, the screen got flooded (literally) with tons of popups, virus alerts from websites asking to download stuff and even a weird wallpaper, red with a infection symbol, also reading somewhat along the "Virus Alert" message. All these don't show up anymore, though.

07-04-2008, 09:24 PM	#8
Firefox11 Join Date: Dec 2007 Class/Position: O&D: Pyro, Sniper Gametype: AvD Affiliations: FF.AvD [FF AvD/ID guild] Posts Rated Helpful 0 Times	Ok. So is it safe to actually download them into the infected comp with a portable HD/pen drive? Won't it get infected too? (Mainly because the only "portable HD" I have is my MP4 player, which I just got recently after getting it replaced for the 2nd time, so you can guess I don't want to lose it again =S)

07-04-2008, 09:35 PM	#9
פֿяαιп βαмαgεפ Annoying people since 1986 Join Date: Sep 2007 Location: Belgium a.k.a. absurdistan Class/Position: O fatty, pyro - D engy, pyro Gametype: CTF Affiliations: This space for rent. Posts Rated Helpful 1 Times	You can't be 100% sure but I think when you download all programs and smack 'em on the hard drive it shoudn't be a problem.

07-05-2008, 05:20 PM	#10
Firefox11 Join Date: Dec 2007 Class/Position: O&D: Pyro, Sniper Gametype: AvD Affiliations: FF.AvD [FF AvD/ID guild] Posts Rated Helpful 0 Times	Alright, did all what פֿяαιп βαмαgεפ suggested, here's the report: - Started in safe mode, couldn't correctly fire AVG because it needs to run in normal mode. However, it did a MS-DOS screen scan, notifying all the Virus/Trojans/Spyware. Wrote some of them down. - Installed Spybot: S&D and made a scan, fixed all the errors. - Couldn't install Ad-Aware, because the System Admin was blocking that action (wtf? There's only one account in this PC... well, w/e) - Restarted - normal mode. - Ran AVG. Updated to the max, ran a scan. Fixed all I could. However! The hard drive still doesn't show, and the "VIRUS ALERT!" message still appears to the right of the time. Some progress was made, though: now the Programs tab in the Start menu shows up. However, Run, Search and other functions still aren't available. I can now use the Proccess Admin (CTRL + ALT + DEL, in case I didn't get the name right). Also, I could install Ad-Aware. - I'm running AVG again, and it seems that there are some errors that it didn't fix before, so I guess it is not fixing the problem that cause the C: drive to not show up, as well as the Start Menu problem too. - Now that I can use the Proccess Admin, I can see how one of the programs detected as Trojans when I ran AVG in Safe Mode is still running. However, since it is a System proccess, I'm told that the program is critical and can't be stopped. So, what now? AVG is still scanning, but just in case it can't fix the problem, what should I do next?

07-06-2008, 10:14 PM	#12
Dospac Retired FF Staff Join Date: Jan 2005 Location: San Jose, CA Posts Rated Helpful 0 Times	The Combofix package was the only thing finding and removing this, last I cleaned a system w/something similar.(about 4 months ago) Just google it.

07-06-2008, 11:21 PM	#13
v3rtigo Lock 'n Loll! Join Date: Sep 2007 Location: 2fort Class/Position: Scout, Spy, Sniper Gametype: CTF Posts Rated Helpful 0 Times	I agree with the googling, fixing these bastards usually involves a proces that isn't handled by automatic scanners. Identify and fix them one by one.

07-07-2008, 01:55 AM	#14
darksoul D&A Member Join Date: Mar 2007 Posts Rated Helpful 0 Times	ty for the link dos, been banging my head against my keyboard for the last ten hours trying to find a fix.

07-07-2008, 07:01 PM	#16
פֿяαιп βαмαgεפ Annoying people since 1986 Join Date: Sep 2007 Location: Belgium a.k.a. absurdistan Class/Position: O fatty, pyro - D engy, pyro Gametype: CTF Affiliations: This space for rent. Posts Rated Helpful 1 Times	Glad it worked!

07-11-2008, 03:43 AM	#17
Dospac Retired FF Staff Join Date: Jan 2005 Location: San Jose, CA Posts Rated Helpful 0 Times	Yeah. I never tracked down the guys who put Combofix together. Those are some badass dudes though. Talented folks who can really pull apart windows to fix it hahah. Also, a good utility disk is Winborg. Can google/torrent that too. Awesome combo dvd w/tons of cool repair shit on it+custom windows installs, and it gets updated still afaik.

07-14-2008, 08:35 PM	#18
פֿяαιп βαмαgεפ Annoying people since 1986 Join Date: Sep 2007 Location: Belgium a.k.a. absurdistan Class/Position: O fatty, pyro - D engy, pyro Gametype: CTF Affiliations: This space for rent. Posts Rated Helpful 1 Times	YEah, one thing I use too is Hiren's boot cd, that solves some heavy shit too sometimes!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)