help with an extremely nasty virus

Posted: Wed Apr 25, 2012 1:56 pm

djdezzie wrote:

This guy is full of ideas, maybe try a couple? http://www.geekstogo.com/forum/topic/313913-hacker-controlling-my-pc-unknown-virus-rootkit/

I went to this site and one of the threads had suggested Clamwin scan. I used it and it found this:

Trojan.generic.Bredolab-2 in one area
Trojan.Kazy-2244 in 2 areas
Default.sfx in a folder in program files

I ran it a couple times to make sure I knew what it was finding. I did a report only so I could see where the viruses it found were. Then I quarantined it before deleting it. I wanted to make sure I knew what would need fixing afterwards. Also Avast found (prior to ClamWin) win32.dUmPeX[SusP].

I don't know if it got everything but I'm happy it found as much as it did Very Happy

. If my internet explorer looks like it's gone window happy then I'll know it missed something. My computer still runs slow so I figure those viruses did a number on it. I couldn't deal with the slow part until I dealt with the viruses.

Should I run another boot-time scan with a different program then Avast? Also, what's a good rootkit program to use? I have tdskiller - it hasn't detected anything but neither did Avast when I ran its virus scan. I want to make sure I've covered all bases. I don't want to leave anything behind.

I got rid of McAfee. I have Avast trial, Microsoft Security Essentials, Malwarebytes, SUPERAntiSpyware and ClamWin free edition still installed. I have a couple others that will get uninstalled now. I haven't decided yet on what I'm going to replace McAfee with yet. I know having Microsoft Security Essentials on conflicts with programs like Avast. I usually keep certain areas turned off so it doesn't interfere.

Someone had told me that rather then having 1 program that does everything, I should have separate programs that specialize in one area. That it would provide greater protection. Any thoughts on that?

Thank's everyone for the help.

Posted: Wed Apr 25, 2012 2:52 pm

Hi there, sounds like a nasty one. The best way to get rid of the thing is to do a fresh install, virus system files, executables, batch files etc dont usually show up in your music/movies folders (unless you have downloaded a bad torrent, lol) so you can just back up your files and hit the nuke button.

If you think you got it all though and your comp is still a bit sluggish, you may find doing a bit of a spring clean will help...get ccleaner from piriform, it not only deletes all the unnesessary bloat from your machine but you can also use it to fix registry errors etc...may give you your comp its life back a bit Wink

http://www.piriform.com/CCLEANER

Posted: Wed Apr 25, 2012 3:56 pm

Is some other things you can do disable restore points before you do a scan.
Scan your PC in safe mode if your antivirus has this option also antivirus software companies do share each other info about some virus threats they also offer free tools to use..

Utilities like from Eset

http://www.eset.co.uk/Download/Utilities

Utilities like from kaspersky

http://support.kaspersky.com/viruses/utility

Not fan of McAfee but they have this little tool Stinger
http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx

Other antivirus sites have other things also just read you run internet explorer not a good thing imo ..

Posted: Wed Apr 25, 2012 6:40 pm

I use rKill from bleepingcomputer , and run in safe mode prior to running your antivirus.
wouldn't like to say it's better or worse. you can give it a go as they wont conflict with each other and let us know what picks up what. call it an "in the field" trial Very Happy

Posted: Thu Apr 26, 2012 2:41 pm

thetazzzz wrote:

Other antivirus sites have other things also just read you run internet explorer not a good thing imo ..

What other browsers would you suggest?

My internet explorer just went window happy so apparently I didn't get the main virus, just all its friends. Haven't given up the fight yet. Thanks for more suggestions.

Posted: Thu Apr 26, 2012 3:04 pm

Quote:

I have Avast trial, Microsoft Security Essentials, Malwarebytes, SUPERAntiSpyware and ClamWin free edition still installed

Quote:

Someone had told me that rather then having 1 program that does everything, I should have separate programs that specialize in one area.

They can/will all conflict with each other, ideally you should only have something like avast and SUPERAntiSpyware (I use spybot, I dont like things with "super" in the name)

Quote:

What other browsers would you suggest?

firefox or chrome, anything except IE

Posted: Thu Apr 26, 2012 3:56 pm

OK, I'll look into Chrome. I don't like the way Firefox stores bookmarks - what IE calls favorites. It's encripted. With IE's favorites I can see everything I have by going to favorites file on my computer, with Firefox I can't.

One more thing, my friend has the same virus on her computer. I don't know if it transfered from her's to mine or visa versa through my memory stick. Can the virus shut down the drive completely. I mean, hers won't even boot up any more. I connected it to mine as a external to run the same scans on it that I did on mine and I can access everything on it. Could it be the virus or did her motherboard or something else go bad?

Posted: Thu Apr 26, 2012 9:12 pm

cinvowell wrote:

OK, I'll look into Chrome. I don't like the way Firefox stores bookmarks - what IE calls favorites. It's encripted. With IE's favorites I can see everything I have by going to favorites file on my computer, with Firefox I can't.

One more thing, my friend has the same virus on her computer. I don't know if it transfered from her's to mine or visa versa through my memory stick. Can the virus shut down the drive completely. I mean, hers won't even boot up any more. I connected it to mine as a external to run the same scans on it that I did on mine and I can access everything on it. Could it be the virus or did her motherboard or something else go bad?

Thats a whole new thing, could be one of around 50 things just off the top of my head

Posted: Thu Apr 26, 2012 9:45 pm

Thanks. That's all I needed. Smile

Now I'll look at hardware problems first and I can still scan the hard drive as an external using a sata/ide to usb adapter. I'll start checking it like I did mine when the motherboard went bad.

I sometimes ask questions that I should know the answers to instead of relying on what I've already learned.

(edited May 17,2012)

Thanks to everyone. I think the virus is finally gone. I've seen no signs of it in almost a week Very Happy

. now I'll set up a better firewall and antivirus to protect my computer. Anything but McAfee. Again, thanks. Very Happy

Posted: Tue May 29, 2012 2:05 pm

First - Sorry for having 2 postings in a row. It's been a while since I posted here. I didn't know if I should edit or post. If I got it wrong let me know and I'll correct it and know the right way next time.

cinvowell wrote:

Thanks to everyone. I think the virus is finally gone. I've seen no signs of it in almost a week Very Happy

. now I'll set up a better firewall and antivirus to protect my computer. Anything but McAfee. Again, thanks. Very Happy

Well, I thought wrong. Laughing

The good news is I think I have the name of it. An icon just popped up in my tool bar - rocketlife communicator. I think this is the virus I've been tackling or another virus. I don't know which. Any one heard of this one or is it a legit program? I'm thinking it's a virus because I can't find any programs associated with it yet and it disappeared a few minutes after it showed up. I'm running through the programs I have to see if anyone might get rid of it, but nothing yet.

I reformated a drive to fit my machine for a friend to use until she gets a new one and I had to move her files from my drive to the new one. Had I thought the virus on my drive was still there I would have waited. I guess it took the opportunity to migrate to the new drive. That's where the rocketlife communicator icon showed up.

I feel like I'm back to square one, and just when I though I was ready to take this computer over to her. Laughing

Posted: Tue May 29, 2012 3:05 pm

Back up your data and reinstall, its the only solution. When you install make you sure you delete all partition and have windows reformat

iamnephilim wrote:

rather than waste a bunch of time with it why not just do a fresh install.

this was posted over a month ago, so essentially you've wasted a month avoiding a 2 hour job Laughing

Posted: Tue May 29, 2012 3:17 pm

cbilljones wrote:

Back up your data and reinstall, its the only solution. When you install make you sure you delete all partition and have windows reformat

iamnephilim wrote:

rather than waste a bunch of time with it why not just do a fresh install.

this was posted over a month ago, so essentially you've wasted a month avoiding a 2 hour job Laughing

Got to go with cbilljones on this one. I feel your pain but it looks like a clean install is the going to be the final solution.

Just to share how I handle these sort of critters. I simply do not store the stuff I want to save on my Operation drive. Not a big problem since it is a small 60GB SSD so using it for storage is not an option.

When the inevitable problems occur I simply pop in ye Win7 disc, format the drive and install fresh. I not only wipe any bugs from the system, I get the warm fuzzies from having a fresh and fast new system.

I think you got yourself caught up in the "I will win this war", but in the end it sounds like it is time to throw in the towel and start new.

Posted: Wed May 30, 2012 1:27 am

cbilljones wrote:

Back up your data and reinstall, its the only solution. When you install make you sure you delete all partition and have windows reformat

iamnephilim wrote:

rather than waste a bunch of time with it why not just do a fresh install.

this was posted over a month ago, so essentially you've wasted a month avoiding a 2 hour job Laughing

Yea, you're right and I'm stubborn and bull-headed. Laughing

As far as wasting a month on an infected drive, Laughing

I guess the jokes on me. I spent all that time cleaning it only to pull it to give the machine with a fresh drive to a friend until she can get herself a new one. Laughing

My drive is nothing more then storage right now and I'm using a friend's computer that he wasn't using. I just got done installing everything she'll need on the new drive. (It wasn't anywhere near a 2 hour job.) I have all her documents and firefox bookmarks on my drive. When I transfered her information and bookmarks to the new drive I assumed the virus transfered with it, but it may not have - it's doing things it didn't do before. Well, it don't matter. I'll just call this a dry run since it was the first time I formatted a drive by myself begining to end.

I used cnet for the programs I needed. I don't think I downloaded anything from any other site but I don't remember for sure. Except, she was having trouble opening something in an e-mail sent to her by her daughter or grand-daughter - a birthday e-card. I don't normally open things like that. I don't trust them. It was important to her to be able to open stuff like that because her family sent her a few for her birthday.

Since I know what programs I need now, it shouldn't take as long.

Since a virus can hide on an exicutable download, I want to get fresh downloads for the programs I just got done loading as well. Is cnet the best place to replace those downloads or is there someplace better? Also, should I put her documents and bookmarks on a stick and scan it rather then connecting my drive as an external? I'm trying to be on the safe side this time. Formating this drive and installing everything twice is enough for me in one week. Laughing

fblevins1 wrote:

I think you got yourself caught up in the "I will win this war", but in the end it sounds like it is time to throw in the towel and start new.

If it was just for me, I'd fight to the end (that's just my nature), but the drive that's now sharing the pain is for a friend and that's a whole nother ball game. Wink

Now it'll be a matter of trying not to re-infect it while re-installing everything. Laughing

Posted: Wed May 30, 2012 1:41 am

cinvowell wrote:

Since I know what programs I need now, it shouldn't take as long.

cinvowell wrote:

Is cnet the best place to replace those downloads

Um, we don't know what you need Laughing

Posted: Wed May 30, 2012 2:22 am

(esp. for WinXp) Run Malwarebytes full version's scan in safe mode, full scan. Quarantine them results. Then open as administrator in safe mode and do a system restore before the date the virus attacked your PC (use the highlighted dates). Worked for me all the time..all those antivirus those claim to kill all those viruses are not fully effective for extremely malicious viruses. For some of them you gotta do mixed up stuffs manually.