bad virus - Page 6

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: bad virus



On 3/19/2010 11:01 PM, Xray wrote:
Quoted text here. Click to load it

After reading dozens of replies and giving up on reading all of them
here is my take.
1. Make image backups of the os and sleep better for all sorts of reasons.
2. If you insist on downloading from a questionable source, run a multi
boot system where each os is completely isolated from each other.
Bootitng from terabyteunlimited will let you make such a system where
the partition table is only loaded with partitions you specify. That way
you can keep a throwaway copy of your main os.
3. If you go to the trouble of running AV software then at least pay
some attention to it's warnings.

I've never had a virus in years of computing, but I've accidentally lost
files and seen hd's go bad.

Re: bad virus



Dave Cohen wrote:
Quoted text here. Click to load it

Well, we can all say a bunch of things from hindsight, obviously.
I'm gonna try asking at the Kaspersky forums and see what they have to
say, I guess this topic has run its course now.

Will update when I have anything worth posting - And if I ask about gay
sex or something, remember, its the virus talking, not me !

Re: bad virus




| Dave Cohen wrote:
Quoted text here. Click to load it




| Well, we can all say a bunch of things from hindsight, obviously.
| I'm gonna try asking at the Kaspersky forums and see what they have to
| say, I guess this topic has run its course now.

| Will update when I have anything worth posting - And if I ask about gay
| sex or something, remember, its the virus talking, not me !

:-)

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: bad virus




Quoted text here. Click to load it

Ah, the old "plausible deniability" virus. :oD



Re: bad virus




 
Quoted text here. Click to load it

I may have the fix, Kaspersky moderators wrote up a custom script for my
system that is supposed to nuke all the baddies, will post back [if able].
Either this will work, or I will reinstall windows after complete format.

As a side note, I noticed spybot has a process viewer, which is nice since
the windows process view no longer functions.
The 1st 4 processes looked suspicious to me.

* System - No path
* csrss.exe - \??\c\windows\system32
* smss.exe - \systemroot\system32
* winlogon.exe - \??\c\windows\system32

I tried terminating csrss and winlogon, got immediate fatal errors and
shutdown on each one.
The ?? in their path, I would think, would mark them as bogus.
Can anyone cofirm or deny these as valid processes ?

Re: bad virus




Quoted text here. Click to load it

Those are indeed valid processes. If the kaspersky thing doesn't work
out, I'd suggest you reformat and reload the system. If in the future you
run across something like this again, You can try the forums at
malwarebytes (I'm only recommending this site because I have personal
experience there and feel safe vouching for the help you would recieve by
qualified individuals). Post in the forums asking for help and follow the
instructions provided. Many other reputable sites offer pretty much the
same thing, I just don't have the urls memorized so I can't offer them up
right off ..



--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Re: bad virus




 
Quoted text here. Click to load it

Update - Had to wipe the drive clean and reinsall OS.
Virus - 1
Me - 0

Re: bad virus



Xray wrote:

Quoted text here. Click to load it

Did you pick one that isn't susceptible to such problems?

Quoted text here. Click to load it

<g>

--
   -bts
   -Four wheels carry the body; two wheels move the soul

Re: bad virus



$1me$1@news.eternal-september.org:

Quoted text here. Click to load it

I took a shiny disc, it said something like "Windows XP Professional" on it,
not sure.

Its not XP's fault that I like to take risks.
Lots of people write lots of malicious code for windows for 1 reason -
Because most people use it.
There must be a reason why most people use it, no ?

Site Timeline