major virus problem

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Let's see if you guys can help me.  I installed a program that was
supposed to improve the functionality of another program, but it had a
suspicious filename.  So, I scanned the downloaded file with avast
antivirus, and it was "clean." it asked to extract files to a certain
location, so i put in my jumpdrive, just in case.  it extracted files
and executed some files, which flashed all over the screen and i didn't
catch the names.  i immediately removed my network cord, unplugged my
external hard drives, restarted my computer, scanned my comp with the
avast, and everything seemed fine.  before i did this and after, the
windows firewall had been removed and can't be reactivated.  i get an
error message when doing so.  i ran a system file check and rebooted,
and it didn't fix the problem.  would a repair install help?  right
now, i'm running the latest knoppix live cd.  it's finals time, and
hopefully somebody can help me out pretty quickly.  thanks


Re: major virus problem


| Let's see if you guys can help me.  I installed a program that was
| supposed to improve the functionality of another program, but it had a
| suspicious filename.  So, I scanned the downloaded file with avast
| antivirus, and it was "clean." it asked to extract files to a certain
| location, so i put in my jumpdrive, just in case.  it extracted files
| and executed some files, which flashed all over the screen and i didn't
| catch the names.  i immediately removed my network cord, unplugged my
| external hard drives, restarted my computer, scanned my comp with the
| avast, and everything seemed fine.  before i did this and after, the
| windows firewall had been removed and can't be reactivated.  i get an
| error message when doing so.  i ran a system file check and rebooted,
| and it didn't fix the problem.  would a repair install help?  right
| now, i'm running the latest knoppix live cd.  it's finals time, and
| hopefully somebody can help me out pretty quickly.  thanks

Next time submit suspicious files to Virus total.
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it.  In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.  http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: major virus problem


Quoted text here. Click to load it

Perhaps the oldest ruse in the book. You should contact the author
of the "enhancement" program and ask for help. If you cannot contact
the author (such as is usually the case with a dowloaded crack from p2p
written by some anonymous lugghead), you should not have executed
the program.

AV can't save you from this kind of bad behaviour.

Quoted text here. Click to load it

No AV program can make that determination. If yours claims to then
it (they) are lying to you. More likely is that you assumed "no virus was
found in the scan" is the same as "clean", in which case you assumed too
much - and ran it anyway.

Quoted text here. Click to load it

Follow David Lipman's advice to help you now, my post won't help you
until the "next time" you find yourself wanting to execute some unknown
program from some no-account anonymous lugghead



Re: major virus problem

trying to post to everyone, hope this works.  I plan to use a
hijackthis log and submit it to an IT support area I work at.  For now,
i am getting good, fast replies from you guys.  if i use hijackthis,
would i be ultimately cleaning my computer until another strand of the
malware was activated, that laid dormant in my machine?  should i just
reformat?  i'm really just worried about the virus spreading to the
160gb secondary internal hdd.  are there any ways i could check the
health of that drive?  any suggestions, ways other people would
configure there computer to ensure future problems will not harm other
parts of a computer....let me know your thoughts.  thanks  oh...by the
way...the file has multiplied itself as different exe files under
different names


Re: major virus problem

joshbowen83@gmail.com writes:

Quoted text here. Click to load it

Yes.  That is the only reliable way to get to a known-clean state.
And it's generally the fastest too if you factor in anything beyond an
easily cleaned malware infection.

--
Todd H.
http://www.toddh.net /

Re: major virus problem


Quoted text here. Click to load it

Hijackthis is good for identifying some malware by it's infestation and
creation of ways to become resident such as installation of BHO's and
some autostart methods. It won't help with modified executables though.

David's MultiAV tool should also be used IMO.

Quoted text here. Click to load it

It is certainly possible, HJT will look for 'installed' malware entries in the
registry. If the malware has made any trojans as a way of reinstantiating
itself then HJT would not be able to find that. If the log analyst can ID
the malware, it is possible to run a removal tool or use a manual removal
proceedure that does indeed identify the trojaned file.

Just as an example, an installed malware could be removed from the system
by editing the registry and deleting the installed executables. But this does no
good in the long run if notepad.exe has been modified to a downloader trojan.
David's tool would be a more comprehensive approach since it would likely
be able to identify a downloader trojan as well as the installed malware exes.

Quoted text here. Click to load it

If you find that easier, by all means do. But just remember that reinstalling
the OS will likely retrograde your patch level.

Quoted text here. Click to load it

Send one to the virustotal site for identification purposes so we can know
just what it is you've got. It could be a simple thing requiring no reformat,
reinstall, re-patch senario. The multiAV tool should be run as well and will
probably find things you didn't even know you had.



Re: major virus problem

Per joshbowen83@gmail.com:
Quoted text here. Click to load it

I don't know much about viruses (virii?), but it seems to me like it didn't have
to be a virus - just an executable with bad intentions, which I wouldn't expect
any anti-virus program to spot unless it was some sort of widely-occurring exec.
--
PeteCresswell

Re: major virus problem

you need make a report,so it seems your system some information
,autorun etc

you can use hijikethis or others.

if use hijikethis,just do a search ,it also has a log submit page.


Re: major virus problem




| I don't know much about viruses (virii?), but it seems to me like it didn't
have
| to be a virus - just an executable with bad intentions, which I wouldn't expect
| any anti-virus program to spot unless it was some sort of widely-occurring
exec.
| --
| PeteCresswell

virii ? -- No !

http://spl.haxial.net/viruses.html
http://homepages.tesco.net/~J.deBoynePollard/FGA/plural-of-virus.html
http://linuxmafia.com/~rick/faq/plural-of-virus.html

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: major virus problem

David H. Lipman wrote:
Quoted text here. Click to load it

ha! we should be so lucky... these days there are so many i don't even
know what the correct roman numerals to put after the 'vir' are...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: major virus problem


| David H. Lipman wrote:

Quoted text here. Click to load it


| ha! we should be so lucky... these days there are so many i don't even
| know what the correct roman numerals to put after the 'vir' are...

:-)


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: major virus problem

'David H. Lipman' wrote:
| virii ? -- No !
_____

'Virii' is a virus.
It infects unprotected wetware.


Phil Weldon

|
|
|
|| I don't know much about viruses (virii?), but it seems to me like it
didn't have
|| to be a virus - just an executable with bad intentions, which I wouldn't
expect
|| any anti-virus program to spot unless it was some sort of
widely-occurring exec.
|| --
|| PeteCresswell
|
| virii ? -- No !
|
| http://spl.haxial.net/viruses.html
| http://homepages.tesco.net/~J.deBoynePollard/FGA/plural-of-virus.html
| http://linuxmafia.com/~rick/faq/plural-of-virus.html
|
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|
|



Re: major virus problem


Quoted text here. Click to load it

Many people use the term virus to refer to malware or even the botched
installation of a well meaning product. To them virus = sick computer.

Always trying to clarify this to others' gets tedious.  :(

...and as for viruses vs. virii - who cares!?

I have a virus
I have more than one virus
I have several more than one virus
I have so many more than one virus that I am about ready to reformat
and reinstall the OS

Err...hey d00d that's virii or viruses for plural - pick one and be happy
and ignore those that correct your English or Latin language use.



Re: major virus problem

edgewalker wrote:
[snip]
Quoted text here. Click to load it

perhaps people who don't like to be laughed at...

Quoted text here. Click to load it

virii is neither english nor latin... it's numerical... and it's very
small...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: major virus problem


Quoted text here. Click to load it

Then by all means use whichever you think is less laughable among your
peers (or those who would be doing the laughing). Different peer groups
laugh at different things.

Quoted text here. Click to load it

:))



Site Timeline