Jump to content

Lost cause... Worm on all computers.


Recommended Posts

Ok. Where the hell do I begin?

I don't know. I'm tired, it's now less than ten days until Christmas, my mother's leg is broken, and I've got a basement full of at least twenty ways to die.

As of my mother checking her bank account (through a frigging computer no less) yesterday afternoon, everything looked fine. Will it stay that way? Cannot be sure. Unlikely I'd say.

Guess I could start by showing you guys what I posted on Bleepingcomputer. Que "OHNOYOUCANNOTDOMORETHANONEWEBSITEATTHESAMETIME!!! INSTABANNED!!!", oh I'm sorry, but I waited a week and a half and got nothing outta them, so shut up. Here it is. Also, when I was physically disconnected from the internet, it did not exhibit any of those symptoms.

Ok, turns out, it is a worm. A sophisticated worm. One that hides itself well, and does relatively few noticeable things to the system in order to prevent the user from realizing it's there.

How did I get it? Probably through this computer, even though it wasn't the same Vista that I was talking about in the forums, all my other PCs are still XP. It's been used frequently by my brother to look at porn before but nothing quite like this has ever happened. Though I wont rule out the possibility that it came from the Vista seeing as how my parents seem to have a mystical nack for catching viruses.

Anyway, here's the main changes since my bleepingcomputer post.

I got tired of waiting day before yesterday, so after talking with the people at AVG and Sony, I was given a line of crap that I could just use the Vaio recovery DVDs to restore the computer to factory settings. I did. I then updated the computer, with a few frustrations along the way, such as it taking twelve hours to complete and having to reinstall some finicky updates. After that I got Kaspersky up and running and wanted to run a full scan to see how well it would run. Much to my amazement the virus scanner told me it would take 5 days to completely the scan. After taking a moment to rub my eyes and curse God's name repeatedly, I checked again, just in case I was seeing things. I wasn't, but still, shortly later it told me it would only take 2 hours instead. Still strange correct? After that I checked with task manager to see if any funny programs were running. Didn't see anything, except for the fact that Kaspersky (avp.exe) was taking up a whopping 95% of my CPU. That never happened with AVG, even after infection.

Anyways, I've spent most of the day brooding since then, considering buying a new computer among other things. Until about an hour ago I tried going on the Kaspersky website (on this computer) to get a phone number to call. The website loaded up just fine, I could even get to the forums. But when I tried to access the support page. My heart sank. No redirect, just lost connection to the site... Tried several times, and I JUST CANNOT GET THERE. It doesn't do it with other antivirus sites, just Kasperky. Kinda specific, don't you think?

What do I do? :retardedsmileyface:

Link to post
Share on other sites

post-32477-1261866970.gif

Please don't attach the scans / logs, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

I've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache

http://www.java.com/en/download/help/plugin_cache.xml

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Uh yeah. Heheh, uh I think I may have been over reacting earlier.

Honestly, I can download Mbam just fine. And I can get to the Kaspersky support site now.

To be clear though, I need to know if this is what the Kaspersky support site is meant to look like.

Kasperskysite.jpg

Though Kaspersky Internet Security is still running slow and eating CPU when scanning. The problem seems to be somewhat common with the IS version according to the forum on their site. Don't know if a virus could be causing it or just programming fail on their part. And just making an antivirus program run a little slow sounds like a pretty small goal to aim for when designing a virus, especially when it doesn't affect more than one out of the hundreds of different ones out there.

Other than that, the computer may be downloading videos a little slow, particularly from Blip.

I'll get back to you if I still think there is a real problem.

In the mean time, I'll be looking for an antivirus program that doesn't suck.

Link to post
Share on other sites

My parents are frigging hopeless.

No more than a week after I get the first computer restored to normal, looking at the history tab my dad seems to have visited "xnxx" a porn site known for distributing spyware/malware, according to siteadvisor.

I hate those damn motorcycle/cowboyshooting/whatevertheheck friends of his. Always sending him crap he shouldn't look at. Our Identity will probably be lost one of these days. Stubborn cow parents...

Anyway, MBAM log is showing nothing of interest so it's not even worth posting. I'm not convinced though. Any more steps I should take to confirm clean?

Oh and the only noticeable behavior on this one is that the little black line that appears when you type something (I don't know what you call it) seems to blip quite rapidly.

Running:

Microsoft Windows XP/Media Center Edition/Service pack 3

Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.