bad virus
in [Anti-Virus]
|
From: Xray on 22 Mar 2010 00:22 Xray <pl(a)yer.com> wrote in news:ho1dpi0296p(a)news3.newsguy.com: > So any advice to get rid of this thing ? > Edit - Did it again, all of those problems above, spybot is unable to > get rid of. > Oh, and tried system restore, virus has got that covered too. > Only 1 restore point, and thats today - Got this virus about 3am this > morning. > > Edit - Booted into safe mode sucessfully, spybot found the infections > again, and deleted all but 1, which was apparently running. > 1 is in a folder c/windows/system32/lowsec > I could see the actul files in safe mode, tried to manually delete them > but I couldn't. > In normal mode they aren't visible. > I may have the fix, Kaspersky moderators wrote up a custom script for my system that is supposed to nuke all the baddies, will post back [if able]. Either this will work, or I will reinstall windows after complete format. As a side note, I noticed spybot has a process viewer, which is nice since the windows process view no longer functions. The 1st 4 processes looked suspicious to me. * System - No path * csrss.exe - \??\c\windows\system32 * smss.exe - \systemroot\system32 * winlogon.exe - \??\c\windows\system32 I tried terminating csrss and winlogon, got immediate fatal errors and shutdown on each one. The ?? in their path, I would think, would mark them as bogus. Can anyone cofirm or deny these as valid processes ?
From: Dustin Cook on 22 Mar 2010 01:45 Xray <pl(a)yer.com> wrote in news:ho6raa0qge(a)news2.newsguy.com: > Xray <pl(a)yer.com> wrote in news:ho1dpi0296p(a)news3.newsguy.com: > > >> So any advice to get rid of this thing ? >> Edit - Did it again, all of those problems above, spybot is unable to >> get rid of. >> Oh, and tried system restore, virus has got that covered too. >> Only 1 restore point, and thats today - Got this virus about 3am this >> morning. >> >> Edit - Booted into safe mode sucessfully, spybot found the infections >> again, and deleted all but 1, which was apparently running. >> 1 is in a folder c/windows/system32/lowsec >> I could see the actul files in safe mode, tried to manually delete >> them but I couldn't. >> In normal mode they aren't visible. >> > > I may have the fix, Kaspersky moderators wrote up a custom script for > my system that is supposed to nuke all the baddies, will post back [if > able]. Either this will work, or I will reinstall windows after > complete format. > > As a side note, I noticed spybot has a process viewer, which is nice > since the windows process view no longer functions. > The 1st 4 processes looked suspicious to me. > > * System - No path > * csrss.exe - \??\c\windows\system32 > * smss.exe - \systemroot\system32 > * winlogon.exe - \??\c\windows\system32 > > I tried terminating csrss and winlogon, got immediate fatal errors and > shutdown on each one. > The ?? in their path, I would think, would mark them as bogus. > Can anyone cofirm or deny these as valid processes ? > Those are indeed valid processes. If the kaspersky thing doesn't work out, I'd suggest you reformat and reload the system. If in the future you run across something like this again, You can try the forums at malwarebytes (I'm only recommending this site because I have personal experience there and feel safe vouching for the help you would recieve by qualified individuals). Post in the forums asking for help and follow the instructions provided. Many other reputable sites offer pretty much the same thing, I just don't have the urls memorized so I can't offer them up right off .. -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: FromTheRafters on 22 Mar 2010 08:56 "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message news:Xns9D42EF47F4005HHI2948AJD832(a)69.16.185.250... > "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in > news:ho6hv6$tpj$1 > @news.eternal-september.org: > >> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message >> news:ho65nk02mi8(a)news3.newsguy.com... >>> From: "FromTheRafters" <erratic(a)nomail.afraid.org> >>> >>> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message >>> | news:ho621a02k9q(a)news3.newsguy.com... >>>>> From: "David W. Hodgins" <dwhodgins(a)nomail.afraid.org> >>> >>>>> | On Sun, 21 Mar 2010 16:18:30 -0400, David H. Lipman >>>>> <DLipman~nospam~@verizon.net> >>>>> | wrote: >>> >>>>>>> From: "Xray" <pl(a)yer.com> >>> >>>>>>> | Yeah, I have a top of the line cd polished, motor driven. >>>>>>> | No joy, if it had worked this never would have happened. >>> >>>>>>> Does it ever work ? >>> >>>>> | Yes, although it can take several days of polishing, when >>>>> | done by hand. >>> >>>>> The most I have ever done is warm water and dish detergent. >>> >>> | I have successfully used steel wool. >>> >>> >>> ROFLOL >> >> I worked on optical media players for years (Laserdisc, CD) and >> sometimes a scratch or scratches in the right direction prevents wild >> swings in the "tracking" signal from causing skips. Information is >> sometimes not lost behind the scratch because of Cross Interleaved >> Reed-Solomon code (CIRC) and other error tolerance schemes providing >> placement diversity. >> >> Sometimes test discs with natural flaws (like cleaning them with >> steel >> wool) work even better than the ones with the intentionally >> fabricated >> flaws especially when troubleshooting sled or lens (tracking and >> focus >> signal) problems. >> >> >> > > I knew it! You *are* an electronics geek! Busted! :oD I once had the "guts" of a CD player (made from parts of junkers) hanging from a ceiling hook (like a "mobile"), and workng. Quite a conversation piece. I eventually "found" a suitable cabinet for it. When I was young, my mom was afraid to enter my bedroom with all the projects involving tubes and wires in there.
From: David H. Lipman on 22 Mar 2010 16:41 From: "FromTheRafters" <erratic(a)nomail.afraid.org> | "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message | news:Xns9D42EF47F4005HHI2948AJD832(a)69.16.185.250... >> "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in >> news:ho6hv6$tpj$1 >> @news.eternal-september.org: >>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message >>> news:ho65nk02mi8(a)news3.newsguy.com... >>>> From: "FromTheRafters" <erratic(a)nomail.afraid.org> >>>> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message >>>> | news:ho621a02k9q(a)news3.newsguy.com... >>>>>> From: "David W. Hodgins" <dwhodgins(a)nomail.afraid.org> >>>>>> | On Sun, 21 Mar 2010 16:18:30 -0400, David H. Lipman >>>>>> <DLipman~nospam~@verizon.net> >>>>>> | wrote: >>>>>>>> From: "Xray" <pl(a)yer.com> >>>>>>>> | Yeah, I have a top of the line cd polished, motor driven. >>>>>>>> | No joy, if it had worked this never would have happened. >>>>>>>> Does it ever work ? >>>>>> | Yes, although it can take several days of polishing, when >>>>>> | done by hand. >>>>>> The most I have ever done is warm water and dish detergent. >>>> | I have successfully used steel wool. >>>> ROFLOL >>> I worked on optical media players for years (Laserdisc, CD) and >>> sometimes a scratch or scratches in the right direction prevents wild >>> swings in the "tracking" signal from causing skips. Information is >>> sometimes not lost behind the scratch because of Cross Interleaved >>> Reed-Solomon code (CIRC) and other error tolerance schemes providing >>> placement diversity. >>> Sometimes test discs with natural flaws (like cleaning them with >>> steel >>> wool) work even better than the ones with the intentionally >>> fabricated >>> flaws especially when troubleshooting sled or lens (tracking and >>> focus >>> signal) problems. >> I knew it! You *are* an electronics geek! | Busted! :oD | I once had the "guts" of a CD player (made from parts of junkers) | hanging from a ceiling hook (like a "mobile"), and workng. Quite a | conversation piece. I eventually "found" a suitable cabinet for it. When | I was young, my mom was afraid to enter my bedroom with all the projects | involving tubes and wires in there. I built push-pull power amps via 6L6's and my favourite tube was the 4CX1000K. Additionally I built Zenith/Heatkits. A 5MHz oscilliscope and a Colour Dot and Bar Generator (to adjust colour convergence on TV sets). -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: FromTheRafters on 22 Mar 2010 18:16
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:ho8kmp01o0d(a)news3.newsguy.com... > I built push-pull power amps via 6L6's and my favourite tube was the > 4CX1000K. I never thought of a favorite tube - but I guess the reflex klystron, the magnetron, and the travelling wave tube (radar and microwave). I like the way circuits start to resemble tin cans and echo chambers in the microwave region. > Additionally I built Zenith/Heatkits. A 5MHz oscilliscope and a > Colour Dot and Bar > Generator (to adjust colour convergence on TV sets). Nice. Heathkit's are cool - and useful. |