bad virus
in [Anti-Virus]
|
From: Xray on 21 Mar 2010 15:19 sfdavidkaye2(a)yahoo.com (David Kaye) wrote in news:ho51v9$g21$1(a)news.eternal-september.org: > Xray <pl(a)yer.com> wrote: > >>malwarebytes refuses to run, I even tried running it from an entirely >>different drive - If I try to name it something.com, it won't run unless >>its an exe extension. >>I can change it to donaldduck.exe or whatever, doesn't seem to do any >>good. This infection seems geared to stop most programs, either by >>corrupting the install or not letting them run. > > I've seen this a lot; the malware appears to look at the size of the > file. There are some older tools I can use, such as a copy of > SpySweeper from about 3 years ago that most malware won't shut down, > though they'll shut down more recent versions. > > But try installing it in safe mode and you might have better success. > Also, try rolling back the registry manually (copy and paste) to at > least a week before the infection was first noticed. How can that be done ? I usually have a reg copy handy, but this drive in only a couple months old, after my old drive died a natural death after 3.5 years, and didn't get around to backing the registry up yet.
From: David W. Hodgins on 21 Mar 2010 15:27 On Sun, 21 Mar 2010 15:12:10 -0400, Xray <pl(a)yer.com> wrote: > I did have a bunch of temp files that I was unable to delete because they > were in use, very suspicious. Another option to try, that I haven't seen mentioned so far. http://www.gmer.net/ If the system can boot from a cd/dvd, you could try a linux live cd, or a bart pe cd. Since you're not booting from the infected hard disk, none of those files would be in use. May take a little while to set up, and learn to use, but it's useful. You could also take the hd, and install it as a slave in a second system, so you can delete those files. Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)
From: Dustin Cook on 21 Mar 2010 15:29 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in news:ho3jvg0qo5(a)news3.newsguy.com: > From: "Xray" <pl(a)yer.com> > > < snip > > >| True, though my anti virus program is hosed, so I don't know what I >| have in the way of a virus. > >| Here is what I seem to have, at least this is what spybot is >| detecting. A total of 21 infected files, spybot locks up with an >| error "cannot create file c/windows/system32/drivers/ect/hosts access >| is denied" when trying to delete any of these. >| Malwarebytes is unable to install, so they are known and located, >| removing them is the problem. > > > < snip > > > Please stop using the term virus. It is specific implications on its > abilities to spread. You are infected with malware and highly probable > it is ONLY of type trojan. > > As for Malwarebytes' Anti Malware. > > First... > > Kill as many running programs as possible then... > > Download the 'mbam-setup.exe' and rename it to something lik; > xray.com Then run; xray.com > > Don't allow it to update or run. > Then go to; "C:\Program Files\Malwarebytes' Anti-Malware" > > Find; "mbam.exe" and the COPY it to something like; xray.com and > the run; xray.com . > > Perform an update and then run a scan on your PC. > > > Side note.. Make sure Internet Explorer (even if you don't use it) is not set to work in offline mode. Mbam will generate error 732 if it is when you try to update. -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: David W. Hodgins on 21 Mar 2010 15:33 On Sun, 21 Mar 2010 15:12:10 -0400, Xray <pl(a)yer.com> wrote: Regarding the original problem, with the unreadable dvd, have you tried polishing it? http://www.wikihow.com/Fix-a-Scratched-CD The scratches on the bottom of the cd/dvd can sometimes be polished out, allowing the data (on the top layer, usually protected by the label), to be read. I've succeeded polishing an old install cd this way, in the past. Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)
From: Dustin Cook on 21 Mar 2010 15:35
Xray <pl(a)yer.com> wrote in news:ho48u611ar6(a)news3.newsguy.com: > Computer functions Ok, but god knows whats going on behind the scenes. > My ISP already stopped my ability to send email, it detected the virus > like behavior. Can still receive at least. > Can't connect to google, it also detected the shenanigans of the > virus. Pressing ctrl/alt/delete doesn't bring up the process box > anymore, other than that things seem normal. Your PC is actually in danger at this point of assisting in infecting other machines or possibly being a zombie box if it's not already. At this point, I'd have to go with David lipmans suggestion. Seriously, it's time to wipe and reload. If you hadn't of taken such ... drastic if you will steps to try and stop this, it might not have taken much real effort to fix; but at this point, I can't trust the machine at all. Really man, your not just putting your information in danger, your being a very irresponsible netizen by allowing that computer to continue with an internet connection in it's current state. If your ISP has already blocked outbound email, it should just be a matter of time before your connection is disabled until you verify the machine is clean. Atleast, that's what happens in this area. When your ISP turns you off, you have to have a licensed technician contact them and claim it's clean and is okay. And if it's not, it falls back on the tech who did the work. Fines, etc are possible here. Several years ago when I worked for an ISP, I'd start by turning your email off, and then I'd give you 24 hours. If your machine was still spewing trojans and mass mailing worms; your connection was terminated until you cleaned up your mess or took your business to a less responsible ISP. -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior |