Owned by a virus/help

GoldenV

I got a virus just from using StumbleUpon, so I rebooted into safe mode, ran spybot blah blah, click fix everything it removes it, but the fucking thing keeps coming back.

It's also broke my hard drive, it keeps saying hard drive failure or some shit.

I've backed everything I care about up.

Unknown

Can you screenshot the Spybot screen to show us what it's finding? Also, screenshot what the virus is doing.

Try Malwarebytes as well.

GoldenV

Aye ran malware too. I think it may have gone, I found an exe on startup which was odd, so I deleted it.

But my hard drive is still fucked, but I dont understand why I can run AV's and ff and shit if it is broke.

Unknown

Hmm. May have got rid of it by deleting that exe then - must have been a really shitty virus. Can I suggest you install Adblock, Noscript and a good AV when using the internet?

Or use Linux like me.

GoldenV

Ok I think it has gone, I think my hard drive is ok, but my wallpaper is just pure black and when I switch themes it stays black, and only the bar at the bottom changes colour.

GoldenV

Maybe it was Malwarebytes that got it. I have malware, Spybot and MS security running but it still made it through.

They're easy enough to get rid of, just this one was unusually pesky.

Dfg

A) Use Firefox with Noscript and Adblock Plus Add-ons.
Use Avast 6.0 as AV. or (MSE http://microsoft.com/security_essentials/)
C) Try this: http://connect.microsoft.com/systemsweeper
E) Run a Disk Check using chkdsk command [Can be found by right clicking on the drive and then in propertise]
F) Type msconfig in Run [Click on Windows button and then click on Run and then type msconfig). Go to the startup list and start filtering out programs.


Most likely some explore registry enteries where fucked when you got pwned.

jewnose

So you called Totse stupid, but then you ask us to fix your computer? Try being smart enough to not get viruses in the first place.

GoldenV

jewnose wrote: »

So you called Totse stupid, but then you ask us to fix your computer? Try being smart enough to not get viruses in the first place.

I fixed it myself. It's hardly my fault if all I was doing was using Stumble and something made it through 3 active defenses.

Unknown

I don't think I've had anything which even resembles a "virus" since I was about 12 years old. Linux FTW, and when I'm using Windows I have a Firewall, Avast, Malwarebytes and a secure browser running (containing Noscript and Adblock). Doesn't let shit through.

thewanderer

I highly recommend getting avast if you don't already have it. I've had a few close calls in the past couple months, but the new avast will actually block attacks.

Unknown

Where abouts does everyone have these "close calls" and whatnot? I honestly can't remember the last time I had anything similar. I thought that viruses had faded out, like popups and ads. Then I remember turning off adblock one day and my jaw literally dropped...

GoldenV

I got one once by going on pornrabbit I think and being a noob and going against my instinct.

This time I was just using stumble and it installed itself.

LSA King

Sounds like it was a drive-by attack which are often exploited at the browser level allowing it to bypass most normal ways on-demand scanners catch things. Really using MSE, Spybot, or MalewareBytes is a hit 'n miss. Usually they do a very good job but nothing is perfect. Without knowing exactly what it did or was doing it is kinda hard to determine whether it was a virus or spyware.

Also a good note to remember, and this goes back all the way past a decade ago, maleware ofALL types have a very strong tenancy to replicate themselves, even if done in Safe Mode. Back in Iraq and when I first came back home I had to run a AV scan that would catch and remove 76 pieces of maleware. Reboot>Re-scan it shows 44. Anyways rinse and repeat and eventually it would go down to zero. Then after reboots and the third clean scan I was confident I was clean. Shit isn't as point and click and you're done because it says you're done that AV software makers try to make it seem. Shit is a PITA once you get infected.

-SpectraL

Another trick they use to stay on is by using Rundll32.exe to run the spyware .dll as a process, and then it does the same thing on every successive boot. So its basically running the spyware as a system service with system privileges. This also allows the .dll to be loaded into memory, so even if you kill the .dll process with a task killer it's still already fully loaded into system memory so it doesn't matter.