Spyware, viruses, & security : Most Nasty Freaking Virus I've encountered
windows xp
by grandam121 - 10/30/06 6:48 AM In reply to: In the future... by Dr. ZoltarA virus will live in the system restore in xp, you must shut down system restore to successfully delete any virus.
system restore
by grandam121 - 10/30/06 6:42 AM In reply to: Most Nasty Freaking Virus I've encountered by rhonrod38shut dowm system restore in xp.
when are u people going to learn!!!
by bjames - 10/30/06 7:23 AM In reply to: Most Nasty Freaking Virus I've encountered by rhonrod38I switched to a Mac 6 months ago which I should have done at least 6 yrs ago. Don't fight it......Get with the times boys!!
Why don't macs get hit?
by Jelly Baby - 10/30/06 1:45 PM In reply to: when are u people going to learn!!! by bjamesSwitching to a mac should do the trick....... I use mine as a door-stop and it never gives a bit of bother.
But if you want to get some work done - leave the kiddies speak-n-spell in the mac-shop and build a proper PC
Who needs OS wars flamebait?
by CyberSp00k - 10/30/06 6:11 PM In reply to: when are u people going to learn!!! by bjamesGetting a Mac is not the only way to avoid Windows-based malware. And posting flamebait doesn't help the original poster.
There are numerous *nix distributions for x86 hardware freely available on the Net.
Solaris 10: http://www.sun.com/software/solaris/index.jsp
Linux: http://www.frozentech.com/content/livecd.php
NetBSD: http://www.netbsd.org/
OpenBSD: http://www.openbsd.org/
FreeBSD: http://www.freebsd.org/
Some of these provide an excellent way to keep aging hardware out of the waste stream. I'm running the latest distro of NetBSD on a 200mHz Pentium MMX with 128MB RAM. It's not a hot gaming machine, but it does provide useful service for web browsing, email, and productivity (office suite) work. (I'm also running Solaris 10 on a Toshiba Tecra laptop and WinXP Pro x64 on a dual core AMD homebrew system, but that's just bragging. 
)
Mac OS X is a late-comer to the *nix world, I fear.
Regards,
Sp00ky
I had a similar problem, & solved with...
by Ch. Lee - 10/30/06 7:56 AM In reply to: Most Nasty Freaking Virus I've encountered by rhonrod38Freeware from Dr. Web. Here is the URL to download & try it yourself:
http://www.drweb.com/
Good luck!
maybe this can help if you have to rebuild groundup.
by ricksta1957 - 10/30/06 8:37 AM In reply to: Most Nasty Freaking Virus I've encountered by rhonrod38Instead of doing a format only....maybe you could run a program called Killdisk. Run this with 3 passes and then this nasty critter may just go away. This should get rid of everything on that disk. Remember 3 passes. Hope this can help you with your issue.
what I did to fix mine - what I discovered
by michelcharlebois - 10/30/06 9:49 AM In reply to: Most Nasty Freaking Virus I've encountered by rhonrod38It took a few days, but I finally fixed mine and I have not had any problems since. I got infected big time. When I ran the first spyware program, it found 6 Trojan viruses which I tried to delete or quarantine - it was successful in deleting 5 of them, but the last one was being used by Windows (2000), so it could not delete it. I re-booted, and they all came back. This was a clue to me that my windows system .dll files had been modified to include some run commands that re-installed the Trojans.
So, since these .dll files are re-created by the system at boot-up, I figured it was safe to delete the ones I thought were suspicious. Before doing so, however, I installed a firewall and set it to "block all traffic". This would prevent any of the Trojans from connecting or trying to connect with the Internet. Then, I re-booted, ran the antivirus program again, and was finally able to deleted the Trojans again & this time the last file was quarantined. I then deleted the quarantined file and deleted all the .dll files I thought looked suspicious. I then kept re-booting and kept running virus checks with different programs & re-booted several times. The .dll files were re-created clean eventually & I have had NO PROBLEMS AT ALL since.
P.S: it honestly took me about a week of trial and error to do this, so you have to be patient. It was quite a relief to finally go back on the Internet and be able to surf without further attacks. I had a new computer from work and I had totally forgotten to re-install my free Pop-Up Blocker. That is, without a doubt, the reason I got attacked to begin with. Sorry for the length of the message - hope somebody benefits from it.
(NT) Nasty virus/trojan/spyware removal
by rranaker1 - 10/30/06 1:00 PM In reply to: Most Nasty Freaking Virus I've encountered by rhonrod38Don't know if this has been tried, but. Sometimes these nasty things hide in memory so a reboot just reinstalls. Always best to clean things, turnoff pc, and then even unplug power supply.
Have also used another disc to boot from and then worked on infected disc
After reading all these posts..and FORMAT Solution..
by Galt - 10/30/06 1:33 PM In reply to: Most Nasty Freaking Virus I've encountered by rhonrod38I wonder why, you attempted to mess with a system that was directly infected by actually using the infected system to try and resolve the problem.
I do system repairs daily for fool customers, who have kids that love anything that looks like it might be a virus then download it and install it.
It's built into there makeup.
Since I'm sure you lost many valuable programs, and files by formating, it should never have been done.
I have a backup HD with a clean OS (XP) that if needed becomes the main drive.
1. Take your infected (C) drive out of the system, and set it to a (slave drive)
2. Set and Install your backup HD as (Master)
3. Boot up the system, set whatever AV program you have on the clean drive to do a reboot virus check of all system drives. Pay attention to what it tells you do do.
4. Now boot again , and go to work with the utilities that should be on your (backup drive) and and use them to clean you infected (now D drive)keep it mind some utilities that remove spy ware will only scan your C drive, you want those that will scan ANY drive.
I'm not going to add a lot of details about HOW to, or what to use as many are in previous posts, however I done this to save files, programs, OS's e.t.c.
Formatting in my mind is fools last resort.
My solution
by rhonrod38 - 10/30/06 3:52 PM In reply to: After reading all these posts..and FORMAT Solution.. by GaltWhy I attempted to mess with a system infected? Because often that is enough to eradicate the problem. Since I have two hdds, was able to backup my work I didn't lose anything valuable except easy reinstalled programs.
Note your solution isn't entirely workable, as I had previously mentioned on several occasions, the anti-viral (spybot, adaware, AVG, spyblaster, hijackthis) software was not detecting all the malware concerned in the problem. It certainly could not detect the source file either.
Formatting is a smart choice, it simply eradicates all traces of the malware. It took me only a couple hours to restore all my programs and drivers, its really not that much of an inconvenience. A good formatting does after all, boost speed and lowers latency within the system ie. windows starts up faster.
Another solution
by CyberSp00k - 10/30/06 5:47 PM In reply to: My solution by rhonrod38Obviously you are not afraid to crack open your system. Consider a few of these possibilities when the next infection hits.
First, get the infected drive entirely out of the boot path - set it to slave or add an external hard drive enclosure.
Reload your system ROM with a fresh image from your mainboard maker. Use one of the bootable images from http://www.bootdisk.com/ to help you achieve this.
Now, get a live CD version of one of the Linux clean-up toolsets. Try http://s-t-d.org/ or one of the many offerings on Frozen Tech's LiveCD List at http://www.frozentech.com/content/livecd.php (search for security and forensics).
Once you've got the live CD going, you can explore and clean your infected drive with high assurance that you won't be spreading the infection.
All of this presumes a degree of familiarity with Windows internals, but I think you've demonstrated that.
Good luck,
Sp00ky
What solution?
by Galt - 10/31/06 12:32 AM In reply to: My solution by rhonrod38"Why I attempted to mess with a system infected? Because often that is enough to eradicate the problem. Since I have two hdds, was able to backup my work I didn't lose anything valuable except easy reinstalled programs."
1)In your post for help, you indicated that after what you thought was simple removal, the problems came back after booting up again, that was your clue that it was NOT a simple problem, and what makes you think the files you backed up, are NOT infected as well. Not a chance I would take, unless they are critical customer files that I can separately clean and check before putting them back on a cleaned system.
2) The only GOOD program you mentioned was H hijack-this! The others may be good enough for simple problems, but not for the issue you had. AVG, as far as an Anti-virus is for amusement.
"Formatting is a smart choice, it simply eradicates all traces of the malware."
3) You also indicated in your post, that formatting does not always resolve problems, and was a last resort choice. You were correct, since I can recover any normally formatted drive, as long as nothing further was done to it, and formatting a last resort something any good tech would ever do.
4) The tools you listed are fine for very simple issues, but worthless for deep repeating infections, but simple enough for the masses, and profitable for the software company's.
5) Lastly, you don't attack a system that's infected, with the infected system, since you can't even be sure the tools being used have not been compromised. Also trying to do the repairs with the infected system, just keeps spreading the problems, as the infections were created to do.
6)My solution with PROPER tools, and an off system attack is the only real workable solution. Not to mention some other helpful tips on this thread.
IE7
by pop95 - 10/31/06 6:01 AM In reply to: Most Nasty Freaking Virus I've encountered by rhonrod38Swithch to Apple iMac. I did and it is smooth sailing. No more greed mania from Microsoft!
Most nasty freaking...
by Lucian.A - 10/31/06 11:47 PM In reply to: Most Nasty Freaking Virus I've encountered by rhonrod38Follow the links :
1. drsmartload.exe - http://www.greatis.com/appdata/d/d/drsmartload.exe_Removal.htm
2. update.exe - http://www.auditmypc.com/process/update.asp
3. goll.exe - http://www.superadblocker.com/newthreats.html
4. install.exe - http://www.liutilities.com/products/wintaskspro/processlibrary/install/
5. service.exe - http://www.greatis.com/appdata/d/s/service.exe.htm
6. loadadv455.exe - http://fileinfo.prevx.com/spyware/qq66a041332146-LOAD24681512/LOADADV455.EXE.html
Try this, check back if further problems, with a new
"viral inventory". 
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
