C://Fauxvirus.Carney_Ride.exe

Discussion in 'malware problems & news' started by Carneyride, Jun 14, 2008.

Thread Status:
Not open for further replies.
  1. Carneyride

    Carneyride Registered Member

    Joined:
    Jun 14, 2008
    Posts:
    13
    Location:
    north east texas
    A good while back i was scanning my dell laptop with a Symantec quick scan, and it was scanning and finding nothing, as usual because i am very carefull with what i do on my computer. It showed no infections, although the last file it scanned was something along the lines of "C://Fauxvirus/Carney_Ride.exe"...

    The last thing i downloaded was something i had on my old desktop with no problems, a game called desktop destroyer. It takes a screenshot of your desktop and lets you pretend to do stuff to it using tools like a chainsaw, paintball gun... etc...

    After downloading, i ran a scan (i always scan after a download) and i came up with adware.... i checked wilders (before i had an account) because it was one of two or three results on a google search of the virus' path. They gave theories, but never really any answers. I got SUPERAntiSpyware as reccomended, and it cleaned a bunch of things (such as zangosearch) and i have used it to clean three or four friends pcs, so i know it works... but even it does not find the carney ride virus...



    it has been nearly a year since infection and i have noticed nothing unusual, except that all my symantec scans scan this file last....



    any help? please... it makes me paranoid...
     
  2. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
  3. Carneyride

    Carneyride Registered Member

    Joined:
    Jun 14, 2008
    Posts:
    13
    Location:
    north east texas
    kk, gotcha :)

    thanks for the links, i have not noticed any strange behavior, but i like to be cautious...

    also, i heard it could be backdoor agent b... but i ran a removal tool and the backdoor agent b war not on my computer
     
  4. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    You might have to run a boot scan as well - if your AV performs it.

    Or, run your current AV while in safe mode (press F8 every couple of seconds while system is booting up, select safe mode and run your AV once windows loads).

    Otherwise, enable so you can see hidden files in windows explorer.
    http://www.bleepingcomputer.com/tutorials/tutorial62.html

    If you find the file, and it can't be delted, use something like Malwarebytes FileASSASIN to remove it.
    http://www.malwarebytes.org/fileassassin.php

    :thumb:
     
  5. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
  6. Carneyride

    Carneyride Registered Member

    Joined:
    Jun 14, 2008
    Posts:
    13
    Location:
    north east texas
    ok, the avast antirootkit running in "diagnostic mode" came up clean.

    gunna try to boot in safe mode, and use first superantispyware, then the rootkit scanners you linked...


    thanks bud
     
  7. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Try running it a few times/few passes.

    You might have to try a different AV. Are you still using Norton's?
     
  8. Carneyride

    Carneyride Registered Member

    Joined:
    Jun 14, 2008
    Posts:
    13
    Location:
    north east texas
    Jesus Christ, i just ran the aswar.exe in safeboot mode... and i had 345 rootkits in my system restore files... here are examples

    5/345 detected infections



    C:System Volume Information\_restore(202550A8-7A33-4BCA-9586-051D24DDBF8F)\RP1\A0000003.exe
    C:System Volume Information\_restore(202550A8-7A33-4BCA-9586-051D24DDBF8F)\RP1\A0000026.DLL
    C:System Volume Information\_restore(202550A8-7A33-4BCA-9586-051D24DDBF8F)\RP1\A0000028.DLL
    C:System Volume Information\_restore(202550A8-7A33-4BCA-9586-051D24DDBF8F)\RP1\A0000029.SYS
    C:System Volume Information\_restore(202550A8-7A33-4BCA-9586-051D24DDBF8F)\RP1\A0000031.SYS



    i can send you the whole log if ya want it... this really amazes me... i feel raped :(
     
  9. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
  10. Carneyride

    Carneyride Registered Member

    Joined:
    Jun 14, 2008
    Posts:
    13
    Location:
    north east texas
    thanks bud, you have been a ton of help.

    although, 345 rootkits? did it replicate, or was it one rootkit that made all the 345 files? it confuses me a bit... i didnt ever notice any strange behavior so...
     
  11. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    All ok. It's good finding free programs that work better than the paid software. :)

    I'm assuming it just replicated rather than created all those files.

    I just ran avast! anti-rootkit in safe mode, and all files were clean. The first time I ran it, it found a 'security data program' (which just secures all your passwords) built into the laptop, but I did not need it, so I removed it.

    From my understanding, this anti-rootkit is built into the 4.8 free edition of avast! which also runs a boot scan on demand.

    Your system running ok after removing all the files?
     
  12. Carneyride

    Carneyride Registered Member

    Joined:
    Jun 14, 2008
    Posts:
    13
    Location:
    north east texas
    Re: C://Fauxvirus/Carney_Ride.exe

    well as far as i can tell everything is fine :)

    other than firefox crashing when i try to post the UNGODLY GIGANTIC log of the scan on the forum you recommended :(

    i just attached the notepad file to the post, but this is reminding me why i hate being on dialup in the middle of nowhere >.< it is taking forever to load... sigh...


    also, the explanation for why there are 345 does make sense considering how system restore works :p

    why would it not detect anything except sys restore? i think it is because i deleted the folder i thought i got it from manually soon after becoming suspicious..

    i downloaded a "game" called desktop destroyer.... lol @ noob
     
  13. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    I don't think it was fault of that game. It's called Desktop Games. It's clean:thumb:
     
  14. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    There is a website that offers joke viruses I almost sure of it because all these 'jokes' are being placed in a folder called Fauxvirus. That also distribute carney ride.exe their description is that when you execute it your screen will move quickly from the left to the right. Just deleting it should be enough.
     
  15. Carneyride

    Carneyride Registered Member

    Joined:
    Jun 14, 2008
    Posts:
    13
    Location:
    north east texas
    C:\FAUXVIRUS

    why cant i find this folder? this is related to my old post "C:\FAUXVIRUS\Carney_Ride.exe"

    that is still the last file symantec scans on quick scans...
    I have done a regedit and cleaned out everything having to do with FAUXVIRUS, Carney, Ride, and also a couple entries for spysheriff... :(

    that is all i have been able to do... yes my folders are set to show hidden file extensions and system folders and such..

    any ideas? SaS, Symantex, Spybot S+D, A^2, and vipre all came up clean, even in safeboot scans... although, SaS did find 300 some odd infected sys restore files that it cleaned in safeboot...



    someone said it could easily be a fake virus that messes with the screen when run, but i cant even find it to run it if for some reason i had the desire to :p


    help mee! i feel violated
     
  16. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    http://www.snapfiles.com/get/dban.html

    1. Backup important files
    2. DBAN
    3. Install windows
    4. o_Oo_O??
    5. Profit!

    "Never be truely secure again untill everything is gone"

    On another note if you just dont want to reformat you missed the best tool of all.
    "http://soft.softoogle.com/ap/kaspersky-avp-tool-download-7275.shtml"

    Kaspersky AVP tool.

    Peace.
     
  17. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Carneyride,

    Fake virus or bug. Don't-cha think it odd there's not more out there? That no other av has it flagged? I seriously doubt it's anything worth concerning yourself with, or losing sleep over. As for those other item's you've mentioned, post an hjt or format should doubt's remain.


    S
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It has been dicussed in a along thread before. Guess is that, it is not an actual scanned file that Norton shows rather a definition/ file it looks for on ur PC.
     
Loading...
Thread Status:
Not open for further replies.