C://Fauxvirus.Carney_Ride.exe

A good while back i was scanning my dell laptop with a Symantec quick scan, and it was scanning and finding nothing, as usual because i am very carefull with what i do on my computer. It showed no infections, although the last file it scanned was something along the lines of "C://Fauxvirus/Carney_Ride.exe"...

The last thing i downloaded was something i had on my old desktop with no problems, a game called desktop destroyer. It takes a screenshot of your desktop and lets you pretend to do stuff to it using tools like a chainsaw, paintball gun... etc...

After downloading, i ran a scan (i always scan after a download) and i came up with adware.... i checked wilders (before i had an account) because it was one of two or three results on a google search of the virus' path. They gave theories, but never really any answers. I got SUPERAntiSpyware as reccomended, and it cleaned a bunch of things (such as zangosearch) and i have used it to clean three or four friends pcs, so i know it works... but even it does not find the carney ride virus...



it has been nearly a year since infection and i have noticed nothing unusual, except that all my symantec scans scan this file last....



any help? please... it makes me paranoid...

 

Could be a rootkit:
http://spywarefiles.prevx.com/spywarefiles.asp?FXC=HFCI10495894

Try running a rootkit scanner/removal tool. The avast! beta version anti-rootkit is quite good:
http://files.avast.com/files/beta/aswar.exe

Let me know how it goes. (Close all applications before running it)

 

kk, gotcha

thanks for the links, i have not noticed any strange behavior, but i like to be cautious...

also, i heard it could be backdoor agent b... but i ran a removal tool and the backdoor agent b war not on my computer

 

You might have to run a boot scan as well - if your AV performs it.

Or, run your current AV while in safe mode (press F8 every couple of seconds while system is booting up, select safe mode and run your AV once windows loads).

Otherwise, enable so you can see hidden files in windows explorer.
http://www.bleepingcomputer.com/tutorials/tutorial62.html

If you find the file, and it can't be delted, use something like Malwarebytes FileASSASIN to remove it.
http://www.malwarebytes.org/fileassassin.php

 

Also, you can try F-Secure's BlackLight:
http://wiki.castlecops.com/Lists_of_freeware_antirootkit

Other anti-rootkits are mentioned here:
http://wiki.castlecops.com/Lists_of_freeware_antirootkit

 

ok, the avast antirootkit running in "diagnostic mode" came up clean.

gunna try to boot in safe mode, and use first superantispyware, then the rootkit scanners you linked...


thanks bud

 

Try running it a few times/few passes.

You might have to try a different AV. Are you still using Norton's?

 

Jesus Christ, i just ran the aswar.exe in safeboot mode... and i had 345 rootkits in my system restore files... here are examples

5/345 detected infections



C:System Volume Information\_restore(202550A8-7A33-4BCA-9586-051D24DDBF8F)\RP1\A0000003.exe
C:System Volume Information\_restore(202550A8-7A33-4BCA-9586-051D24DDBF8F)\RP1\A0000026.DLL
C:System Volume Information\_restore(202550A8-7A33-4BCA-9586-051D24DDBF8F)\RP1\A0000028.DLL
C:System Volume Information\_restore(202550A8-7A33-4BCA-9586-051D24DDBF8F)\RP1\A0000029.SYS
C:System Volume Information\_restore(202550A8-7A33-4BCA-9586-051D24DDBF8F)\RP1\A0000031.SYS



i can send you the whole log if ya want it... this really amazes me... i feel raped

 

You can post it at the avast! forum if you want, as they might be better at diagnosing what the rootkit program located:
http://forum.avast.com/

Or direct:
http://forum.avast.com/index.php?board=2.0
http://forum.avast.com/index.php?board=4.0

If you have had an infection which hasn't been cleaned (for over a year), then it makes sense your system restore would be be taking a (repeated) snapshot of a system which isn't clean.

 

thanks bud, you have been a ton of help.

although, 345 rootkits? did it replicate, or was it one rootkit that made all the 345 files? it confuses me a bit... i didnt ever notice any strange behavior so...

 

All ok. It's good finding free programs that work better than the paid software.

I'm assuming it just replicated rather than created all those files.

I just ran avast! anti-rootkit in safe mode, and all files were clean. The first time I ran it, it found a 'security data program' (which just secures all your passwords) built into the laptop, but I did not need it, so I removed it.

From my understanding, this anti-rootkit is built into the 4.8 free edition of avast! which also runs a boot scan on demand.

Your system running ok after removing all the files?

 

Re: C://Fauxvirus/Carney_Ride.exe

well as far as i can tell everything is fine

other than firefox crashing when i try to post the UNGODLY GIGANTIC log of the scan on the forum you recommended

i just attached the notepad file to the post, but this is reminding me why i hate being on dialup in the middle of nowhere >.< it is taking forever to load... sigh...


also, the explanation for why there are 345 does make sense considering how system restore works

why would it not detect anything except sys restore? i think it is because i deleted the folder i thought i got it from manually soon after becoming suspicious..

i downloaded a "game" called desktop destroyer.... lol @ noob

 

I don't think it was fault of that game. It's called Desktop Games. It's clean

 

There is a website that offers joke viruses I almost sure of it because all these 'jokes' are being placed in a folder called Fauxvirus. That also distribute carney ride.exe their description is that when you execute it your screen will move quickly from the left to the right. Just deleting it should be enough.

 

C:\FAUXVIRUS

why cant i find this folder? this is related to my old post "C:\FAUXVIRUS\Carney_Ride.exe"

that is still the last file symantec scans on quick scans...
I have done a regedit and cleaned out everything having to do with FAUXVIRUS, Carney, Ride, and also a couple entries for spysheriff...

that is all i have been able to do... yes my folders are set to show hidden file extensions and system folders and such..

any ideas? SaS, Symantex, Spybot S+D, A^2, and vipre all came up clean, even in safeboot scans... although, SaS did find 300 some odd infected sys restore files that it cleaned in safeboot...



someone said it could easily be a fake virus that messes with the screen when run, but i cant even find it to run it if for some reason i had the desire to


help mee! i feel violated

 

http://www.snapfiles.com/get/dban.html

1. Backup important files
2. DBAN
3. Install windows
4. ??
5. Profit!

"Never be truely secure again untill everything is gone"

On another note if you just dont want to reformat you missed the best tool of all.
"http://soft.softoogle.com/ap/kaspersky-avp-tool-download-7275.shtml"

Kaspersky AVP tool.

Peace.

 

Carneyride,

Fake virus or bug. Don't-cha think it odd there's not more out there? That no other av has it flagged? I seriously doubt it's anything worth concerning yourself with, or losing sleep over. As for those other item's you've mentioned, post an hjt or format should doubt's remain.


S

 

It has been dicussed in a along thread before. Guess is that, it is not an actual scanned file that Norton shows rather a definition/ file it looks for on ur PC.