unbelieveable infestation in an hour

Discussion in 'malware problems & news' started by larryb52, Feb 6, 2008.

Thread Status:
Not open for further replies.
  1. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    My daughters called my wife who ok'd letting her use her laptop. My wife turns her machine on last night & it boots ok but than pop ups, IE acts strange , something looks off. FWIW I had ESS on my wife, next she hollars that a trojan tried to get on & ESS elimated it. I tried to scan but it stalled. I than tried FSecure online & it had found before it stalled 3 viruses, 3 malware. My dauaghter should work for AV companies she managed to do in a couple hours what my wife has never done. The suspect site 'I think' are facebook, My Space & a AIM chat session...
     
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    My kids visit the same sites and for the life of me, I cant understand why more dont use something as simple as Sandboxie with their AV. I am not promoting it here, but something that simple to use would have kept all of this from happening to her computer.
     
  3. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    have you managed to remove it larry?

    have you tried cureit on the machine?
     
  4. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
  5. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    no as F-secure online found it but I think it was too tired ;-) & the site froze. I'll install (If possible) f secure & see if that will do it, I hope so it's my wifes business machine. I wish my wife would of just said no and trust me a laptop is not easy to resetup from disks, it's labor intensive & it takes awhile...
     
  6. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    cureit is on the good docs webpage?, I just realize it might be easier to use than f-secure...thanks!
     
  7. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Here ya go

    http://www.freedrweb.com/

    This should do the trick nicely. After it does the quick scan set it to do the full one.
     
  8. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    @larry! I have used drweb cureit on a relatives pc and it detected and cleaned some nasties.I think it is a very good product.
     
  9. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    thank you both, I think I'll be running that tonight & hopefully won't have to use the restore disks...
     
  10. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    How did you not see it in my sig larry?


    Hope it does the trick for you ;)

    Keep us posted.
     
  11. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
  12. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    Probably missed it fumming & fussing as this is the 2nd machine in 30days my daughter has done this to so I'm a bit frustrated at dealing with something I tend not to do. IN the past 3 years I think I have stopped one trojan at the door & run a clean machine. I preach this stuff at home (bank security at work) & my wife is if anything a safe surfer, unless clothes shopping is dangerous. Now that I think about it the bank account is in trouble ;-)
     
  13. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    ok ;)

    Hope it cleans your machine well, why didn't the av stop it though?
     
  14. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
  15. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    MySpace and Facebook are where I go when I'm playing with security software, just to see if it works. I've been there with Returnil and with Sandboxie and others and never failed to come away without some infestation of several bugs.

    Both Sandboxie and Returnil performed admirably. I also have DeepFreeze in frozen mode.

    I recently tried with geswall and not sure what happened or what I'd contracted but got an immediate BSOD and physical memory dump. I rebooted, which removed geswall 2.7 and whatever was picked up at MySpace.

    I'd like to have known what broke geswall and caused that BSOD but did a reboot and DeepFreeze got rid of it.
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    GesWall needs a reboot to be installed. I can,t imagine how you were able to run GesWall in DeepFreeze and get rid of it9 GW) on reboot! Can u explain?
     
  17. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    how did it go Larry?
     
  18. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    well my wife brought home a company computer tonight & is letting me take my time. I decided to 1st let Nod32 suite see what it could do as when F-secure online had locked up it had found 7 items. So far nod is at 63% and has found 6 & one was attached to her game bejeweled so will have to reinstall that but it looks like nod32 will beat this (fingers crossed), 2 others were trojans & 3 were labled generic & nod32 has them as I sent them to them to look at. I will still run cureit & a kaspersky online before I decare it clean tho but so far looks like I'll recover it. I have Nod running in the 'ask me for advise' mode as I want to see where these went...
     
  19. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Yeah, I was typing fast and once again didn't edit before I posted.

    Geswall was installed properly, including the reboot with DeepFreeze thawed. I then refroze DF and did the run at MySpace, after which I went through the thawing process and removed geswall as I have many pieces of security software, and put Returnil back in place.

    I have nothing against geswall. All I said was that something on MySpace broke it. Unfortunately, when the BSOD flashed on, rather than reading as I should have I panicked and immediately hit the reset button.
     
  20. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    finished it's clean or so says Nod32 & dr webs cureit, Nod32 found 8 mostly win32/adware types threats a couple trojans donloaders, majority in the system32 folder, I think someone ignored the prompt when asked ;-) or didn't know correctly how to respond. Nod found these & I feel secure that the good doctor confirmed all was clean. Happy ending...I hope...thanks for listening the good advise & just being there


    Larry
     
  21. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Larry....you should do one more scan and use Superantispyware free. It has found stuff for me here and there that others missed. Just to be on the safe side.
     
  22. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    I'll give it a run, thanks
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I stroll thru the booby trapped keegendotus to test defenses on-the-fly, and for operational safety by all means don't even think of going there unless your solidly shielded.

    SandboxIE + PowerShadow + Returnil + Deep Freeze are up to these type of challenges thank goodness.
    I would NOT take any security app into real combat of that nature like that unless i "FIRST" knew it will return unscathed.

    There are still security apps that would fall flat on their face.
     
  24. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    That makes sense. BSOD is not equivalent to be broken IMO but sure a bug if it was from GW.
     
  25. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Might I also suggest you use Firefox with Ad Block plus and no script plug ins.
     
Thread Status:
Not open for further replies.