Unknown Trojan Issue (Serious Problem)

Discussion in 'malware problems & news' started by Lightbreed, Sep 23, 2004.

Thread Status:
Not open for further replies.
  1. Lightbreed

    Lightbreed Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    5
    Let me start by saying I have done all I can with my knowledge to get rid of it and this is my last ditch effort to try and save the information I have gathered over the last 8 months of having this HDD.

    Origin of Issue - Connected to the internet without a firewall on without realizing (I rely upon my Linksys router firewall). During the time period I was unaware of my unprotected connection I went and talked on messengers as usual and played some NS. During this time I was receiving "network-like" messages even though I was directly connected to the internet through a cable modem.

    Realization of the Problem - While I was playing Natural-Selection I received one more "network-like" message and after that, received a message from Windows to the effect of the warning that you get from when you get the sasser or blasterworm virus, but it wasn't the same message (I know what the message looks like because this has happened before, but when I manually exposed myself by setting the router to DMZ my computer, needless to say I reformatted and fixed the problem.).

    Effects of the Virus/Trojan - I am consistently being disconnected from the internet in all aspects. Time elapsed between "resets" is somewhere between 1 and 2 minutes if not less. When I startup my computer, (As you'll see I have many times since induction of the virus.) a page appears with the address w*w.rev0lt.net/index.html.

    Previously Attempted Methods of Removal - At first, in my attempts to get rid of the virus I ran all of the anti-viral and adware removal software I had in my possession. These programs were AntiVir - Free Edition, Ad-Aware 6.0, I was later told to acquire Avast! 4.0 and ZoneAlarm and did such and ran Avast! at boot time and had ZoneAlarm up and was consistently getting warnings that my system was sending out, or attempting to send out information without permission to certain IP addresses. All of my attempts to remove the menace totally failed. All scans were unable to produce the actual culprit.

    In the end I formatted my HDD completely after moving my "prized" files over to smaller HDD's each in turn. During this time i disconnected my computer from the internet and just kept myself on the network. Thinking this would ultimately solve the problem I created 2 partitions on my HDD in an attempt to keep this from happening again, one 20 GB partition for Windows and the other partition using the rest of the space for storage. After reinstalling my drivers and other things that were needed for basic computer operation, such as DirectX, video card drivers and assorted messengers, I reconnected myself to the internet and for awhile the problem was gone or unnoticeable (It was around 2 am that I finally reinstalled everything and got things working so I was a bit unobservative.) so I proceeded to start moving files back onto My Computer and onto the storage partition. Then the problem came back, in full force. I then ran all of the programs again, in vain, and then I found a forum thread, here, that consisted of a similar problem, (I can't seem to find the thread now and don't remember what words I used in Google to find it, but all I know is, it was in the hijacking forum.) and I followed some of the instructions found within it and removed some startup registry keys with HijackThis and regedit. I then followed the Hijacking Forum's FAQ instructions and downloaded the newer version of Ad-Aware SE and SpyBot. After deleting the registry keys I ran the tests of Ad-Aware and SpyBot and found 2 instances that kept reappearing in SpyBot - DSO Exploit and WildTangent (To my knowledge I hadn't installed WildTangent yet and was baffled to see it.). I then used regedit to delete the files existing inside that SpyBot kept picking up and restarted before Ad-Aware could finish its test, but before the computer ended the program I saw that the test had found 200+ malware programs. This was a massive explosion of infection from a single Trojan. After attempts to clean it off again I ended up deleting my Windows partition.

    After my partition reformat and reinstall of Windows, I proceeded very cautiously on what I installed and only put on the drivers and messengers as tests to see if the problem was still existant. As I attempted to restart the computer got stuck at the Windows XP loading screen and I was forced to use "Last known working configuration," i.e. first start up before drivers were installed, and came back to a driverless computer with the infection problem glaring at me. Again, I ran all the tests for another 2 days on as thorough as possible (I had been using thorough before.) and I still have the problem.

    Need Assistance Very Badly - I have been fighting this virus for nearly a week and I can come to no conclusion as to how to get rid of it. I have used all of the programs I can to try and attempt to get rid of it and find it for removal, but I have run out of ideas and am in desperate need of professional help for removal. Please, help me kill this virus and help others not become victims of this insidious bastard.

    Current OS - Windows XP SP 1 (Unpatched due to belief that new patches just present new holes for new viruses to fill and attack.)
    LinkSys Router - BEFSR41

    If any other information is needed, please let me know and I will get back to you as soon as possible. My computer is in shambles and unable to do anything internet related anyways.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Lightbreed, welcome to Wilders, can you take a look at post number 4 here, this should take care of most things out there, and if it doesn't, there are further instructions near the end of that post...

    These are very specific instructions, that require using a Firewall and having your Windows FULLY up-to-date.

    Let us know how you go...

    Cheers :D
     
    Last edited: Sep 24, 2004
  3. Lightbreed

    Lightbreed Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    5
    I followed the instructions up until posting on the other forums the log. Its still here. Another thing to note is the fact that if I leave the "startup" web page up, it quickly passes viruses, malware, and trojans straight onto my computer.

    Other than that, I will post on those forums and if anyone here has anything to add, please give me your input.
     
  4. Lightbreed

    Lightbreed Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    5
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Other than your disconnecting problem, is your system now clean?

    Do you now have a visual firewall?

    Is your windows now fully up to date, including all patches?

    Cheers :D
     
    Last edited: Sep 24, 2004
  6. Lightbreed

    Lightbreed Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    5
    Yes to all questions.
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Have you tried a "Firmware Update" for your router?

    Do you have ADSL filters on all your telephones, excluding your router?

    Cheers :D
     
  8. Lightbreed

    Lightbreed Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    5
    I don't know what ADSL is exactly, but yes, I have Firmware on my router....A new problem has shown its face. The only thing I've been doing is installing my drivers and now, my ethernet controller is broken and I can't move files on my computer, at all. Any of them.. This has gone from bad to flippin' retarded.
     
    Last edited: Sep 25, 2004
  9. Fatalis

    Fatalis Registered Member

    Joined:
    Sep 25, 2004
    Posts:
    4
    Location:
    Tokyo, Japan
    This is what you get for not patching. ;)
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Broadband, also know as ADSL, DSL, Cable etc

    The symptoms you are talking about are consistent with a telephone. Fax or EFTPOS machine being connected without a filter on the same line of a ADSL connection (high speed internet).


    Sure, but have you gone to the manufacturers website to see if you have the latest “Firmware Update” for your model Router? It’s the equivalent of a driver…


    Can you go back using “System Restore”?

    Hope this helps…

    Cheers :D
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Though you may be correct, saying so with a little less bite will result in maintaining harmony in this thread and throughout the forum...

    Just something to keep in mind ;)

    Cheers :D
     
Loading...
Thread Status:
Not open for further replies.