VIRUS ALERT!

Discussion in 'malware problems & news' started by PiCo, Aug 6, 2008.

Thread Status:
Not open for further replies.
  1. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    A friend of mine downloaded a .wmv porn movie yesterday and when he tried to play it a window pop-uped saying "A codec is missing, visit this site to install it".
    So he visited the site downloaded the .exe codec and ran it :p

    That was it! All desktop icons gone, task manager disabled, all hard drives disappeared (!), explorer disabled (couldn't access any file), browser windows popping-up sayin download this and that, desktop hijacked with a "privacy danger" thing, security warnings all over and a VIRUS ALERT! flashing in System tray where the clock is supposed to be.

    We're talking about a MESS! He had malware from KvmSecure to lots of other stuff.

    So I took the time to write a small guide that helped my friend yesterday and may help others in future!

    1.Dr.WEB CureIT
    He downloaded Dr.WEB CureIT and ran a full scan on C drive (CureIT was able to see the contents of the C drive althought the user couldn't Lol).
    It found about 40 viruses all able to delete and move and that was enough to stabilize the OS and run some additional scans.

    2.SUPERAntiSpyware
    He installed the free version and ran a full scan. It found about 15 registry items infected and some files/folders infected (adware mostly) which all were quarantined and removed.
    He then run all the repairs under preferences->repairs which at that point brought back task manager.

    3.MalwareByte's AntiMalware
    He installed the free version and ran a full scan with that too. It found about 2-3 infected items all quarantined and removed successfully.

    4.SpyBot S&D
    He had that allready installed. It came up with a SmitFraud left-over which succesfully deleted.

    5.GlarySoft RegistryRepair
    Actually I told him to install and run this cause he's pc was allready in bad shape, so a registry cleaner could only make it better :p

    6.CCleaner
    The usual task, getting rid of all crap!

    7.HijackThis
    He ran and sent me a HijachThis log, which was clean, but took the chance to help him get rid of some unesecery start-up applications.

    8.Reboot
    The final step and the moment of truth! How will all the changes made by the previous software apply after a reboot?
    Well it was success!
    Everything came back EXCEPT the missing desktop icons (couldn't be found anywhere, the virus must have deleted them) and the background which was the default windows one and not the one he had before the infection, but he was able to set his previous background manually.

    I hope that this will help others too. It was a real nasty situation!
    Notice also that the pc infected, wasn't he's good pc, it was more like a porn machine Lol.
    No firewall, no antivirus, no anything installed! Naked to the bone!
    So if the guide worked for him a good pc will stand ever better chance :cool:
     
  2. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    If it were me, I'd firstly try Rogue Remover/SmithFraudFix, if failed I'd use pretty much the same combo, maybe running AVP Tool - Dr.Web - SAS - Ewido
     
  3. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    I may have just imaged the bloody thing and scanned it on another computer.
     
  4. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    My question is did he learn from his experience ?

    I am not referring to what he chooses to view, but being cautious in what links he chooses to follow\use to download any .exe. Safe codec packs are available every where on the Net.
     
  5. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    Well actually he's cautious, he's not a n00b, but these things happen some times.

    I am cautious too, but there was a time long ago I had some beers, got a photo.zip from a friend of mine through MSN (yes yes the known way of getting infected) and ran the damn thing inside it :p.

    And I knew that these viruses through MSN existed, it'n not like it was out of the blue for me, but still..

    Anyway I hope he will be even more cautious now on :)
     
  6. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    If that is the case then lesson learned. :thumb:
     
  7. darklord_godiver

    darklord_godiver Registered Member

    Joined:
    Aug 27, 2008
    Posts:
    4
    Location:
    Philippines
    awesome guide, although i doubt the same thing would happen to me, your guide did provide me with new knowledge on many other scanners for the safety of my PC. :D
     
  8. Medank

    Medank Registered Member

    Joined:
    Aug 25, 2008
    Posts:
    102
    this is a serious problem, i see people everywhere complaining about rouge spyware and viruses, but today's antivirus and antispyware does not protect because the rouge spyware has so many variant,

    what to do so i will be protected against latest threats everyday?
     
  9. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Use a good antivirus with a good signature and heuristic detection(look this for example, a good result indeed https://www.wilderssecurity.com/showpost.php?p=1294754&postcount=102), a good antispyware, NOT using Internet explorer and being careful.
    Also using a site-advising program(like siteadvisor, wot, linkscanner etc.) to prevent from going into known rouge sites.
     
  10. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    This sort of crap seem to be everywhere in the net these days, yesterday another friend contacted me through MSN and said: "You have to save me, I have 50000 viruses, how the hell did that happen?"

    Of course it was a rogue, Antivirus XP 2008, which stated he had 50000 viruses on his pc, but the guy did't even think of that case, he actually believed he had that many viruses.

    I can understand it though, the panic you face at that moment + the fact of not being a geek, it's easy too be fooled :(
     
Loading...
Thread Status:
Not open for further replies.