Someone had posted a fantastic list of anti-virus protections a while ago and I thought I'd copied/linked the list but apparently it was on my old PC and the info wasn't saved/transfered. >_<
Anywho, seems my mom managed to get herself a rather fun little virus on her PC and the thing is kicking my butt every time I try to deal with it - its even smart enough to block any attempts at accessing the Spybot website, it blocks the older copy of Norton I've still got on disk from updating itself and destroys any and all search engine attempts (any attempts at Googling anything gives me results but when I click on them I get a random junk search engine that does nothing).
So anyone still have a link to that thread, capable of reposting the list or simply know of some good free stuff I can directly access that will do the scan and initial cleanup from the site itself so that I can get other things working before I waste time and money buying some overpriced item/service from Best Buy?
·Theme
- MMO News & Info
- Aion
- Dark Age of Camelot
- EVE Online
- EverQuest
- EverQuest II
- Final Fantasy XI
- Final Fantasy XIV
- FreeRealms
- Lord of the Rings Online
- Star Wars: The Old Republic
- Warhammer Online
- World of Warcraft
- BL2DB
- DayZDB
- Diablo 3 Database
- Dragon Nest Armory
- Guildhead
- LolKing
- MMOUI
- Rifthead
- SC2 Ranks
- TankSpot
- Tera Tome
- Thottbot
- Torchlight Armory
- Torhead
- Vindictus DB
- Wowhead
- Forums
- World of Warcraft
- General Discussion
- OT - need some anti-virus help
OT - need some anti-virus helpFollow
Aren't too many options when that happens. It happened to my parent's pc and I just decided to reformat it (it was due for it anyway). You can try putting malwarebytes or something similar onto a flash drive and installing it from that if it will let you (make sure you have nothing else important on that flash drive just incase). Can also back up the things onto it before you format.
Anobix and Brutusbukeye of <Imprimis> of US-Stormscale
Progress: TBC: Clear. WotLK: Clear -25HLK. Cata: 85 and Unsubscribed!
How to Use Rawr
Progress: TBC: Clear. WotLK: Clear -25HLK. Cata: 85 and Unsubscribed!
How to Use Rawr
Similar thing happened to my cousin as well. She wasn't paying any attention to what she was doing and downloaded the koobface virus. By the time I got my hands on it, the sucker had installed several other virii on top of it. It was the same issue. No matter what I tried, they would never go away. Ended up turning a usb flash drive into a bootable virus scanner. Since it runs outside of XP, it was able to clean everything up.
Here's the instructions I followed.
http://askthegeek.kennyhart.com/2008/09/how-to-make-bootable-thumb-drive-virus.html
Edited, Jan 26th 2009 6:27pm by DataRaider
Here's the instructions I followed.
http://askthegeek.kennyhart.com/2008/09/how-to-make-bootable-thumb-drive-virus.html
Edited, Jan 26th 2009 6:27pm by DataRaider
Hmmm.
Sounds like a Browser Hijack.
In my experience, they tend to keep themselves hidden from your first line of freeware defense: Spybot Search & Destroy, AVG Antivirus, and Ad Aware.
Online scanners are also out of the question, given the nature of the problem, but doesn't hurt to try. One way around the search engine redirect is to open the Cache'd version of the website instead. But sadly, once you click on another link within that website you'll be redirected again. What has worked for me in the past are Malwarebyte and SuperAnti Spyware run in Safemode. Only once had to resort to the HijackThis! and Killbox combo, with an educated guess via Process Library and fingers crossed.
This is the list Gryphonstalker likes to post occasionally.
Anti-Virus Scanners:
AVG - http://free.grisoft.com/
Housecall - http://housecall.trendmicro.com/
SuperAnti Spyware - http://www.superantispyware.com/
Malwarebyte - http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
Anti-Spyware Scanners:
Ad-Aware - http://www.lavasoftusa.com/ (Green button on your right.)
Spybot: Search & Destroy - http://www.safer-networking.org/en/index.html
Spyware Blaster - http://www.javacoolsoftware.com/spywareblaster.html (This is a preventive proggie, just update.)
Spyware Guard (Beta) - http://www.javacoolsoftware.com/spywareguard.html (This is a preventive proggie.)
Defragmenter :
JKDefrag - http://www.kessels.com/JkDefrag/ (disk defragmenter and optimizer for Windows 2000/2003/XP/Vista/X64.)
Miscellaneous:
PC Wizard 2008 - http://www.cpuid.com/pcwizard.php (Utility designed to analyze and benchmark your computer system.)
Advanced Windows Care Personal - http://www.iobit.com/ (helps protect, optimize, and repair your computer.)
CCleaner - http://www.ccleaner.com/ (system optimization and privacy tool.)
Answers That Work: Task List Programs - http://www.answersthatwork.com/Tasklist_pages/tasklist.htm (This site has a pretty comprehensive list of processes.)
Process Library - http://www.processlibrary.com/
KillBox - http://www.killbox.net/ (Use at your own RISK: a tool to delete in-use files. http://killbox.net/help.html) - last resort to really nasty viruses masquerading as essential window files; Do your research first!!!
Edited, Jan 26th 2009 7:35pm by Zemzelette
Edited, Jan 26th 2009 7:39pm by Zemzelette
Sounds like a Browser Hijack.
In my experience, they tend to keep themselves hidden from your first line of freeware defense: Spybot Search & Destroy, AVG Antivirus, and Ad Aware.
Online scanners are also out of the question, given the nature of the problem, but doesn't hurt to try. One way around the search engine redirect is to open the Cache'd version of the website instead. But sadly, once you click on another link within that website you'll be redirected again. What has worked for me in the past are Malwarebyte and SuperAnti Spyware run in Safemode. Only once had to resort to the HijackThis! and Killbox combo, with an educated guess via Process Library and fingers crossed.
This is the list Gryphonstalker likes to post occasionally.
Anti-Virus Scanners:
AVG - http://free.grisoft.com/
Housecall - http://housecall.trendmicro.com/
SuperAnti Spyware - http://www.superantispyware.com/
Malwarebyte - http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
Anti-Spyware Scanners:
Ad-Aware - http://www.lavasoftusa.com/ (Green button on your right.)
Spybot: Search & Destroy - http://www.safer-networking.org/en/index.html
Spyware Blaster - http://www.javacoolsoftware.com/spywareblaster.html (This is a preventive proggie, just update.)
Spyware Guard (Beta) - http://www.javacoolsoftware.com/spywareguard.html (This is a preventive proggie.)
Defragmenter :
JKDefrag - http://www.kessels.com/JkDefrag/ (disk defragmenter and optimizer for Windows 2000/2003/XP/Vista/X64.)
Miscellaneous:
PC Wizard 2008 - http://www.cpuid.com/pcwizard.php (Utility designed to analyze and benchmark your computer system.)
Advanced Windows Care Personal - http://www.iobit.com/ (helps protect, optimize, and repair your computer.)
CCleaner - http://www.ccleaner.com/ (system optimization and privacy tool.)
Answers That Work: Task List Programs - http://www.answersthatwork.com/Tasklist_pages/tasklist.htm (This site has a pretty comprehensive list of processes.)
Process Library - http://www.processlibrary.com/
KillBox - http://www.killbox.net/ (Use at your own RISK: a tool to delete in-use files. http://killbox.net/help.html) - last resort to really nasty viruses masquerading as essential window files; Do your research first!!!
Edited, Jan 26th 2009 7:35pm by Zemzelette
Edited, Jan 26th 2009 7:39pm by Zemzelette
I suggest Combofix. Combofix is simply awesome. It's not an anti-virus program per se, but rather what it does is it fixes your registry.
In September, I got my old PC out of storage, and was dismayed to see that I had a rather nasty virus on it (Vundo). This damn thing would block my internet and Windows Live after five minutes, and nothing I seemed to do could shake it. It would literally replicate itself as soon as I had cleaned the PC.
Then I downloaded Combofix, and it took care of the problem.
A quick google search should bring it up, but I highly recommend it if something like AVG can't take care of it.
That, or you could always format.
Still, in my experience, the best pure anti-virus program is AVG.
Looking at what you've said, I'd get Combofix.
In September, I got my old PC out of storage, and was dismayed to see that I had a rather nasty virus on it (Vundo). This damn thing would block my internet and Windows Live after five minutes, and nothing I seemed to do could shake it. It would literally replicate itself as soon as I had cleaned the PC.
Then I downloaded Combofix, and it took care of the problem.
A quick google search should bring it up, but I highly recommend it if something like AVG can't take care of it.
That, or you could always format.
Still, in my experience, the best pure anti-virus program is AVG.
Looking at what you've said, I'd get Combofix.
"Do you know what "nemesis" means? A righteous infliction of retribution manifested by an appropriate agent. Personified in this case by an 'orrible c*** : me."
Kewl - many thanks for input and rate ups down the line.
I'll try all of this stuff first as reformatting is even less desirable then dropping cash for an anti-virus program - we'll see how it goes in next day or two.
I'll try all of this stuff first as reformatting is even less desirable then dropping cash for an anti-virus program - we'll see how it goes in next day or two.
I use the free malwarebytes scanner (linked above) at work all the time for adware. Highly recommended that you try it.
Wahu - Disc Priest (main)
Get an Authenticator!!
Get an Authenticator!!
Booting the programs from a USB drive is a good suggestion.
One anti-virus that I use that is the best one I have ever found is ESET NOD32. I believe I had read quite a few years ago that this anti-virus was created by a group of hackers/virus builders that didnt want the integrity of their computing network for their business compromised. This program has found crap hidden in tons of places that others simply didnt get close to finding. They also have offices in the Czeck Republic where a large number of internet viruses originate (not really revelant but I think that's dedication :P ).
Edited, Jan 27th 2009 9:35am by Darister
One anti-virus that I use that is the best one I have ever found is ESET NOD32. I believe I had read quite a few years ago that this anti-virus was created by a group of hackers/virus builders that didnt want the integrity of their computing network for their business compromised. This program has found crap hidden in tons of places that others simply didnt get close to finding. They also have offices in the Czeck Republic where a large number of internet viruses originate (not really revelant but I think that's dedication :P ).
Edited, Jan 27th 2009 9:35am by Darister
Marriage is an institution.....When you get married, you have to be committed to it.....If that isn't mental I don't know what is!
~Gene Simmons~
~Gene Simmons~
OK, this is hands down the smartest virus I've ran into to date - the SOB wouldn't even allow anti-virus programs to boot from a flash drive, nor install from disk. I finally managed to sneak AVG past the sucker and get that running, but its still stopping AVG from updating.
I ran AVG and it initially claimed to have found and dealt with some problems, but they keep persisting and there's one thing that keeps showing up and not getting cured -
C:\WINDOWS\system32\WinCtrl32.dll
Says that its a trojan horse downloader - AdAware catches it too (old definitions - can't update it either) and says that it'll scrub it next computer restart, but it doesn't.
So million dollar question is whether or not that's a bogus file that I should just go into Explorer and manually delete or is the @#$% virus lying to the spyware programs and trying to get me to delete something important?
I swear, if I ever get my hands on the little punk that wrote this virus I'm going to cut off his fingers with rusty bolt cutters. >_<
I ran AVG and it initially claimed to have found and dealt with some problems, but they keep persisting and there's one thing that keeps showing up and not getting cured -
C:\WINDOWS\system32\WinCtrl32.dll
Says that its a trojan horse downloader - AdAware catches it too (old definitions - can't update it either) and says that it'll scrub it next computer restart, but it doesn't.
So million dollar question is whether or not that's a bogus file that I should just go into Explorer and manually delete or is the @#$% virus lying to the spyware programs and trying to get me to delete something important?
I swear, if I ever get my hands on the little punk that wrote this virus I'm going to cut off his fingers with rusty bolt cutters. >_<
well...
go on...
Backup and try it...
go on...
Backup and try it...
We get this virus quite a lot on customer's machines at work, and Malwarebyte's Antimalware sorts it out. You don't need to buy it, as the demo works fully, apart from having to update manually.
Edited, Feb 4th 2009 6:32pm by Krago
Edited, Feb 4th 2009 6:32pm by Krago
Tavarde wrote:
I don't post here to be disagreed with... Oh, and I'll be deleting the OP, I don't need to hear from any more of you. Because you're all 100% wrong anyway.
Quote:
We get this on customer's machines at work, and [link=Malwarebyte's Antimalware]http://www.malwarebytes.org/mbam.php[/link] sorts it out.
I downloaded it onto a flashdrive from my PC but unfortunately, the virus wont let me install it and clicking the link the virus blocks her computer to even going to the site. >_<
If you can, copy it to a cd on some other machine and install from that. Possibly, if you install it on another machine, you could copy the working Malware Bytes folder over to a cd, and run it off the cd? I've done that with other Antivirus/Malware programs in the past.
Edited, Feb 4th 2009 6:35pm by Krago
Edited, Feb 4th 2009 6:35pm by Krago
Tavarde wrote:
I don't post here to be disagreed with... Oh, and I'll be deleting the OP, I don't need to hear from any more of you. Because you're all 100% wrong anyway.
An idea, will give a shot - in the meantime, can anyone look in their windows folder and confirm one way or another if that's a real file or virus one?
12 posts
Be sure to log into safe mode. tap F8 as you're booting the computer, it'll give the advanced startup menu with safe mode, safe with networking etc etc.
Choose Safemode with networking. Log into your account and it'll look like windows just larger icons etc. This bypasses any items that start when booting your computer and will allow you to install certain programs.
Hopefully you have combofix, malwarebytes, super antispyware, and AVG on a flash drive. go ahead and run combo fix.
after it's done it's thing you can run MWB and then SAS. usually this will take care of most problems, Install avg.
after all that is done you can go to start - Run - type in 'msconfig' and enter. Startup tab at the top, you can uncheck everything in that window (leave any avg checked). Apply, close. don't reboot yet.
Some virus or spyware will come back next reboot if you have system restore on, so you'll want to disable it for the time being. Restart, so to normal mode and see how things are, do your virus scan, cleanup anything it finds. Reboot again, enable system restore.
Choose Safemode with networking. Log into your account and it'll look like windows just larger icons etc. This bypasses any items that start when booting your computer and will allow you to install certain programs.
Hopefully you have combofix, malwarebytes, super antispyware, and AVG on a flash drive. go ahead and run combo fix.
after it's done it's thing you can run MWB and then SAS. usually this will take care of most problems, Install avg.
after all that is done you can go to start - Run - type in 'msconfig' and enter. Startup tab at the top, you can uncheck everything in that window (leave any avg checked). Apply, close. don't reboot yet.
Some virus or spyware will come back next reboot if you have system restore on, so you'll want to disable it for the time being. Restart, so to normal mode and see how things are, do your virus scan, cleanup anything it finds. Reboot again, enable system restore.
rusttle wrote:
OK, this is hands down the smartest virus I've ran into to date - the SOB wouldn't even allow anti-virus programs to boot from a flash drive, nor install from disk. I finally managed to sneak AVG past the sucker and get that running, but its still stopping AVG from updating.
I ran AVG and it initially claimed to have found and dealt with some problems, but they keep persisting and there's one thing that keeps showing up and not getting cured -
C:\WINDOWS\system32\WinCtrl32.dll
Says that its a trojan horse downloader - AdAware catches it too (old definitions - can't update it either) and says that it'll scrub it next computer restart, but it doesn't.
So million dollar question is whether or not that's a bogus file that I should just go into Explorer and manually delete or is the @#$% virus lying to the spyware programs and trying to get me to delete something important?
I swear, if I ever get my hands on the little punk that wrote this virus I'm going to cut off his fingers with rusty bolt cutters. >_<
I ran AVG and it initially claimed to have found and dealt with some problems, but they keep persisting and there's one thing that keeps showing up and not getting cured -
C:\WINDOWS\system32\WinCtrl32.dll
Says that its a trojan horse downloader - AdAware catches it too (old definitions - can't update it either) and says that it'll scrub it next computer restart, but it doesn't.
So million dollar question is whether or not that's a bogus file that I should just go into Explorer and manually delete or is the @#$% virus lying to the spyware programs and trying to get me to delete something important?
I swear, if I ever get my hands on the little punk that wrote this virus I'm going to cut off his fingers with rusty bolt cutters. >_<
This is why I suggested the bootable flash drive above. It allows you to boot a second os (linux with my instructions) and run a virus scanner from a clean environment.
It's a real virus. Like you said, apparently a pain in the in the ass.
HOWEVER....
If there's a will, there's a way!
AND....
Try those, see if it will work.
HOWEVER....
If there's a will, there's a way!
AND....
Try those, see if it will work.
"Do you know what "nemesis" means? A righteous infliction of retribution manifested by an appropriate agent. Personified in this case by an 'orrible c*** : me."
Just my tuppence worth. I ran Eset NOD32 for 3 years without any problems. To save money I downloaded Avast about a month ago. I have just finished re-installing my PC after it got infected with a virus.
Needles to say, I paid for NOD32 again. Sometime you get what you pay for.
Needles to say, I paid for NOD32 again. Sometime you get what you pay for.
Quote:
I ran AVG and it initially claimed to have found and dealt with some problems, but they keep persisting and there's one thing that keeps showing up and not getting cured -
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WinCtrl32.dll
You didn't mention which Windows you used. I checked, it is NOT on my main PC with 64 bits Vista Home Premium, and is probably the same for all Vista versions. My other PC which has XP Home 32 bit also DO NOT have the file in question.
Either it is specific to application you have that I don't have or it is a virus.
When I have a real stubborn virus, sometime I'd remove the infected hard drive, plug it into external USB case, hook it to my other PC (which has Auto Play disabled completely), I start up AV programs, spyware programs, and also load up web page with trend micro online scanner and panda web site too. Also check into anti rootkit as well.
Turn on the external hard drive, run em one app at a time (they may interfere with each other if you run all at once)
99% of the time it worked. For that 1% I can't get out, I head to http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/ and post detailed information as some expert there may have an idea or solution to removing the most difficult virus.
Edit: type demon strikes again
Edited, Feb 19th 2009 8:22am by Grolyn
Edited, Feb 19th 2009 8:26am by Grolyn
Recent Visitors: 91
All times are in CDT
- Forums
- World of Warcraft
- General Discussion
- OT - need some anti-virus help