Forum Settings
       
Reply To Thread

OT - need some anti-virus helpFollow

#1 Jan 26 2009 at 4:02 PM Rating: Decent
***
3,879 posts
Someone had posted a fantastic list of anti-virus protections a while ago and I thought I'd copied/linked the list but apparently it was on my old PC and the info wasn't saved/transfered. >_<

Anywho, seems my mom managed to get herself a rather fun little virus on her PC and the thing is kicking my **** every time I try to deal with it - its even smart enough to block any attempts at accessing the Spybot website, it blocks the older copy of Norton I've still got on disk from updating itself and destroys any and all search engine attempts (any attempts at Googling anything gives me results but when I click on them I get a random junk search engine that does nothing).

So anyone still have a link to that thread, capable of reposting the list or simply know of some good free stuff I can directly access that will do the scan and initial cleanup from the site itself so that I can get other things working before I waste time and money buying some overpriced item/service from Best Buy?
#2 Jan 26 2009 at 4:05 PM Rating: Excellent
Aren't too many options when that happens. It happened to my parent's pc and I just decided to reformat it (it was due for it anyway). You can try putting malwarebytes or something similar onto a flash drive and installing it from that if it will let you (make sure you have nothing else important on that flash drive just incase). Can also back up the things onto it before you format.
____________________________
Anobix and Brutusbukeye of <Imprimis> of US-Stormscale
Progress: TBC: Clear. WotLK: Clear -25HLK. Cata: 85 and Unsubscribed!
How to Use Rawr
#4 Jan 26 2009 at 4:25 PM Rating: Excellent
Scholar
**
367 posts
Similar thing happened to my cousin as well. She wasn't paying any attention to what she was doing and downloaded the koobface virus. By the time I got my hands on it, the sucker had installed several other virii on top of it. It was the same issue. No matter what I tried, they would never go away. Ended up turning a usb flash drive into a bootable virus scanner. Since it runs outside of XP, it was able to clean everything up.

Here's the instructions I followed.

http://askthegeek.kennyhart.com/2008/09/how-to-make-bootable-thumb-drive-virus.html

Edited, Jan 26th 2009 6:27pm by DataRaider
#5 Jan 26 2009 at 4:30 PM Rating: Excellent
**
736 posts
Hmmm.
Sounds like a Browser Hijack.
In my experience, they tend to keep themselves hidden from your first line of freeware defense: Spybot Search & Destroy, AVG Antivirus, and Ad Aware.
Online scanners are also out of the question, given the nature of the problem, but doesn't hurt to try. One way around the search engine redirect is to open the Cache'd version of the website instead. But sadly, once you click on another link within that website you'll be redirected again. What has worked for me in the past are Malwarebyte and SuperAnti Spyware run in Safemode. Only once had to resort to the HijackThis! and Killbox combo, with an educated guess via Process Library and fingers crossed.

This is the list Gryphonstalker likes to post occasionally.




Anti-Virus Scanners:

AVG - http://free.grisoft.com/

Housecall - http://housecall.trendmicro.com/

SuperAnti Spyware - http://www.superantispyware.com/

Malwarebyte - http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html



Anti-Spyware Scanners:

Ad-Aware - http://www.lavasoftusa.com/ (Green button on your right.)

Spybot: Search & Destroy - http://www.safer-networking.org/en/index.html

Spyware Blaster - http://www.javacoolsoftware.com/spywareblaster.html (This is a preventive proggie, just update.)

Spyware Guard (Beta) - http://www.javacoolsoftware.com/spywareguard.html (This is a preventive proggie.)


Defragmenter :

JKDefrag - http://www.kessels.com/JkDefrag/ (disk defragmenter and optimizer for Windows 2000/2003/XP/Vista/X64.)


Miscellaneous:

PC Wizard 2008 - http://www.cpuid.com/pcwizard.php (Utility designed to analyze and benchmark your computer system.)

Advanced Windows Care Personal - http://www.iobit.com/ (helps protect, optimize, and repair your computer.)

CCleaner - http://www.ccleaner.com/ (system optimization and privacy tool.)

Answers That Work: Task List Programs - http://www.answersthatwork.com/Tasklist_pages/tasklist.htm (This site has a pretty comprehensive list of processes.)

Process Library - http://www.processlibrary.com/

KillBox - http://www.killbox.net/ (Use at your own RISK: a tool to delete in-use files. http://killbox.net/help.html) - last resort to really nasty viruses masquerading as essential window files; Do your research first!!!







Edited, Jan 26th 2009 7:35pm by Zemzelette

Edited, Jan 26th 2009 7:39pm by Zemzelette
#6 Jan 26 2009 at 8:23 PM Rating: Good
I suggest Combofix. Combofix is simply awesome. It's not an anti-virus program per se, but rather what it does is it fixes your registry.

In September, I got my old PC out of storage, and was dismayed to see that I had a rather nasty virus on it (Vundo). This **** thing would block my internet and Windows Live after five minutes, and nothing I seemed to do could shake it. It would literally replicate itself as soon as I had cleaned the PC.

Then I downloaded Combofix, and it took care of the problem.

A quick google search should bring it up, but I highly recommend it if something like AVG can't take care of it.

That, or you could always format.

Still, in my experience, the best pure anti-virus program is AVG.

Looking at what you've said, I'd get Combofix.
____________________________
"Do you know what "nemesis" means? A righteous infliction of retribution manifested by an appropriate agent. Personified in this case by an 'orrible c*** : me."
#7 Jan 27 2009 at 12:54 AM Rating: Decent
***
3,879 posts
Kewl - many thanks for input and rate ups down the line.

I'll try all of this stuff first as reformatting is even less desirable then dropping cash for an anti-virus program - we'll see how it goes in next day or two.
#8 Jan 27 2009 at 6:52 AM Rating: Good
I use the free malwarebytes scanner (linked above) at work all the time for adware. Highly recommended that you try it.
____________________________
Wahu - Disc Priest (main)
Get an Authenticator!!
#9 Jan 27 2009 at 7:34 AM Rating: Decent
Scholar
*
233 posts
Booting the programs from a USB drive is a good suggestion.

One anti-virus that I use that is the best one I have ever found is ESET NOD32. I believe I had read quite a few years ago that this anti-virus was created by a group of hackers/virus builders that didnt want the integrity of their computing network for their business compromised. This program has found **** hidden in tons of places that others simply didnt get close to finding. They also have offices in the Czeck Republic where a large number of internet viruses originate (not really revelant but I think that's dedication :P ).

Edited, Jan 27th 2009 9:35am by Darister
____________________________
Marriage is an institution.....When you get married, you have to be committed to it.....If that isn't mental I don't know what is!
~Gene Simmons~
#10 Feb 04 2009 at 3:09 PM Rating: Decent
***
3,879 posts
OK, this is hands down the smartest virus I've ran into to date - the SOB wouldn't even allow anti-virus programs to boot from a flash drive, nor install from disk. I finally managed to sneak AVG past the sucker and get that running, but its still stopping AVG from updating.

I ran AVG and it initially claimed to have found and dealt with some problems, but they keep persisting and there's one thing that keeps showing up and not getting cured -

C:\WINDOWS\system32\WinCtrl32.dll

Says that its a trojan horse downloader - AdAware catches it too (old definitions - can't update it either) and says that it'll scrub it next computer restart, but it doesn't.

So million dollar question is whether or not that's a bogus file that I should just go into Explorer and manually delete or is the @#$% virus lying to the spyware programs and trying to get me to delete something important?

I swear, if I ever get my hands on the little punk that wrote this virus I'm going to cut off his fingers with rusty bolt cutters. >_<
#11 Feb 04 2009 at 3:24 PM Rating: Good
Scholar
****
6,129 posts
well...

go on...

Backup and try it...
____________________________
Alla's Arena/PVP Forum

SO I PLAY WoW COOL EH!?

Let that beat build.

Xbox Live: kyNsdub
#12 Feb 04 2009 at 3:29 PM Rating: Decent
***
1,340 posts
We get this virus quite a lot on customer's machines at work, and Malwarebyte's Antimalware sorts it out. You don't need to buy it, as the demo works fully, apart from having to update manually.



Edited, Feb 4th 2009 6:32pm by Krago
____________________________
Tavarde wrote:
I don't post here to be disagreed with... Oh, and I'll be deleting the OP, I don't need to hear from any more of you. Because you're all 100% wrong anyway.
#13 Feb 04 2009 at 3:31 PM Rating: Decent
***
3,879 posts
Quote:
We get this on customer's machines at work, and [link=Malwarebyte's Antimalware]http://www.malwarebytes.org/mbam.php[/link] sorts it out.


I downloaded it onto a flashdrive from my PC but unfortunately, the virus wont let me install it and clicking the link the virus blocks her computer to even going to the site. >_<
#14 Feb 04 2009 at 3:34 PM Rating: Decent
***
1,340 posts
If you can, copy it to a cd on some other machine and install from that. Possibly, if you install it on another machine, you could copy the working Malware Bytes folder over to a cd, and run it off the cd? I've done that with other Antivirus/Malware programs in the past.

Edited, Feb 4th 2009 6:35pm by Krago
____________________________
Tavarde wrote:
I don't post here to be disagreed with... Oh, and I'll be deleting the OP, I don't need to hear from any more of you. Because you're all 100% wrong anyway.
#15 Feb 04 2009 at 3:52 PM Rating: Decent
***
3,879 posts
An idea, will give a shot - in the meantime, can anyone look in their windows folder and confirm one way or another if that's a real file or virus one?
#16 Feb 04 2009 at 3:52 PM Rating: Excellent
12 posts
Be sure to log into safe mode. tap F8 as you're booting the computer, it'll give the advanced startup menu with safe mode, safe with networking etc etc.
Choose Safemode with networking. Log into your account and it'll look like windows just larger icons etc. This bypasses any items that start when booting your computer and will allow you to install certain programs.

Hopefully you have combofix, malwarebytes, super antispyware, and AVG on a flash drive. go ahead and run combo fix.
after it's done it's thing you can run MWB and then SAS. usually this will take care of most problems, Install avg.
after all that is done you can go to start - Run - type in 'msconfig' and enter. Startup tab at the top, you can uncheck everything in that window (leave any avg checked). Apply, close. don't reboot yet.
Some virus or spyware will come back next reboot if you have system restore on, so you'll want to disable it for the time being. Restart, so to normal mode and see how things are, do your virus scan, cleanup anything it finds. Reboot again, enable system restore.
#17 Feb 04 2009 at 4:03 PM Rating: Decent
Scholar
**
367 posts
rusttle wrote:
OK, this is hands down the smartest virus I've ran into to date - the SOB wouldn't even allow anti-virus programs to boot from a flash drive, nor install from disk. I finally managed to sneak AVG past the sucker and get that running, but its still stopping AVG from updating.

I ran AVG and it initially claimed to have found and dealt with some problems, but they keep persisting and there's one thing that keeps showing up and not getting cured -

C:\WINDOWS\system32\WinCtrl32.dll

Says that its a trojan horse downloader - AdAware catches it too (old definitions - can't update it either) and says that it'll scrub it next computer restart, but it doesn't.

So million dollar question is whether or not that's a bogus file that I should just go into Explorer and manually delete or is the @#$% virus lying to the spyware programs and trying to get me to delete something important?

I swear, if I ever get my hands on the little punk that wrote this virus I'm going to cut off his fingers with rusty bolt cutters. >_<


This is why I suggested the bootable flash drive above. It allows you to boot a second os (linux with my instructions) and run a virus scanner from a clean environment.
#18 Feb 04 2009 at 7:26 PM Rating: Good
It's a real virus. Like you said, apparently a pain in the in the ass.

HOWEVER....

If there's a will, there's a way!

AND....

Try those, see if it will work.
____________________________
"Do you know what "nemesis" means? A righteous infliction of retribution manifested by an appropriate agent. Personified in this case by an 'orrible c*** : me."
#19 Feb 05 2009 at 4:14 AM Rating: Good
Scholar
***
3,229 posts
Just my tuppence worth. I ran Eset NOD32 for 3 years without any problems. To save money I downloaded Avast about a month ago. I have just finished re-installing my PC after it got infected with a virus.

Needles to say, I paid for NOD32 again. Sometime you get what you pay for.
____________________________
Create Something Amazing
#20 Feb 19 2009 at 5:14 AM Rating: Decent
Scholar
**
429 posts
Quote:
I ran AVG and it initially claimed to have found and dealt with some problems, but they keep persisting and there's one thing that keeps showing up and not getting cured -

C:\WINDOWS\system32\WinCtrl32.dll


You didn't mention which Windows you used. I checked, it is NOT on my main PC with 64 bits Vista Home Premium, and is probably the same for all Vista versions. My other PC which has XP Home 32 bit also DO NOT have the file in question.

Either it is specific to application you have that I don't have or it is a virus.

When I have a real stubborn virus, sometime I'd remove the infected hard drive, plug it into external USB case, hook it to my other PC (which has Auto Play disabled completely), I start up AV programs, spyware programs, and also load up web page with trend micro online scanner and panda web site too. Also check into anti rootkit as well.

Turn on the external hard drive, run em one app at a time (they may interfere with each other if you run all at once)

99% of the time it worked. For that 1% I can't get out, I head to http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/ and post detailed information as some expert there may have an idea or solution to removing the most difficult virus.


Edit: type demon strikes again

Edited, Feb 19th 2009 8:22am by Grolyn

Edited, Feb 19th 2009 8:26am by Grolyn
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 58 All times are in CDT
idiggory, Anonymous Guests (57)