BleepingComputer.com: Malware? Trojan? Adware?

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Malware? Trojan? Adware? I don't know!!

#1 User is offline   Fh-Fh 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 18-August 08

Posted 18 August 2008 - 05:12 PM

Mmmkay.

One day, I was in the mood to play Grand Theft Auto. Problem is, I don't have it. So I decided to "legally" dowload it.

Link is here: hxxp: //thepiratebay.org/torrent/4277087/Gr...uto_San_Andreas

BTW Don't dowload it XD

As you can see, people were not too happy after downloading it. Unforunatley, these comments appeared AFTER I dowloaded it. When I saw the comments, my eyes went wide and I slowly dragged the torrent to the trash can and delete it.

Problem solved, right?

Wrong.

A couple weeks later my Peerguardian dissapeared and I started getting these messages that read:

Quote

Windows will now Shut Down and restart. This was activated by: NT AUTHORITY/SYSTEM


Then a clock starts counting down from 1 minute and it restarts. I can't close it. I tried to open task manager but another message appeared:

Quote

Task manager has been disabled


WTF? How?

After a couple Ad-Aware and Spybot scans, I decided to use my Ace in the hole: System Restore.

I've used it before so I knew what I was doing. I was relived.

Until I found out it was still there.

Now I was mad.

I tried using Regedit but...

Quote

Registry Editing has been disabled


This is actually good news. Now I know where this virus is hiding.

So next I did another Ad-Aware scan. After I deleted everthing, I tried using Regedit.

Success!

But now what do I do :flowers:

I closed it and tryed to open it back up.

No dice.

So NOW I'm using Malwarebytes to get rid of it (as said in the comments).

But still, no dice. :thumbsup:

HELP MEE!!!!!

This post has been edited by quietman7: 18 August 2008 - 05:23 PM

#2 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,109
  • Joined: 09-July 05
  • Location:Virginia, USA

Posted 18 August 2008 - 05:39 PM

If your computer keeps shutting down on its own, follow these steps to stop the cycle:
  • Click on Start > Run and type: cmd
  • Press Enter.
  • At the Command Prompt type: shutdown -a
  • Press Enter.

Shutdowns and random reboots could be malware related or they could be due to hardware or overheating problems caused by a failed processor fan, bad memory (RAM), failing power supply, underpowered power supply, CPU overheating, motherboard, video card, faulty drivers, BIOS and firmware problems, dirty hardware, etc. If the computer is overheating, it usually begins to restart on a more regular basis.

When doing a search on the net for Shutdown initiated by NT Authority\system, you will find thousands of complaints with various causes and possible solutions. What works for one person may not work for another.

Some rootkits have been found to be accompanied by BSOD's and various stop error/shutdown messages so a rootkit check should be performed. I recommend performing a scan with Sophos Anti-rootkit, Panda AntiRootkit or AVG Anti-Rootkit.

Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
Note: Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. You should not be alarmed if you see any hidden entries created by these software programs after performing a scan.
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users