Malware? Trojan? Adware?

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post.

- BleepingComputer Management

BleepingComputer.com > Security > Am I infected? What do I do?

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

Malware? Trojan? Adware?, I don't know!!

Options

Fh-Fh View Member Profile	Aug 18 2008, 05:12 PM Post #1
New Member Group: Members Posts: 2 Joined: 18-August 08 Member No.: 231,100	Mmmkay. One day, I was in the mood to play Grand Theft Auto. Problem is, I don't have it. So I decided to "legally" dowload it. Link is here: hxxp: //thepiratebay.org/torrent/4277087/Gr...uto_San_Andreas BTW Don't dowload it XD As you can see, people were not too happy after downloading it. Unforunatley, these comments appeared AFTER I dowloaded it. When I saw the comments, my eyes went wide and I slowly dragged the torrent to the trash can and delete it. Problem solved, right? Wrong. A couple weeks later my Peerguardian dissapeared and I started getting these messages that read: QUOTE Windows will now Shut Down and restart. This was activated by: NT AUTHORITY/SYSTEM Then a clock starts counting down from 1 minute and it restarts. I can't close it. I tried to open task manager but another message appeared: QUOTE Task manager has been disabled WTF? How? After a couple Ad-Aware and Spybot scans, I decided to use my Ace in the hole: System Restore. I've used it before so I knew what I was doing. I was relived. Until I found out it was still there. Now I was mad. I tried using Regedit but... QUOTE Registry Editing has been disabled This is actually good news. Now I know where this virus is hiding. So next I did another Ad-Aware scan. After I deleted everthing, I tried using Regedit. Success! But now what do I do I closed it and tryed to open it back up. No dice. So NOW I'm using Malwarebytes to get rid of it (as said in the comments). But still, no dice. HELP MEE!!!!! This post has been edited by quietman7: Aug 18 2008, 05:23 PM

quietman7 View Member Profile	Aug 18 2008, 05:39 PM Post #2
Bleepin' Janitor Group: Global Moderator Posts: 13,432 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	If your computer keeps shutting down on its own, follow these steps to stop the cycle: Click on Start > Run and type: cmd Press Enter. At the Command Prompt type: shutdown -a Press Enter. Shutdowns and random reboots could be malware related or they could be due to hardware or overheating problems caused by a failed processor fan, bad memory (RAM), failing power supply, underpowered power supply, CPU overheating, motherboard, video card, faulty drivers, BIOS and firmware problems, dirty hardware, etc. If the computer is overheating, it usually begins to restart on a more regular basis. When doing a search on the net for Shutdown initiated by NT Authority\system, you will find thousands of complaints with various causes and possible solutions. What works for one person may not work for another. Some rootkits have been found to be accompanied by BSOD's and various stop error/shutdown messages so a rootkit check should be performed. I recommend performing a scan with Sophos Anti-rootkit, Panda AntiRootkit or AVG Anti-Rootkit. Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections. Disconnect from the Internet or physically unplug you Internet cable connection. Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection. After starting the scan, do not use the computer until the scan has completed. When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet. Note: Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. You should not be alarmed if you see any hidden entries created by these software programs after performing a scan. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

« Next Oldest · Am I infected? What do I do? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 22nd November 2008 - 01:40 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides