Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Seriously


  • Please log in to reply
10 replies to this topic

#1 die_comp

die_comp

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 31 December 2007 - 09:58 AM

pls I need help I am infected by this and I don't know what to do...

U1tr4phuck
Created by Andiroo
irc.bm3.org #blackmatrix

I wouldn't recommend running this file to test
it. It will totally trash your PC beyond repair
without a complete reinstall of Windows. It
prevents you from running and .exe's, .cmd's,
.com's and best of all .reg's. Now you can't
open the registry to fix the bastard! Ohh it
also prevents you from running .bat's. What
happens is you get an error and it won't run or
it will ask you what file to open it with. All
the files do the same thing they just have
different icons for phun or to discise them.

Created in 2003
By Andiroo


like what he said I can't open anything even the control panel has no use now... msconfig sysedit regedit and the other's are unusable so what can I do? i don't want to reformat due to important files pls help

BC AdBot (Login to Remove)

 


#2 Ltangelic

Ltangelic

    Angel Annihilator of Malware


  • Members
  • 348 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere
  • Local time:06:48 AM

Posted 31 December 2007 - 10:04 AM

Ok, you didn't supply any information about what you were infected with. By your knowledge, is it a virus, rootkit or a malware? Do you have any idea where you got the infection, and if you downloaded the file somewhere, can you try using Windows Explorer and locate it?

* Click on Start and then Search.
* Click on "All files and folders".
* Type in the file that caused the infection.
* Under "More Advanced Options" tab, make sure that Search hidden files and folders is checked.
* Click "Search".

By the way, what Operating System are you using, and what Internet Browser are you using?

Edited by Ltangelic, 31 December 2007 - 10:10 AM.

Bleepingcomputer Malware Response Team

Posted Image

Posted Image

Please do NOT PM anyone with HJT logs, read this and post your logs here.


#3 die_comp

die_comp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 31 December 2007 - 10:10 AM

Ok, you didn't supply any information about what you were infected with. By your knowledge, is it a virus, rootkit or a malware? Do you have any idea where you got the infection, and if you downloaded the file somewhere, can you try using Windows Explorer and locate it?


I don't know if it is a virus, rootkit??? or a malware.... I definitely know where I got it I got it from a CD when I ran the CD it autoplayed a MS-DOS command very fast.... then like it said I can't open any of the following extensions

#4 Ltangelic

Ltangelic

    Angel Annihilator of Malware


  • Members
  • 348 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere
  • Local time:06:48 AM

Posted 31 December 2007 - 10:13 AM

I'm not sure what that infection is, but can you provide the following information?

1. Can you run Active X on your computer with the infection?
2. Do you have IE as your internet browser?
3. What anti-virus, anti-spyware programs do you use? (if you do use any)

Edited by Ltangelic, 31 December 2007 - 10:14 AM.

Bleepingcomputer Malware Response Team

Posted Image

Posted Image

Please do NOT PM anyone with HJT logs, read this and post your logs here.


#5 die_comp

die_comp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 31 December 2007 - 10:23 AM

I'm not sure what that infection is, but can you provide the following information?

1. Can you run Active X on your computer with the infection?
2. Do you have IE as your internet browser?
3. What anti-virus, anti-spyware programs do you use? (if you do use any)


1. How to run activeX
2. yep i have the IE browser... but I can't open it directly.... I have to open it through one of my saved HTML files to open IExplorer... other means of opening are disabled
3. None... because i don't explore that much in the net I always go to trusted sites... and I haven't connected to the net for a while that's why i knew it is not a net virus etc.

maybe its not an infection I don't really know maybe its a program that ultraphuck installed...

#6 die_comp

die_comp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 31 December 2007 - 10:29 AM

I also tried the Search method but I don't know what to find.... so i tried using the what date time i got it... there were few results but there's nothing that suspicious files


I'm on windows XP sp2 and IExplorer 6

#7 Ltangelic

Ltangelic

    Angel Annihilator of Malware


  • Members
  • 348 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere
  • Local time:06:48 AM

Posted 31 December 2007 - 10:30 AM

Alright, it seems that many of your computer functions is disabled by the infection. You are using Internet Explorer 4 and above right?

Let's try doing an online scan, seeing that you cannot execute .exe files.

* Run BitDefender Online Scan.
* Click on I Agree.
Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.

*When the ActiveX Control has loaded, click on "Click here to scan".
Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer.
By default, BitDefender Online Scanner will scan your entire computer.
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.


* When BitDefender completes the scan, select the "Detected Problems" tab.
* Click on "Click here to export scan".
* Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
* Go to Edit - Select All then copy/paste that log back here.

Go. :thumbsup:

Lt

Bleepingcomputer Malware Response Team

Posted Image

Posted Image

Please do NOT PM anyone with HJT logs, read this and post your logs here.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 PM

Posted 31 December 2007 - 10:34 AM

Hello can you upload the file to one of these and post back with what they send you?

These are a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.

Virustotal

Jotti's malware scan
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 die_comp

die_comp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 31 December 2007 - 10:46 AM

Alright, it seems that many of your computer functions is disabled by the infection. You are using Internet Explorer 4 and above right?

Let's try doing an online scan, seeing that you cannot execute .exe files.

* Run BitDefender Online Scan.
* Click on I Agree.
Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.

*When the ActiveX Control has loaded, click on "Click here to scan".
Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer.
By default, BitDefender Online Scanner will scan your entire computer.
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.


* When BitDefender completes the scan, select the "Detected Problems" tab.
* Click on "Click here to export scan".
* Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
* Go to Edit - Select All then copy/paste that log back here.

Go. :thumbsup:

Lt


after pressing the I agree it only goes back to the I agree button

Hello can you upload the file to one of these and post back with what they send you?

These are a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.

Virustotal

Jotti's malware scan


it's a multiple of files in a 700mb CD so I am not really sure what file to upload and also i'm only using a dial-up connection so that may be a huge problem

#10 Ltangelic

Ltangelic

    Angel Annihilator of Malware


  • Members
  • 348 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere
  • Local time:06:48 AM

Posted 31 December 2007 - 11:15 AM

Ok, go to Tools>Internet Options>Security.

In the Internet section, under "Security level for this zone", Click on "Custom Level".

Under Active X controls and plug-ins: Enable everything except Display video and animation on a webpage that does not use external media player (Disable it), Download signed Active X controls (set is as Prompt), Download unsigned Active X controls (Disable it), Initialise and script Active X controls not marked as safe for scripting (Disable it), and Script Active X control marked safe for scripting (set as Prompt).

Click Ok and then Apply.

Click Ok again to close Internet Options window. Try the scanner again.

Note: You should have a prompt asking you to Install the online scanner, click "Install".

Edit: You should set run Active X controls and plug ins as "Enable".
Edit: I tried it myself, they will not prompt you to install when you set the Internet options as above.

Edited by Ltangelic, 31 December 2007 - 11:25 AM.

Bleepingcomputer Malware Response Team

Posted Image

Posted Image

Please do NOT PM anyone with HJT logs, read this and post your logs here.


#11 Ltangelic

Ltangelic

    Angel Annihilator of Malware


  • Members
  • 348 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere
  • Local time:06:48 AM

Posted 31 December 2007 - 12:26 PM

Sorry die comp,

I have to retire for rest now. But before I go, I'll give you some solutions you can try. (I know you cannot execute .exe but it doesn't hurt to try it)

Note: Don't do all this unless you have scanned with BitDefender Online Scanner.

* Download and Install Spybot Search and Destroy. (Please save the download file to Desktop)
* When you open it, follow the steps that it asks you to do. (such as updating, immunizing your system)
* Click on "Search and Destroy" and then "Check for problems".
* When you have finished scanning, it will present two kinds of entries, red and green.
* Ignore the green entries (uncheck them) and check all the red entries.
* Click on "Fix selected problems" to remove the infections found.

Note: If you are unable to install and use Spybot, don't bother installing the softwares below.
Note: If you are able to use Spybot now, download the following softwares, but before you proceed to restart your computer, save the instructions in notepad onto your Desktop so you don't have to connect to the Internet while following these instructions.

Now, Download and install AVG Anti-Rootkit Free

* Click "Next".
* Use Normal Interface and click "Next".
* Read the License Agreement and click "I Agree".
* Use the default destination folder and click "Next".
* Click "Install". Don't open or use it yet!

Download and install AVG Anti-Spyware 7.5 Free

* After download, double click on the file to launch the install process.
* Choose a language, click "OK" and then click "Next".
* Read the "License Agreement" and click "I Agree".
* Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
* After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
* Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
* Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

* Open AVG Anti-rootkit.
* Click on "Perform in-depth search".
* Select the drives that you want to scan then click "Scan".
* Remove any rootkit(s) found.

Note: Do NOT to use the computer at all when scanning. Close all windows and programs.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, press the WINKEY + M key to "Minimize" the AVG display. Then right-click on AVG in the Task Bar and select "Maximize". If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Now open AVG Anti-spyware.

Scan with AVG Anti-Spyware as follows:

* Click on the "Scanner" button and choose the "Settings" tab.
* Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
* Under "How to Scan?", "Possibly unwanted software", and "What to Scan?" leave all the default settings.
* Under "Reports" select "Do not automatically generate reports" and UNcheck "Only if threats were found".
* Click the "Scan" tab to return to scanning options.
* Click "Complete System Scan" to start.
* When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
* You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.

* Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop.
A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
* Exit AVG Anti-Spyware when done, reboot normally and submit the AVG Anti-Spyware log report in your next response to this thread.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

After using all these softwares, I suggest you download HijackThis.

* Upon installation complete, click on the HijackThis shortcut on Desktop.
* It will open a window, click on Main Menu first.
* At the bottom, check "Show this window when I start HijackThis".
* Click on "Do a system scan and save a logfile".
* Upon scan complete, a notepad will pop up with the HijackThis log file. Save it to Desktop.
* Copy and post you log file in HijackThis Logs and Malware Removal forums and HJT members will help you clean up the rest of your system.



---------------------------------------------------------------------------------------------------------------------------------------------

After you have done all the above, I suggest you download SpywareBlaster. There is a tutorial on how to use SpywareBlaster right here.

You should use an anti-virus and anti-spyware software and a firewall (as a basic) even if you don't use the Internet much. I can assure you that cyber criminals can hack into the system in many ways that you would not know. Remember cyber criminals are always using new ways and means to hack into people's system. Even if your computer is not experiencing any harm, your system can still be used to damage other people's systems. Many cyber ciminals don't use their own system to cause damage so that they can hide their identity on the Internet. Not protecting your own system well will mean that other people are in danger from hacking.

Also, take care NOT to execute CDs, files in temporary storage disks, .bat files, .exe files, .vbs(Visual Basic script) files unless you know the source very well. Even emails (especially those written in HTML) can be dangerous, and make sure you confirm it's from the legitimate person before you open any email or download any email attachments.

Lastly, I would recommend you to visit this website and read the Computer Security guides that this guy wrote: Computer Security 101.

Good luck to you.

Lt

Edit: You should not use AVG ART in safe mode, it is not recommended.

Edited by Ltangelic, 01 January 2008 - 01:09 AM.

Bleepingcomputer Malware Response Team

Posted Image

Posted Image

Please do NOT PM anyone with HJT logs, read this and post your logs here.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users