Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Videoaccesscodecinstall.exe


  • Please log in to reply
6 replies to this topic

#1 SunDevil6875

SunDevil6875

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 23 January 2008 - 03:27 PM

Hey, first time poster so let me know if I'm doing anything wrong.


I downloaded/installed videoaccesscodecinstall.exe onto my PC while attempting to see what I missed at the end of Cloverfield. Luckily I have a mac laptop so I have been able to access information on the virus while keeping my PC disconnected from the internet. I am running Xp home edition

I read somewhere that a combination of SuperAntiSpyware and SmitFraudFix would kill the virus, and as far as I can tell it did. Upon first attempt it seemed unsuccessful, but i tried it again and the programs that were trying to access the internet as well as change my home page have ceased (at least for now, as i am leaving it running to make sure they havent returned.)

Although one of the other parts to this virus was that it blocked me out of task manager. When i press (ctrl+alt+del) i get the message "Task Manager has been disabled by your administrator." I booted up in safe mode and found that aside from my account (which was the only account as well as only admin previously) there was another account labeled administrator. I'm not sure if this is unusual, but this administrator account is not available for selection when i boot up regularly.

So now, i seem to have little issues with rogue programs, but my account is still lacking administrative privileges, and i am unable to delete the administrator account that i see when i boot in safe mode. I tried a system restore to a week ago, and that did not work, i just got the message that "no changes have been made".

Not sure where to go or what to do from here, any help would be very much appreciated. Thanks!

Edited by SunDevil6875, 23 January 2008 - 03:29 PM.


BC AdBot (Login to Remove)

 


#2 SunDevil6875

SunDevil6875
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 23 January 2008 - 09:14 PM

So, i thought i had contained and got rid of the virus, i was wrong. it was dormant for like 4 hrs, but is now back.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:41 PM

Posted 23 January 2008 - 09:27 PM

What was the virus name?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 SunDevil6875

SunDevil6875
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 25 January 2008 - 02:39 AM

Ok, so heres my update for today. Running SmitFraudFix after SuperAntiSpyware without SAS interfereing with SFS, allowed me to regain control over task manager and things like that. as far as i know the only thing i can tell through Task Manager/ Processes is that explorer.exe gets jacked up as far as memory usage whenever the virus becomes active. i searched my computer and found a few strains of explorer.exe that were "created" before i installed my two newest hard drives. im not sure if this is a tell tale sign that these are part of the virus or if theyre actually legit.

other than that i really dont know what the virus is called, i cant find anything that is consuming a significant amount of memory in the processes tab of task manager.

Any help?

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:41 PM

Posted 25 January 2008 - 09:12 AM

Did you do a full system scan with your anti-virus in safe mode?

Malware may not always use a significant amount of memory. Did you check for anything suspicious or anything you don't recognize running on your system?

If you don't know what a process is or you come across a suspicious file, search the name using Google or the following links:
BC's File Database
BC's Startup Programs Database
File Research Center
ThreatExpert Malware Search
If no search results are found, you are given the option to "Submit a New Sample".

Note: Svchost.exe is a generic host process name for a group of services that are run from dynamic-link libraries (DLLs). It is not unusual for multiple instances of Svchost.exe running at the same time. How to determine what services are running under a Svchost.exe process.

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

You can download and use Proces Explorer, AnVir Task Manager Free or System Explorer to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location. If you right-click on the file in question and select properties, you will see more details about the file.

Anytime you come across a suspicious file which you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 SunDevil6875

SunDevil6875
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 27 January 2008 - 12:31 AM

Hey guys, just wanted to thank you for all your help, with this topic. while messing around in BIOS i managed to get a previously non-working disc drive to work, so i just backed up to an external HD and formatted. Thanks for your time tho!

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:41 PM

Posted 27 January 2008 - 08:39 AM

Your welcome.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Best Practices - Internet Safety for 2008".
"Hardening Windows Security - Part 1".
"Hardening Windows Security - Part 2".
"IE Recommended Minimal Security Settings".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users