Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Got Hacked By Godzilla.


  • Please log in to reply
5 replies to this topic

#1 N!Jr

N!Jr

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 19 June 2008 - 12:40 AM

Hey all, my sister is using IE7 and as of yesterday night, her browser title kept saying (site's name here)- Hacked by Godzilla. I've checked the IE on my computer and it doesn't have that. We're using the same wireless network. She claims that she did not click on advertisement but she did download an ActiveX control but it was after the change in her browser title so I'm not sure if that has to do with anything. Please advice. Thank you in advance.

Edit: I'm just helping to scan for any viruses now and apparently the anti virus has detected 18 spywares so far. I have noticed the log saying that it has detected a worm and disinfection has failed and move has failed. So I'm not sure if the problem will still persist because of this. I will update the thread later as soon as the the scan has completed. It's at 54% now.

Edited by N!Jr, 19 June 2008 - 01:11 AM.


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:26 PM

Posted 19 June 2008 - 12:41 PM

This is usually the result of a flash drive infection. Flash drive infections usually involve malware that loads an autorun.inf file into the root folder of all drives (internal, external, removable). When the removable media is inserted, autorun looks for autorun.inf and automatically executes another malicious file to run on your computer. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.

Please insert your flash drive before we begin. Hold down the Shift key when inserting the drive until Windows detects it to bypass the autorun feature and keep autorun.inf from executing automatically.

If you're using Windows 2000/XP, please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix".
-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"
When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well. Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

If you continue to have problems, see:
How to remove "Hacked by Godzilla" (VBS.Zodgila) worm?
Step by step procedure given below to remove hacked by godzilla virus

Some steps involve making changes in the registry. Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 N!Jr

N!Jr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 19 June 2008 - 06:39 PM

Oh wow, thanks quietman, I'll try that asap. Cheers.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:26 PM

Posted 20 June 2008 - 06:44 AM

You're welcome. Post back if you still need assistance.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 N!Jr

N!Jr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 21 June 2008 - 09:02 AM

Alright I've used the tool Flash Disinfector.exe and now I have a new query. The 'Hacked by Godzilla' is now gone but the thing is that, my sis computer is quite laggy now. I've check her task manager and it's always like at 100%. What's going on now? I'm currently running a quick virus scan now to see if there's anymore malwares that it can detect.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:26 PM

Posted 21 June 2008 - 01:34 PM

If there are no more problems or signs of infection on your machine, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

If your virus scan finds anything on your sister's computer, please start a new topic for assistance with it.

Determining whether a file in Task Manager is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

You can download and use Process Explorer or System Explorer to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location. If you right-click on the file in question and select properties, you will see more details about the file.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users