Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Spyware


  • Please log in to reply
5 replies to this topic

#1 powdermnky007

powdermnky007

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 01 July 2008 - 09:28 AM

I ran into a new type of spyware last night, or maybe a new variant of vundo. I have already removed it, so no logs.
It wouldn't let me run, or install any programs to help me remove it. Firefox was already installed, but I couldn't run it. Internet explorer was the only browser that would function. Naturally when you used it you would get TONS of popups. But it wouldn't let me download any of the following programs.

Hijackthis, spybot, superantispyware, firefox, combofix, sdfix, smitfraudfix, vundofix, virtumundobegone, malwarebytes setup, rogueremover, etc....

When I clicked on the download link to any of those files on any websites, nothing would happen! I had to download the above programs on another computer, burn to cd, copy programs to c: boot into safe mode. Once I got into safe mode, I couldn't run ANY of those programs. The computer was working correctly as I could run any other program, and a few lesser known scanners such as DSS. I finally figured out to rename the .exe files. I renamed hijackthis to hijackthi. I renamed combofix to combofi. etc.... and voila! I could run the programs now. FINALLY after running all the above programs the infection was gone. I just wanted to share my experience so you guys would know to rename files if you run into this problem and also hopefully gain some insight as to what malware does that? My guess would vundo as that was the majority of what I removed.
Thanks

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:18 AM

Posted 01 July 2008 - 11:12 AM

Glad to hear the issue has been resolved. However, please note the message text in blue at the top of this forum.

You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

Same goes for using SDFix and HijackThis without supervision unless you have training in malware removal. Your were fortunate in this instance that no unforeseen consequences occurred.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 kingofantivirus1999

kingofantivirus1999

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 01 July 2008 - 12:05 PM

install avast! antivirus
http//www.avast.com
that will fix your computer before the virus comes!
Spoiler

megamans words of wisdom: the power of viruses is strong and now i am and you can be too!! "mega man.exe"

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:18 AM

Posted 01 July 2008 - 12:22 PM

Sorry but avast will now remove all of this infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 powdermnky007

powdermnky007
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 01 July 2008 - 12:52 PM

I knew I would get the, shame on you for using combofix, as I read this forum often. :thumbsup: You are probably right, as I'm not exactly sure how it works. But I've been using hijackthis weekly for years, and have it down to an art. Thank you for the advice, but no one answered my question. Has anyone run into a malware that would stop you from running the above tools I mentioned? If so, whats the name of it?

Is avast now preferred over Avg free edition? I've been putting avg free on my clients computers for a long time and having no problems with it.

Thank you in advance

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:18 AM

Posted 01 July 2008 - 01:00 PM

Yes, there are some types of malware (W32.Beagle/W32.Bagle for example) which will disable your anti-virus and other security tools.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users