Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware? Trojan? Adware?


  • Please log in to reply
1 reply to this topic

#1 Fh-Fh

Fh-Fh

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 18 August 2008 - 05:12 PM

Mmmkay.

One day, I was in the mood to play Grand Theft Auto. Problem is, I don't have it. So I decided to "legally" dowload it.

Link is here: hxxp: //thepiratebay.org/torrent/4277087/Gr...uto_San_Andreas

BTW Don't dowload it XD

As you can see, people were not too happy after downloading it. Unforunatley, these comments appeared AFTER I dowloaded it. When I saw the comments, my eyes went wide and I slowly dragged the torrent to the trash can and delete it.

Problem solved, right?

Wrong.

A couple weeks later my Peerguardian dissapeared and I started getting these messages that read:

Windows will now Shut Down and restart. This was activated by: NT AUTHORITY/SYSTEM



Then a clock starts counting down from 1 minute and it restarts. I can't close it. I tried to open task manager but another message appeared:

Task manager has been disabled


WTF? How?

After a couple Ad-Aware and Spybot scans, I decided to use my Ace in the hole: System Restore.

I've used it before so I knew what I was doing. I was relived.

Until I found out it was still there.

Now I was mad.

I tried using Regedit but...

Registry Editing has been disabled


This is actually good news. Now I know where this virus is hiding.

So next I did another Ad-Aware scan. After I deleted everthing, I tried using Regedit.

Success!

But now what do I do :flowers:

I closed it and tryed to open it back up.

No dice.

So NOW I'm using Malwarebytes to get rid of it (as said in the comments).

But still, no dice. :thumbsup:

HELP MEE!!!!!

Edited by quietman7, 18 August 2008 - 05:23 PM.


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 PM

Posted 18 August 2008 - 05:39 PM

If your computer keeps shutting down on its own, follow these steps to stop the cycle:
  • Click on Start > Run and type: cmd
  • Press Enter.
  • At the Command Prompt type: shutdown -a
  • Press Enter.
Shutdowns and random reboots could be malware related or they could be due to hardware or overheating problems caused by a failed processor fan, bad memory (RAM), failing power supply, underpowered power supply, CPU overheating, motherboard, video card, faulty drivers, BIOS and firmware problems, dirty hardware, etc. If the computer is overheating, it usually begins to restart on a more regular basis.

When doing a search on the net for Shutdown initiated by NT Authority\system, you will find thousands of complaints with various causes and possible solutions. What works for one person may not work for another.

Some rootkits have been found to be accompanied by BSOD's and various stop error/shutdown messages so a rootkit check should be performed. I recommend performing a scan with Sophos Anti-rootkit, Panda AntiRootkit or AVG Anti-Rootkit.

Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
Note: Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. You should not be alarmed if you see any hidden entries created by these software programs after performing a scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users