Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Virus?


  • Please log in to reply
5 replies to this topic

#1 Ardixan

Ardixan

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 08 December 2008 - 02:24 AM

First off, I use Windows XP Home and my antivirus is Windows Live One Care.

I just got a strange virus while surfing Myspace...first, a program called ~.exe in the win32 forum tries to activate, but I blocked it using OneCare. Irrelevant of being blocked, it begins attacking anyway. It opens a fake blue screen of death, followed by a fake Windows XP bootup screen with the addition of 'Unregistered Antivirus Copy' where normally it says 'Windows XP'. During this entire time, it was also flashing a red-x shield (like when the Windows firewall is off) in the bottom right that was spamming me with various error messages. It also blocked the use of the 'S' key and only that key. Ending the process via the task manager did nothing; it simply restarted.

I finally used search to track down ~.exe and when I found it I scanned it with OneCare, but it didn't show as a virus to OneCare. I used eraser (a program to remove documents by doing 32 passes over the data) to remove it. The attack stopped. I ran a hijack log through http://www.hijackthis.de/#anl and it turned up clean and that process hasn't returned.

Is it gone? What was it in the first place?

Edited by Ardixan, 08 December 2008 - 02:26 AM.


BC AdBot (Login to Remove)

 


#2 Ardixan

Ardixan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 08 December 2008 - 12:08 PM

I take it everyone is as stumped as I am as to what it was?

#3 JamesFrance

JamesFrance

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:10:57 AM

Posted 08 December 2008 - 01:55 PM

You are probably right there as Google finds nothing.

As you have deleted it there is nowhere to go with this.
James

#4 TSalarek

TSalarek

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky and Florida, USA
  • Local time:04:57 AM

Posted 08 December 2008 - 11:15 PM

It's Zlob dressed as Antivirus 2009 false antispyware....and MBAM claims to have a kill for it:

MBAM Blog

MBAM Forum w/screenshots

#5 thegreatsatan

thegreatsatan

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 09 December 2008 - 03:03 PM

It seems like evry virus problem brought to me starts at Myspace.

#6 TSalarek

TSalarek

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky and Florida, USA
  • Local time:04:57 AM

Posted 10 December 2008 - 08:55 PM

MySpace was horrendously hacked up until they redid their server security a few montha ago..a number of profiles have yet to be cleaned.

Right now Facebook and LinkedIn are under attack.

Gotta be careful with those social sites.

Zlob is all over the music dl sites and a number of those infected tracks are imbedded in profiles. Tweak your Internet Properties to NOT play animations or sounds in webpages and it'll add just a tiny bit more safety to your surfing...you'll have to manually start Playlists and YouTube but I think it's worth it.

Edited by TSalarek, 10 December 2008 - 08:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users