Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Removal Failure


  • Please log in to reply
10 replies to this topic

#1 Nigelajodha

Nigelajodha

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Trinidad & Tobago, West Indies
  • Local time:06:42 AM

Posted 16 December 2008 - 07:30 PM

This is my first post and I hope I am doing it correct and in the correct place.
I have been infected with Anti virus 2009 and only yesterday Trojan DNS changer. My beef is actually why I joined this site, to get my experience out there.
I have intentionally lived with Anti virus 2009 for some 102 days. I absolutely refused to reformat and loose my info. During that time I studied the vermin. Please read my introduction ( I am not Professionally trained) I am a lay person that learnt computers by actually doing things under supervision.
To date this is what I have. The machine that I am using is an outdated Compaq Prosignia 720 Server PII with 385MB SDRAM and (2) 40GB hard drives. When I became infected with the virus I was running an UP TO DATE Mc Afee Antivirus 8.0. I also used Tuneup Utilities 2003 and AdAware Personal. I got infected. NONE of these items ACTUALLY removed the vermin.
The first thing I started noticing was that "I got infected". Bear with me. I ran many many many scans that claimed it was now cleaned BUT it wasn't.
I went on the net and asked for more specific software to attack the specific problem. I was directed based on popularity, to MalWarebytes. I still have it installed IT DOES NOT WORK!!!!!!. The virus runs rings around it and I mean rings big ones During my study of the virus I observed that 30 seconds after removal it comes back.
I believe that this is how it initially works. Many months ago prior to the attack the vermin sent a rogue Sleeper type file. This file accumulates information about your style of surfing and the software you use and your settings for using this software. Having studied your defence from THE INSIDE of your system it then attacks after it knows exactly how you will attempt to ward it off. BUT it has that covered. I dont mean to be rude or disrespectful but I actually believe that Antivirus 2009 is still alive and well on this machine that I am using to type this e-mail. I cannot do anything about it at this point.
Want to hear something funny?? On boot up Antivirus 2009 would start faster than Mc Afee antivirus :thumbsup: YES it's true. I have sat and watched the two of them fight to take startup possession of my PC and Antivirus 2009 always won. What does that say about Mc Afee 8.0 or AdAware??. Well I got rid of Adaware entirely cause guess what ? After allowing the virus to be on the machine during my testing AdAware never ever saw the presence of Antivirus 2009 with any type scan. I believe that this was made possible in the sleeper stage of the virus. It studied Adaware and made sure it could not detect it ( No offence to Adaware ) We used Adaware in the IT company I worked for many years and it functions normally. That's why I decided to use it in my personal life.
So I moved on I changed Mc Afee 8.0 to Mc Afee 9.0 with no difference. I changed to Malwarebytes. Why I am posting here is that I find that the software is getting unusual kudos for doing WHAT???. Malwarebytes does not work. like I said I have it installed on this PC and I am sure I still have AntiVirus 2009.
This will have to be an ungoing post cause I have so much additional info on my experience with this vermin Oh yes the name of the virus is not Antivirus 2009. This is what is poses as but it is actually TROJAN VHUNDO so folks you gotta find things to fight that. Be talking with you again

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:42 AM

Posted 17 December 2008 - 11:51 AM

Do you need help-----cleaning up your computer?
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Nigelajodha

Nigelajodha
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Trinidad & Tobago, West Indies
  • Local time:06:42 AM

Posted 17 December 2008 - 07:08 PM

Yes I do need help cleaning it. Thank you but I will still continue with my documentation of what I observed with the two viruses

#4 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:42 AM

Posted 17 December 2008 - 07:33 PM

Use the two programs in the links below to scan and remove the malware.

Be sure to update the programs before rebooting into safe mode to run the scans.

Super Antispyware:
http://www.bleepingcomputer.com/forums/ind...t&p=1040160

MalwareBytes:
http://www.bleepingcomputer.com/forums/ind...st&p=944365

Use Ccleaner to remove temporary files, logs, cookies, etc. During install you will be offered the Yahoo Toolbar. UNcheck if not wanted. http://www.ccleaner.com/

Allow Secunia online scanner to scan your computer for missing security updates. IE browser, Adobe flash, Adobe Reader, and Java have recently been exploited. Updating them will prevent that. http://secunia.com/vulnerability_scanning/online/

Edited by buddy215, 17 December 2008 - 07:37 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Nigelajodha

Nigelajodha
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Trinidad & Tobago, West Indies
  • Local time:06:42 AM

Posted 17 December 2008 - 08:40 PM

As I was saying earlier. Trojan Vhundo is the real name of antivirus 2009. I have kept a log on all my malwarebyte scans and Trojan Vhundo is the only repetitive virus that comes up when I am infected with AntiVirus 2009. But this is an old virus, strange. I have saved a Symantec Vhundo fix as far back as 2004 that we were issued by our IT admin dept where I previously worked. So how bad could that be. BAD!! I have run that fix many times and it removes the virus but it returns.
Oh by this time I had changed to Kaspersky free trial. Well that was another experience!!. This anti-virus is anti everything. In the Kaspersky scan it logs almost every single file as a possible threat, including Microsoft OS, Microsoft Office, and any other spyware program. Had I done a clean Kaspersky way I may as well have formatted both my drives cause it logged my very existence as a possible threat :thumbsup: . He was way too much.
Then I discovered "Ravmon virus". During my tennancy with Anti-Virus 2009 I noticed that my taskmanager was being abducted. Not able to log off, not able to access control panel, not seeing my computer. Only able to shutdown. This way the vermin did not allow me to go into safe or admin mode on my machine. I again looked up a fix to that specific problem and was directed to " Ravmon Virus Remover". This little insignificant tool was the only device that could restore my taskmanager. Once again Kaspersky and Malwarebytes ran scans said everything was now good and I still had no taskmanager . The proof of the pudding is in the eating. These devices claim to work but in ACTUALITY they dont.
Kaspersky trial expired and I now tried AVG. Previously throughout my IT life I have never had any experiences with MS Office being attacked ever. I know it is possible cause I have had a supervisor who told me her excel files crashed or got infected and she lost at least 2 years of the companies files. All of a sudden I was unable to open any MS office docs. It kept saying " named file" unavailable. I uninstalled Office 2003 and re-installed it ( twice) No improvement. My basic knowledge is to note changes if any after installing any new software or making changes to my system. One day prior to this incident I had installed AVG free version. So I uninstalled it. Whoopie!!!. My office docs could now be opened. What de HEll is this nonsense???. Oh yes and for that day it was running I got flashes of Antivirus 2009 trying to do scans of my machine which I had to quickly cancel them.
My latest trial is what a relative lent me. Mc Afee Total Protection. I only installed it yesterday and activated it a few hours ago. Its primary scan took 72 hrs. He bought his Dell laptop a week ago from the States so I figure this is the newest Antivirus offering from Mc Afee. You may have noticed that at no time have I mentioned Norton Antivirus. Well actually I believe in Norton the most, but for this old PC it slows it down to an inoperational speed. It will be my last choice after all these tries
Gotta go now but will complete this story still

#6 Lrobinson6

Lrobinson6

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Las Vegas
  • Local time:03:42 AM

Posted 17 December 2008 - 08:55 PM

SuperAnti Spyware was the only thing that got rid of my Vhundo and only when I ran it in safe mode. Good luck
Heeyyyy Yoooouuu Guuuyyyss!

#7 Nigelajodha

Nigelajodha
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Trinidad & Tobago, West Indies
  • Local time:06:42 AM

Posted 18 December 2008 - 07:12 PM

Now to move unto my other machine. Its a P4 with an Azrock board which has been attacked by DNS changer virus 3 days now. That machine is running Malwarebytes and Mc Afee 8.0. Both are currently updated. Once again I have been zapped. :thumbsup: Hilarious again, when the attack started, Malwarebytes and Mc Afee did nothing but whilst surfing I got alerts of the incoming attack from , guess who?? Windows Security Alert. It told me that I was being infected and to run spyware scans now. Mc Afee never did anything neither Malwarebytes.
Again I ran Malwarebytes and it found the virus and CLAIMED it cleaned it. LIE LIE LIE!!!.
I want to divert from the topic for awhile to ask something. Barring any new virus or spyware that may be coming in , isn't AntiVirus and Spyware tools supposed to PREVENT the entry of known viruses??
I find that rather than Proactive all ( to date ) of these tools are Reactive. Imagine a soldier on sentry duty in a war zone. He sees the enemy coming, they shoot him down and on his dying breath he calls out to the others and says " The enemy is here". What sense does that make. The enemy is already inside their compound and are killing all of them. I am finding that this is how antivirus software seems to operate. It does not and cannot Prevent any virus from entering but tells you when you have been infected and to do a clean now. By that time all your files are lost. That's dumb. Worse yet when it does not detect anything at all and whilst you are using the PC you decide to run a scan to see what is present and find an array of viruses.
Back to "DNS CHANGER". This fellow has changed my desktop background and has disallowed me the ability in any mode to change it. It has a very loud coloured Green white & Red display. I have just ran 6 Malwarebytes scans ( back to back) and it displays several instances of the virus CLAIMS to clean it, I restart do a back to back scan and the same amount of viruses are exactly where they were before.
I know I have another option but the point I am making is why go to the trouble when the Antivirus program cannot PREVENT its return. This is what I am saying overall. What to do to PREVENT the Virus from REGAINING Access to my system. Not keep cleaning after the fact.
I can simply "unplug my ethernet cable" do the scan and restart but What's the sense if after plugging in the cable it just rushes back in??. This is one technique I had tried with Antivirus 2009 but as I plugged back in the cable the virus returned.
So this is what I am asking ( as are most others) yes, we thank you for the advise on what programs to get, download and run and how to go about it BUT what must anybody do to PREVENT its RETURN????? .
To date ( 5 months now) these are the programs I have tried and have failed. Mc Afee ver 8.0 & 9.0. TuneupUtilities 2003.2004. Glary Utilities, Ravmon Antivirus, Kaspersky Antivirus, AVG Antivirus, Malwarebytes, Mc Afee Total Protection. What to do now? At this point I am thinking of asking my ISP to change the broadcast credentials of my system cause I believe that this has been compromised. However unlike you foks abroad we are not that up to date and these request are not entertained. We cannot instruct our ISP to change what credentials that we are given. All else fail I will terminate my contract with the ISP and call that a day cause its wasting money paying for something that does not function. I took the internet mainly for my son to do research for school, he is 10. Believe it when I say his profile does not get attacked only mines :flowers: I wonder Why??

#8 Nigelajodha

Nigelajodha
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Trinidad & Tobago, West Indies
  • Local time:06:42 AM

Posted 20 December 2008 - 09:05 AM

Ongoing experience with "DNS Changer". I believe I have found where it has left some sort of residual source file. During my attempts to rid myself of that horrible desktop screen I am observing this.
Oh by the way ,with nothing to loose I did do the unplug ethernet cable clean to no avail. Before replugging in the cable I did a scan and the alleged "cleaned viruses" were still there .
What I had to do to rid myself of that ugly loud desktop background is to delete the profile and create a new one. I observed this, I was unable to change the background pic. On the infected profile I noticed that in display properties / desktop that the word "background" was greyed out. I was unable to change my background pic. Deleted the profile assuming that this was part of the virus effects on the compromised profile.
No its not. In any mode ( safe / normal / administrator) I cannot manipulate my display properties
" desktop" in any profile. I can change any other of the functions but not the desktop pic.

Kind folks please do not get pissed off by my non response to the fix you have so far given. I will still try it at some later time BUT at least I can continue to give as much info about my experience with these parasites so that you guys can help someone more fortunate than I was. I am totally disillusioned at this point having lived and tried, seemingly everything to rid myself of these issues and I have sort of given up. 102 days (and nites) is hell. I know the Kaspersky log that you want, I did it when I initially installed Kaspersky, it took 4 days and nites. I gotta get hyped up to relive that experience again especially when I kinda pre-empt what result it will give. All is well ( but it aint)

#9 Nigelajodha

Nigelajodha
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Trinidad & Tobago, West Indies
  • Local time:06:42 AM

Posted 20 December 2008 - 02:29 PM

I am trying the cleaning process given by Bleeping computer . Guess what? I have reached as far as the Kaspersky online scanner and this is my 5th attempt at loading it. It is failing. I believe that "DNS changer" has that covered also. Shouls I go shoot myself at this point?? :thumbsup:

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:42 AM

Posted 27 December 2008 - 08:09 AM

If you cannot complete a step, then skip it and continue with the next.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Nigelajodha

Nigelajodha
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Trinidad & Tobago, West Indies
  • Local time:06:42 AM

Posted 27 December 2008 - 11:12 PM

I have just spent the last 14hrs trying to remove trojan DNS Changer from this PC. All attempts have failed. I cant even start to begin with. In one of your replies you told me to try CCleaner and another program to check for updated drivers. I did this . When it came time to update my drivers I was only able to update Adobe. Java always hung while trying to update. that having failed I moved unto CCleaner. It downloaded and it did what it was supposed to. I then tried to update my Antivirus ( McAfee 8.0 ) that has not happened. I just spent the last hour trying to do updates to McAfee. It always fails. I dont know if it is the web connection to Mc Afee or it's the virus. I uninstalled Mc Afee and re-installed it. No improvement.
Another observation with this virus, in Admin mode ( normal or Safe modes ) I cannot get unto the net. Even after doing scans in safe mode and " No malicious items " found :thumbsup: I still have no access to the net in Administrator mode. Also I still cannot change my desktop background. I am locked out in any profile, the word " background" is greyed out :flowers:
I am really disappointed with my progress thus far. I believe that the virus has won and would have to resort to a " reformat". My contention is that What is to prevent it from returning???. Am I now to reformat every time I am infected? It is quite clear to me that the programs suggested and the ones I used are NO MATCH WHATSOEVER for Trojan DNS changer.
Do pass on my experience with this bug :trumpet:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users