Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Loader.exe smss.exe "Black Internet" virus


  • Please log in to reply
2 replies to this topic

#1 bcordone

bcordone

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Location:East coast USA
  • Local time:07:14 AM

Posted 25 June 2010 - 10:20 PM

I have this computer virus that has infected both processes.

I keep getting pop-ups every now and then and my audio has been screwed up, mbam or super anti spyware. or even comodo has NOT found anything.



I was able to kill the loader process and so far it hasnt come back yet but most of the files pop right back up on reboot.

I cant beleve. how hard and deep this infection is!

I have a rouge smss.exe in my task manager under Owner that I cannot remove. or end the process.

Edited by bcordone, 25 June 2010 - 10:22 PM.


BC AdBot (Login to Remove)

 


#2 blargg

blargg

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 25 June 2010 - 10:58 PM

Hey. I had the exact same problem. I don't know what it's from, but tons of people have been getting it. Perhaps it's Java or Firefox related.

What I did was restore a backup, and then run Fixmbr from a boot cd.

Unfortunately, many people don't have a backup. Here's a solution someone told me about on another forum:

"You don't need to restore a previous image. You just need to fix the MBR and then reboot and disable System Restore. Then manually delete the files. Fixing security permissions on the files/folder may also be necessary since the infection may change them."

Now, if you're running vista or 7, you can run fixmbr by making a boot cd from the backup center, then rebooting and running bootrec.exe /fixmbr at the command prompt.

I would delete any suspicious exe files in your temp folder if you can. Also, try booting in safe mode if you still can't delete the files after disabling system restore.

Good luck! I know spybot and avast aren't detecting these things, so good luck to you in removing them.

#3 bcordone

bcordone
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Location:East coast USA
  • Local time:07:14 AM

Posted 26 June 2010 - 08:30 AM

Thanks! However I found a fix on a different post in here. I used Bootkit Remover version 1.0.0.3 as suggested by someone here. Infection (hopefully!) gone!

Thanks again, this one was EXTREMELY hard.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users