I run Win7 professional (so I can use all 32G). If only you knew the power of
the dark side a 16G ramdisk for temp and paging files! And you can edit a 4K HD movie in memory.
I ran combofix.
Okay, I'm definitely infected. ME, the computer security grad student!
...I mean my PC got infected. Amazingly, I've managed not to.
► crss.exe is doing continuous disk I/O, right now, while I type. There's no reason Win7 should be doing a shadow copy and I don't have auto-defrag on, so I suspect it's being encrypted by the Russian Mafia. I unplugged my bkp drive. (which you can do while the sys is running if there's no writes buffered. Look at the different lengths of the contacts on the connector. The pwr connection disconnects first, then everything else. Cool, huh!).
► There is no crss.exe in windows, system32, or anywhere on the disk. There's supposed to be.
► You can't kill it. "access denied." And there's no way to tell where the executable launched from.
► sfc /scannow says it found corrupt system files but is unable to fix them.
►Chkdsk won't start but the Cancel button works.
► AVG virus scan hangs at 6%.
► I noticed that my AVG firewall isn't running and when I try to run it, it says that I have to buy it. I already bought it, and antivir is running (but it's surely been hacked). It ran great two months ago when I inserted some UDP/RDP blocking rules.
► My "everything" file lister won't load its database, and when I try to recreate it, the drive scan hangs.
► The properties dlg box of my "Users\luxi\Application Data" directory doesn't even try to show the number of files or total size. That area of the dlg is blank.
► My "Users\luxi\Application Data" has a subdir called Application Data, and it recurses forever. That is, the file path is all filled up with "Application Data" subdirs. If I drop to DOS and do dir *.* /s from my user directory, it coughs up hundreds of error messages saying that the name of file [filename] is too long, probably because of the infinite-recursive path name..
And it's not a shortcut. If I delete any of the lower level subdirs, I delete the real Application Data. It's not a file or directory or shortcut; the Russian bast ard used a NTFS file system structure called a "junction".
So of course I thought "okay, crosslinked clusters," but chkdsk WILL run in DOS in safe mode, and it finds no errors. Is there a freeware NTFS integrity-check utility?
► I can boot Linux from a bitdefender bootable CD, but it hangs after you select "English" on the first screen. It didn't do that two months ago.
That last one (preventing bootable antivir scanner) makes me think it's that new low-level partition virus that starts before your disks even initialize(!) The only cure is buying new drives and using UEFI. (It doesn't infect those). I didn't want to use UEFI when I assembled this monster because I may have to boot from the CD or run Linux or something.
I always wondered why no one ever thought of hacking the EEPROMs in the PC and drives. I guess somebody else thought of it, too. Probably the NSA.
I read about the unholy abomination in infoworld (where I'm banned, BTW). I wish I could remember the virus's name. It was a single word about 8 letters and I think it started with "c".
It tricks you into installing it by pretending it's windows update. I remember a couple of weeks ago, I clicked OK when a win update window popped up, and just as I did, I remember noticing something wrong with it its appearance, but 2 late 4 Lux!
1) I just want to find out the name of this thing so I can know what it's doing to my computer.
2) Unless you recognize the symptoms, pls tell me what diag s/w I should run and post (yes, yes, in the other thread). I'm now downloading and running all the special-purpose crapware removers you guys have.
Right now I'm watching my drive activity light stay on and it's hard-driving me crazy. I'm thinking, "Some stranger just grabbed my data drive without asking my permission or even telling me what's going on; I'll find out when it happens! He's doing whatever he wants to it right in front of me, blatantly. The little green light is on continuously, not even blinking, and I'm helpless; I can't make it stop. I'm just an audience watching someone else use my system.
I was in a situation like this before. It's not that something bad is happening; it's that I don't know WHAT'S happening. It's that I'm overwhelmed with outrage, and offended that this son of a bi tch has the GALL to just go ahead and help himself to my stuff, right in front of me.
Yeah, sure, use my drive! it's not mine; it's yours! Do anything you want to it! Hold for ransom! Encrypt it! Erase, steal, alter *MY* data right the hell in front of me, just like I'm not even here!
Eventually, the little green light will go dark. No more activity. Suddenly, it's all over, and I'll lay here on my bed with my computer saying "WTF just happened?" I feel outraged, walked on, and pissed off. I hope he didn't plant a virus in my drive, something that will wake up and start more trouble..
Somebody, somewhere has de-engineered it in hex machine instructions, right down to the bare metal. Where can I go to hook up with him? Can I boot into Linux and do something?
Please help; for the first time I can remember, my bag of Jedi tricks is empty.
-Lux, helpless dancer
Edited by Luxi_Terna, 31 December 2016 - 04:34 AM.