[Spirrwell]

I downloaded something or other I'm guessing which had some sort of a virus in it. Now this guy is controlling my computer. He's been closing applications I'm using. He's also typed to me and said "what's up?"

One interesting virus, anybody have any good antivirus tools I could use under Windows or Ubuntu and kill it?

[Kyphros]

First thing, use a liveCD if you don't want him to continue to access your computer like that until you can find where's the virus.

For the tools, try maybe RogueKiller (Windows).
Here.
http://www.sur-la-to...RogueKiller.exe

Edit: I just saw that there's no english version, so if you don't understand it at all, just type "2" and then Enter at the first command line screen. Then the log will display, showing globally what's wrong. You can translate the txt after this. With Google Translate for example. The words are quite simple, it won't do too much errors.

[The Commander]

Don't you use any virus scanner or firewall protection?

I recommend once you have the issue fixed (or you could try it now) get Comodo, free and I have never had any issues with it. Download link COMODO website

Antivirus, Anti-Spyware, Anti-Rootkit, Firewall ect.

[Kathy]

The Commander, on 27 August 2011 - 01:59 PM, said:

Antivirus, Anti-Spyware, Anti-Rootkit, Firewall ect.

...and not using account with administrative privileges when browsing web.

[The Commander]

Helel, on 27 August 2011 - 10:05 PM, said:

...and not using account with administrative privileges when browsing web.

Not quite sure what you mean.
But anyhow we need a HijackThis log for starters.

http://free.antivirus.com/hijackthis/

[Kathy]

The Commander, on 27 August 2011 - 10:52 PM, said:

Not quite sure what you mean.

I thought you were describing measures to take to counter malware installation in the future. Not using admin account is one of those.

[mfender]

Spirrwell, on 27 August 2011 - 01:32 PM, said:

I downloaded something or other I'm guessing which had some sort of a virus in it. Now this guy is controlling my computer. He's been closing applications I'm using. He's also typed to me and said "what's up?"

One interesting virus, anybody have any good antivirus tools I could use under Windows or Ubuntu and kill it?

Are you aware of anybody installing any remote access software on your computer recently such as TeamViewer, Logmein, GotoMyPc, etc to do remote support? Or maybe a friend or other prankster who installed such a program on your system when you weren't in the room? Just some thoughts.

The Sardu Live CD is one good choice. Initally though, you might want to try Malwarebytes free, Dr Web cureit free, Super Antispyware Portable.
Furthermore, I would recommend using a bootable CD/DVD or a bootable USB key to run anti-malware utilties from. I believe though that Malwarebytes runs best from your system, but may or may not work, that depends alot on what the malware is. Sometime you have to rename the anti-malware program so it is not recognized by the malware and killed. also use a good rootkit scanner such as Kapersky's TDSSKiller.exe, GMER, or Avast's! aswMBR.exe. This is just a brief overview of possible solutions. Update: RemoveFakeAntivirus, and as posted above, RogueKiller.

[Spirrwell]

Actually I have installed LogMeIn, Hamachi, but the network is secure and requires a LONG ass password to get into which I've used for years. Aside from all that, I got rid of the virus using Spybot S&D. (Thanks Reaperman) Basically I just cut of the network and ran it overnight, no big deal. What I don't know is how much information this guy may have gotten. The thing is I don't like to use antivirus protection. They're inconvenient, and they slow everything down. I've gone years without getting one single virus on my computers.

As far as I know, it's gone. Worst case scenario, I can reload Windows.

[mfender]

The Commander, on 27 August 2011 - 01:59 PM, said:

Don't you use any virus scanner or firewall protection?

I recommend once you have the issue fixed (or you could try it now) get Comodo, free and I have never had any issues with it. Download link COMODO website

Antivirus, Anti-Spyware, Anti-Rootkit, Firewall ect.

My gosh, 350MB hard disk space requirements! That sounds like that would be a major resource hog, at least on older, single core systems that I sometimes work on. I just don't think that a lot of people realize how much a real time protection program can slow down one's system, because most people have duel and quad core processors with plenty of RAM, today. However it is definitely noticeable on older, single core systems with more limited RAM.

[mfender]

Spirrwell, on 28 August 2011 - 08:54 AM, said:

Actually I have installed LogMeIn, Hamachi, but the network is secure and requires a LONG ass password to get into which I've used for years. Aside from all that, I got rid of the virus using Spybot S&D. (Thanks Reaperman) Basically I just cut of the network and ran it overnight, no big deal. What I don't know is how much information this guy may have gotten. The thing is I don't like to use antivirus protection. They're inconvenient, and they slow everything down. I've gone years without getting one single virus on my computers.

As far as I know, it's gone. Worst case scenario, I can reload Windows.

I'm just curious, do you recall what Spybot stated that the infection was? I am aware of such expoits, but I have never encountered one on peoples syterms that I have worked on. The bottom line though, is that you never can be 100% sure that it is truely gone unless you backup your files, reformat, and reinstall everything. Most people that I work on systems for, never have recent backups, most systems only come with recovery partitions, and the person doesn't want to buy a backup drive. I usually try removal first, then if the time involved seems to great, I will just use a CD I have to reinstall Windows, then move their user data back over. However, this used to be easy in XP, but with Vista and Windows 7, I don't think it is as easy anymore. However, to be honest, I don't have much experience with Windows 7.

[Kathy]

Spirrwell, on 28 August 2011 - 08:54 AM, said:

I've gone years without getting one single virus on my computers.

Yep, rootkits are hard to notice.

[Spirrwell]

mfender, on 28 August 2011 - 09:39 AM, said:

I'm just curious, do you recall what Spybot stated that the infection was? I am aware of such expoits, but I have never encountered one on peoples syterms that I have worked on. The bottom line though, is that you never can be 100% sure that it is truely gone unless you backup your files, reformat, and reinstall everything. Most people that I work on systems for, never have recent backups, most systems only come with recovery partitions, and the person doesn't want to buy a backup drive. I usually try removal first, then if the time involved seems to great, I will just use a CD I have to reinstall Windows, then move their user data back over. However, this used to be easy in XP, but with Vista and Windows 7, I don't think it is as easy anymore. However, to be honest, I don't have much experience with Windows 7.

It found some minor tracking cookies (from Google Chrome ), some sort of malware, and a few things in the registry that were screwed up (which I knew they were because task manager and regedit had been disabled)

@Helel

Well, I have a packet sniffer that I used from time to time, not likely I wouldn't notice it, this was obvious.

[Jimmy]

Format C:.

[Spirrwell]

Captain Awesome, on 28 August 2011 - 03:56 PM, said:

Format C:.

Why not? It's not my Windows drive... I've got two other hard drives I can back up my files to then put it back afterwards...

Oh right, it'd be a waste of fucking time.

[rasmus thorup]

I don't have very much experience with computer viruses. But first off. Are you sure that it is a virus? Some programs just spam random comments like "what's up" and does some weird things to make the user think that he has viruses. Then the user downloads some antivirus programs that has greater access to give some viruses. This is just a thought, something i have heard before. I know very little.

[Spirrwell]

rasmus thorup, on 28 August 2011 - 05:37 PM, said:

I don't have very much experience with computer viruses. But first off. Are you sure that it is a virus? Some programs just spam random comments like "what's up" and does some weird things to make the user think that he has viruses. Then the user downloads some antivirus programs that has greater access to give some viruses. This is just a thought, something i have heard before. I know very little.

No, it wasn't spamming, my mouse was controlled, it went to the address bar of my Google Chrome, and it said "what's up?" I replied saying something like "Nice key logger." Which I'm guessing it was something of that sort, and I said, "Don't worry, it'll be gone soon." Then he said "bye." My computer tried to shut down on its own, I was able to stop it. Then a BSOD pops up. Despite the fact that the guy was an asshole, it was amazingly awesome. I just gave the basic run down in my first post, but I think it's much cooler to explain it. Yes, I am in awe of somebody's virus.

[Mike Norvak]

Spirrwell, on 28 August 2011 - 05:09 PM, said:

Why not? It's not my Windows drive... I've got two other hard drives I can back up my files to then put it back afterwards...

Oh right, it'd be a waste of fucking time.

The only thing I really hate about formating my computer is to reinstall a loadshit of plugins and VSTs and other software that is a pain in the ass...

[Jimmy]

Spirrwell, on 28 August 2011 - 05:09 PM, said:

Why not? It's not my Windows drive... I've got two other hard drives I can back up my files to then put it back afterwards...

Oh right, it'd be a waste of fucking time.

The intent of my post went right over your head.

[The Commander]

mfender, on 28 August 2011 - 09:10 AM, said:

My gosh, 350MB hard disk space requirements! That sounds like that would be a major resource hog, at least on older, single core systems that I sometimes work on. I just don't think that a lot of people realize how much a real time protection program can slow down one's system, because most people have duel and quad core processors with plenty of RAM, today. However it is definitely noticeable on older, single core systems with more limited RAM.

I ran this on my old 2.66 single core just fine.

[Spirrwell]

Captain Awesome, on 28 August 2011 - 07:18 PM, said:

The intent of my post went right over your head.

I saw the intent, that's why I saw fit to point out what I pointed out. I already said previously that in the worst case scenario I would reload Windows, AND I also said that I got rid of the virus. So either you're stupid and you didn't read my posts fully, which you aren't, or your intent was to be an ass and add nothing to try to help. Anything else, I couldn't care less. So maybe I should call you Captain Assome, and if you really want to make a pun out of that, you could call me Spermwell you smartass.

@Norvak, Yes, it's a very big pain in the ass, and time consuming, but I'm sure that a system restore would've worked just as well, assuming I had any restore points to use.

[Hendricks266]

Spirrwell, on 28 August 2011 - 07:29 PM, said:

So maybe I should call you Captain Assome

You could do so much better than that. My preferred insult would be Captain Cocksucker, coined by DT in an unrelated (to CA) discussion on AMC.

[Spirrwell]

Hendricks266, on 28 August 2011 - 07:57 PM, said:

You could do so much better than that. My preferred insult would be Captain Cocksucker, coined by DT in an unrelated (to CA) discussion on AMC.

It just seemed to fit calling him Captain Assome, when I could be easily called Spermwell. How about Corporal Cocksucker to downgrade his rank?

[Hendricks266]

Captain Cocksucker has a ring to it which Corporal Cocksucker does not. If you're going to demote him, go for Private Cocksucker. That makes it a double triple entendre.

[Spirrwell]

Hendricks266, on 28 August 2011 - 08:10 PM, said:

Captain Cocksucker has a ring to it which Corporal Cocksucker does not. If you're going to demote him, go for Private Cocksucker. That makes it a double triple entendre.

Perfect!

[Jimmy]

Spirrwell, on 28 August 2011 - 07:29 PM, said:

I saw the intent, that's why I saw fit to point out what I pointed out. I already said previously that in the worst case scenario I would reload Windows, AND I also said that I got rid of the virus. So either you're stupid and you didn't read my posts fully, which you aren't, or your intent was to be an ass and add nothing to try to help. Anything else, I couldn't care less. So maybe I should call you Captain Assome, and if you really want to make a pun out of that, you could call me Spermwell you smartass.

I don't really go into gimmicky name calling, that's childish and rarely clever. And once again, it seems like you're trying to be smarter than me. My post was a simple age old internet troll. Stop trying to read into everything, it doesn't make you look smart.

Hendricks266, on 28 August 2011 - 07:57 PM, said:

You could do so much better than that. My preferred insult would be Captain Cocksucker, coined by DT in an unrelated (to CA) discussion on AMC.

I suck better cocks than he does. Feel free to degrade me to my face, but behind my back is laughable. My door is always open and I enjoy criticism. Just like Pat Benatar, I'd love it if you hit me with your best shot because I work hard on my knees.

[Kathy]

Spirrwell, on 28 August 2011 - 02:26 PM, said:

Well, I have a packet sniffer that I used from time to time, not likely I wouldn't notice it, this was obvious.

What would you notice with it? That something sending packets somewhere? Only if you're participating in some sort of DDoS attack then maybe. But if you're using it "from time to time" then you won't notice it. Not to mention that rootkits can change network drivers to hide from network sniffers.

[Spirrwell]

Captain Awesome, on 28 August 2011 - 10:11 PM, said:

I don't really go into gimmicky name calling, that's childish and rarely clever. And once again, it seems like you're trying to be smarter than me. My post was a simple age old internet troll. Stop trying to read into everything, it doesn't make you look smart.

I'm not trying to look smarter than you. I already know you're an asshole and a troll. At this point I wouldn't even have to read your post I just have to go SO far as to click on your name and see this:


I didn't feel like taking a new picture when it's all there anyway except for the troll face, you changed that...

[Jimmy]

I am honored that you are so petty as to save images of my profile from exactly a month ago today. That is hilarious to me.

[Spirrwell]

Captain Awesome, on 29 August 2011 - 04:48 PM, said:

I am honored that you are so petty as to save images of my profile from exactly a month ago today. That is hilarious to me.

No. I've just got a few TB hard drives that I don't see the need to delete stuff, especially with a picture that's 495 KB. Also, no, it wasn't 1 month ago by today. It is 8/29/2011 8:59 PM at the time of this typing. The picture was taken at exactly 7/27/2011 1:03 PM. So that would be 33 days and approximately 8 hours ago. It is 9:03 PM at the ending of this post.

[Jimmy]

It doesn't even matter when it was taken (Firefox shows it being last modified exactly a month ago.) The point is that you even took a picture of it to begin with.