Someone's Controlling my Computer with a virus.
#1 Posted 27 August 2011 - 01:32 PM
One interesting virus, anybody have any good antivirus tools I could use under Windows or Ubuntu and kill it?
#2 Posted 27 August 2011 - 01:39 PM
For the tools, try maybe RogueKiller (Windows).
Here.
http://www.sur-la-to...RogueKiller.exe
Edit: I just saw that there's no english version, so if you don't understand it at all, just type "2" and then Enter at the first command line screen. Then the log will display, showing globally what's wrong. You can translate the txt after this. With Google Translate for example. The words are quite simple, it won't do too much errors.
This post has been edited by Kyphros: 27 August 2011 - 01:41 PM
#3 Posted 27 August 2011 - 01:59 PM
I recommend once you have the issue fixed (or you could try it now) get Comodo, free and I have never had any issues with it. Download link COMODO website
Antivirus, Anti-Spyware, Anti-Rootkit, Firewall ect.
This post has been edited by The Commander: 27 August 2011 - 02:01 PM
#4 Posted 27 August 2011 - 10:05 PM
The Commander, on 27 August 2011 - 01:59 PM, said:
...and not using account with administrative privileges when browsing web.
#5 Posted 27 August 2011 - 10:52 PM
Helel, on 27 August 2011 - 10:05 PM, said:
Not quite sure what you mean.
But anyhow we need a HijackThis log for starters.
http://free.antivirus.com/hijackthis/
#6 Posted 28 August 2011 - 02:42 AM
The Commander, on 27 August 2011 - 10:52 PM, said:
I thought you were describing measures to take to counter malware installation in the future. Not using admin account is one of those.
#7 Posted 28 August 2011 - 08:39 AM
Spirrwell, on 27 August 2011 - 01:32 PM, said:
One interesting virus, anybody have any good antivirus tools I could use under Windows or Ubuntu and kill it?
Are you aware of anybody installing any remote access software on your computer recently such as TeamViewer, Logmein, GotoMyPc, etc to do remote support? Or maybe a friend or other prankster who installed such a program on your system when you weren't in the room? Just some thoughts.
The Sardu Live CD is one good choice. Initally though, you might want to try Malwarebytes free, Dr Web cureit free, Super Antispyware Portable.
Furthermore, I would recommend using a bootable CD/DVD or a bootable USB key to run anti-malware utilties from. I believe though that Malwarebytes runs best from your system, but may or may not work, that depends alot on what the malware is. Sometime you have to rename the anti-malware program so it is not recognized by the malware and killed. also use a good rootkit scanner such as Kapersky's TDSSKiller.exe, GMER, or Avast's! aswMBR.exe. This is just a brief overview of possible solutions. Update: RemoveFakeAntivirus, and as posted above, RogueKiller.
This post has been edited by mfender: 28 August 2011 - 08:57 AM
#8 Posted 28 August 2011 - 08:54 AM
As far as I know, it's gone. Worst case scenario, I can reload Windows.
#9 Posted 28 August 2011 - 09:10 AM
The Commander, on 27 August 2011 - 01:59 PM, said:
I recommend once you have the issue fixed (or you could try it now) get Comodo, free and I have never had any issues with it. Download link COMODO website
Antivirus, Anti-Spyware, Anti-Rootkit, Firewall ect.
My gosh, 350MB hard disk space requirements! That sounds like that would be a major resource hog, at least on older, single core systems that I sometimes work on. I just don't think that a lot of people realize how much a real time protection program can slow down one's system, because most people have duel and quad core processors with plenty of RAM, today. However it is definitely noticeable on older, single core systems with more limited RAM.
This post has been edited by mfender: 28 August 2011 - 09:18 AM
#10 Posted 28 August 2011 - 09:39 AM
Spirrwell, on 28 August 2011 - 08:54 AM, said:
As far as I know, it's gone. Worst case scenario, I can reload Windows.
I'm just curious, do you recall what Spybot stated that the infection was? I am aware of such expoits, but I have never encountered one on peoples syterms that I have worked on. The bottom line though, is that you never can be 100% sure that it is truely gone unless you backup your files, reformat, and reinstall everything. Most people that I work on systems for, never have recent backups, most systems only come with recovery partitions, and the person doesn't want to buy a backup drive. I usually try removal first, then if the time involved seems to great, I will just use a CD I have to reinstall Windows, then move their user data back over. However, this used to be easy in XP, but with Vista and Windows 7, I don't think it is as easy anymore. However, to be honest, I don't have much experience with Windows 7.
This post has been edited by mfender: 28 August 2011 - 09:44 AM
#11 Posted 28 August 2011 - 10:41 AM
Spirrwell, on 28 August 2011 - 08:54 AM, said:
Yep, rootkits are hard to notice.
#12 Posted 28 August 2011 - 02:26 PM
mfender, on 28 August 2011 - 09:39 AM, said:
It found some minor tracking cookies (from Google Chrome ), some sort of malware, and a few things in the registry that were screwed up (which I knew they were because task manager and regedit had been disabled)
@Helel
Well, I have a packet sniffer that I used from time to time, not likely I wouldn't notice it, this was obvious.
#14 Posted 28 August 2011 - 05:09 PM
Captain Awesome, on 28 August 2011 - 03:56 PM, said:
Why not? It's not my Windows drive... I've got two other hard drives I can back up my files to then put it back afterwards...
Oh right, it'd be a waste of fucking time.
This post has been edited by Spirrwell: 28 August 2011 - 05:27 PM
#15 Posted 28 August 2011 - 05:37 PM
#16 Posted 28 August 2011 - 06:43 PM
rasmus thorup, on 28 August 2011 - 05:37 PM, said:
No, it wasn't spamming, my mouse was controlled, it went to the address bar of my Google Chrome, and it said "what's up?" I replied saying something like "Nice key logger." Which I'm guessing it was something of that sort, and I said, "Don't worry, it'll be gone soon." Then he said "bye." My computer tried to shut down on its own, I was able to stop it. Then a BSOD pops up. Despite the fact that the guy was an asshole, it was amazingly awesome. I just gave the basic run down in my first post, but I think it's much cooler to explain it. Yes, I am in awe of somebody's virus.
This post has been edited by Spirrwell: 28 August 2011 - 06:43 PM
#17 Posted 28 August 2011 - 07:06 PM
Spirrwell, on 28 August 2011 - 05:09 PM, said:
Oh right, it'd be a waste of fucking time.
The only thing I really hate about formating my computer is to reinstall a loadshit of plugins and VSTs and other software that is a pain in the ass...
#18 Posted 28 August 2011 - 07:18 PM
Spirrwell, on 28 August 2011 - 05:09 PM, said:
Oh right, it'd be a waste of fucking time.
The intent of my post went right over your head.
#19 Posted 28 August 2011 - 07:25 PM
mfender, on 28 August 2011 - 09:10 AM, said:
I ran this on my old 2.66 single core just fine.
#20 Posted 28 August 2011 - 07:29 PM
Captain Awesome, on 28 August 2011 - 07:18 PM, said:
I saw the intent, that's why I saw fit to point out what I pointed out. I already said previously that in the worst case scenario I would reload Windows, AND I also said that I got rid of the virus. So either you're stupid and you didn't read my posts fully, which you aren't, or your intent was to be an ass and add nothing to try to help. Anything else, I couldn't care less. So maybe I should call you Captain Assome, and if you really want to make a pun out of that, you could call me Spermwell you smartass.
@Norvak, Yes, it's a very big pain in the ass, and time consuming, but I'm sure that a system restore would've worked just as well, assuming I had any restore points to use.
This post has been edited by Spirrwell: 28 August 2011 - 07:32 PM
#21 Posted 28 August 2011 - 07:57 PM
Spirrwell, on 28 August 2011 - 07:29 PM, said:
You could do so much better than that. My preferred insult would be Captain Cocksucker, coined by DT in an unrelated (to CA) discussion on AMC.
This post has been edited by Hendricks266: 28 August 2011 - 07:57 PM
#22 Posted 28 August 2011 - 08:08 PM
Hendricks266, on 28 August 2011 - 07:57 PM, said:
It just seemed to fit calling him Captain Assome, when I could be easily called Spermwell. How about Corporal Cocksucker to downgrade his rank?
#23 Posted 28 August 2011 - 08:10 PM
This post has been edited by Hendricks266: 28 August 2011 - 08:11 PM
#24 Posted 28 August 2011 - 09:01 PM
Hendricks266, on 28 August 2011 - 08:10 PM, said:
Perfect!
This post has been edited by Spirrwell: 28 August 2011 - 09:01 PM
#25 Posted 28 August 2011 - 10:11 PM
Spirrwell, on 28 August 2011 - 07:29 PM, said:
I don't really go into gimmicky name calling, that's childish and rarely clever. And once again, it seems like you're trying to be smarter than me. My post was a simple age old internet troll. Stop trying to read into everything, it doesn't make you look smart.
Hendricks266, on 28 August 2011 - 07:57 PM, said:
I suck better cocks than he does. Feel free to degrade me to my face, but behind my back is laughable. My door is always open and I enjoy criticism. Just like Pat Benatar, I'd love it if you hit me with your best shot because I work hard on my knees.
#26 Posted 28 August 2011 - 10:41 PM
Spirrwell, on 28 August 2011 - 02:26 PM, said:
What would you notice with it? That something sending packets somewhere? Only if you're participating in some sort of DDoS attack then maybe. But if you're using it "from time to time" then you won't notice it. Not to mention that rootkits can change network drivers to hide from network sniffers.
#27 Posted 29 August 2011 - 08:10 AM
Captain Awesome, on 28 August 2011 - 10:11 PM, said:
I'm not trying to look smarter than you. I already know you're an asshole and a troll. At this point I wouldn't even have to read your post I just have to go SO far as to click on your name and see this:
I didn't feel like taking a new picture when it's all there anyway except for the troll face, you changed that...
This post has been edited by Spirrwell: 29 August 2011 - 09:22 AM
#28 Posted 29 August 2011 - 04:48 PM
#29 Posted 29 August 2011 - 05:03 PM
Captain Awesome, on 29 August 2011 - 04:48 PM, said:
No. I've just got a few TB hard drives that I don't see the need to delete stuff, especially with a picture that's 495 KB. Also, no, it wasn't 1 month ago by today. It is 8/29/2011 8:59 PM at the time of this typing. The picture was taken at exactly 7/27/2011 1:03 PM. So that would be 33 days and approximately 8 hours ago. It is 9:03 PM at the ending of this post.