Memory Processes Infected: (No malicious items detected)
Memory Modules Infected: C:\WINDOWS\system32\__c009CC32.dat (Trojan.Zlob) -> Delete on reboot.
Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009cc32 (Trojan.Vundo) -> Delete on reboot.
Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f307ad5d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected: (No malicious items detected)
Files Infected: C:\Documents and Settings\randy\Local Settings\Temp\_A00F307AD5D.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c009CC32.dat (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Brenda
CKA Uber
Posts: 43180
Posted: Fri Aug 29, 2008 3:30 pm
herbie wrote:
One of the effects of this infection is that if you attempt to run regedit, it will pop up a window even in safe mode announcing "Regedit has been disabled by your administrator". Changes made by most programs like SpyBot, SuperAntiSpyware, AVG (1st sign, your anti-virus won't update) are reversed on reboot. Eventually you even lose connectivity and you're hooped. There are a few products that claim the ability to remove the infection but they're not free so take your chances. Another pain is System Restore which has become entirely a spot to hide trojans/viruses and is a next to useless function. I've had to inform most victims that it's unfortunate but unless they are willing to pay for as much as 8 hours of pissing around, they're looking at a format, fixboot and reinstall as it's simply cheaper. Your books are worth the labour cost, it's TFB about your music and pictures. Learn to back up shit. What is really interesting is that I have yet to see a Vista machine come in with this infection, just XP boxes!
My AVG would not update the last couple of days, but I don't get pop-ups yet. I went to the AVG site, updated again, and now it says it's updated. Should I be scared?
BTW, I use Vista...
ziggy
Posted: Fri Aug 29, 2008 4:12 pm
Brenda wrote:
herbie wrote:
One of the effects of this infection is that if you attempt to run regedit, it will pop up a window even in safe mode announcing "Regedit has been disabled by your administrator". Changes made by most programs like SpyBot, SuperAntiSpyware, AVG (1st sign, your anti-virus won't update) are reversed on reboot. Eventually you even lose connectivity and you're hooped. There are a few products that claim the ability to remove the infection but they're not free so take your chances. Another pain is System Restore which has become entirely a spot to hide trojans/viruses and is a next to useless function. I've had to inform most victims that it's unfortunate but unless they are willing to pay for as much as 8 hours of pissing around, they're looking at a format, fixboot and reinstall as it's simply cheaper. Your books are worth the labour cost, it's TFB about your music and pictures. Learn to back up shit. What is really interesting is that I have yet to see a Vista machine come in with this infection, just XP boxes!
My AVG would not update the last couple of days, but I don't get pop-ups yet. I went to the AVG site, updated again, and now it says it's updated. Should I be scared?
BTW, I use Vista...
My avg was updated but didnt find anything untill I ran that program and then found a trojan downloader halfway through the scan and malware found 5 others. I researched that virus lots today and everything I have read about that malware site has been positive. Here are some of the things that were happening to me since the infection. 1) booting up my pc would bring up my desktop and no icons,hitting control alt delete to bring up the task manager and then maximizing it and minimizing it several times would bring up my full desktop. 2)pop ups galore for anti virus and web site domain names for sale,was starting to think Tritium had embedded a few links for his domain name bussiness. 3) I also was getting file transfers on msn from people infected with a different virus that asks you if you have seen these pics or whatever and there zip files so if you see any of those dont open them.
Run that program and you should be allright and beats banging out a hjt log and sending it to a guru for step by step instructions in reg-edit.
Sounds like Vista so far is ok from this threat.
Elvis
Forum Elite
Posts: 1910
Posted: Fri Aug 29, 2008 6:37 pm
WOW
What a coincidence this week I had to install and reinstall 4 OS because of related malware, Virus infection on winXP and Window Vista. Those Hacker are getting too good at this for normal windows user to continue to be secure.
The first one was a Vista computer who was so slow and buggy that I didn't even bother to boot the OS to make the costumer Backup. I Simply use a live CD and and resize the Vista partition to make space for the Backup Partition on which I later transfer 20 Gib of music and Video. (the Owner beg me to install Mandriva Linux like I did for her boyfriend 3 month ago) One less vista on this earth
The other one had her Internet connection high jack by some unknown virus. so instead of messing around to try to remove it I just did a clean reinstall. removing virus sometime work and sometime it doesn't and since I charge by the hours it is cheaper to just reinstall the OS. And then be 100% sure to deliver a virus free machine.
The other one was a custom reinstall of is infected Winxp PLUS a Mandriva Linux in dual boot. This dude is a gamer who will use is winXP from now on to ONLY play and is Linux OS for all the rest of is computer need.
When I read post like this one
Quote:
Run that program and you should be allright and beats banging out a hjt log and sending it to a guru for step by step instructions in reg-edit.
Sounds like Vista so far is ok from this threat.
Brenda wrote:
herbie wrote:
One of the effects of this infection is that if you attempt to run regedit, it will pop up a window even in safe mode announcing "Regedit has been disabled by your administrator". Changes made by most programs like SpyBot, SuperAntiSpyware, AVG (1st sign, your anti-virus won't update) are reversed on reboot. Eventually you even lose connectivity and you're hooped. There are a few products that claim the ability to remove the infection but they're not free so take your chances. Another pain is System Restore which has become entirely a spot to hide trojans/viruses and is a next to useless function. I've had to inform most victims that it's unfortunate but unless they are willing to pay for as much as 8 hours of pissing around, they're looking at a format, fixboot and reinstall as it's simply cheaper. Your books are worth the labour cost, it's TFB about your music and pictures. Learn to back up shit. What is really interesting is that I have yet to see a Vista machine come in with this infection, just XP boxes!
My AVG would not update the last couple of days, but I don't get pop-ups yet. I went to the AVG site, updated again, and now it says it's updated. Should I be scared?
BTW, I use Vista...
My avg was updated but didnt find anything untill I ran that program and then found a trojan downloader halfway through the scan and malware found 5 others. I researched that virus lots today and everything I have read about that malware site has been positive. Here are some of the things that were happening to me since the infection. 1) booting up my pc would bring up my desktop and no icons,hitting control alt delete to bring up the task manager and then maximizing it and minimizing it several times would bring up my full desktop. 2)pop ups galore for anti virus and web site domain names for sale,was starting to think Tritium had embedded a few links for his domain name business. 3) I also was getting file transfers on msn from people infected with a different virus that asks you if you have seen these pics or whatever and there zip files so if you see any of those don't open them.
Run that program and you should be alright and beats banging out a hjt log and sending it to a guru for step by step instructions in reg-edit.
Sounds like Vista so far is ok from this threat.
It is obvious to me that a Modern Linux distro is simpler to use and maintain for an ordinary computer user than win OS. For example
I sold a brand new Computer to a very unexperienced computer user. The fist thing she wanted to do was to download some music of the net with Frostwire. The second .MP3 that she downloaded didn't work, so she ask me was was the problem with it?
I simply told her that it was NOT a real MP3 file but a malware in disguise as a MP3. If I had build her a win OS based computer she would have probably fuck up her Brand new custom build computer within the fist hour she power it on
Brenda
CKA Uber
Posts: 43180
Posted: Fri Aug 29, 2008 6:41 pm
Quote:
3) I also was getting file transfers on msn from people infected with a different virus that asks you if you have seen these pics or whatever and there zip files so if you see any of those dont open them.
I got several of those in messages on Facebook. Yo-uTube vids or something (mind the -, it was NOT YouTube), at least, that is where it linked to, asking if it was me looking so good making love
Turns out that were Trojans too. So don't click those either
ziggy
Posted: Fri Aug 29, 2008 7:48 pm
Worked for me and like usuall it was free.
you just have to search around,ignore the doom and gloom from those that want you to do a reformat. Most of the time their so interested in making a buck doing it that they forget about the free workarounds available anywhere on the net.
I never trust anyone who tells me I have to reformat,that means they dont know how to fix it and take the easy way out.
Most systems can be fixed after a hijack like this without wiping all your personal data.
ziggy
Posted: Fri Aug 29, 2008 7:51 pm
Look at this way peeps,if someone tells you to reformat your c drive because of this then find someone else.
If I can wipe this baddy then im sure the IT's who really know what their doing can also.
ziggy
Posted: Fri Aug 29, 2008 7:52 pm
Brenda wrote:
Quote:
3) I also was getting file transfers on msn from people infected with a different virus that asks you if you have seen these pics or whatever and there zip files so if you see any of those dont open them.
I got several of those in messages on Facebook. Yo-uTube vids or something (mind the -, it was NOT YouTube), at least, that is where it linked to, asking if it was me looking so good making love
Turns out that were Trojans too. So don't click those either
Sounds like you allready have it,if you got even one pop up then you better run that scan because what do you think is causing those pop ups?.
Brenda
CKA Uber
Posts: 43180
Posted: Fri Aug 29, 2008 8:17 pm
ziggy wrote:
Brenda wrote:
Quote:
3) I also was getting file transfers on msn from people infected with a different virus that asks you if you have seen these pics or whatever and there zip files so if you see any of those dont open them.
I got several of those in messages on Facebook. Yo-uTube vids or something (mind the -, it was NOT YouTube), at least, that is where it linked to, asking if it was me looking so good making love
Turns out that were Trojans too. So don't click those either
Sounds like you allready have it,if you got even one pop up then you better run that scan because what do you think is causing those pop ups?.
I don't have pop-ups, and I didn't click the links I deleted the messages asap
And, like I said, I use Vista
TattoodGirl
CKA Uber
Posts: 14013
Posted: Fri Aug 29, 2008 8:33 pm
Doesnt anyone use Linux here?
emart
Active Member
Posts: 174
Posted: Fri Aug 29, 2008 8:47 pm
TattoodGirl wrote:
Doesnt anyone use Linux here?
ahem... i do! i link'd ubuntu before!
herbie
CKA Elite
Posts: 3125
Posted: Fri Aug 29, 2008 10:09 pm
Brenda: you don't have to worry because AVG update servers been screwing up a lot lately. If you click the icon and tell it to update it usually does. The old AVG used to update almost as soon as your computer turns on, the new 8 seems to take awhile to autoupdate.
I will have to try the anti-malware the last time I checked it out it found the stuff but wouldn't clean it until you coughed up the $$.
Yes, lots of people are using Linux. I use Ubuntu a LOT cuz I run a couple webservers and a few mailservers and an Internet cafe. I also have Linux on an Acer AspireOne and there's a super-cool EZ desktop Linux on those tiny Asus Eee's. I say supercool as hidden in that Fisher-Price lookalike there's a superb network tool that's designated by Windows laptop the home machine and it the work machine!
get an Asus Eee free if you open an RBC account before Oct 31
Elvis
Forum Elite
Posts: 1910
Posted: Sat Aug 30, 2008 6:58 am
Ziggy wrote
Quote:
I never trust anyone who tells me I have to reformat,that means they dont know how to fix it and take the easy way out.
Most systems can be fixed after a hijack like this without wiping all your personal data.
Of course it is possible to remove those spyware and virus by hand or with some tool. But it take a lot of time sometime hours and the end result is not alway 100%. When it is you own machine on your own time then sure you can spend a few hours to try to solve it. (BTW I alway Backup my costumer DATA before a reinstall)
Elvis
Forum Elite
Posts: 1910
Posted: Sat Aug 30, 2008 7:00 am
TattoodGirl wrote:
Doesnt anyone use Linux here?
Yep if you need some help I have some spare time this weekend
CKA Uber 
Active Member 
