Having virus trouble

Started by Arroyo Milori, August 12, 2009, 02:02:18 PM

Previous topic - Next topic

Arroyo Milori

I am not sure if this is the right place to post this or not so why not try?

Lately I have been having trouble with downloading MSN messenger 9.0 and I asked some people if anyone has experienced this problem before. Then they told me to look at this site to see if I had conflicker, in which I learned that I might have Conflicker of the A/B variant.

Now I downloaded the program that removes the virus that was made by Bitdefender and it tells me that I do not have the virus, yet I still have trouble downloading and visiting "Security" sites. Whenever I visit a s"security site", it tells me that the page cannot load. This also seems to effect some patches for some of the games I have on my computer.

I need help with this BADLY. It's driving me nuts! I don't know what else I have to do.

Noone

#1
If you have a USB device and a second computer with internet connectivity, you can use that to circumvent the virus. Download what you have onto that computer, put it on the USB, then put it on your main computer. I'm not sure what you're using for anti-virus purposes, I find Avast to be a good program that should be able to handle Conflicker.

This link I found has some tools to help, hopefully at least one of them will work:
http://www.dhs.gov/ynews/releases/pr_1238443907751.shtm

hapless

Download a bootable virus cleaning tool at another computer, burn it to a CD, and fire up.
I recommend Avira's (it's a bootable Linux system with full Avira suite in autorun - you can even CtrlAltF1 to console and do stuff manually).
Available at http://free-av.de/en/tools/12/avira_antivir_rescue_system.html

//h
Chaosnet device not responding - check breaker on the Unibus

llearch n'n'daCorna

Ooo. Thanks, hapless. Do you have one that doesn't require windows to write to cd?
Thanks for all the images | Unofficial DMFA IRC server
"We found Scientology!" -- The Bad Idea Bears

Arroyo Milori

#4
I acutally need somethign easy to use, I was suggested to use LiveCD but I do not know which program to use. I also run on Windows XP btw.

Also for a security program, I use Avira.

llearch n'n'daCorna

Quote from: llearch n'n'daCorna on August 12, 2009, 02:39:20 PM
Ooo. Thanks, hapless. Do you have one that doesn't require windows to write to cd?

Actually, scratch that. It runs under wine, and when you exit, asks you if you want to save the iso, so no problems. Now to see if I can get it to boot off a usb stick...
Thanks for all the images | Unofficial DMFA IRC server
"We found Scientology!" -- The Bad Idea Bears

Dekari

#6
The outright easiest thing you can do, if this is a recent problem and you can remember about when it started and when you didn't have the problem, is a system restore.

Doing a system restore has saved me from a lot of headaches, and work, on a small hand full of occasions.  And unless the restore data points have been corrupted, it will remove viruses and other malicious programs.  Or at least from my experiences it has.
I somehow get the feeling that you didn't think your cunning plan all the way through.

Thanks go to Kipiru and Rhyfe for the art work used in avatars.

http://drakedekari.deviantart.com/

Tapewolf

Quote from: Dekari on August 12, 2009, 02:48:36 PM
The outright easiest thing you can do, if this is a recent problem and you can remember about when it started and when you didn't have the problem, is a system rollback.
Oh, now that's an interesting idea!  If you could get the virus to spread itself into the rollback points, you'd really have it made...

J.P. Morris, Chief Engineer DMFA Radio Project * IT-HE * D-T-E


Mao

#8
Conficker actively disables the restore and messes up existing restore points based on which level of the virus you have.

Also, where it's a constantly updated virus, you pretty well have to constantly look for new solutions to combat it as the creators of it seem to be keeping up on everything that is being done to resolve it, patching it almost as fast as flaws in it are being found and exploited for defense against it.  It's kinda neat to watch.

Dekari

Quote from: Mao Laoren on August 12, 2009, 02:57:08 PM
Conficker actively disables the restore and messes up existing restore points based on which level of the virus you have.


Hmmm....I did not know that.
I somehow get the feeling that you didn't think your cunning plan all the way through.

Thanks go to Kipiru and Rhyfe for the art work used in avatars.

http://drakedekari.deviantart.com/

hapless

#10
Quite a lot of malware nowadays puts itself into both of System Restore and System File Protection mechanisms, leading to situations where a file removed by the antivirus gets "recovered" a few seconds later. Most disinfection instructions nowadays contains disabling Restore (and thus allowing the AV to access the System Volume Information directories) as one of the first steps.

Also, get a good firewall after you recover from that. Comodo Firewall (disable the bundled AV during installation if you want to continue using Avira) and Online Armor seems to be "best", tho it's always relative.
http://www.av-comparatives.org/
http://www.matousec.com/projects/proactive-security-challenge/

Llearch, you can use any USB bootable linux distro with the Linux version from http://free-av.de/en/download/download_servers.php . The license file has to be renewed every July, but it doesn't even require registration.

//h
Chaosnet device not responding - check breaker on the Unibus

Dekari

I just remembered another program you can use.  I don't know if it will help solve the problem but it will help prevent it from happening again...that is if you know what you are doing.  The program is Hijack This.  My brother uses it and swears by it.  But I would only recommend looking into this program if you know what you are doing or know someone who does as I would put it akin to playing with RegEdit...do one wrong thing and you will be reinstalling from scratch.
I somehow get the feeling that you didn't think your cunning plan all the way through.

Thanks go to Kipiru and Rhyfe for the art work used in avatars.

http://drakedekari.deviantart.com/

Arroyo Milori

I have downloaded Hijackthis, but it's installer refuses to work properly, so that solution is thrown out the window. : L

hapless

IIRC Conficker kills well-known security software. For sure some malware does, tho not all of them thoroughly. Once at friends PC (that wasn't Conficker) I couldn't run Process Explorer nor HijackThis, but simple rename of the executable was sufficient to work around it. Anyway, HJT won't help you much in the case of this particular problem anyway. You need a deep-scan with a good antivirus.

BTW, http://www.dshield.org/diary.html?storyid=5860 may still be useful, but most of mentioned tools work from inside the infected system, not a boot disk.
//h
Chaosnet device not responding - check breaker on the Unibus

llearch n'n'daCorna

Quote from: hapless on August 12, 2009, 03:04:46 PM
Llearch, you can use any USB bootable linux distro with the Linux version from http://free-av.de/en/download/download_servers.php . The license file has to be renewed every July, but it doesn't even require registration.

Cheers for that. My main issue is finding a usb stick to put a distro on. Well, that and something actually useful...

The iso image should be fine. We'll see how that works, for resolving issues with someone's eeepc... which, obviously, doesn't have a cdrom drive...
Thanks for all the images | Unofficial DMFA IRC server
"We found Scientology!" -- The Bad Idea Bears

Unbeknownst

#15
Quote from: Arroyo Milori on August 12, 2009, 03:34:09 PM
I have downloaded Hijackthis, but it's installer refuses to work properly, so that solution is thrown out the window. : L

Ahh okay, I work in the IT field so this might help,
You have a virus that prevents certain file names from working/installing
Try renaming them. If that doestn't work download a program named: "PrevX" Without the quotes
If that doesnt work try downloading the random name file of prevx (Should be on the download site)

Okay, once that has been done, scan for the virus(s)

You would need to pay for Prevx to delete them via the program, but PrevX gives you the location of the Virus.
Time for some huntin'!

Find the folder of the virus and delete it.

If "You do not have the rights" etc, pops up download a program named: "Move on boot" and set it to delete the virus(s)

Good luck,!

Regards, Unbeknownst.


Edit:

Had the same virus, check the userinit regestry and see if there is any "Added" extensions to it. Thats how the virus starts

Also

Check your process first before doing all of this, If you dont know the process Google it! If it is found as dangerous end it now!

If any processes were found dangerous, Press Crtl + R and type msconfig, In startup or one of the tabs should be the name of process, remove it from startup.

llearch n'n'daCorna

Quote from: llearch n'n'daCorna on August 12, 2009, 03:56:44 PM
Quote from: hapless on August 12, 2009, 03:04:46 PM
Llearch, you can use any USB bootable linux distro with the Linux version from http://free-av.de/en/download/download_servers.php . The license file has to be renewed every July, but it doesn't even require registration.

Cheers for that. My main issue is finding a usb stick to put a distro on. Well, that and something actually useful...

The iso image should be fine. We'll see how that works, for resolving issues with someone's eeepc... which, obviously, doesn't have a cdrom drive...

Just as an update, this worked a charm. I needed to find a program called unetbootin - fortunately, a mere apt-get sorted that for me - to get the iso image written to the usb stick in a way that actually worked, but once I had that sorted, things went just as easily as I might wish.

Well, ok. The error messages shown by the avira package came up as 1px wide, but that's an unrelated issue, and I could deal with it...
Thanks for all the images | Unofficial DMFA IRC server
"We found Scientology!" -- The Bad Idea Bears