Got Crapped on by malware that's killing me

Cr0nJ0b

Golden Member
Apr 13, 2004
1,141
29
91
meettomy.site
As pathetic as this sounds, I'm just now getting over a cold and my PC caught a virus.

I'm not sure exactly what I have, but it's bad enough to wiggle around my restore points for that last 3 weeks. I'm in the process of scanning with Spybot, Windows Defender and AdAware SE...but there is a program out there, whose name escapes me. It basically pulls a list of all the processes running and then helps to identify which ones are the bad guys. I tried hijackthis, but I think there is another one.

Any help would be appreciated. I'm guessing that I'll have to reinstall XP before long.

sad.
 

Lemon law

Lifer
Nov 6, 2005
20,984
3
0
Running hijack this does nothing---posting the resulting log file of your system is required to get experts to help you---you can get instructions and a place to post the log file in regard to this on the spywarewarriors forum. These experts are very good---and things that get by ALL on line scans can't hide from these experts. But do them a favor--get as much off first with scanners---leaving them with as few nasties to deal with as possible.

But this advice is from personal experience after purchasing used PC on line that was completely infested with malware---about 99.5% of malware will yield to scanning---its that .5%
that needs hijack this. So nothing wrong with virustotal as a place to start---it should keep you out of the pool halls for a bit.

But if one of the nasties already ate a good part of your OS---a clean install after nuking your hard drive may be the easy option---although a repair install might work.

And thereafter---read up on spyware warriors, castle cops, or elsewhere on how to protect your PC---and set up a multi-layered defense.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Here's a suggestion, try the F-Secure online scanner here (use Internet Explorer since this scanner uses ActiveX). Run a full scan, note down the complete names of stuff it detects, and post the names here.

Also, what antivirus software are you using now? What are the symptoms you're seeing (be as specific as possible)?
 

John

Moderator Emeritus<br>Elite Member
Oct 9, 1999
33,944
1
0
A-Squared has Hijack Free which is nice
http://www.hijackfree.com/en/hijackfree/

Visit the link in my sig for all of the tools that you'll need to clean your system. :)

FWIW I have been using F-Secure online scan on some of my customers pc's and not only is it slow, but it hangs up during the removal process a lot of the time. Regardless, it's still got a good detection rate and you can remove things manually.
 

RebateMonger

Elite Member
Dec 24, 2005
11,588
0
0
Consider the time that it could take to get the drive fully cleaned, including time running scans and time on various help Forums. And whether you'll be able to determine that it's REALLY clean (with no trojans, rootkits, etc.) once you are done.

Then, consider how long it will take you to re-install XP and your applications. When you are done, you can be sure that the PC IS clean.

Only you can decide which is best for you.

Either way, you should back up any important data, but you SHOULD have backups anyway. ;)
 

Robor

Elite Member
Oct 9, 1999
16,979
0
76
I agree with RebateMonger & nweaver. The time it takes to scan and (allegedly) clean a badly infected system is often longer than a fresh install that you know is clean.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
I likewise agree about nuking it, but first I'd like to see what the infection actually is, so it can be prevented from happening again in the future. Trying to get people to tell what the exact names of the malware is, however, is like herding cats :confused:

Cr0nJ0b, if you do run the F-Secure scanner, at the end (if it makes it to the end) there's a Report button. Paste the text from the report into this thread if you can?
 

John

Moderator Emeritus<br>Elite Member
Oct 9, 1999
33,944
1
0
I disagree with an OS reinstall for a couple of reasons.

1) Sure it may only take 20-30 min to reinstall the OS, but add anohter 20 min for drivers and a few hours to reinstall apps, tweaks, etc.
2) If you're infected now the malware is going to come back unless you implement prevention techniques (Limited account, quality malware tools, common sense). Are you going to reformat each time you're infected?

You may want to consider making an image or recovery dvd if you ever decide to reinstall the OS. However do not connect to the internet! Make sure you have the necessary service packs or a slipstreamed OS w/ the latest service pack, use the Autopatcher, install all of your preferred software, and then tweak the OS to your liking. Now you can use Acronis (or another imaging app) to make a current image.
 

RebateMonger

Elite Member
Dec 24, 2005
11,588
0
0
John is certainly correct about the need to make education and prevention a part of any OS repair. Limiting your account rights is a big help. Other requirements are common sense, current Anti-Virus and Anti-Spyware definitions, and ongoing patching. Making an image of your hard drive after completing a re-installation can certainly speed up repairs in the future.

Getting infected once is excusable. Getting infected twice (if you are an adult) is just plain dumb.
 

John

Moderator Emeritus<br>Elite Member
Oct 9, 1999
33,944
1
0
Originally posted by: RebateMonger
Getting infected once is excusable. Getting infected twice (if you are an adult) is just plain dumb.

QFT :thumbsup: :p

 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
Originally posted by: John
I disagree with an OS reinstall for a couple of reasons.

1) Sure it may only take 20-30 min to reinstall the OS, but add anohter 20 min for drivers and a few hours to reinstall apps, tweaks, etc.
2) If you're infected now the malware is going to come back unless you implement prevention techniques (Limited account, quality malware tools, common sense). Are you going to reformat each time you're infected?

You may want to consider making an image or recovery dvd if you ever decide to reinstall the OS. However do not connect to the internet! Make sure you have the necessary service packs or a slipstreamed OS w/ the latest service pack, use the Autopatcher, install all of your preferred software, and then tweak the OS to your liking. Now you can use Acronis (or another imaging app) to make a current image.

my point isn't that it's faster, it's that can you ever really be sure again? Have you been rooted, and all the stuff is hidden from your OS and all applications so you can NEVER know for sure without nuking the HDD and starting over. This is why backups are important, as is analysis of how/what happened. If you get hacked, you need to know how, and unsure it doesn't happen again, but once someone owns your box, you cannot truely ever be sure it's yours without a format.
 

John

Moderator Emeritus<br>Elite Member
Oct 9, 1999
33,944
1
0
How can you be sure that after you've done a clean install that you aren't going to get infected again? I've had customers call me up and their system is hosed in less than 24 hours. As soon as the "kids" load up the rogue P2P apps, download infected files, or you start surfing pr0n you're probably back to where you started. So unless you change your usage habits and lock down other user accounts you're running a circle.

Reinstalling an OS because you aren't sure if malware is still resident on your computer is a waste IMHO. I guess since I deal with it for a living I have a different outlook on removal and prevention methods.
 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
Originally posted by: John
How can you be sure that after you've done a clean install that you aren't going to get infected again? I've had customers call me up and their system is hosed in less than 24 hours. As soon as the "kids" load up the rogue P2P apps, download infected files, or you start surfing pr0n you're probably back to where you started. So unless you change your usage habits and lock down other user accounts you're running a circle.

Reinstalling an OS because you aren't sure if malware is still resident on your computer is a waste IMHO. I guess since I deal with it for a living I have a different outlook on removal and prevention methods.

Again, I would say that yes, you need to know HOW/WHY/Prevent ownage, but you have to nuke a box after you get that info, because there are NO removal tools that can guarantee complete removal, because they can't detect all root kits.

This comes from my experience as an admin. If my server is hacked/comprimised, I take it offline and pull logs/files/etc for later analysis, nuke it with an image/os install, and then restore backups. While I'm working on that, I look at the logs and find what happened. Usually, I know why a box got owned or can find the reason quickly. Again, once someone owns it, I can never really be sure without a nuke. Perhaps the reason customers are getting owned is bacause they are rooted? (Not that I think you don't know what you are doing, or that it's not a root kit, but really just lousy users, I'm just saying, you can never be sure)
 

Lemon law

Lifer
Nov 6, 2005
20,984
3
0
To John,

If you have a custoner returning after 24 hours---I can somewhat understand that part of it is the fault of the customers and their kids--bound and determined to become reinfested. But as someone who does it for a living---I also have to ask why you are doing nothing to educate your customers?---and why are you not helping them lock down their systems with multilayed defenses that would repel much mal-ware even given unsafe surfing habits?---especially when many anti-virus programs will hoot their horns when they encounter malware---and process controls will demand user intervention to allow the file to install.---and much of it can be had for free. Even though the user can over-ride the firewall---there should be layers of protection behind it---as your excellent guide points out.

And how can anyone be sure how safe the site they surf to?---when bambi.com is possibly the name of a porn site designed to trap the innocent.---and malware routinely labels itself as system files.
 

John

Moderator Emeritus<br>Elite Member
Oct 9, 1999
33,944
1
0
Originally posted by: Lemon law
To John,

If you have a custoner returning after 24 hours---I can somewhat understand that part of it is the fault of the customers and their kids--bound and determined to become reinfested. But as someone who does it for a living---I also have to ask why you are doing nothing to educate your customers?---and why are you not helping them lock down their systems with multilayed defenses that would repel much mal-ware even given unsafe surfing habits?---especially when many anti-virus programs will hoot their horns when they encounter malware---and process controls will demand user intervention to allow the file to install.---and much of it can be had for free. Even though the user can over-ride the firewall---there should be layers of protection behind it---as your excellent guide points out.

And how can anyone be sure how safe the site they surf to?---when bambi.com is possibly the name of a porn site designed to trap the innocent.---and malware routinely labels itself as system files.

How nice of you to assume I don't practice what I preach. :p I educate all of my customers, but I cannot force them to run a limited account, restrict their access, or uninstall their 2 year Norton or McAfee subscription. Some customers are non-compliant much like a patient in the hospital that leaves AMA. I can only lead a horse to water.......

Even then the "24 hour return" is rare and I was using it as an example. Just because you have a "clean install" doesn't mean it is exempt from being reinfected. The sad thing is a lot of malware is difficult to remove and very time consuming. However reinstalling an OS to get a clean environment doesn't exempt you from being reinfected in a matter of minutes if you aren't careful.

For some of us that have clean and current images a clean install is not a time consuming process, but then again we are the minority.
 

Lemon law

Lifer
Nov 6, 2005
20,984
3
0
To John,

Please don't assume I am being critical of you or accusing you of not practising what you preach. But it would be childs play for you to give each customer a cd containing your practical advice plus you could load said cd with quite a number of freeware programs they could use to lock their systems down.---and it would basically costs you only the cost of a cd-r disk.---and give you a totally clean conscience in the process.

When I help friends on an amateur basis---this is exactly what I do--- I help them clean---and then help them lock down their systems---educating them on safer surfing is harder---but getting their computers back from the brink of unusable makes them somewhat ameanable to learning.---and while the scanners are running---and between the sips of free beer I make them provide me---I get a chance to preach.
 

John

Moderator Emeritus<br>Elite Member
Oct 9, 1999
33,944
1
0
Lemon law, time is money. In most cases a paying customer is not the same as a "friend", and I can't think of one business (in the business of turning a profit) off the top of my head that is going to hand out free tools and offer up useful advice so the customer can address and solve their own problems. After all this is what the internet is for, right? Your intent is good on a personal level but in the business world it doesn't work like that. :p