I've got it BAD,

[shortylickens]

Well, I dont know what it is, but its inside my system.
Its fudging up my ability to update Ad-Aware and SpybotSD. It wont let me properly use any search engines. It wont let me download many files or follow redirects, so getting the latest versions of anti-anything seems impossible.

I have Symantec Corporate always running in the backround, how it slipped through I dont know.
It does not yet seem to have overridden IE7's popup blocker, but I can tell its trying to open massive popups every time I go to a new page.
It also (occasionally) causes script errors, and it will make Windows ask me to shut down a page because the script is causing massive computer slowdowns.

Also, when I try to use the Back button it keeps me on my current page. I find in the Back History that I often get blindy redirected to weird sites before hitting my intended destination.

In my task manager, it seems to wanna restart rundll32 all the time no matter how often I shut it down. Everything else in there seems normal, and it never seems to mess up the task manager itself.

Today and tonight I'll try run to full scans with Symantec AV, then Adaware, then Spybot, even though the two spyware tools cant be updated.
Also have spyware doctor but that has never caught anything before.

EDIT: Ran a full system scan with Adaware and found nothing, but since the last update was over 2 months ago I suppose thats expected.
EDIT 2: Ok, just realized I'm getting porno ads on the left side of my screen. Either Anandtech changed its format recently or I've been hit with some porn-forcing spy/adware.

 

[mechBgon]

All right, try a System Restore, and if that doesn't work (or even if it does), have a look at John's malware-removal guide and Schadenfroh's malware-removal utility.

 

[shortylickens]

SpyBotSD just found and cleaned the following items:

AdRevolver
BlueStreak
BurstMedia
CasaleMedia
DoubleClick
FastClick
Hitbox
MediaPlex
RightMedia
SexList
SexTracker
StatCounter
Tradedoubler
Virtumonde
Virtumonde.dll
WebTrends Live
Zedo


I tried getting a new version of AdAware from Download.com, and I know that site it full of junk, so it may explain a few of those.
The sex items bother me. I get all my porn from file-sharing, not the web.
And EVERYTHING that goes in or out of my file-sharing is hit with AV first.

Will do a full AV scan right now before heading to work.
We'll see what happens.

 

[mechBgon]

You might also want to check your system for exploitable vulnerabilities and look at other security steps. The bad guys are way ahead of most people's security game, seems like.

And I don't know why you'd think P2P is a more trustworthy source of anything than the (rest of) the Web is Or that scanning stuff with an antivirus means it's safe, either. Are you that naive?

 

[shortylickens]

Originally posted by: mechBgon
You might also want to check your system for exploitable vulnerabilities and look at other security steps. The bad guys are way ahead of most people's security game, seems like.

And I don't know why you'd think P2P is a more trustworthy source of anything than the (rest of) the Web is Or that scanning stuff with an antivirus means it's safe, either. Are you that naive?

The CONTENT on P2P is the same as the web stuff, yes, but the web pages themselves are a serious danger whereas Revconnect 0.374 is not.
And everything that goes through the P2P gets scanned before and during access. (I have my AV set up to do so.)

And if I still cant access anything after scanning it then I may as well unhook my internet and go back to DOS, because in that light the stuff I download from the WWW, the P2P and Windows Update is all equally unsafe.

At some point I have to use my computer, and probably for more than just
C:\DOS
C:\DOS\RUN
RUN\DOS\RUN.

Its better to take a modern OS and just deal with the issues.

 

[xgsound]

I didn't notice Superantispyware in your list of removers. It is an effective one that gives few false positives.

Run the scans in safe mode to be more effective. It's probably a good idea to get "winsockfix.exe" first in case malware fixes break your internet access. Since you have a Virtumonde variant you should check out http://wiki.castlecops.com/Mal...d_Prevention:_Overview where they list links to programs specifically for removing Virtumonde variants along with other excellent removal procedures. Virtumonde tends to respond aggressively unless it is removed in a specific (and changing) order.

John's site listed above also has Virtumonde removers inside his rouge remover package.


Jim

 

[mechBgon]

And everything that goes through the P2P gets scanned before and during access. (I have my AV set up to do so.)

That evidently wasn't enough. So you might want to look at my security steps link, which goes much further than just scanning with antivirus software.

 

[RebateMonger]

Almost every malware invasion requires that you APPROVE its installation. Executing anything downloaded from P2P or non-vendor sites is risky because it's super-simple to trojanize any software. A six-year-old can do it.

 

[shortylickens]

First off, I am grateful for all your help.
Second, I am totally fucked.


I waited until I knew I'd have a whole weekend home alone with no other projects so in case there was a serious problem, I'd be able to deal with it easily.

Went to the suggested sites, downloaded the suggested software, ran the first one:
A squared anti-malware.

It found a couple of things that Spybot did not. After I ran a full scan and clean, my system rebooted.
When it came back I got no Explorer. Was able to CTRL-ALT-DEL to the Task Manager. Tried running Explorer and windows said it couldnt find it.

Tried browsing for it and found plenty of executables in the Windows and System32 directory, none of them Explorer.

Am posting this from a LiveDVD boot of Suse 9.2. I burned it a long time ago for fun, am glad I had the sense to keep it around.
I must admit I like Konqorer, but not as much as Explorer.

I had 3 other suggested Anti-spyware programs downloaded but cant find them since I cant run Explorer.

Any tips? (Aside from going Linux.)

 

[mechBgon]

How about a repair install of Windows, followed by re-patching it and scanning it for the latent malware files..

 

[shortylickens]

Originally posted by: mechBgon
How about a repair install of Windows, followed by re-patching it and scanning it for the latent malware files..

I believe the purpose of all your suggested programs was to NOT reinstall Windows every time I get a spyware/adware/virus.

I noticed the web page made a big deal of criticizing the standard Spybot, Spyware Doctor and Adaware programs.
Suspect with these kind of results, all of their highly lauded apps have lost bragging rights too.

Appreciate your help. Since its obvious I should no longer mess around with this problem, will go ahead and reinstall Windows.
But I think rather than repairing it, I'll just move over a 1TB drive I've been saving and start again from scratch.
Dont look forward to putting in all my favorite programs again, but that will keep me busy for most of the weekend (and should give you guys a break from me ).

 

[mechBgon]

I believe the purpose of all your suggested programs was to NOT reinstall Windows every time I get a spyware/adware/virus.

Actually, no. My purpose is to prevent people from ever getting a spyware/adware/virus in the first place. Once they actually have one, my preferred way of dealing with it is to burn the entire Windows installation to the ground with DBAN :evil: and then reinstall Windows and secure it properly so that you never get another spyware/adware/virus. I'm the prevention guy, not the surgical-malware-removal guy (that would be Medea ).

 

[RebateMonger]

Originally posted by: mechBgon
Actually, no. My purpose is to prevent people from ever getting a spyware/adware/virus in the first place. Once they actually have one, my preferred way of dealing with it is to burn the entire Windows installation to the ground with DBAN :evil: and then reinstall Windows and secure it properly so that you never get another spyware/adware/virus.

I agree completely.

I also suggest seriously considering a way to keep ongoing image backups of your PCs. If something slips by, you can quickly restore everything to its pre-disaster state.

Software like Acronis True Image and Ghost can do this. But the easiest way is to use Windows Home Server.

 

[shortylickens]

Took a while, had to reinstall 3 times to get it right. Stupid nForce drivers kept messing up my system. Finally decided to just install the audio and ethernet.
Managed to get just the diplay drivers for my X800 Pro and not the whole Catalyst Suite Of Shit.

Before I install ANYTHING else, I will go to the suggested sites and get the favored programs.

Looks like I will be getting, in order:
1. Kaspersky Internet Security 7.0
2. Superanti spyware
3. Spyware Blaster
4. Online Armor
5. Threatfire
6. Sandboxie

See you guys in a little bit.


EDIT:
Back!
Lotsa fun, I have about 8 things running in the background but I suppose its needed these days. Hope 1GB of RAM is enough for all this crap.
Was not allowed to activate Windows normally, had to do it over the phone.
Now its time to do all the microsoft updates.

 

[mechBgon]

The non-Admin user account, optionally enhanced with a Software Restriction Policy, would still be a good idea, if you can accept the trade-off of some ease of use for much better security. Doesn't slow the computer down, doesn't cost anything, doesn't need to be renewed, doesn't require updates to give you effective protection. I'd just go non-Admin + SRP + Kaspersky + Windows Firewall + Data Execution Prevention + Secunia PSI + IE7 and call it a day, if it were me :beer: I hunt malware with that config, more or less.