Jeez, I'm an idiot

[misle]

At 6:47pm CST I tried to install a codec pack that came with the latest Dexter episode, since I couldn't get it to play (hook, line, & sinker).

I did scan the files beforehand with McAfee...I now see how good that software is.

Since then, I've been booting into safe mode and running everything I can find. Now, at 11:40pm CST, it's finally looking normal.

Many thanks to the Security forum and their resource thread. I used Forum member John's Security Guide and it helped a lot.

So, I must blame Dexter for this unfortunate event. I guess I can't complain. If this happens once every 9 years, I guess I can't complain too much.

As soon as I finish running two more scans, I'm off to bed. What a wasted evening.

 

[SSSnail]

Easier just to reinstall.

 

[misle]

Originally posted by: SSSnail
Easier just to reinstall.

If it was just the OS, I would agree, but I have an assload of games and other applications installed as well. I doubt a reinstall or repair would fix the damage and preserve my current apps.

 

[SSSnail]

This is why you should ghost your partition after you installed everything, keep a gold image and who cares what lurks beyond the honey pot.

 

[Baked]

TV shows from BT don't come w/ codec pack nor are they pw protected.

 

[misle]

Originally posted by: Baked
TV shows from BT don't come w/ codec pack nor are they pw protected.

And knowing is half the battle.

I was suspicious of it. I scanned it with McAfee, but apparently McAfee blows goats because it said it was good to go. :roll:

But like I said, I'm an idiot. Live and learn.

 

[Tiamat]

What symptoms is you computer showing? What kind of malware is it?

 

[misle]

Originally posted by: Tiamat
What symptoms is you computer showing? What kind of malware is it?

It was a Zlob parasite.

My computer was constantly telling me that I had spyware and popping up advertisements for spyware removal. It even changed my desktop wallpaper to the standard XP wallpaper with an advertisement.

Not to mention the gay porn links it added to my desktop.

Now, it seems to be back to normal. I have Malwarebytes' Anti-Malware running a full system scan right now to see if I missed anything. I gotta get some sleep though. I'm usually asleep by now.

I'll check it over in the morning and probably get another scan running before I leave for work (probably Super Anti-Spyware).

 

[anxi80]

Originally posted by: Baked
TV shows from BT don't come w/ codec pack nor are they pw protected.

yep. if a certain video file cant be played by cccp (which plain doesnt happen), then find another source.

 

[dsity]

i get one alteast once a week

 

[djheater]

Originally posted by: dsity
i get one alteast once a week

Cut down on the porn bro.

 

[Tiamat]

Originally posted by: misle

Originally posted by: Tiamat
What symptoms is you computer showing? What kind of malware is it?

It was a Zlob parasite.

My computer was constantly telling me that I had spyware and popping up advertisements for spyware removal. It even changed my desktop wallpaper to the standard XP wallpaper with an advertisement.

Not to mention the gay porn links it added to my desktop.

Now, it seems to be back to normal. I have Malwarebytes' Anti-Malware running a full system scan right now to see if I missed anything. I gotta get some sleep though. I'm usually asleep by now.

I'll check it over in the morning and probably get another scan running before I leave for work (probably Super Anti-Spyware).

Ah, sounds like you are on the right track. I just had a trojan that malwarebytes, super anti-spyware, and symmantec couldnt find. It kept downloading trojan.flush.g which was tripping my auto-protect. It took me a while to dig for but i eventually found the bug to be Trojan.downloaded.firu.g which had hidden itself and changed its file name. The tip off was the insane system resource usage and I found some weird scheduled tasks which pointed to the same weird .exe in system32.

Good luck! malware sucks.

 

[I Saw OJ]

Originally posted by: misle

Originally posted by: Tiamat
What symptoms is you computer showing? What kind of malware is it?

It was a Zlob parasite.

My computer was constantly telling me that I had spyware and popping up advertisements for spyware removal. It even changed my desktop wallpaper to the standard XP wallpaper with an advertisement.

Not to mention the gay porn links it added to my desktop.

Now, it seems to be back to normal. I have Malwarebytes' Anti-Malware running a full system scan right now to see if I missed anything. I gotta get some sleep though. I'm usually asleep by now.

I'll check it over in the morning and probably get another scan running before I leave for work (probably Super Anti-Spyware).

You sure those weren't there before the malware?

 

[Jeff7]

Any idea what it is that you've got?

I don't know how good it still is, but try out CWShredder, for eliminating, or at least crippling, CoolWebSearch, may its creators rot in the worst parts of Hell.

The worst variant of CWS that I've ever seen works like this (as best as I can figure):

Two files get planed on your computer. One is a "dummy" file, not very well hidden, with a randomly generated name. The other is the compressed "setup" file. Also created are some hidden registry entries, one to run the compressed setup file, and the other one instructs Windows Explorer to hide both files, regardless of your View settings.

While CWS is running, and it detects that you've managed to delete the registry entries, it re-creates them. If you manage to find and delete the odd dummy file, it recreates it, with a new filename. I was able to use CWShredder to damage the CWS install, and then used Registrar Lite to edit the registry, which effectively did it under the radar of CWS.

With the auto-regenerating features of CWS finally disabled, I was able to see, and delete, the master "setup" file.

It's kind of sad that Windows can't even seem to protect itself that well. CWS would be enough to impress the Borg; shortly thereafter, it would disable The Collective due to excessive memory leaks.

Originally posted by: djheater

Originally posted by: dsity
i get one alteast once a week

Cut down on the porn bro.

Firefox + Pornzilla = no spyware + good times


Or so I've heard.