Jump to content

Viral Computers


Jingthing

Recommended Posts

My system is corrupted/viral beyond (FUBAR) all reason but still functions enough for me to use it. I have been through this before and eventually the computer just dies (one time it fried the hard drive) and I just buy a new hard drive (when fried) or do a complete Windows XP reinstall.

Here is my dumb question:

Other than the hard drive is there anything else on the computer that can get corrupted, for example the processor?

Assuming the drive doesn't get fried this time, if I do a total operating system reinstall, there won't be any leftover corruption on the drive, right? This is academic as I need a bigger hard drive anyway.

Cheers and happy computing.

Edited by Jingthing
Link to comment
Share on other sites

Other than the hard drive is there anything else on the computer that can get corrupted, for example the processor?

Assuming the drive doesn't get fried this time, if I do a total operating system reinstall, there won't be any leftover corruption on the drive, right? This is academic as I need a bigger hard drive anyway.

In general terms the hard drive will not be permanantly damaged and a reformat will fix this. (not completely true but for practical purposes OK)

You should really use a proper AV product as the danger is not really to the computer but that people can misuse data on the computer or monitor you actvities. Banking etcl. The other danger is that it will be your computer that is used by others remotely to hack other computers or comit other cybercrimes. Do you really want to be put in the position of having to explain all that child pornography thatwas uploaded from your account. Not by you but by people exploiting an open comouter.

Solution..use a reliable AV ad Malware packace andkeep it upated.

Link to comment
Share on other sites

If you want good malware protection you can run free Winpatrol!

Further I suggest to install either Avast or Avira for AV protection. Both free versions are almost as good as their payware. Forget AVG (MHO)

In case of the firewall go with the best available - Online Armor (even if you are behind a router).

If you prefer a free firewall I suggest Outpost even Online Armor offers a free firewall but ranked behind Outpost. Comodo gives good protection too.

Proactive Security

Can only report from my experiences because every PC and every setup is different...

Edited by webfact
Link to comment
Share on other sites

Have you noticed that most virus infections happen to the people who are using the free AVG?

About 90% of the machines I disinfect are. I've never had a NOD32 machine come back infec ted. I once had someone with a virus that Avira couldn't remove, but it was still able to lock it down.

That's why I hate AVG so much. It's the "free" solution that so many grab without any thought or research. Unfortunately many pay for it in the end.

Link to comment
Share on other sites

The free online scan/clean with the highest detection rate:

http://www.eset.com/onlinescan/

Excuse me for a small hijacking: I click on Eset online scanner and accept the terms. A new window pop up all light blue - with a red X up in left corner only ?

I ran the same test earlier this month, no problem.

Using Kaspersky antivirus.

Have downloaded some games today, Kaspersky report 2 Trojan scanned + blocked.

Also report 4 network attack blocked.

Still only the red X and unable to run the Eset test.

What I do now?

Link to comment
Share on other sites

The free online scan/clean with the highest detection rate:

http://www.eset.com/onlinescan/

Excuse me for a small hijacking: I click on Eset online scanner and accept the terms. A new window pop up all light blue - with a red X up in left corner only ?

I ran the same test earlier this month, no problem.

Using Kaspersky antivirus.

Have downloaded some games today, Kaspersky report 2 Trojan scanned + blocked.

Also report 4 network attack blocked.

Still only the red X and unable to run the Eset test.

What I do now?

What browser are you using?

Link to comment
Share on other sites

IE 8.

Have clear cashe + refresh, still only that red x. Tried 30+ times.

Triend Micro HouseCall not load either ... Stops at 50% install/update.

Download free Dr, Web Cure it, http://www.freedrweb.com/

and run it!

Reboot your computer into save mode and run it from there again.

BTW I suspect your IE has been hijacked

Download from Trend Micro Hijack this http://free.antivirus.com/hijackthis/

run it and post the results.

Install Google Chrome and try to download with it if IE8 fails!

Edited by webfact
Link to comment
Share on other sites

Wow!

Sometimes asking "stupid" questions really reaps unexpected benefits.

While it is true someday I want a bigger hard drive, I don't need it today, so I took the suggestion to run this scanner/fixer:

http://www.eset.com/onlinescan/

I had thought doing such fixes was an involved nightmare. How can it be so easy? The program claimed they cleaned all my threats. In any case, for the time being the computer is behaving as expected and not the viral mess it was before.

BTW, I wasn't kidding:

C:\Documents and Settings\Administrator\Local Settings\Temp\a.exe Win32/TrojanDownloader.FakeAlert.AEJ trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\b.exe Win32/TrojanDownloader.FakeAlert.AHC trojan cleaned by deleting (after the next restart) - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\evxeixfvsq.tmp a variant of Win32/Kryptik.AFB trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\rasvsnet.tmp Win32/TrojanDownloader.FakeAlert.AHH trojan deleted - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\TDSSb968.tmp Win32/Patched.AE virus deleted - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\UAC8087.tmp Win32/Olmarik.IF virus deleted - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\UACd8b9.tmp a variant of Win32/Kryptik.ACC trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\xpre.tmp a variant of Win32/TrojanDownloader.VB.NWU trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\~TMCBC.tmp Win32/TrojanDownloader.Bredolab.AA trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\rncsys32.exe Win32/TrojanDownloader.Bredolab.AA trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\a.exe a variant of Win32/Kryptik.O trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\msxml71.dll Win32/TrojanDownloader.FakeAlert.AGZ trojan cleaned by deleting (after the next restart) - quarantined

C:\WINDOWS\system32\tdssadw.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdssl.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdsslog.dll Win32/Agent.OBU trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdssmain.dll Win32/Agent.OGC trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdssserf.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdssserf1.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\UACltewpydgwq.dll Win32/Olmarik.KI trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\xa.tmp probably a variant of Win32/TrojanDownloader.Agent.OYU trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\drivers\svchost.exe a variant of Win32/Kryptik.T trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\drivers\UACpuemjixdlx.sys a variant of Win32/Olmarik.HI trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS2145.tmp Win32/Agent.OGC trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS2e64.tmp Win32/Agent.OBU trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS3e71.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS4567.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS46d7.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS4b81.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS6199.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS790e.tmp a variant of Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSSe3de.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSSf284.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSSfe3c.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\wpv931243627542.exe a variant of Win32/Rustock.NKU trojan deleted - quarantined

Operating memory Win32/TrojanDownloader.FakeAlert.AHC trojan

Edited by Jingthing
Link to comment
Share on other sites

There aint no such thing as a stupid question - only stupid answers.

Clearly you have persevered and won this round.

Mostly viruses, et al, will simply suck the HP outa ya machine - huge overhead - which does make the Net experience even worse here in Thailand

No matter what flavor of M$ product one uses, there is a new attack waiting for ya - thats a money-back guarantee.

Rarely will they fry anything, unless operator/user gets real inventive.

Older HDD die of old age & use & neglect

I only use Linux on the net - never had infection one - I do use M$ for other purposes

Install something simple like MiniMe 09 and dual boot. Its that simple - a 10 minute install.

Its the same in real life here in Thailand - ya gonna get stung - so be careful out there - always minimize the risks

Linux is such a no-brainer solution - its actually quicker and simpler to install today than any M$ O/S.

Buy yourself a new HDD & install MM09 - it will run like a fresh rocketship.

Link to comment
Share on other sites

I recommend Avira Antivir Personal which is free for personal use and has excellent virus detection rates. This will provide you with a Guard/Shield/ON Access Scanner (whatever you name it, the one that runs all the time and checks files before you access them). The Guard is important since it will catch most of the viruses/malwares BEFORE they can infect your system.

Combine this with a free On Demand malware scanner, e.g. Malwarebyte's Malware Scanner. 'On Demand' means you have to start the program to scan your computer. You can do that once a week/month for your whole computer or whenever you have suspicious files (e.g. downloaded files, email attachments). You can also use one of the online scanners which are also free.

There is not the one best anti-virus sofware that catches 100% of infections, even NOD32 cannot do that. However, if you are willing to pay, NOD32 is probably a good solution, since it combines anti-virus AND malware functions and shines on both.

I personally do not like to get a cracked version of NOD32. Besides legal issues, I had to look after computers running NOD32 in the past where the update process had stopped working - and the best-antivirus software sucks if you don't do regularly updates...

Another advantage of Avira's free version is that you can do offline updates, meaning updates without an internet connection. This is really usefull for computers that are not connected to the internet. In Thailand you still find many users with a computer but without internet, and those computers are still at a great risk of being infected with viruses by means of corrupted software installs or shared thumb drives.

EDIT: of course I forgot to mention that Avira's free version has a slightly annoying 'nag screen' that displays every couple of days after an update and encourages you to buy the full version. But for me this is acceptable, just click the big OK button and the window is gone.

welo

Edited by welo
Link to comment
Share on other sites

Wow!

Sometimes asking "stupid" questions really reaps unexpected benefits.

While it is true someday I want a bigger hard drive, I don't need it today, so I took the suggestion to run this scanner/fixer:

http://www.eset.com/onlinescan/

I had thought doing such fixes was an involved nightmare. How can it be so easy? The program claimed they cleaned all my threats. In any case, for the time being the computer is behaving as expected and not the viral mess it was before.

BTW, I wasn't kidding:

C:\Documents and Settings\Administrator\Local Settings\Temp\a.exe Win32/TrojanDownloader.FakeAlert.AEJ trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\b.exe Win32/TrojanDownloader.FakeAlert.AHC trojan cleaned by deleting (after the next restart) - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\evxeixfvsq.tmp a variant of Win32/Kryptik.AFB trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\rasvsnet.tmp Win32/TrojanDownloader.FakeAlert.AHH trojan deleted - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\TDSSb968.tmp Win32/Patched.AE virus deleted - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\UAC8087.tmp Win32/Olmarik.IF virus deleted - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\UACd8b9.tmp a variant of Win32/Kryptik.ACC trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\xpre.tmp a variant of Win32/TrojanDownloader.VB.NWU trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\~TMCBC.tmp Win32/TrojanDownloader.Bredolab.AA trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\rncsys32.exe Win32/TrojanDownloader.Bredolab.AA trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\a.exe a variant of Win32/Kryptik.O trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\msxml71.dll Win32/TrojanDownloader.FakeAlert.AGZ trojan cleaned by deleting (after the next restart) - quarantined

C:\WINDOWS\system32\tdssadw.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdssl.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdsslog.dll Win32/Agent.OBU trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdssmain.dll Win32/Agent.OGC trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdssserf.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdssserf1.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\UACltewpydgwq.dll Win32/Olmarik.KI trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\xa.tmp probably a variant of Win32/TrojanDownloader.Agent.OYU trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\drivers\svchost.exe a variant of Win32/Kryptik.T trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\drivers\UACpuemjixdlx.sys a variant of Win32/Olmarik.HI trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS2145.tmp Win32/Agent.OGC trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS2e64.tmp Win32/Agent.OBU trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS3e71.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS4567.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS46d7.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS4b81.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS6199.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS790e.tmp a variant of Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSSe3de.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSSf284.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSSfe3c.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\wpv931243627542.exe a variant of Win32/Rustock.NKU trojan deleted - quarantined

Operating memory Win32/TrojanDownloader.FakeAlert.AHC trojan

hahaha, your computer sounds like it was an infested mess.

Link to comment
Share on other sites

Wow!

Sometimes asking "stupid" questions really reaps unexpected benefits.

While it is true someday I want a bigger hard drive, I don't need it today, so I took the suggestion to run this scanner/fixer:

http://www.eset.com/onlinescan/

I had thought doing such fixes was an involved nightmare. How can it be so easy? The program claimed they cleaned all my threats. In any case, for the time being the computer is behaving as expected and not the viral mess it was before.

BTW, I wasn't kidding:

C:\Documents and Settings\Administrator\Local Settings\Temp\a.exe Win32/TrojanDownloader.FakeAlert.AEJ trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\b.exe Win32/TrojanDownloader.FakeAlert.AHC trojan cleaned by deleting (after the next restart) - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\evxeixfvsq.tmp a variant of Win32/Kryptik.AFB trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\rasvsnet.tmp Win32/TrojanDownloader.FakeAlert.AHH trojan deleted - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\TDSSb968.tmp Win32/Patched.AE virus deleted - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\UAC8087.tmp Win32/Olmarik.IF virus deleted - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\UACd8b9.tmp a variant of Win32/Kryptik.ACC trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\xpre.tmp a variant of Win32/TrojanDownloader.VB.NWU trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\~TMCBC.tmp Win32/TrojanDownloader.Bredolab.AA trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\rncsys32.exe Win32/TrojanDownloader.Bredolab.AA trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\a.exe a variant of Win32/Kryptik.O trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\msxml71.dll Win32/TrojanDownloader.FakeAlert.AGZ trojan cleaned by deleting (after the next restart) - quarantined

C:\WINDOWS\system32\tdssadw.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdssl.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdsslog.dll Win32/Agent.OBU trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdssmain.dll Win32/Agent.OGC trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdssserf.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\tdssserf1.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\UACltewpydgwq.dll Win32/Olmarik.KI trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\xa.tmp probably a variant of Win32/TrojanDownloader.Agent.OYU trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\drivers\svchost.exe a variant of Win32/Kryptik.T trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\drivers\UACpuemjixdlx.sys a variant of Win32/Olmarik.HI trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS2145.tmp Win32/Agent.OGC trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS2e64.tmp Win32/Agent.OBU trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS3e71.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS4567.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS46d7.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS4b81.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS6199.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSS790e.tmp a variant of Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSSe3de.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSSf284.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\TDSSfe3c.tmp Win32/Agent.ODG trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\wpv931243627542.exe a variant of Win32/Rustock.NKU trojan deleted - quarantined

Operating memory Win32/TrojanDownloader.FakeAlert.AHC trojan

wow! Thats a mess. Advise: do NOT restore your system with system restore. Your daily nightmare will be back!!!

Not sure if an online scanner can access the system restore folder and clean it. Better watch out!

Link to comment
Share on other sites

wow! Thats a mess. Advise: do NOT restore your system with system restore. Your daily nightmare will be back!!!

Not sure if an online scanner can access the system restore folder and clean it. Better watch out!

That's a good point! I am not sure though read access is limited for online scanners, since activeX components can do pretty everything as soon as you allow them to install - there is nothing like an activeX sandbox limiting access AFAIK.

I found a few articles on antivirus software and system restore. It seems there are sometimes issues where antivirus software can read but not delete files in the system restore folder. I am not sure though this is still an issue with antivirus software nowadays - if I'm not mistaken I remember cleaning viruses from these folders without problems.. Does anybody know more about this?

@Jingthing

1.

I really encourage you to install an antivirus software with real-time protection (aka 'Guard'/'Shield'), here twopopular picks:

  • Avira Antivirus Personal (free of charge for personal use) - download here
  • ESET NOD32 Antivirus (1 yr=25 USD, 2 yrs=38 USD, free 30 day trial) - download here

It will prevent most if not all infections and make your life a lot easier, and it is really not that complicated to install! :)

2.

You better scan your computer with a second antivirus software. Remember, not even the best antivirus software can detect 100% of viruses, and since you had a severly infected computer there was probably a backdoor open to bring in more of these bastards..

If you install one of the antivirus software mentioned above, just do an update after install and run a full computer scan.

welo

Link to comment
Share on other sites

@Jingthing

I checked out two of the viruses that were found on your computer:

Win32/TrojanDownloader. Bredolab.AA - The trojan tries to download several files from the Internet. The files are then executed.

Win32/Agent.ODG is a trojan used for delivery of unsolicited advertisements. The trojan is sent data and commands from a remote computer or the Internet. It uses techniques common for rootkits.

The second one can be difficult to get rid off, check out the article here to get an idea. But I understand that you are a pretty lazy chap (when it comes to your computer..) so - if you really cannot be bothered to take care for your computer properly - just run the virus online scan again in a week or so and see if the virus is still there.

In your situation I would recommend a fresh install anyway, so better get your new harddisk and do a clean re-install (and install an antivirus software this time :) )

welo

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...