Results 1 to 12 of 12

Thread: Weird virus!!!!!!!!!

  1. #1

    Thread Starter
    Interweb adm/o/distrator Paul M's Avatar
    Join Date
    Nov 2006
    Location
    Australia, Melbourne
    Posts
    2,306

    Weird virus!!!!!!!!!

    Wow!! It appears to have changed my Wallpaper with the main title/part reading "Warning Your're in Danger! Your computer is infected with spyware!"

    Notice the spelling error Your're very suss indeed. It has applied another Security Center icon in the system control panel and appears to have installed some virus scanner called System Security Version 4.51. The new red shield icon continuously displays a message saying to install the last update of windows security software...

    What scanner should i use immediately?! I can if required perform a reformat im not fussed but this is really freaky. Any help at all would be awesome!!

  2. #2

    Thread Starter
    Interweb adm/o/distrator Paul M's Avatar
    Join Date
    Nov 2006
    Location
    Australia, Melbourne
    Posts
    2,306

    Re: Weird virus!!!!!!!!!

    What's even worse is i can't packetlog with Wireshark!! The interfaces aren't available

    [Update:]
    Pretty easy virus to remove the icons are still there though. It installed a shortcut which i checked the shortcut path and it let to the application data folder in Documents and Settings so i deleted to folders with weird numbered names after stopping the processes that seemed odd. About to scan with the Malicious Removal tool from Windows and some other Spybot Scanner i just downloaded. Any ideas?
    Last edited by Paul M; May 19th, 2009 at 07:11 PM.

  3. #3

    Thread Starter
    Interweb adm/o/distrator Paul M's Avatar
    Join Date
    Nov 2006
    Location
    Australia, Melbourne
    Posts
    2,306

    Re: Weird virus!!!!!!!!!

    Wireshark seems to show no signs of packets being sent/received now and the removal tool removed 2 infected files after i removed the ones i found suspicious manually. Seems alright now but any knowledge would be great just for reference i am uncertain how this happened. I don't use torrents, warez sites or even limewire or anything. And when i use limewire i make sure i am not sharing anything. I ahevn't downloaded anything or done any suspicious updates (i only do Microsoft Visual Studio, Game and other Microsoft related updates anyway) anyone who can shed some light on this event well thanks

  4. #4
    PowerPoster Nightwalker83's Avatar
    Join Date
    Dec 2001
    Location
    Adelaide, Australia
    Posts
    13,344

    Re: Weird virus!!!!!!!!!

    Have you tried AVGFree or AVAST to try and remove the remove the virus?
    when you quote a post could you please do it via the "Reply With Quote" button or if it multiple post click the "''+" button then "Reply With Quote" button.
    If this thread is finished with please mark it "Resolved" by selecting "Mark thread resolved" from the "Thread tools" drop-down menu.
    https://get.cryptobrowser.site/30/4111672

  5. #5

    Thread Starter
    Interweb adm/o/distrator Paul M's Avatar
    Join Date
    Nov 2006
    Location
    Australia, Melbourne
    Posts
    2,306

    Re: Weird virus!!!!!!!!!

    Like i already mentioned the Virus has been removed, just wondering how it got on and what damage it may have caused while on. After analysing my computer and checking it over (includes scanning) everything seems aye ok but would rather be sure maybe someone has experienced a similar case where the Wallpaper changes and a fake/untrustworthy virus scanner is installed?

  6. #6
    coder. Lord Orwell's Avatar
    Join Date
    Feb 2001
    Location
    Elberfeld, IN
    Posts
    7,621

    Re: Weird virus!!!!!!!!!

    spybot may be necessary. The fake virus scanner is a common one. They install viruses which they then detect and ask for money to remove them. Been going on for a while.

    You might have trouble changing your wallpaper back. I would run spybot anyway just to make sure. Then leave teatimer running afterwards. It won't let any new processes launch without your permission, unless they are on a "whitelist" of known safe ones.

    edit: also never click on a page that says "your browser is infected" and then starts a fake scan. My mother in law did this. Net result is a new laptop. The system was bogged down at 100% cpu usage for such a long time that the graphics chip is bad, possibly from overheating.
    Last edited by Lord Orwell; May 20th, 2009 at 03:19 PM.

  7. #7

    Thread Starter
    Interweb adm/o/distrator Paul M's Avatar
    Join Date
    Nov 2006
    Location
    Australia, Melbourne
    Posts
    2,306

    Re: Weird virus!!!!!!!!!

    Yea there is tonnes of weird stuff still happening quick you have virus things popping up and some sys32.dll error. I'm gonna try running spybot and try this teatimer thing. And apparently my brother believes he may have opened a unsafe email by accident the other day which could of caused this.
    Last edited by Paul M; May 21st, 2009 at 10:37 AM.

  8. #8
    Lively Member Shaq's Avatar
    Join Date
    May 2009
    Location
    Rhode Island
    Posts
    89

    Re: Weird virus!!!!!!!!!

    I've had something similar happen to me. It changed my wallpaper to some fake warning, and wouldn't let me access a lot of stuff. And it changed my clock to WARNING! or something.

    I scanned with spyware doctor and it detected a lot of stuff. Then I removed it and it said I had to restart my computer. I restarted, and it wouldn't boot back up, it just went to the picture of grass. So I had to format my hard drive and it really sucked... I wish I had a Mac.

    ^Spybot isn't really that good I only use it for teatimer. There are better free scanners out there, like AVG and malwarebytes and others.

  9. #9
    coder. Lord Orwell's Avatar
    Join Date
    Feb 2001
    Location
    Elberfeld, IN
    Posts
    7,621

    Re: Weird virus!!!!!!!!!

    i never had any luck with other ones. spybot only let me down in one area: internet explorer addons were not removed. I manually disabled them.

  10. #10
    PowerPoster stanav's Avatar
    Join Date
    Jul 2006
    Location
    Providence, RI - USA
    Posts
    9,289

    Re: Weird virus!!!!!!!!!

    Delete all temp files and temp internet files, then using system restore to restore your computer to a previous state normally will get rid of this sick fake virus warning. As for how your computer gets infected by this trojan: just by browsing the Internet. If you're visiting a webpage that is infected by malware, there's a great chance that your computer is infected too. Those sick bastards browser code injection techniques to insert malicious code into the page's source (for example, injecting an invisible iframe which contains code to do bad stuff) and bang, you get infected if you happen to visit that page.
    Let us have faith that right makes might, and in that faith, let us, to the end, dare to do our duty as we understand it.
    - Abraham Lincoln -

  11. #11
    Frenzied Member TheBigB's Avatar
    Join Date
    Mar 2006
    Location
    *Stack Trace*
    Posts
    1,511

    Re: Weird virus!!!!!!!!!

    If you can still see all the tabs in desktop properties, you're probably fine, otherwise don't waste time trying a million things and just format your system.

    Download Hijackthis from TrendMicro and if you can do it yourself take out the processes you don't know, or if you need assistance post an output log in this thread.

    By the way, if you've done this and the virus is still bugging you delete the contents of "Windows\Prefetch". It's quite an uncommon place for amateur virusses to hide, but you never know.
    Delete it. They just clutter threads anyway.

  12. #12
    coder. Lord Orwell's Avatar
    Join Date
    Feb 2001
    Location
    Elberfeld, IN
    Posts
    7,621

    Re: Weird virus!!!!!!!!!

    Quote Originally Posted by stanav View Post
    Delete all temp files and temp internet files, then using system restore to restore your computer to a previous state normally will get rid of this sick fake virus warning. As for how your computer gets infected by this trojan: just by browsing the Internet. If you're visiting a webpage that is infected by malware, there's a great chance that your computer is infected too. Those sick bastards browser code injection techniques to insert malicious code into the page's source (for example, injecting an invisible iframe which contains code to do bad stuff) and bang, you get infected if you happen to visit that page.
    these exploits are browser-dependent however. An exploit that works on IE will fail on firefox or opera. In IE, if you leave UAC on, you will get a prompt to install xml addons. NEVER let it install. once installed, malicious code no longer even needs permission to run.

    I also have seen a recent trend where spyware writers have bought banner ads with malicious code in the ad. That antivirus 2009 crap? I got redirected to there once from microsoft's website!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width