major virus problem

  • Thread starter Thread starter joshbowen83
  • Start date Start date
J

joshbowen83

Let's see if you guys can help me. I installed a program that was
supposed to improve the functionality of another program, but it had a
suspicious filename. So, I scanned the downloaded file with avast
antivirus, and it was "clean." it asked to extract files to a certain
location, so i put in my jumpdrive, just in case. it extracted files
and executed some files, which flashed all over the screen and i didn't
catch the names. i immediately removed my network cord, unplugged my
external hard drives, restarted my computer, scanned my comp with the
avast, and everything seemed fine. before i did this and after, the
windows firewall had been removed and can't be reactivated. i get an
error message when doing so. i ran a system file check and rebooted,
and it didn't fix the problem. would a repair install help? right
now, i'm running the latest knoppix live cd. it's finals time, and
hopefully somebody can help me out pretty quickly. thanks
 
From: <[email protected]>

| Let's see if you guys can help me. I installed a program that was
| supposed to improve the functionality of another program, but it had a
| suspicious filename. So, I scanned the downloaded file with avast
| antivirus, and it was "clean." it asked to extract files to a certain
| location, so i put in my jumpdrive, just in case. it extracted files
| and executed some files, which flashed all over the screen and i didn't
| catch the names. i immediately removed my network cord, unplugged my
| external hard drives, restarted my computer, scanned my comp with the
| avast, and everything seemed fine. before i did this and after, the
| windows firewall had been removed and can't be reactivated. i get an
| error message when doing so. i ran a system file check and rebooted,
| and it didn't fix the problem. would a repair install help? right
| now, i'm running the latest knoppix live cd. it's finals time, and
| hopefully somebody can help me out pretty quickly. thanks

Next time submit suspicious files to Virus total.
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
 
Let's see if you guys can help me. I installed a program that was
supposed to improve the functionality of another program,
Click to expand...

Perhaps the oldest ruse in the book. You should contact the author
of the "enhancement" program and ask for help. If you cannot contact
the author (such as is usually the case with a dowloaded crack from p2p
written by some anonymous lugghead), you should not have executed
the program.

AV can't save you from this kind of bad behaviour.
but it had a
suspicious filename. So, I scanned the downloaded file with avast
antivirus, and it was "clean."
Click to expand...

No AV program can make that determination. If yours claims to then
it (they) are lying to you. More likely is that you assumed "no virus was
found in the scan" is the same as "clean", in which case you assumed too
much - and ran it anyway.
it asked to extract files to a certain
location, so i put in my jumpdrive, just in case. it extracted files
and executed some files, which flashed all over the screen and i didn't
catch the names. i immediately removed my network cord, unplugged my
external hard drives, restarted my computer, scanned my comp with the
avast, and everything seemed fine. before i did this and after, the
windows firewall had been removed and can't be reactivated. i get an
error message when doing so. i ran a system file check and rebooted,
and it didn't fix the problem. would a repair install help? right
now, i'm running the latest knoppix live cd. it's finals time, and
hopefully somebody can help me out pretty quickly. thanks
Click to expand...

Follow David Lipman's advice to help you now, my post won't help you
until the "next time" you find yourself wanting to execute some unknown
program from some no-account anonymous lugghead
 
Per (e-mail address removed):
So, I scanned the downloaded file with avast
antivirus, and it was "clean." it asked to extract files to a certain
location, so i put in my jumpdrive, just in case. it extracted files
and executed some files, which flashed all over the screen and i didn't
catch the names.
Click to expand...

I don't know much about viruses (virii?), but it seems to me like it didn't have
to be a virus - just an executable with bad intentions, which I wouldn't expect
any anti-virus program to spot unless it was some sort of widely-occurring exec.
 
you need make a report,so it seems your system some information
,autorun etc

you can use hijikethis or others.

if use hijikethis,just do a search ,it also has a log submit page.
 
(PeteCresswell) said:
Per (e-mail address removed):

I don't know much about viruses (virii?), but it seems to me like it didn't have
to be a virus - just an executable with bad intentions,
Click to expand...

Many people use the term virus to refer to malware or even the botched
installation of a well meaning product. To them virus = sick computer.

Always trying to clarify this to others' gets tedious. :(

....and as for viruses vs. virii - who cares!?

I have a virus
I have more than one virus
I have several more than one virus
I have so many more than one virus that I am about ready to reformat
and reinstall the OS

Err...hey d00d that's virii or viruses for plural - pick one and be happy
and ignore those that correct your English or Latin language use.
 
trying to post to everyone, hope this works. I plan to use a
hijackthis log and submit it to an IT support area I work at. For now,
i am getting good, fast replies from you guys. if i use hijackthis,
would i be ultimately cleaning my computer until another strand of the
malware was activated, that laid dormant in my machine? should i just
reformat? i'm really just worried about the virus spreading to the
160gb secondary internal hdd. are there any ways i could check the
health of that drive? any suggestions, ways other people would
configure there computer to ensure future problems will not harm other
parts of a computer....let me know your thoughts. thanks oh...by the
way...the file has multiplied itself as different exe files under
different names
 
trying to post to everyone, hope this works. I plan to use a
hijackthis log and submit it to an IT support area I work at. For now,
i am getting good, fast replies from you guys. if i use hijackthis,
would i be ultimately cleaning my computer until another strand of the
malware was activated, that laid dormant in my machine? should i just
reformat?
Click to expand...

Yes. That is the only reliable way to get to a known-clean state.
And it's generally the fastest too if you factor in anything beyond an
easily cleaned malware infection.
 
trying to post to everyone, hope this works. I plan to use a
hijackthis log and submit it to an IT support area I work at.
Click to expand...

Hijackthis is good for identifying some malware by it's infestation and
creation of ways to become resident such as installation of BHO's and
some autostart methods. It won't help with modified executables though.

David's MultiAV tool should also be used IMO.
For now,
i am getting good, fast replies from you guys. if i use hijackthis,
would i be ultimately cleaning my computer until another strand of the
malware was activated, that laid dormant in my machine?
Click to expand...

It is certainly possible, HJT will look for 'installed' malware entries in the
registry. If the malware has made any trojans as a way of reinstantiating
itself then HJT would not be able to find that. If the log analyst can ID
the malware, it is possible to run a removal tool or use a manual removal
proceedure that does indeed identify the trojaned file.

Just as an example, an installed malware could be removed from the system
by editing the registry and deleting the installed executables. But this does no
good in the long run if notepad.exe has been modified to a downloader trojan.
David's tool would be a more comprehensive approach since it would likely
be able to identify a downloader trojan as well as the installed malware exes.
should i just
reformat?
Click to expand...

If you find that easier, by all means do. But just remember that reinstalling
the OS will likely retrograde your patch level.
i'm really just worried about the virus spreading to the
160gb secondary internal hdd. are there any ways i could check the
health of that drive? any suggestions, ways other people would
configure there computer to ensure future problems will not harm other
parts of a computer....let me know your thoughts. thanks oh...by the
way...the file has multiplied itself as different exe files under
different names
Click to expand...

Send one to the virustotal site for identification purposes so we can know
just what it is you've got. It could be a simple thing requiring no reformat,
reinstall, re-patch senario. The multiAV tool should be run as well and will
probably find things you didn't even know you had.
 
David said:
From: "(PeteCresswell)" <[email protected]>

| I don't know much about viruses (virii?), but it seems to me like it didn't have
| to be a virus - just an executable with bad intentions, which I wouldn't expect
| any anti-virus program to spot unless it was some sort of widely-occurring exec.
| --
| PeteCresswell

virii ? -- No !
Click to expand...

ha! we should be so lucky... these days there are so many i don't even
know what the correct roman numerals to put after the 'vir' are...
 
edgewalker wrote:
[snip]
...and as for viruses vs. virii - who cares!?
Click to expand...

perhaps people who don't like to be laughed at...
I have a virus
I have more than one virus
I have several more than one virus
I have so many more than one virus that I am about ready to reformat
and reinstall the OS

Err...hey d00d that's virii or viruses for plural - pick one and be happy
and ignore those that correct your English or Latin language use.
Click to expand...

virii is neither english nor latin... it's numerical... and it's very
small...
 
From: "kurt wismer" <[email protected]>


| ha! we should be so lucky... these days there are so many i don't even
| know what the correct roman numerals to put after the 'vir' are...

:-)
 
kurt wismer said:
edgewalker wrote:
[snip]
...and as for viruses vs. virii - who cares!?
Click to expand...

perhaps people who don't like to be laughed at...
Click to expand...

Then by all means use whichever you think is less laughable among your
peers (or those who would be doing the laughing). Different peer groups
laugh at different things.
virii is neither english nor latin... it's numerical... and it's very
small...
Click to expand...

:))
 
'David H. Lipman' wrote:
| virii ? -- No !
_____

'Virii' is a virus.
It infects unprotected wetware.


Phil Weldon

| From: "(PeteCresswell)" <[email protected]>
|
|
|
|| I don't know much about viruses (virii?), but it seems to me like it
didn't have
|| to be a virus - just an executable with bad intentions, which I wouldn't
expect
|| any anti-virus program to spot unless it was some sort of
widely-occurring exec.
|| --
|| PeteCresswell
|
| virii ? -- No !
|
| http://spl.haxial.net/viruses.html
| http://homepages.tesco.net/~J.deBoynePollard/FGA/plural-of-virus.html
| http://linuxmafia.com/~rick/faq/plural-of-virus.html
|
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|
|
 
Back
Top