Virus

[[THANATOS].Shiver-]

So apparently I have some virus/trojan/worm on my computer right now. It's the first serious one I've ever had in 4-5 years with this computer, so I'm satisfied with how long it took.

I knew something was just off earlier today... not sure what. As I was sitting there, the little shield with the X in it said that I need to turn my Automatic Updates back on - I clicked the thing in it and it said the security center couldn't do it, and to go to the CP and do it. I went to the CP, and it said they were already automatically on. I start a virus scan with Avast 4.8. During this scan, a shortcut is added to my desktop that says "Gay Fetish Sex"... awesome. Has an icon and everything.

Cleared my cookies, continued to deny "program internet" requests with my firewall. A bubble popped up that said "HALT:...." and something about my security being goofy. Being tired, I clicked it... it didn't do anything and I stopped for a second and realized what I probably just clicked.

The bubble was the same as the red shield with the X, and realized it was probably a virus hoax one. I immediately turned my computer off. Tried to turn it back on and... amazing. It kept getting to the Windows loading thing, and then restarting again. I took off my wireless adapter antenna so it couldn't keep trying to access the internet (had my firewall blocking its access attempts).

Restarted in Safe Mode... that worked okay. Tried running Avast again to get rid of this shit, and after so much time (tried this 2-3 times), the computer would automatically turn itself off. I tried to do a system restore... when I would click next for it to actually start... wouldn't do anything. So I restarted, and brought it in with the "last known settings to work" basically. Finally got it to load up... running Avast, but now I've encountered ANOTHER problem. I've tried this twice, just with a simple standard scan, but it keeps stopping at 68% complete (having found nothing) in the process of scanning "C:\WINDOWS\system32"... and not only is it stopping, but the entire screen is locked up except Avast itself. Nothing can be clicked except buttons in Avast, and the Avast buttons only have like the little animations they have when you hover over them. If I click pause, it pauses as it should, but when I tried to stop it earlier, it froze. I can't move the window to the virus scan around either.

The two shortcuts it has put on my desktop are "Gay Fetish Sex" and "Best BDSM Porn." I went into their properties to see if they'd show the source on my HD where they are, but they're internet shortcuts (to sites with pretty much those exact names). I have no idea what this/these virus(es) are called, and am not sure how else to approach this - I'm running out of ideas. I was thinking of running Ad-aware next, but I don't think I would get any results. I need this virus scan to stop locking up so I can get rido f this shit.

Help?

[[THANATOS].-Hades]

Thepiratebay.com

ESET Nod32 beta v4. That should fix it, if not download miniPE, burn, and boot off of that and run all the cleanup programs.

[[THANATOS].Shiver-]

If this doesn't fix it, I may have to do that.

With its constant scanning, Avast actually found some things... both the trojans are the same thing in different locations. I wrote it all down (and am editing and adding them in as I go):

1st one:
C:\WINDOWS\system32\urqPiFUk.dll
Win32: Monder-GB [Trj]
Trojan Horse

2nd one:
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABD
Win32: Monder-GB [Trj]
Trojan Horse

3rd one:
C:\WINDOWS\system32\msiconf.exe
Win32: Trojan-gen {Other}
Virus/Worm

4th one:
C:\WINDOWS\system32\senekakodwqipo.dll
Win32: Trojan-gen {Other}
Virus/Worm

I still have it scanning, but that's what it's picked up so far (finally).

[[THANATOS].-Hades]

You better stop posting more than me or I will have to hunt you down. I have to be the first to 100 posts.

[[THANATOS].Shiver-]

I had the top post count on our old forums by 1000+, and I will here as well. Accept that, twatwaffle. :violin:

[=[C]=Maj_Dick=[C]=]

adawre has its own built in spyware for its own marketting purposes that it intentionally ignores on scans. Spybot search and destroy works good

Wopti untilities is great for registry and defragging and stuff.

[[THANATOS].-Hades]

Fuck you shiver. But we should unite in this venture since Angel spammed 1000+ posts and she's being a bitch. As long as Angel isn't winning, I'm happy.

[[THANATOS].Homebrew]

What kind of porn are you watching??!?!
Just stick with the regular shit and you won't get these things. You must of really been sinning to get a bad one like that. Equine penis and human vag aren't a turn on...and you are training to be a Vet..

[[THANATOS].-Hades]

[THANATOS Wrote:.Homebrew"]What kind of porn are you watching??!?!
Just stick with the regular shit and you won't get these things. You must of really been sinning to get a bad one like that. Equine penis and human vag aren't a turn on...and you are training to be a Vet..

LMAOLMAOLMAO

[[THANATOS].Sneye.GT]

If your'e able to get to safe mode, you can probably get to safe mode with inet. If so, try to get to Panda free anti-virus scan, another good one is Trend Micro anti-virus. Both have very good free online scanners. Chances are good that either/both will take care of our problem.

[[THANATOS].Shiver-]

Panda wouldn't work for me. I'm doing TrendMicro online's scanner right now. Any other suggested approaches? At the moment, I have Firefox windows popping up once in a while trying to access malicious sites that Avast is blocking, as well as random sites (it seems).

[[THANATOS].Metal]

You have a browser hijacker. Sometimes they set your desktop photo to a website and other such bullshit, but the main thing is you'll be playing "kill the popups" until its gone.

What we're going to need to do is get you into safe mode and remove the registry key(s) that this fucker has embedded into your OS, and then delete the virus.

Remind me on vent and I'll walk you through the process.

[[THANATOS].Shiver-]

[THANATOS Wrote:.Metal"]You have a browser hijacker. Sometimes they set your desktop photo to a website and other such bullshit, but the main thing is you'll be playing "kill the popups" until its gone.

What we're going to need to do is get you into safe mode and remove the registry key(s) that this fucker has embedded into your OS, and then delete the virus.

Remind me on vent and I'll walk you through the process.

I also have 2 shortcuts to websites on my desktop, rather than my desktop being set to something. I should be on vent later tonight if you're up to the task. Avast has been removing .dll after .dll from the system32, along with viruses, root somethings, and a few trojans here and there - not all from that folder, but many of them.

Until I get rid of this thing, I don't feel comfortable doing any of my online financial stuff.

[[THANATOS].Metal]

Yeah, the last thing you want to do is pay a bill or check your bank statement. Some of these things are NASTY and have keyloggers which will pickup your login information including passwords, and card #'s.

Until you remove this bitch from the registry, it will keep reinstalling itself every time you are connected to the internet, so removing the virus(es) does you no good until you are clean on the OS end.

If you have the time we can nip this in the bud right now.

[[THANATOS].Shiver-]

I would, but I'm at work right now. Get off at 10, but I'm trying to get off earlier so I can watch the OSU/Texas game at 8:20.