Personal computing discussed

Moderators: renee, Dposcorp

 
tanker27
Gerbil Khan
Topic Author
Posts: 9444
Joined: Tue Feb 26, 2002 7:00 pm
Location: Georgia

I've been got!

Tue Mar 12, 2013 6:21 am

So its been a long time since I have been bitten by some nefarious 'bug'. Well I have been got. I know something is going on as I keep getting a corrupted file error in My Documents and when I shut down theres some weird programs (they are different each time) running that pop up to say they are running. I'm never quick enough to write down names but I feel that even if I did the internet wouldn't turn up anything.

Whatever this bug is its elluding all my favorite tools to try and root it out. In fact I think it may be a root kit that is calling home. I may just blow away my Windows 7 installation and start fresh because its been awhile. But I would like to try and discover what this 'bug' is.

So far the following isnt showing up anything:

Stinger
CCleaner
Hijack This
BitDefender
Panda Active scan

So tell me what do you use and I will try it out!
(\_/)
(O.o)
(''')(''')
Watch out for evil Terra-Tron; He Does not like you!
 
steelcity_ballin
Gerbilus Supremus
Posts: 12072
Joined: Mon May 26, 2003 5:55 am
Location: Pittsburgh PA

Re: I've been got!

Tue Mar 12, 2013 6:43 am

I still like spybot well enough to use it with malwarebytes and MSSE. If a safemode full scan with your best software isn't grabbing it, I'm not sure what else to suggest. Have you looked in your startup and services using MSCONFIG to see if anything looks suspicious?
 
tanker27
Gerbil Khan
Topic Author
Posts: 9444
Joined: Tue Feb 26, 2002 7:00 pm
Location: Georgia

Re: I've been got!

Tue Mar 12, 2013 6:46 am

Ahh I have forgotten MSCONFIG, I will definitely use that tonight.
(\_/)
(O.o)
(''')(''')
Watch out for evil Terra-Tron; He Does not like you!
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: I've been got!

Tue Mar 12, 2013 6:58 am

Malwarebytes is definitely worth a try.

But with an infection this persistent nuke from orbit is the best option.
Nostalgia isn't what it used to be.
 
GrimDanfango
Gerbil First Class
Posts: 112
Joined: Sun May 10, 2009 9:53 am

Re: I've been got!

Tue Mar 12, 2013 7:06 am

Nah, time for a backup, wipe, and fresh install. I like to think of viruses as reminders to do some digital housekeeping :-P

Actually, truth be told I haven't been got in a long time... certainly not since Windows 7. I know nothing is watertight, but it's alarming that stuff is getting into Win 7 now.


I still hold with my conspiracy theories about virus checkers... I haven't had a virus checker installed on my system for the last decade, XP or 7, and I've gotten noticably less viruses than all my friends/family who have. I reckon they throw an occasional virus in themselves just to stop people getting complacent and considering stopping using one.
Of course, it could just be that I'm careful, and anything remotely suspect gets either run in a sandbox, or uploaded to virscan.org before I run it. I prefer the conspiracy theory though.
 
tanker27
Gerbil Khan
Topic Author
Posts: 9444
Joined: Tue Feb 26, 2002 7:00 pm
Location: Georgia

Re: I've been got!

Tue Mar 12, 2013 7:31 am

Grim, I hear ya. This is my first in about a decade and certainly my first for Win 7. So yeah a Nuke from orbit is probably what I am going to do. I also used to run nothing but since MSSE is free I run that and only that, its served me well.

The good thing about all of this is windows is the only thing on C:\ and its a SSD, everything else has been moved to my other HDDs so a nuke would be fairly painless.
(\_/)
(O.o)
(''')(''')
Watch out for evil Terra-Tron; He Does not like you!
 
nanoflower
Gerbil Team Leader
Posts: 281
Joined: Wed Mar 04, 2009 1:10 pm

Re: I've been got!

Tue Mar 12, 2013 7:40 am

My own favorite is Dr Web Live CDhttp://www.freedrweb.com/livecd/?lng=en but you probably need to download and burn it on a separate system. What I like about it is that not only does it work from a CD (so the software can't be corrupted by a virus) but the software can connect through the Internet and update itself before checking your system out.

I do agree that you probably need to start from scratch but it wouldn't hurt to know just what has infected your system. That way you might be able to make sure whatever protection you are using in the future can protect you from that virus.
 
pfntn
Gerbil
Posts: 91
Joined: Mon Sep 11, 2006 4:14 pm
Location: Knoxville

Re: I've been got!

Tue Mar 12, 2013 8:04 am

You might want to try tdsskiller. It's Kaspersky's rootkit scanner. I've yet to run anything needing it so far, but it's in the toolbox.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: I've been got!

Tue Mar 12, 2013 8:21 am

I have to wonder how long it'll be before a major Linux virus spreads and takes down a bunch of us overly-complacent Linux users. Probably just a matter of time... :lol:
Nostalgia isn't what it used to be.
 
Captain Ned
Global Moderator
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: I've been got!

Tue Mar 12, 2013 8:23 am

just brew it! wrote:
I have to wonder how long it'll be before a major Linux virus spreads and takes down a bunch of us overly-complacent Linux users. Probably just a matter of time... :lol:

Oh, the daughter will probably find it first.
What we have today is way too much pluribus and not enough unum.
 
tanker27
Gerbil Khan
Topic Author
Posts: 9444
Joined: Tue Feb 26, 2002 7:00 pm
Location: Georgia

Re: I've been got!

Fri Mar 15, 2013 6:10 am

So yesterday I nuked the Windows install. I gave it my best shot at trying to identify this awful malware but it was just too dang persistent. I decided to use one of my MSDN keys and install Windows 8 Pro i'll have to give my opinions and observations on it in another thread.
(\_/)
(O.o)
(''')(''')
Watch out for evil Terra-Tron; He Does not like you!
 
FireGryphon
Darth Gerbil
Posts: 7729
Joined: Sat Apr 24, 2004 7:53 pm
Location: the abyss into which you gaze

Re: I've been got!

Fri Mar 15, 2013 6:31 am

tanker27 wrote:
So yesterday I nuked the Windows install. I gave it my best shot at trying to identify this awful malware but it was just too dang persistent. I decided to use one of my MSDN keys and install Windows 8 Pro i'll have to give my opinions and observations on it in another thread.


I hope you made sure to erase all parts of the disk before you installed W8.
Sheep Rustlers in the sky! <S> Slapt | <S> FUI | Air Warrior II/III
 
tanker27
Gerbil Khan
Topic Author
Posts: 9444
Joined: Tue Feb 26, 2002 7:00 pm
Location: Georgia

Re: I've been got!

Fri Mar 15, 2013 7:00 am

yup.
(\_/)
(O.o)
(''')(''')
Watch out for evil Terra-Tron; He Does not like you!

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On