I've been got!

The place for all kinds of software for all kinds of operating systems.

Moderator: Dposcorp

I've been got!

Postposted on Tue Mar 12, 2013 6:21 am

So its been a long time since I have been bitten by some nefarious 'bug'. Well I have been got. I know something is going on as I keep getting a corrupted file error in My Documents and when I shut down theres some weird programs (they are different each time) running that pop up to say they are running. I'm never quick enough to write down names but I feel that even if I did the internet wouldn't turn up anything.

Whatever this bug is its elluding all my favorite tools to try and root it out. In fact I think it may be a root kit that is calling home. I may just blow away my Windows 7 installation and start fresh because its been awhile. But I would like to try and discover what this 'bug' is.

So far the following isnt showing up anything:

Stinger
CCleaner
Hijack This
BitDefender
Panda Active scan

So tell me what do you use and I will try it out!
(\_/)
(O.o)
(''')(''')
Wounded Warrior Project
Watch out for evil Terra-Tron; He Does not like you!
tanker27
Darth Gerbil
 
Posts: 7354
Joined: Tue Feb 26, 2002 7:00 pm
Location: Georgia

Re: I've been got!

Postposted on Tue Mar 12, 2013 6:43 am

I still like spybot well enough to use it with malwarebytes and MSSE. If a safemode full scan with your best software isn't grabbing it, I'm not sure what else to suggest. Have you looked in your startup and services using MSCONFIG to see if anything looks suspicious?
Corsair 600T | ASUS P8P67 PRO | Intel 2500k @ 4.4Ghz | EVGA 560 TI | G.SKILL Ripjaws Series 8GB | Corsair HX650 650W
steelcity_ballin
Gerbilus Supremus
Silver subscriber
 
 
Posts: 11924
Joined: Mon May 26, 2003 5:55 am
Location: Pittsburgh PA

Re: I've been got!

Postposted on Tue Mar 12, 2013 6:46 am

Ahh I have forgotten MSCONFIG, I will definitely use that tonight.
(\_/)
(O.o)
(''')(''')
Wounded Warrior Project
Watch out for evil Terra-Tron; He Does not like you!
tanker27
Darth Gerbil
 
Posts: 7354
Joined: Tue Feb 26, 2002 7:00 pm
Location: Georgia

Re: I've been got!

Postposted on Tue Mar 12, 2013 6:58 am

Malwarebytes is definitely worth a try.

But with an infection this persistent nuke from orbit is the best option.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 38101
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: I've been got!

Postposted on Tue Mar 12, 2013 7:06 am

Nah, time for a backup, wipe, and fresh install. I like to think of viruses as reminders to do some digital housekeeping :-P

Actually, truth be told I haven't been got in a long time... certainly not since Windows 7. I know nothing is watertight, but it's alarming that stuff is getting into Win 7 now.


I still hold with my conspiracy theories about virus checkers... I haven't had a virus checker installed on my system for the last decade, XP or 7, and I've gotten noticably less viruses than all my friends/family who have. I reckon they throw an occasional virus in themselves just to stop people getting complacent and considering stopping using one.
Of course, it could just be that I'm careful, and anything remotely suspect gets either run in a sandbox, or uploaded to virscan.org before I run it. I prefer the conspiracy theory though.
GrimDanfango
Gerbil
 
Posts: 71
Joined: Sun May 10, 2009 9:53 am

Re: I've been got!

Postposted on Tue Mar 12, 2013 7:31 am

Grim, I hear ya. This is my first in about a decade and certainly my first for Win 7. So yeah a Nuke from orbit is probably what I am going to do. I also used to run nothing but since MSSE is free I run that and only that, its served me well.

The good thing about all of this is windows is the only thing on C:\ and its a SSD, everything else has been moved to my other HDDs so a nuke would be fairly painless.
(\_/)
(O.o)
(''')(''')
Wounded Warrior Project
Watch out for evil Terra-Tron; He Does not like you!
tanker27
Darth Gerbil
 
Posts: 7354
Joined: Tue Feb 26, 2002 7:00 pm
Location: Georgia

Re: I've been got!

Postposted on Tue Mar 12, 2013 7:40 am

My own favorite is Dr Web Live CDhttp://www.freedrweb.com/livecd/?lng=en but you probably need to download and burn it on a separate system. What I like about it is that not only does it work from a CD (so the software can't be corrupted by a virus) but the software can connect through the Internet and update itself before checking your system out.

I do agree that you probably need to start from scratch but it wouldn't hurt to know just what has infected your system. That way you might be able to make sure whatever protection you are using in the future can protect you from that virus.
nanoflower
Gerbil First Class
Silver subscriber
 
 
Posts: 198
Joined: Wed Mar 04, 2009 1:10 pm

Re: I've been got!

Postposted on Tue Mar 12, 2013 8:04 am

You might want to try tdsskiller. It's Kaspersky's rootkit scanner. I've yet to run anything needing it so far, but it's in the toolbox.
pfntn
Gerbil
 
Posts: 91
Joined: Mon Sep 11, 2006 4:14 pm
Location: Knoxville

Re: I've been got!

Postposted on Tue Mar 12, 2013 8:21 am

I have to wonder how long it'll be before a major Linux virus spreads and takes down a bunch of us overly-complacent Linux users. Probably just a matter of time... :lol:
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 38101
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: I've been got!

Postposted on Tue Mar 12, 2013 8:23 am

just brew it! wrote:I have to wonder how long it'll be before a major Linux virus spreads and takes down a bunch of us overly-complacent Linux users. Probably just a matter of time... :lol:

Oh, the daughter will probably find it first.
Life is hard; but it's harder if you're stupid. Big Al.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 20641
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: I've been got!

Postposted on Fri Mar 15, 2013 6:10 am

So yesterday I nuked the Windows install. I gave it my best shot at trying to identify this awful malware but it was just too dang persistent. I decided to use one of my MSDN keys and install Windows 8 Pro i'll have to give my opinions and observations on it in another thread.
(\_/)
(O.o)
(''')(''')
Wounded Warrior Project
Watch out for evil Terra-Tron; He Does not like you!
tanker27
Darth Gerbil
 
Posts: 7354
Joined: Tue Feb 26, 2002 7:00 pm
Location: Georgia

Re: I've been got!

Postposted on Fri Mar 15, 2013 6:31 am

tanker27 wrote:So yesterday I nuked the Windows install. I gave it my best shot at trying to identify this awful malware but it was just too dang persistent. I decided to use one of my MSDN keys and install Windows 8 Pro i'll have to give my opinions and observations on it in another thread.


I hope you made sure to erase all parts of the disk before you installed W8.
Sheep Rustlers in the sky! <S> Slapt | <S> FUI | Air Warrior II/III
FireGryphon
Darth Gerbil
Gold subscriber
 
 
Posts: 7360
Joined: Sat Apr 24, 2004 7:53 pm
Location: the abyss into which you gaze

Re: I've been got!

Postposted on Fri Mar 15, 2013 7:00 am

yup.
(\_/)
(O.o)
(''')(''')
Wounded Warrior Project
Watch out for evil Terra-Tron; He Does not like you!
tanker27
Darth Gerbil
 
Posts: 7354
Joined: Tue Feb 26, 2002 7:00 pm
Location: Georgia


Return to General Software

Who is online

Users browsing this forum: No registered users and 3 guests