You are here

New Scary Virus *Please Read*

35 posts / 0 new
Last post
Nathan9222
Nathan9222's picture
Offline
Last seen: 2 years 5 months ago
Developer
Joined: 2007-12-06 22:35
New Scary Virus *Please Read*

One of my friends recently got infected with a pretty scary, and very hard (almost impossible) virus to remove. I have been doing all I can to help him remove this virus, but the only solution we got to was re-formatting his hard drive. But I managed to get some of the infected files using ClamwinPortable, so I have been submitting them to as many virus programs as possible to be analyzed. So far I believe they have been making progress, as now many of these files are being detected by most popular virus scanners. I also submitted them to microsoft to be analyzed. Anywho here is a link to what it looks like, and also one of the comments lists some of the sites that if you go to them you will be infected so watch out for them. http://www.xp-vista.com/spyware-removal/spyware-guard-2008-removal-instr...

This thing creates many trojans, and the only way to get back to your files is to boot up in safe mode, (Do this by holding or repeatedly pressing F8 as your computer starts up) I recommend doing it in SafeMode with networking so you can do Microsofts online scanner. It really helps a lot.) Also I read that this virus may steal personal information, so if you can, dont enter anything online when infected with this virus, and also boot in safe mode and remove anything that may contain personal information, such as bank records, email addresses, etc.

Here are some things that it affects

  • It will effect Internet explorer, making it impossible to do anything with it
  • It will somehow disable your virus scanner, making it the default one
  • It will tremendously slow down your computer, most of the time freezing it
  • It regenerates itself continously
  • It will try to trick you into thinking that your computer is infected, and will ask you to buy their product DO NOT PURCHASE THE PRODUCT IT WILL ASK YOU TO BUY, IT IS A SCAM

FoundFix: Do the following...

  • Turn off your infected computer
  • Hold F8 During startup, then select "SafeMode with networking"
  • Wait for startup, then open Internet Explorer, this is the only one that works with microsoft online scanner
  • Go to http://onecare.live.com/site/en-us/default.htm, then click "Full Service Scan" button, then let it install what it needs to install, then when the menu comes up choose quick scan, the one that scans common areas for virus's, run that, then remove what it finds, After that Run the Full System scan, which will then further remove other threats that are created by this virus, after that your computer will start up and now more virus, after that I recommend getting files you wish to keep, and try to run a system restore a couple of days before you remember getting the virus, or just format your harddrive. Hope this helps. Biggrin

That is all I can remember for now, I will post back frequently, but just remember, dont download anything that may be illegal, such as Serials, or keygens, as those are some of the most common ways computers will get a virus's/trojans/spyware/etc.

Jacob Mastel
Offline
Last seen: 3 years 5 months ago
Developer
Joined: 2007-06-13 19:36
HEH yeah I know

I've had 2 different clients get this baby. It's a pain in the . I ended up using a live Linux CD to recover the files and put them onto a flash drive (it's safe because i'm not in Windows) and then doing a reinstall of the OS. Avast Home edition did a good job of removing most of it but unfortunately this virus has a bad habbit of even infecting windows executables like calc.

Release Team Member

Nathan9222
Nathan9222's picture
Offline
Last seen: 2 years 5 months ago
Developer
Joined: 2007-12-06 22:35
Woa, I guess that means that

Woa, I guess that means that whomever made this thing really knows what they are doing, I also heard that there is a 2009 version of this thing going around, which is really scary considering what it can do. I hope that some program finds a way to completely remove it, or it might be a real threat to businesses, and such.

An eye for an eye makes the whole world blind.
Mahatma Gandhi,
Indian political and spiritual leader (1869 - 1948)

Jacob Mastel
Offline
Last seen: 3 years 5 months ago
Developer
Joined: 2007-06-13 19:36
Yeah that's the one they got.

I've had the 2008 personally cause a friend used my comp....NEVER AGAIN!!!!...but the two clients had the 2009. The best thing that at least got the computer stable at the time was doing a bootup scan with Avast.

Release Team Member

diego.open.source
Offline
Last seen: 13 years 4 months ago
Joined: 2010-02-10 22:46
Possible Solution

Welcome to virus safety I use AVAST and CLANWIN, and to prevent Deep Free, also use the Firefox add WOT.
Watch this http://www.mywot.com/es/scorecard/finallyfast.com

PS: I also had this problem and reinstall W$, to clean the pendrive use CDrescue (http://www.sysresccd.org/Main_Page)

http://www.virustotal.com

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Regards, Rosario, ARG.

alpha1
alpha1's picture
Offline
Last seen: 8 years 10 months ago
Joined: 2007-07-08 20:02
COMODO Internet security

COMODO Internet security kills it pretty nicely

Lead, Follow, or get out of the way.

Jacob Mastel
Offline
Last seen: 3 years 5 months ago
Developer
Joined: 2007-06-13 19:36
Not when it was new

They got it when it was bran new Sad

Release Team Member

Nathan9222
Nathan9222's picture
Offline
Last seen: 2 years 5 months ago
Developer
Joined: 2007-12-06 22:35
This virus has been around

This virus has been around for at least 2months or more, I remember seeing this on another friends computer and it was about 2 months ago. Though this might be a little bit older, I think a lot more virus programs need to be updated to remove this, as I know that there are still quiet a bit that don't remove it at all, or detect it.

An eye for an eye makes the whole world blind.
Mahatma Gandhi,
Indian political and spiritual leader (1869 - 1948)

silentcon
silentcon's picture
Offline
Last seen: 11 years 11 months ago
Joined: 2008-05-31 05:37
Another scareware. It would

Another scareware.

It would be easier if it would not disable your AV and block you internet connections like last time. Oh it deleted the drivers needed for the ethernet. Really pain in the ___.

Jacob Mastel
Offline
Last seen: 3 years 5 months ago
Developer
Joined: 2007-06-13 19:36
Yeah

But what's interesting is the app can replace the drivers when it needs to connect to the internet to download what it wants you to download. You have to admit the person/people that made this did a darn good job of it.

Release Team Member

getco
Offline
Last seen: 3 years 1 week ago
Joined: 2008-08-03 05:31
So how do you get infected

So how do you get infected with this thing in the first place? So I know what to look for?

Jacob Mastel
Offline
Last seen: 3 years 5 months ago
Developer
Joined: 2007-06-13 19:36
I know of at least 2....

My first client got it off of a free online tv website. The name escapes me at the moment sorry. And the other client got it by an email.

Release Team Member

Nathan9222
Nathan9222's picture
Offline
Last seen: 2 years 5 months ago
Developer
Joined: 2007-12-06 22:35
There are numerous ways you

There are numerous ways you can get infected, just by browsing a website can give it to you, and they can be regular well known ones that got infected, or you can get it by downloading illegal software, keygens, serials, etc, I know that is how my friend got it. But if your lucky, cause he told me the virus was in a self-extracting rar archive, then you might be able to stop it there, cause it only became active when he extracted the files. So just be careful on what websites you go to, and if you are infected, just turn off your computer once you know you are, and boot in safe mode with networking as I mentioned above so you can try to save your computer from it. Backup you personal files though, this virus to my knowledge doesnt infect usb's so you should be good, plus once your in safe mode, the virus is inactive.

An eye for an eye makes the whole world blind.
Mahatma Gandhi,
Indian political and spiritual leader (1869 - 1948)

getco
Offline
Last seen: 3 years 1 week ago
Joined: 2008-08-03 05:31
One thing I don't get though

One thing I don't get though is - aren't I supposed to actually execute something so that it can infect me? Or does it just start itself on its own?

Nathan9222
Nathan9222's picture
Offline
Last seen: 2 years 5 months ago
Developer
Joined: 2007-12-06 22:35
most of the time it just

most of the time it just starts on its own, I think most people get infected using IE, since it has many loop holes in it, it will then infect tons of things on your computer, changing a lot of settings and messing with windows components, which does a lot of damage to your computer and makes it very hard to get rid of it.

An eye for an eye makes the whole world blind.
Mahatma Gandhi,
Indian political and spiritual leader (1869 - 1948)

getco
Offline
Last seen: 3 years 1 week ago
Joined: 2008-08-03 05:31
This is very dangerous then -

This is very dangerous then - a virus that can execute on its own... very little we can do about it.

Nathan9222
Nathan9222's picture
Offline
Last seen: 2 years 5 months ago
Developer
Joined: 2007-12-06 22:35
It is, one thing though that

It is, one thing though that I recommend is if you download software, and are unsure if it is this virus, submit its setup to virustotal.com, and if most of the virus scanners go off, then it is probably a virus, like this, by doing this you can avoid a really annoying and potentially dangerous virus, and you will save time by not trying to remove this from your computer.

An eye for an eye makes the whole world blind.
Mahatma Gandhi,
Indian political and spiritual leader (1869 - 1948)

getco
Offline
Last seen: 3 years 1 week ago
Joined: 2008-08-03 05:31
Thanks for the tool! Didn't

Thanks for the tool! Didn't know about it but I love the idea behind! Smile

wraithdu
Offline
Last seen: 10 years 9 months ago
Developer
Joined: 2007-06-27 20:22
Was the

Was the website

hxxp://www.finallyfast.com/

??

I saw that commercial once and laughed out loud.

silentcon
silentcon's picture
Offline
Last seen: 11 years 11 months ago
Joined: 2008-05-31 05:37
IDK, but Finallyfast.com is a

IDK, but Finallyfast.com is a malicious site. Very malicious!

ZachHudock
ZachHudock's picture
Offline
Last seen: 1 year 2 months ago
Developer
Joined: 2006-12-06 18:07
I saw that commercial

I saw that commercial too....sadly people don't realize that Mac != PC, and a majority of the computers shown in that commercial are Macs

The developer formerly known as ZGitRDun8705

roamer
roamer's picture
Offline
Last seen: 14 years 3 months ago
Joined: 2007-02-21 16:01
And

the "page unavailable" page is from firefox. Ah, such an obvious scam.

OliverK> you don't live on a cow
IRC: It brings out the best in all of us...Especially when tired.

silentcon
silentcon's picture
Offline
Last seen: 11 years 11 months ago
Joined: 2008-05-31 05:37
Is it only for Internet

Is it only for Internet Explorer or all browsers?

gluxon
gluxon's picture
Offline
Last seen: 3 years 6 months ago
Developer
Joined: 2008-06-21 19:26
But...

What if you had NoScript when browsing a site like that?

José Pedro Arvela
Offline
Last seen: 5 years 2 months ago
Joined: 2007-07-10 07:29
Well, then...

If you browse a site with NoScript enabled, then most scripting vulnerabilities are not able to be ran. Only HTML+CSS vulnerabilities, that are much harder to find, and much less useful to the person that wants to harm somebody. So I would say that you are off the hook.

Blue is everything.

silentcon
silentcon's picture
Offline
Last seen: 11 years 11 months ago
Joined: 2008-05-31 05:37
Try www.trillian.com. It is

Try www.trillian.com. It is bad site. I saw it runs java. Closed it directly!

gluxon
gluxon's picture
Offline
Last seen: 3 years 6 months ago
Developer
Joined: 2008-06-21 19:26
Sorry to bump but...

I believe I have this virus...

I know this is crazy but I've got all the things you've mentioned and more...

Zach and Tim are doing everything they can with No luck YET...

I do not know how I got it but NoScript didn't help preventing it..

I've got like 50 entries of autorun in my TEMP folder. And the virus prevents EXE downloads... so I'm able to download ZIP and other files.

Just saying.

I've figured out some other methods with dealing with this virus...

Whenever you download a file... save it as s ZIP then rename it with the cmd. The Virus/Trojan make it impossible to see file extentions and hidden files/folders in WinExplore so the cmd is your best option.

use CCleaner to delete the autorun entries.

Nathan9222
Nathan9222's picture
Offline
Last seen: 2 years 5 months ago
Developer
Joined: 2007-12-06 22:35
just wondering... im sure it

just wondering... im sure it still blocks everything in safe mode, but have you tried safe mode? If so does it allow you to access microsofts online scan site. There site actually helps quiet a bit. I guess you could always try booting from a usb and running some kind of scanner from it. If all else fails just boot in safe mode and take all your important files off of your computer and just reformat it. But do that only as a last resort. If possible can you submit a screenshot of anything the virus creates that pops up. This will help me and others further analyze your situation and try to resolve it ASAP.

An eye for an eye makes the whole world blind.
Mahatma Gandhi,
Indian political and spiritual leader (1869 - 1948)

kai.inouye
kai.inouye's picture
Offline
Last seen: 12 years 3 months ago
Developer
Joined: 2008-02-03 20:12
Sorry for bump...

but I think I have it too! I'm trying to remove it now... Cry

Nathan9222
Nathan9222's picture
Offline
Last seen: 2 years 5 months ago
Developer
Joined: 2007-12-06 22:35
I noticed that you stated in

I noticed that you stated in a beta test topic from Gluxon that you may have gotten it from him. I think if this is the case then PA beta testers and the creaters may want to provide virustotal scan report links to their posts so users can at least see if the desired Portableapp is safe. I only say this because there are a lot of virus's going around now and I think it would really benefit and help keep the communities computers safe from virus's if we do this. I wish I could help you out with this virus in person, but if you can try follow all my steps as quickly as possible. My friend removed this virus too late and it messed up his computers responses. He would type and the computer would lag soo bad that it would not even complete the words he typed. Many things on his computer got messed up so please try to save what you can. I think it would be best to just reformat your drive and reinstall everything. But before you do that try the above steps and if that doesnt work then your only option would be to find the virus files, upload them to be analyzed and then hope they find a fix soon.

An eye for an eye makes the whole world blind.
Mahatma Gandhi,
Indian political and spiritual leader (1869 - 1948)

ZachHudock
ZachHudock's picture
Offline
Last seen: 1 year 2 months ago
Developer
Joined: 2006-12-06 18:07
Another option would be to

Another option would be to boot a linux livecd that has an antivirus application in it, and scan your hard drive with that. Also, if you think a reformat is the best route, again use a Linux livecd, connect an external hard drive and copy the files you want to save to the external hdd (most linux distros can easily mount and browse your windows partition). after the documents are backed up, if your system has the hidden restore partition to restore the machine to factory default, follow the directions to do so. If you instead have restore CDs, use GParted to delete the windows partition, then use the cds to restore the windows OS

The developer formerly known as ZGitRDun8705

Skitter302
Skitter302's picture
Offline
Last seen: 11 years 2 weeks ago
Joined: 2009-01-30 22:51
FYI

I use AVG SpyBot and AdWare SE to protect my Cpu, and i only go to sites thayt AVG has scanned and said its OK to look here.

I know that people hate viruses. My friend got one so bad that every USB Flash Drive that goes into the PC gets infected. Then when you plug it into the next PC that PC stops Working and the only thing it does is turn on the cooling fans. (I'm thinking of formatting his drives on a school computer to delete the vyro.)

What if there was one virus that found Viruses and destroyed them. It would also delete P*rn URLs and and P*rn covered Computers.

It's just a thought about how a person with the brain power the break the foundation of a computer could do something useful.

Load the App and Play :evil:

ptah
Offline
Last seen: 13 years 5 months ago
Joined: 2008-11-27 15:19
DNS recommendation

I have found using firefox along with AVG antivirus, commodo firewall and using openDNS free service that my risk has been minimal. I highly recommend using the openDNS service. Since all the do is DNS they offer filtering and other options most providers don't have the time or resources. Trust me you owe it to your internet security to use this service. It is free, just add their DNS ip's to your system and/or router and that is all there is to it. No more mistype url's redirecting to questionable sites! I have been using this service for 5 yrs due to an issue with an ISP irritating me and I have had absolutely no trouble with this service. Your ISP DNS server goes down, you have connectivity, continue to browse the internet..

http://www.opendns.com/

computerfreaker
computerfreaker's picture
Offline
Last seen: 12 years 6 months ago
Developer
Joined: 2009-08-11 11:24
I know this is an old thread,

I know this is an old thread, but somebody already bumped it so...

If anybody's still got this, let me know. I'm willing to try to help.

computerfreaker

"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."

diego.open.source
Offline
Last seen: 13 years 4 months ago
Joined: 2010-02-10 22:46
Thank you!

Thanks, I'm new to comment, was not my intention to annoy, I had the same problem with a virus that was installed in the pendrive and then hard disk, but
already resolved, only that said how to prevent it. Thank you!

Log in or register to post comments