Results 1 to 6 of 6
Thread: So looks like I've been virused.
-
2011-12-04, 01:17 AM (ISO 8601)
- Join Date
- Oct 2007
So looks like I've been virused.
And, because I figure someone else might have had a similar problem, I'm posting here.
Stuff:
OS is Windows 7
Antivirus is AVG, scanning now
Browser that I use is Firefox
What happened:
Visited http://www.minecraftdl.com/sky-block-survival-map/ to download a minecraft map.
Hit the download button, skipped the ad etc.
At this point, I'm hit by a metrick ****ton of popups. Screenshot of History is here:
Spoiler
At this point, computer slows to a crawl, and Internet Explorer opens for some reason. The "webpage cannot be displayed while offline" notice comes up, I try to close IE down, and it fullscreens - as in, completely. No toolbars, no nothing. I press Ctrl+Alt+Del, and it comes up as normal - except no Task Manager.
I restart the computer, and notice that it flashes back to my normal desktop etc before closing down.
Turn it back on, and as soon as I log on, internet explorer comes straight back up with the same message. Same fullscreen thing happens. Shut down as with the previous time, except this time, I manage to hit start>run and type in shutdown -a to prevent the computer shutting down as soon as my normal desktop appears.
Which brings us to here and now.
Other stuff: While AVG is scanning, does not appear in system tray.
AVG, Notepad - neither is appearing on the standard taskbar.
I tried opening task manager through start>run, and apparently it has been "disabled by my administrator" - which is a load of rubbish, because I am the admin, and I've not disabled it :p
I have managed to use tasklist to get the following list of processes running:
Spoiler
System Idle Process
System
smss.exe
csrss.exe
wininit.exe
csrss.exe
services.exe
lsass.exe
lsm.exe
winlogon.exe
svchost.exe
nvvsvc.exe
svchost.exe
atiesrxx.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
svchost.exe
avgwdsvc.exe
PnkBstrA.exe
svchost.exe
AVGIDSAgent.exe
taskhost.exe
dwm.exe
explorer.exe
avgnsx.exe
avgemcx.exe
conhost.exe
avgchsvx.exe
avgrsx.exe
avgcsrvx.exe
SearchIndexer.exe
svchost.exe
explorer.exe
SearchProtocolHost.exe
taskhost.exe
WUDFHost.exe
wmpnetwk.exe
cmd.exe
conhost.exe
wuauclt.exe
mspaint.exe
avgui.exe
avgscanx.exe
conhost.exe
avgcsrvx.exe
firefox.exe
notepad.exe
SearchFilterHost.exe
tasklist.exe
WmiPrvSE.exe
I recognise about half of these, meaning there isn't too much to go on...
Also, there is a shortcut to a program that I do not recognise in my startup folder - 0.5257090694921712.exe. I have no idea what this is, and have deleted the shortcut after having saved the target - full target is
Code:C:\Windows\System32\rundll32.exe C:\Users\ADMINI~1\AppData\Local\Temp\0.5257090694921712.exe,SuppS
Anyone got any ideas, heard of anything like this before, got any kind of baseline for me to start doing things with?
Thanks a lot.
-
2011-12-04, 01:58 AM (ISO 8601)
- Join Date
- Mar 2008
- Location
- Hell itself (Ohio)
- Gender
Re: So looks like I've been virused.
You tried restarting in safe mode?
Revised avatar by Trixie, New avvie by Crisis21!
Mah Fluffy Death Critters
Orcs and Goblins
Behold the Power of Kitteh!
Backup threads available here
-
2011-12-04, 02:43 AM (ISO 8601)
- Join Date
- Feb 2010
- Location
- Texas. It's too hot here.
- Gender
Re: So looks like I've been virused.
If AVG doesn't clear it up, you might want to try MalwareBytes -- it's free and it saved me from my last virus. (Not the same as yours, but still nasty.)
Knowledge is power.
Power corrupts.
Study hard.
Be evil.
-
2011-12-04, 03:38 AM (ISO 8601)
- Join Date
- Oct 2007
Re: So looks like I've been virused.
Ok, update.
After about four and a half hours of working at it, I think I've got it sorted.
Managed to unblock taskmgr, deleted the obviously dodgy .exe file, and there's no dodgy looking processes running.
AVG can find nothing, and I've fixed everything that MBAM found (thanks for the recommendation, Savannah, someone else said the same, it found a couple things that I'd managed to fix and more importantly it found a shortcut to the disable-task-manager-thing.)
So, looks like I'm OK.
Just going to be real careful on here for the next two weeks just in case there's something left over, then when I go home over New Years I'll be reformatting anyway, so it will totally cease being an issue.
Thanks for the help :)Last edited by Lorn; 2011-12-04 at 03:43 AM.
-
2011-12-04, 09:18 PM (ISO 8601)
- Join Date
- Jan 2011
- Location
- Växjö, Sweden
- Gender
Re: So looks like I've been virused.
Can one use the program Savannah linked to without disturbing the anti-virus program you already have?
Viking/Paladin by Astrella
Gender Bender by Geomancer.
In love with Skeppio.
Contact me:
-
2011-12-04, 09:32 PM (ISO 8601)
- Join Date
- Feb 2010
- Location
- Texas. It's too hot here.
- Gender
Re: So looks like I've been virused.
I have Microsoft Security Essentials as my main antivirus, but also have MalwareBytes and SuperAntiSpyware on there -- the free versions of both don't do real-time scanning, so I just use them to scan the computer once a week. In short, yes, you can.
Knowledge is power.
Power corrupts.
Study hard.
Be evil.