New OOTS products from CafePress
New OOTS t-shirts, ornaments, mugs, bags, and more
Results 1 to 6 of 6
  1. - Top - End - #1
    Barbarian in the Playground
     
    Lorn's Avatar

    Join Date
    Oct 2007

    Default So looks like I've been virused.

    And, because I figure someone else might have had a similar problem, I'm posting here.

    Stuff:
    OS is Windows 7
    Antivirus is AVG, scanning now
    Browser that I use is Firefox

    What happened:

    Visited http://www.minecraftdl.com/sky-block-survival-map/ to download a minecraft map.

    Hit the download button, skipped the ad etc.

    At this point, I'm hit by a metrick ****ton of popups. Screenshot of History is here:

    Spoiler
    Show



    At this point, computer slows to a crawl, and Internet Explorer opens for some reason. The "webpage cannot be displayed while offline" notice comes up, I try to close IE down, and it fullscreens - as in, completely. No toolbars, no nothing. I press Ctrl+Alt+Del, and it comes up as normal - except no Task Manager.

    I restart the computer, and notice that it flashes back to my normal desktop etc before closing down.

    Turn it back on, and as soon as I log on, internet explorer comes straight back up with the same message. Same fullscreen thing happens. Shut down as with the previous time, except this time, I manage to hit start>run and type in shutdown -a to prevent the computer shutting down as soon as my normal desktop appears.

    Which brings us to here and now.

    Other stuff: While AVG is scanning, does not appear in system tray.
    AVG, Notepad - neither is appearing on the standard taskbar.
    I tried opening task manager through start>run, and apparently it has been "disabled by my administrator" - which is a load of rubbish, because I am the admin, and I've not disabled it :p
    I have managed to use tasklist to get the following list of processes running:

    Spoiler
    Show

    System Idle Process
    System
    smss.exe
    csrss.exe
    wininit.exe
    csrss.exe
    services.exe
    lsass.exe
    lsm.exe
    winlogon.exe
    svchost.exe
    nvvsvc.exe
    svchost.exe
    atiesrxx.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    spoolsv.exe
    svchost.exe
    avgwdsvc.exe
    PnkBstrA.exe
    svchost.exe
    AVGIDSAgent.exe
    taskhost.exe
    dwm.exe
    explorer.exe
    avgnsx.exe
    avgemcx.exe
    conhost.exe
    avgchsvx.exe
    avgrsx.exe
    avgcsrvx.exe
    SearchIndexer.exe
    svchost.exe
    explorer.exe
    SearchProtocolHost.exe
    taskhost.exe
    WUDFHost.exe
    wmpnetwk.exe
    cmd.exe
    conhost.exe
    wuauclt.exe
    mspaint.exe
    avgui.exe
    avgscanx.exe
    conhost.exe
    avgcsrvx.exe
    firefox.exe
    notepad.exe
    SearchFilterHost.exe
    tasklist.exe
    WmiPrvSE.exe

    I recognise about half of these, meaning there isn't too much to go on...
    Also, there is a shortcut to a program that I do not recognise in my startup folder - 0.5257090694921712.exe. I have no idea what this is, and have deleted the shortcut after having saved the target - full target is
    Code:
    C:\Windows\System32\rundll32.exe C:\Users\ADMINI~1\AppData\Local\Temp\0.5257090694921712.exe,SuppS

    Anyone got any ideas, heard of anything like this before, got any kind of baseline for me to start doing things with?

    Thanks a lot.

  2. - Top - End - #2
    Titan in the Playground
     
    Bhu's Avatar

    Join Date
    Mar 2008
    Location
    Hell itself (Ohio)
    Gender
    Male

    Default Re: So looks like I've been virused.

    You tried restarting in safe mode?
    Revised avatar by Trixie, New avvie by Crisis21!
    Mah Fluffy Death Critters
    Orcs and Goblins
    Behold the Power of Kitteh!
    Backup threads available here

  3. - Top - End - #3
    Retired Mod in the Playground Retired Moderator
     
    Savannah's Avatar

    Join Date
    Feb 2010
    Location
    Texas. It's too hot here.
    Gender
    Female

    Default Re: So looks like I've been virused.

    If AVG doesn't clear it up, you might want to try MalwareBytes -- it's free and it saved me from my last virus. (Not the same as yours, but still nasty.)
    Knowledge is power.
    Power corrupts.
    Study hard.
    Be evil.

  4. - Top - End - #4
    Barbarian in the Playground
     
    Lorn's Avatar

    Join Date
    Oct 2007

    Default Re: So looks like I've been virused.

    Ok, update.

    After about four and a half hours of working at it, I think I've got it sorted.

    Managed to unblock taskmgr, deleted the obviously dodgy .exe file, and there's no dodgy looking processes running.

    AVG can find nothing, and I've fixed everything that MBAM found (thanks for the recommendation, Savannah, someone else said the same, it found a couple things that I'd managed to fix and more importantly it found a shortcut to the disable-task-manager-thing.)

    So, looks like I'm OK.

    Just going to be real careful on here for the next two weeks just in case there's something left over, then when I go home over New Years I'll be reformatting anyway, so it will totally cease being an issue.


    Thanks for the help :)
    Last edited by Lorn; 2011-12-04 at 03:43 AM.

  5. - Top - End - #5
    Bugbear in the Playground
     
    H Birchgrove's Avatar

    Join Date
    Jan 2011
    Location
    Växjö, Sweden
    Gender
    Male

    Default Re: So looks like I've been virused.

    Can one use the program Savannah linked to without disturbing the anti-virus program you already have?
    Viking/Paladin by Astrella

    Gender Bender by Geomancer.

    In love with Skeppio.

    Contact me:
    Spoiler
    Show
    Skype: hammerbirchgrove

    Twitter: @MarcusSweden1

    My tumblr

    My DeviantART



  6. - Top - End - #6
    Retired Mod in the Playground Retired Moderator
     
    Savannah's Avatar

    Join Date
    Feb 2010
    Location
    Texas. It's too hot here.
    Gender
    Female

    Default Re: So looks like I've been virused.

    I have Microsoft Security Essentials as my main antivirus, but also have MalwareBytes and SuperAntiSpyware on there -- the free versions of both don't do real-time scanning, so I just use them to scan the computer once a week. In short, yes, you can.
    Knowledge is power.
    Power corrupts.
    Study hard.
    Be evil.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •