So looks like I've been virused.

Lorn · 12-04-2011, 01:17 AM

And, because I figure someone else might have had a similar problem, I'm posting here.

Stuff:
OS is Windows 7
Antivirus is AVG, scanning now
Browser that I use is Firefox

What happened:

Visited http://www.minecraftdl.com/sky-block-survival-map/ to download a minecraft map.

Hit the download button, skipped the ad etc.

At this point, I'm hit by a metrick ****ton of popups. Screenshot of History is here:

Spoiler

At this point, computer slows to a crawl, and Internet Explorer opens for some reason. The "webpage cannot be displayed while offline" notice comes up, I try to close IE down, and it fullscreens - as in, completely. No toolbars, no nothing. I press Ctrl+Alt+Del, and it comes up as normal - except no Task Manager.

I restart the computer, and notice that it flashes back to my normal desktop etc before closing down.

Turn it back on, and as soon as I log on, internet explorer comes straight back up with the same message. Same fullscreen thing happens. Shut down as with the previous time, except this time, I manage to hit start>run and type in shutdown -a to prevent the computer shutting down as soon as my normal desktop appears.

Which brings us to here and now.

Other stuff: While AVG is scanning, does not appear in system tray.
AVG, Notepad - neither is appearing on the standard taskbar.
I tried opening task manager through start>run, and apparently it has been "disabled by my administrator" - which is a load of rubbish, because I am the admin, and I've not disabled it :p
I have managed to use tasklist to get the following list of processes running:

Spoiler

I recognise about half of these, meaning there isn't too much to go on...
Also, there is a shortcut to a program that I do not recognise in my startup folder - 0.5257090694921712.exe. I have no idea what this is, and have deleted the shortcut after having saved the target - full target is

Code:

C:\Windows\System32\rundll32.exe C:\Users\ADMINI~1\AppData\Local\Temp\0.5257090694921712.exe,SuppS

Anyone got any ideas, heard of anything like this before, got any kind of baseline for me to start doing things with?

Thanks a lot.

Bhu · 12-04-2011, 01:58 AM

You tried restarting in safe mode?

Savannah · 12-04-2011, 02:43 AM

If AVG doesn't clear it up, you might want to try MalwareBytes -- it's free and it saved me from my last virus. (Not the same as yours, but still nasty.)

Lorn · 12-04-2011, 03:38 AM

Ok, update.

After about four and a half hours of working at it, I think I've got it sorted.

Managed to unblock taskmgr, deleted the obviously dodgy .exe file, and there's no dodgy looking processes running.

AVG can find nothing, and I've fixed everything that MBAM found (thanks for the recommendation, Savannah, someone else said the same, it found a couple things that I'd managed to fix and more importantly it found a shortcut to the disable-task-manager-thing.)

So, looks like I'm OK.

Just going to be real careful on here for the next two weeks just in case there's something left over, then when I go home over New Years I'll be reformatting anyway, so it will totally cease being an issue.

Thanks for the help :)

H Birchgrove · 12-04-2011, 09:18 PM

Can one use the program Savannah linked to without disturbing the anti-virus program you already have?

Savannah · 12-04-2011, 09:32 PM

I have Microsoft Security Essentials as my main antivirus, but also have MalwareBytes and SuperAntiSpyware on there -- the free versions of both don't do real-time scanning, so I just use them to scan the computer once a week. In short, yes, you can.