My rig has herpes

dteowner

dteowner

Shoegazer
Joined
October 18, 2006
Messages
13,548
Location
Illinois, USA
Somehow I seemed to have picked up a particularly nasty virus on my PC at home. Slipped thru a well-maintained NAV setup, too. The thing hijacks Windows and infects the registry about a hundred different ways but still displays all the Microsoft splashscreens so you don't even notice it's there unless you notice the drag on the CPU. It screws up all the popular antivirus programs once it's there so they don't even notice it, let alone try and fix it. It will also disable any loaded CD/DVD drives during startup to foil boot disk attempts to get around it. Apparently, the only way to get rid of it at the moment is a complete diskwipe.

I've turned off my wireless modem at home to keep it from spreading, but (other than chewing up CPU cycles from time to time) I can still game. The next trick is to figure out how to extract some of the important data off the HD without grabbing the bug at the same time. I need to do a better job backing up data in the future. Lovely.

Just thought I'd send up a flare in case anyone else is having similar issues. Best I can figure, it must have come from one of the YouTube music videos I was digging thru a week or two ago.
 
Joined
Oct 18, 2006
Messages
13,548
Location
Illinois, USA
Any more info about the virus? There's always a way to get rid of it, since it can only block things that existed before it did (and not, say, a cleaner made just for that).

As for backing up, if you've got a spare HD, could try sticking that in and copying the files over. Doubt the stuff will go over, since the new HD wouldn't be a system partition or anything.
 
Joined
Oct 23, 2006
Messages
585
Location
Serbia
I got on some message board that had a Microsoft guy attempting to answer questions (unofficially, of course). As soon as I read enough to be pretty sure I was in trouble and that I couldn't do jack about it, I pulled the plug. Couldn't tell you where that board was. I haven't done any research here from work since I'm not technically supposed to misuse the internet that way here.

@pladio- that could be codec problems. I had similar problems. After trying unsuccessfully to upgrade my codecs (the drive is so old it's no longer supported), I bought a new one a couple months ago. The virus doesn't seem to mess with the drives unless you power up with a disc in them. At least, that's my experience so far.
 
Joined
Oct 18, 2006
Messages
13,548
Location
Illinois, USA
Don't know if it's similar, but I've got something called Apropos.C or somesuch that stupid Nortan claims it's cleanned but obviouslly hasn't, and now my PC ignores shut down commands and just reboots instead.
 
Joined
Oct 18, 2006
Messages
850
Location
CA, USA
WHat do you mean Youtube videos? You got it just from watching a streaming video? Or did you download videos?
 
Joined
Oct 18, 2006
Messages
474
Hmm, which process(es) use up your CPU? Feel like helping you out, if there's a way, but need more info, else can't find anything. ;)
 
Joined
Oct 23, 2006
Messages
585
Location
Serbia
roqua said:
WHat do you mean Youtube videos? You got it just from watching a streaming video? Or did you download videos?
Click to expand...

I very much doubt that it was the video itself. I've never heard of a video stream containing a virus and I do not think it's technically possible to include executable code in a video stream. What might have happened, however, is that someone or something exploited a possible vulnerability of Firefox or IE (depending on which browser dte is using) that has to do with video playback. I'm not 100% sure about YouTube at the moment but those videos are Flash-based, I think, right? If so then the only way that I can see how this has happened is if there is a known vulnerability in the Flash plug-in for either FF or IE (or both or any other browser that dte has been using) and that someone (or something... like a bot) started a live attack on dte while he was streaming the video.
If this is indeed how he got the virus, then this would have to be called an extreme case of bad luck since so many people are using YouTube simultaneously, you'd really need to have one of those very "special" days to be the one in a million (not necessarily literally in a million but you get the idea) who catches a virus while hanging out on YouTube since the two coincidences of 1) you streaming video plus 2) someone/something attacking your IP in the vague hope of being able to exploit the vulnerability would have to both happen at the same time.
To be honest, I very much doubt that YouTube is to blame or has anything to do with it but nothing is impossible, of course ;) .
 
Joined
Oct 18, 2006
Messages
3,201
It's the codec's where evil lurks, they are notorious for entering the pc system, perfect for the unsuspecting.
I gave up with 'NAV' a couple of years back, it just could not keep the +++++++ out.
I now use downloadable freeware AV and Firewall products, a latest report has confirmed freeware products are outperforming the big 'N' and similar products...(i wonder why!!!)....i havn't been attacked since.

If you are quite adept at recognising system files, i would suggest downloading and installing 'Hijackthis'.....
http://www.tomcoyote.org/hijackthis

With this you can actually see and locate the names of the suspect files even if they are respawners. If they cannot be kicked out on reboot, then the file names can be investigated on several sites that may have other file specific removal tools.

good luck dte. :beer:
 
Joined
Oct 18, 2006
Messages
1,105
Location
North-West England
Just change the boot order in bios to boot directly from the CD drive before looking at the HD's. Then you can reinstall windows and clean the rest of the hard drive from that point (make sure you do not try to repair your existing windows installation - do a completely new install in a new folder if needed).
 
Joined
Oct 18, 2006
Messages
3,124
Location
Sigil
Just go for Ubuntu or another linux version. All the crap about those virus stuff will finally come to an end. -> I only use winxp for gaming now

edit:
Another, less drastic, sollution might be to finally do like windows should be used: in case you install something, do it as an admin. When you're done installing, go back to the normal user account. This way you prevent a lot of those virusses to access your system, because they make use of your user account settings.
 
Joined
Oct 19, 2006
Messages
1,539
Location
Belgium - Flanders - Antwerp
VPeric said:
Hmm, which process(es) use up your CPU? Feel like helping you out, if there's a way, but need more info, else can't find anything. ;)
Click to expand...
If you do a tasklist, it doesn't show up as an idle process. About every 5-10 seconds it grabs the CPU (80-100% usage) and then lets go so quickly the tasklist never even updates. I noticed last night that it has simply killed several programs now. NAV will start and then simply go "not responding". It was doing that with IE and WMP as well, although not every time.
 
Joined
Oct 18, 2006
Messages
13,548
Location
Illinois, USA
Did you check your device manager and then go to 'view' and tick the 'show hidden devices' box and then check the non-plug'n'play devices? This is where system level viruses/root kits like to, well, hide :) .
You will also find all copy protection drivers and things like Daemon tools (disk imaging software etc) here. It might be worth a try to set the 'startup type' for any drivers that have a "fishy" looking or unknown descriptor name to 'disabled'. Then reboot and see if anything changes. It might be worth a shot.
 
Joined
Oct 18, 2006
Messages
3,201
My advice. Wipe and re-install.
 
Joined
Dec 31, 2006
Messages
296
ffbj said:
My advice. Wipe and re-install.
Click to expand...
Also my suggestion.
Copy the important data to another partition. Check it with another virus scanner before you use it again. NAV sucks and takes way too much system performance, just use some freeware.
Then format your system partition and start fresh.
 
Joined
Aug 30, 2006
Messages
7,830
Yep, Format seems the way to go. Its a pain to re-setup your system but it
is also a good oportunity to start with a fresh install (very good for stability
and performance if you can do that occasionally).

btw:

Gorath said:
NAV sucks and takes way too much system performance, just use some freeware.
Click to expand...

Hmm, coincidentally the two month NAV subscription included for my laptop
expires any day now... And this people want something like 60,49 euros for a
12 month subscription to their performance hog...

Anyone cares to post their recommendation for a free AV-Firewall ?

Avast seems nice but I was wondering if its enough...
 
Joined
Oct 18, 2006
Messages
1,734
Second that for me.
I find NAV to get more cumbersome and overly-helpful-but-not-really with each new incarnation. Trying to navigate through twenty screens to get a question answered, then having to go online where things become even more vague amidst a profusion of incomprehensible details...plus it is a huge system hog.

You guys really helped pointing me to Firefox and I am sure if there's something better than Symantec someone here knows all about it. :)
 
Joined
Oct 18, 2006
Messages
7,834
Norton is way too intrusive.
As a firewall ZoneAlarm is always a solid choice. Even the free version should give you all the time you need to find the perfect program for your needs.
Supplement it with whatever free AV program you find. I don´t know what´s the hottest thing right now because I´m using Linux for surfing since last Sept. The last one I used was http://www.free-av.de/ . Never gave me any trouble and caught quite a few hostile things.
 
Joined
Aug 30, 2006
Messages
7,830
I like Ad-Aware and Peer Guardian!!
 
Joined
Aug 31, 2006
Messages
12,828
Location
Australia
You must log in or register to reply here.
Back
Top Bottom