| Blogs > Mickey |
|
qrs
United States3637 Posts
On June 18 2009 16:07 MamiyaOtaru wrote: Hope you're not part of a botnet. Maybe after taking control of the computer, the virus logs on to various internet forums and asks seemingly innocent questions about getting rid of itself, in order to find out what the state of the art in anti-virus technology is. How can we know that it is really Mickey posting? AAAGGHHH!! | ||
|
evanthebouncy!
United States12796 Posts
On June 18 2009 14:56 Mickey wrote: I'm not really knowledgeable on this software. I've read it in the threads, but I also found out that it can do some damage to your OS if not used properly. Would you care to explain how it works? Thanks will do although this seems really old. I don't download porn I'm smarter than that. I stream it on Redtube with adblocker making that window look clean. Honestly another thing that is bothering me is how I got the trojan to begin with. I have to 2 possibilities. A MP3 I downloaded, or a Antivirus suit torrent I downloaded and ran. I think it was the MP3. I knew it looked shady. Chains of Love by Erasure is now my least favorite song ever. btw pornhub is much better than redtube, think of it as TL vs GG.net | ||
|
nttea
Sweden4353 Posts
| ||
|
NoNones
41 Posts
On June 18 2009 14:31 Mickey wrote: No. I'm fucking sick of people always just saying "Reformat!". Do you know how much a pain in the ass it is, also I've always been a pretty knowledgeable person on ad ware/viruses. My Brother has fucked up the comp tons of tons of times doing dumb shit/looking at porn. I've always fixed the infection. Reformatting is like excepting defeat in my opinion. God why do I always have stress/shit happened to me. I'm a nice guy! Then you should know that you can never trust that computer again as long as it's not been reformated or shadow coped to a earlier state that known to be secure and done though a separate boot one that is not safe mode ie a linux boot. Shit now of days you need a full security suite once one shit is compromised you can't trust any programs you use or install after the infection even if you believe it's been properly cleaned. Try to see if you can get G-Data on that and run a scan on their linux boot. Reformaing is the safest period. You already lost when the infection became noticeable I've used router firewall+hosts file for more then 8 years in that time only 2 times i had an infection. Because i don't install open or even look at strange shit and go to strange websites. l2internet. | ||
|
StorrZerg
United States13912 Posts
On June 18 2009 16:34 Etherone wrote: TL > tech forums well for further reference i would love to know how you got rid of it. so true lol | ||
|
inReacH
Sweden1612 Posts
On June 18 2009 14:31 Mickey wrote: No. I'm fucking sick of people always just saying "Reformat!". Do you know how much a pain in the ass it is, also I've always been a pretty knowledgeable person on ad ware/viruses. My Brother has fucked up the comp tons of tons of times doing dumb shit/looking at porn. I've always fixed the infection. Reformatting is like excepting defeat in my opinion. God why do I always have stress/shit happened to me. I'm a nice guy! Learn how to reformat then.. I reformat over 4 times/year and it takes be about 3 hours to get EVERYTHING reinstalled and my comp completely back to the way it was but running like it's brand new. Obviously you need a slave drive to be able to do this but holy shit is it worth it | ||
|
Shauni
4077 Posts
| ||
|
Mickey
United States2606 Posts
On June 18 2009 16:07 MamiyaOtaru wrote: Hahaha are you serious? Your choices are a music file and a warezed app suite containing presumably at least one executable, and you suspect the music file?? Admit defeat. Reformat. Once you've been back doored you can never be sure it is gone. That's the nature of rootkits. And next time don't download warez antivirus apps. Wasn't your brother "doing dumb shit" this time. I mean, it's cool if it seems like Trojan Defense Suite worked, but all the programs you tried previously either couldn't detect or remove something. You can't be %100 sure that TDS got everything, that there isn't something there it couldn't find. I mean if there are no symptoms continue merrily on your way or whatever. Hope you're not part of a botnet. I don't download from Warez sites. I'm not an idiot, and neither do I have the bandwith/rapidshare account to do so. I downloaded a MP3 using frostwire. The MP3 didn't have any seeminly weird details. The size seeemed correct, and I guess I made the mistake of downloading a higher bitrate song that had no downloads before that. Also, I still don't know how I got the virus. I just estimated those two. Yeah, I have to be smart I guess. Today I'm staying up all night using every program I can to try to win. If I can't I'll admit defeat and reformat. Are there any precautions I should do? My gf let me use a external hardrive. I'll basically put my music collection, some videos, and some important text files. Everything else I can reinstall easily. Most of my games are from steam, etc... Should I copy files in safe mode to make sure nothing could infect the external hardrive? | ||
|
anderoo
Canada1876 Posts
| ||
|
Mickey
United States2606 Posts
Can these removers be trusted? Remove Zlob Agent Akk Also I found this guide which seems mildly legit. + Show Spoiler + Do the following to remove trojan TDSSserv (trojan Backdoor.Tidserv). PART I: TDss RootKit removal Step 1: Disable TDSSserv trojan driver. # Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu. # Click Properties. # Click Hardware Tab. # Click Device Manager. # In the top menu, click View and click Show Hidden Drivers. # Scroll down to non Plug and Play drivers. # Click + at left. # In the list of drivers right click UACd.sys. (If you do not find this, then skip to Step 2) # Click Disable. # Click YES for confirm. # Close all windows and reboot your computer. Step 2: Remove TDSSserv Registry Keys # Download RegASSASSIN from here. Save to your Desktop # Run RegASSASSIN # Click "I Agree" # Copy & Paste the following RegKey to be deleted: Code: HKEY_LOCAL_MACHINE\SOFTWARE\UAC If you receive the error message "The registry key you have specified does not exist or is not visible to regassasin. This may be caused by a set permission that does not allow regassasin to see it, would you like to continue?" Click "Yes" to continue. # Close all windows and reboot your computer. PART II: TDss RootKit removal Step 3: Delete TDSSserv trojan driver. # Download Avenger from here and unzip to your desktop. # Run Avenger, copy & paste the following text in Input script Box: Code: Drivers to delete: UACd.sys Then click "Execute". # You will be asked, "Are you sure you want to execute the current script?". Click Yes. # You will now be asked First step completed - The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes. # Your PC will now reboot Step 4: Running ComboFix Download to your Desktop - ComboFix by sUBs from >> Geeks2Go << Save as AvoidTDSS.exe during the download. ComboFix must be renamed before you download to your Desktop Close ALL windows Double click AvoidTDSS.exe follow the prompts When finished, the program will produce a log Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Step 4: Getting Logs Post the following logs: # ComboFix # ISeeYouXP | ||
|
SoulMarine
United States586 Posts
| ||
|
Kletus
Canada580 Posts
Just be glad it isn't a Boot Virus. That can really screw shit up and you'd have to flash your box =x. | ||
|
Mickey
United States2606 Posts
On June 19 2009 01:15 Kletus wrote: If it is something so persistant as a rootkit, I wouldn't trust that computer until a format was performed. Just be glad it isn't a Boot Virus. That can really screw shit up and you'd have to flash your box =x. If I was going to reformat. How could I make sure files that I would be transferring from my hardrive to an external hardrive would be safe from infection? Scan the external hardrive after/transfer during safe mode? | ||
|
Chef
10810 Posts
On June 19 2009 01:44 Mickey wrote: If I was going to reformat. How could I make sure files that I would be transferring from my hardrive to an external hardrive would be safe from infection? Scan the external hardrive after/transfer during safe mode? Next time you'd make backups of the files that are important to you. PS: Flash apps and things have vulnerabilities too that can cause your PC to be infected. Just streaming porn isn't going to save you from viruses  Try investing in NoScript and find out what sites you can really trust. | ||
|
0xDEADBEEF
Germany1235 Posts
On June 18 2009 14:31 Mickey wrote: No. I'm fucking sick of people always just saying "Reformat!". Do you know how much a pain in the ass it is, also I've always been a pretty knowledgeable person on ad ware/viruses. My Brother has fucked up the comp tons of tons of times doing dumb shit/looking at porn. I've always fixed the infection. Reformatting is like excepting defeat in my opinion. God why do I always have stress/shit happened to me. I'm a nice guy! You aren't knowledgeable enough about it if you want to avoid reformatting when you're infected, because this is the best (safest) solution. If you want to be sure that your system is clean, there is no other way. Virus scanners etc. should be used to detect viruses *before* you execute them (and then *avoid* executing them), before it's too late. And you should never let someone else fuck up your comp. Make an account with a minimum amount of privileges for your brother. | ||
|
Kletus
Canada580 Posts
On June 19 2009 01:44 Mickey wrote: If I was going to reformat. How could I make sure files that I would be transferring from my hardrive to an external hardrive would be safe from infection? Scan the external hardrive after/transfer during safe mode? Yes you can just scan the external. I have the same attitude as you towards formatting, it doesn't help that I'm an IT student so when shit hits the fan I don't mind going into the registry and a) Messing it up more or b) Somehow miraculously fixing everything. The best defense against malicious code/packets/whatever you wanna call it, is to prevent them from getting in in the first place; once it is in, your system has been compromised. Period. This can be done with a hardware/software firewall or 3rd party antivirus software stuff. I use Spybot and so far I've had no problems. I USED to use antivir but it wouldnt get rid of a peice of adware that was pissing me off. Now I also know that you've used spybot and it isn't helping. Maybe it's a new virus that has no definition yet. | ||
| ||
StarCraft 2 StarCraft: Brood War Stormgate Dota 2 League of Legends Counter-Strike Super Smash Bros Heroes of the Storm Other Games Grubby7046 ScreaM3293 KnowMe1735 Beastyqt1311 Dendi1271 B2W.Neo743 summit1g673 XBOCT377 ArmadaUGS144 Trikslyr48 JuggernautJason33 ViBE20 Chillindude15 OptimusSC24 Organizations Other Games StarCraft 2 Other Games StarCraft 2 StarCraft: Brood War |
|
|
EPT
