EPTScForAll unsafe... - Page 4
| Forum Index > BW General |
|
aKshun
Australia18 Posts
| ||
|
ChaoSbringer
Australia1382 Posts
The item in your system tray (for me) that was running Total Security was a bunch of numbers like 19242163 or something like that. I know this isn't Artosis' fault, but I'm pretty annoyed about this, perhaps you guys should edit http://www.teamliquid.net/forum/viewmessage.php?topic_id=101582 telling people not to use the website untill it's fixed, because I went there to look at one of the tutorials, and then got infected. | ||
|
CongoJack
Canada417 Posts
| ||
|
Alphonsse
United States518 Posts
I got "total security 2009" there about 2 weeks ago. Had no idea it was from scforall till people brought it up in this thread. I wouldn't have pressed 'yes' to any download, but I do remember times when adobe reader would open unexpectedly. | ||
|
Patriot.dlk
Sweden5462 Posts
| ||
Liquid`Jinro
Sweden33719 Posts
 | ||
|
StalkerSC
Canada378 Posts
If I went to the site but didn't DL the fake adobe and the auto downloading shit..I shouldn't be infected right? Norton Antivirus is what I have, all up to date. | ||
|
Skeggaba
Korea (South)1556 Posts
| ||
|
aKshun
Australia18 Posts
If I went to the site but didn't DL the fake adobe and the auto downloading shit..I shouldn't be infected right? Norton Antivirus is what I have, all up to date. I believe you should be fine. Norton should have the signatures for the Pidief malware that was being delivered and they usually require some user input before your actually infected. Clean out your temporary internet files and cookies and if you like perform a scan with malwarebytes.org | ||
|
StalkerSC
Canada378 Posts
On September 28 2009 06:49 aKshun wrote: I believe you should be fine. Norton should have the signatures for the Pidief malware that was being delivered and they usually require some user input before your actually infected. Clean out your temporary internet files and cookies and if you like perform a scan with malwarebytes.org Thank you very much^^ | ||
|
d(O.o)a
Canada5066 Posts
 | ||
|
iSiN
United States1075 Posts
On September 27 2009 10:43 Manifesto7 wrote: I blame this on the LastShadow interview. roflmao wait is plexa going to close this thread now too you said his name mani! | ||
|
jimminy_kriket
Canada5476 Posts
| ||
|
LuckyFool
United States9015 Posts
nice ghost btw jim I see u've finally seen the light. | ||
|
Deleriux
10 Posts
| ||
|
jimminy_kriket
Canada5476 Posts
| ||
|
Empire
22 Posts
Anyways, here is the steps I did to get rid of it: 1. I yanked my power cord out of the PC to avoid windows saving the settings. Yes I know this is a bad taboo, but holding down the power button will cause windows to start saving settings. 2. Did a Last known good configuration reboot (F8 on startup). The last known good config still has the virus inside it, its just not fully installed yet. 3. Upon boot, immediately get a Task manager up and start looking as the processes as they load. One will load that is all Numbers (Like 1245783.exe) Immediately kill this process. Once this process is killed the virus will stop installing during this boot. From here you can proceed with removal 4. Malwarebytes (www.malwarebytes.org) is the software I used for removal. You also should do a Start---Run--MSconfig and remove the program from the startup tab just incase you lose power before malwarebytes finishes. Now, if you weren't able to get to the task manager fast enough and the virus installs, here are some steps to try and help: 1. Open up a command prompt and "Tasklist" This is the same screen as your task manager, but in a CLI format. If you can easily tell which program is hosting the virus, you can do a "Taskkill" command. I would format it like this: C:\taskkill /F /IM program1.exe /IM program2.exe /IM program3.exe This will allow you to kill all bad processes at once and will stop them from spawning more. Once all the viruses are stopped running, you can run Malwarebytes to remove the rest. I would also recommend using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix). The guide is pretty self explaintory Also, as people have mentioned, this virus does rape your host file. Unless you do some weird networking in your house, or you happen to get this virus on a work PC, I would just erase everything in the file and you should be good to go. Or, you can always just copy in the following from notepad: # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost I work on PCs for a living, but virus removal is NOT one of my best traits, but if anyone has questions I will try to answer them. This community is so large that there is most likely several people a lot more knowledgeable than me here to help as well. | ||
|
StorrZerg
United States13910 Posts
but i can't wait for it to get fixed so i can watch the interviews at wcg (so epic) | ||
|
Empire
22 Posts
| ||
|
StorrZerg
United States13910 Posts
On September 30 2009 22:10 Empire wrote: I just checked it and its off of Google's block and firefox lets me go to it just fine now. I am not sure if their root cause of the hacks was fixed, but atleast I can watch some of the WCG stuff they've loaded so far Hope so, but i'm waiting for a mod or someone to confirm that its safe lol | ||
| ||
