New Malware Virus

[Jaz]

If this is Sticky Appropriate can you please make it cupe

Its been very common lately so i thought id post up some details n help

ok so a quick jist on what is happening/happened, in the past 5 days, my laptop, my girlfriend's,my sisters, and my mothers laptops have all got the same virus from unknown locations,just generally browsing the net and we all are using different anti Virus software and none of our programs picked it up....Its a Bastard and if treated wrong IT WILL FUCK YOU UP!

Me being reasonably tech savvy treated it early, my mother being internet Paranoid told me as soon as it happened, although my Internet and computer ignorant girlfriend and sister weren't so lucky loosing Many Many files, most noticeable about 3 Gig of music between them

What It Does

: It will download itself onto your computer without you accepting or knowing anything

:Disables your anti-virus softwares ability to scan and find this virus, also disabled its ability to update

:Starts its own "ghost" virus program pretending to be a genuine program,it looks very very real/genuine and convincing, the only thing that was suss was obviously that i'd never seen it before and it had no name (it fooled my girlfriend and sister), starts scanning your computer and Encrypting every file it comes across (Click stop ASAP,be warned it will restart scanning every 5 minutes) if you do not stop it it will mark every file in your C drive to be deleted,it then brings up a pop up window asking "Do you want to Delete your viruses" if you click yes, say goodbye to your C drive. (the later you stop it the more files have been marked, but as long as you dont click yes, nothing will be deleted)

:Changes all your proxy server settings and IP settings stopping you from accessing the internet (easily fixable but then...)

:Encrypts your Temporary internet files like cookies and history with a tiny virus file that will be found by your virus program and automatically disables you from using the internet and anyway of searching how to kill this bastard or downloading software to do so, For instance...you go to visit google that will be added to your history like a normal search, but as soon as it does this virus adds a small attachment file to that history file and then all you will get is a "Page Cannot be accessed at this time" message

:Makes your Firewall think something is terribly wrong (well there is) and pop up windows asking you questions like "File TDS:-1 has been infected, do you want to block this file from being executed" just say no

:Programs that access the internet will open but there aspects that use the internet wont work

:So you can still use Basics such as Microsoft word but after this you really have nothing left to do but shut down before this

unfortunately i was to busy fighting this Cu** to take any screen shots but if you happen to get it let me know ASAP and i will walk you threw how to get rid of it permanently, ill let you know in advance you may need to be reasonably Tech Savvy as it involves a bit of Safe Mod Modding

[DJ_Raptor]

Thats extremely common. I have clients with that issue almost every day. Easy to remove but its a real nasty little thing.

Theres actually a few really bad rootkits too which do a lot less damage but So far none of the normal tools have been able to get rid of it.

Were you able to remove the infections? do you need any assistance?

[Jaz]

Got into Safe Mode without networking so i had no internet, the Virus was still running although the firewall had stopped all its hassles

got a few old but good (windows 2000 era) maleware killing programs off a floppy drive onto my desktop, then onto a USB drive so i could put them onto my computer, about a week ago i had made a ghost of my whole computer so i used the programs then loaded the ghost hard drive which essentially gives me the hard drive that i had a week ago...thus having no virus or infections or anything

the other laptops didnt have this luxury that i had, the 5-6 programs got rid of almost everything, a few temp files like for instance 3 files in the Mozilla downloads folder have something attatched and refuse to be deleted...but so far are causing to problems...and thats all ive found so far on my girlfriends,sisters, and mothers laptops

[CBG]

my nate was pissed once and i got on my pc to do the ol look for fuckd up porn gig. before long it had a virus of the above description.

its a gd one, multi dimensionaly fucks ur pc. i couldnt beat.

so i just did a system restore from the previous day n it was gone . gotta love system restore!!

[Jaz]

multi dimensionaly fucks ur pc.

exactly why its such a hassle, doesnt just do 1 thing like most do

you got lucky with the system restore thing i think, if these virus makers are smart enough to make a gang bang virus you'd think the system restore would be the 1st thing they would think of

[pulsebeat]

does this effect macs???

if no im sweet

:afro:

[Jaz]

Id say not, unless they have written the code for 2 systems, macs are usually pretty good with not getting viruses from what i hear

[DJ_Raptor]

Got into Safe Mode without networking so i had no internet, the Virus was still running although the firewall had stopped all its hassles

got a few old but good (windows 2000 era) maleware killing programs off a floppy drive onto my desktop, then onto a USB drive so i could put them onto my computer, about a week ago i had made a ghost of my whole computer so i used the programs then loaded the ghost hard drive which essentially gives me the hard drive that i had a week ago...thus having no virus or infections or anything

the other laptops didnt have this luxury that i had, the 5-6 programs got rid of almost everything, a few temp files like for instance 3 files in the Mozilla downloads folder have something attatched and refuse to be deleted...but so far are causing to problems...and thats all ive found so far on my girlfriends,sisters, and mothers laptops

Hey mate,

im very interested to know what programs you used to try and get rid of the virus?

[pulsebeat]

yeah ive never gotten a virus and all i have is a free virus anti protector so yeah i like macs for that reason

[Jaz]

Hey mate,

im very interested to know what programs you used to try and get rid of the virus?

Malwarebytes worked the best and found the most shit, had to use a very old version as the internet was disabled so i couldnt get a new 1, but its been available on windows 2000 to XP, ME , 7 etc

emsisoft Anti-maleware was another good 1

Security tools is the last 1 i can remember the name of, not a scanner program like the rest, its a manual program that searches for files with a date attatchment which was great for the temp internet files as they all had dates attatched, just type in the date 3 or so days before the virus showed up and it will bring up all the files that have been added since

then you gotta go threw manually and find specific corruptions or attachments, had only used it once more before and its a hassle but i did pick up 2-3 things the other missed

hope that helps

[DJ_Raptor]

Best tool to use apart from malwarebytes and often much much better is Combofix. if it cant help you, your stuffed

Try it... make sure you download it from bleepingcomputer NOT combofix.org. its an amazing program.

[Jaz]

Will give it a go next time something slips in

[Gandy]

firefox with noscript and adblock plus

or use a mac

basically this expliots IE and yea goes to town by auto installing and doing everything djaz posted. I had this happen to me last year going to a game site which had infecected ad servers and auto injected into ie and fucked me sideways till i removed it in safe mode. Be sure to uncheck proxy settings otherwise you will have no internet because 9/10 home users dont use proxies

no script stops scripts on every page you visit unless you specifically allow it, scripts are a good way to exploit a vulnerability in a web browser to pick up a "drive by" virus like this

adblock plus blocks every ad on any site you visit, thus preventing infected ads on a site you visit infecting you, of course turn it off when on ADJF

the reason these are so prevelent on PC's is because even with vista/7 "are you sure you want to install this" notifications, at the very root of the OS you dont need to give permission to install this

wheras on a mac, you will notice every single thing you try to install prompts you to put in your password, so if these were to target mac OS as soon as it would try to install your mac would ask you for your password and you would know something suss is up

hope this helps

[Gandy]

also forgot to add to keep virus scanning this for up to a month later (should be scanning at least weekly anyway, even with on-acess scanning enabled) (on my pc i set my antivirus to update then scan at 3am every morning, i use Microsoft Security Essentials) as this can linger if you dont fully remove it the first time

also keep your os up to date with windows update, again i have this set to auto check at 1am every morning

[BeatLeSS]

Malware bytes is pretty powerful. Gets rid of most of those fake anti-virus ones.

Hijack this is a good way to keep an eye on whats happening also.

If i know i've got a virus though - backup + factory restore here.

Aint nothing a good ole format can't fix!

There's no place like 127.0.0.1

[Gandy]

beatless you massive geek

[DJ_Raptor]

Also know that the virus that everyone is talking about is also primarily spread via email. thats where most of my clients get it from.

Poor things.... they actually give their credit cards to the virus creators.... when will they learn!

[Jaz]

LOL thats like the nigerian Scam artists, how do people fall for that shit....shit like

"Hi im a nigerian prince, if you give me 10,000 to escape my country i can bring you many riches from my country"

not even kidding thats how bad they are

1 of the best scams ive seen is threw car sales/bike sales

people cantact you and say they can only pay via paypal and ask you to register at www.ipaypal.com....notive the "i" making it a fake paypal, then you register your bank details and they could easily take your money and be done, but thats not enough, they actuallly pay you for your car, come pick it up, then take all your money as well so you're left without any money and no car LOL

2 dumbass's on my motorcycle forum have lost alot of money and their bikes threw that scam

[eggssell]

oh no so this deal i made with the rightful nigerian prince who will give let me keep 2% of the cash i allow him to transfer into my account isnt real!!!!!

[Jaz]

Sadly no eggs. sorry mate

[Cupe]

fuck i hate dog ass scammer cunts

why the fuck haven't we cut off nigerians internet yet fuck sake

[Jaz]

i was suprised to hear they have internet

[eggssell]

oh man you'd be surprised how good other countries internets are.

i was at koh samui in thailand. and the place didnt have enuff infrastructure to have sewerage and gutters everywhere. yet at the place i stayed, from anywhere on the resort (including at the pool) you could get wifi internet faster than anywhere in sydney!

[Gandy]

sucks how aus internet is about 10 yrs behind the speed of anywhere else in the world (ok being over dramatic) but imagine how much porn you could download with a t3 connection

[Jaz]

speaking of fucking internet, my Bigpond is suddenly running at dial up speed, have even tested it and its now dial up speed, ive only used 14% of my cap, fuck i hate telstra!

they randomly do shit like this all the time

took me 10 mins just to get on ADJF and get to this thread