Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

What virus is this?

Status
Not open for further replies.
GlenJohnson

GlenJohnson

MIS
Aug 2, 2001
5,203
US
Started working on what I thought was Antivirus 2009, using instructions from which told me to use Spyware Doctor, which wouldn't run. Then I had popups from Antivirus 360, so I ended up using Malware Bytes. That ran, but only after I renamed the .exe to .pif. I could not update the program, even in safe mode running as admin. Everytime I run it, I find Trojan.Vundo, Trojan.FakeAlert and Trojan.Agent. (The first time I found over 400 entries, a lot of which were just adware.) I've installed Vundo Fix after I ran Malware Bytes, and it couldn't find vundo again, which was good, but I still can't update Malware. I installed AVG, but I can't update that either. I've run CCCleaner, which found a ton of stuff, and that cleaned that out. Anybody have thoughts? I've tried to run Spybot and Super Spyware, but they won't install. (Everything I've installed had to be burned to a disk on another pc and installed that way.) FYI, this is a friends machine. She gave it to me, her husband and she told me they had tons of pop-ups with explicit sex ads, and they weren't lying. I've got rid of the pop-ups mostly, but every now and then one will pop up. Plus, I get this annoying svchost.exe error, can't read the memory. Any ideas before I f-disk this beast? Thanks.
 
Sort by date Sort by votes
Glen, had something similar happen to me, although my scans did not turn up VUNDO, they did find a Trojan (can't remember the name), on both my Work PC (which I totally nuked and rebuild) and my home system (happened 2 weeks after my work PC died and no file transfer between the two)...

I fixed the Home PC over the NETWORK, attached a second PC which was running/installed COMODO Internet Security (firewall only and set totally restricted so that it would pop up if something tried to install etc.), MBAM, SpyBot, AntiTrojan and TrojanHunter, Avira AV, GMER and a few Rootkit detectors, then I went to the infected PC and shared all the partitions with full access, and began the scan with the non infected PC, and it sure did find the nasties and eradicated it on the Home system...

BUT seeing that your friends PC was infected by a lot of stuff, I would go ahead and NUKE the drive and start over... I would not just format the drive but over write each sector, there are nasties out there that hide in the unused space (slack space) of files and through a fluke could become active again...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

How to ask a question, when posting them to a professional forum.
 
Upvote 0 Downvote
there are nasties out there that hide in the unused space (slack space) of files and through a fluke could become active again..."

Can you prove or point me to a link where this is possible. Without a FAT (after a format) that holds information about one of those files in the slack space, how can it do anything???
 
Upvote 0 Downvote
goombawaho - When you format a drive, it only deletes the links in the DIRECTORY tables, thus any thing that is written on the drive is actually still there... That is also the reason why lots of software can still access those files, e.g. GetDataBack...

That reason why I said FLUKE, is that the Trojan that hit me, would infect EXE files... it became active as soon as explorer opened a directory with an infected exe file...

The one that got me was a variant of W32/Virut.Gen, instead of it trying to hook up to Poland it actually tried to call home to China (IP 61.x.x.x)...

Links:

FragFS: An Advanced Data Hiding Technique

New MacOS and Linux virus found in the wild

Information Security Management Handbook

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

How to ask a question, when posting them to a professional forum.
 
Upvote 0 Downvote
I guess my thought is - what chance is there that the file would "not be written over" during the windows reinstall process. I guess it's possible but not likely.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
281
Oorde
Oorde
2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
234
2ffat
2ffat
Henry Pence
  • Locked
  • Question
Is Norton Antivirus Necessary?
Replies
2
Views
203
Henry Pence
Henry Pence
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
477
ChrisHirst
ChrisHirst
andyv2011
  • Locked
  • Question
Looking at Virus Actions
Replies
0
Views
120
andyv2011
andyv2011

Part and Inventory Search

Sponsor

Back
Top