General Discussion => Technology and Development => Computer Usage and Setup Help => Topic started by: Sorunome on August 03, 2012, 07:02:57 am
Title: Virus problem
Post by: Sorunome on August 03, 2012, 07:02:57 am
First, I'm posting this for p2. He can't post currently coz he got virus problems
Spoiler For original skype-conversation:
[12:34:09] p2: Ich hatte de bundestrojaner hab dann mit CTRL+ALT+DEL ins Menü, und dann BenutzerWechseln
dann blieb alles hängen und ich hab notaus! [12:34:20] p2: danach isch nixmehr gwese! (lies sich normal anschalten und so [12:34:42] p2: au keine neuen/verdächtigen prozesse im taskmanager! [12:34:50] Sorunome: O.o [12:35:14] p2: ich hab dem frieden nich getraut und jetzt mal nen bot gmacht, der ALLE prozesse aufli´stet, also selbst die versteckten vom system selber! [12:35:22] p2: dan hatte ich dann die: [12:36:25] p2: LifeTray.exe LifeEnC2.exe FABS.exe SearchProtocollHost.exe SearchFilterHost.exe MouClient_FD2_1001RL.exe WUDFHost.exe [12:36:36] Sorunome: D: [12:36:40] Sorunome: kp was die tuen [12:36:45] Sorunome: sehen aber nicht nach systema us [12:37:02] p2: ich hab dann alle mittels nem bot beendet! [12:37:12] p2: aber der FABS.exe war immer wieder da! [12:37:37] p2: ich hab des beenden von dem prozess als WWhile-scheife laufen lassen (mit adminrechten) aber er ging nich weg! [12:38:39] Sorunome: O.o [12:38:41] p2: 5min später kam dann auch de Virenschutz und hat entdeckt: C:\Users\daniel\AppData\Local\Temp\deo0_sar.exe hat gsagt,m da ischn virus drin! [12:38:47] p2: löschen unmöglich! [12:38:54] Sorunome: das ist schlimm D: [12:38:55] p2: ich habs dann manuell entgültig gelöscht! [12:38:59] p2: war aber immernoch da! [12:39:30] p2: also hab ich nen zweiten bot gmacht, der des ding per while-schleife und mit admin-rechten dauernd entgültig löschjt! [12:39:42] p2: dann liefen also beide bots parallel [12:40:12] p2: jetzt grad erst wars dann endlich rum! de trojaner war zu angsam - programm gelöscht und prozess beendet! :D [12:40:24] p2: ich lass die bots aber grad lieber doch noch weiterlaufen! [12:40:49] p2: ich hab jetzt aufm anderen pc (laptop) nach anleitungen gsucht, den bundestrojaner zu entfernen! [12:40:58] p2: und da hieses, ich soll in de registrry suchen! [12:41:04] p2: http://board.raidrush.ws/showthread.php?t=807796 [12:41:19] p2: aber da war NIX!! keine versächtigen sachen! [12:41:35] p2: frag bitte mal, ob ich noch iwas machen soll, oder ober jetzt echt weg isch [12:41:48] p2: (ich hab inet sofort ausgsteckt am pc - er is grad offline [12:43:14] p2: schnelluntersuchung mit Kaspersky sagt, alles Ok! ich lass grad vollständige untersuchung laufen! [12:44:07] p2: WICHTIG: ich hatte nen usb mit wichtigen daten eingsteckt, darf ich den weiterhin verwenden??
[12:34:09] p2: I got the 'bundestrojaner' went with CTRL+ALT+DEL into the menu, klicked then change user
everything froze and so i took away energy supply! [12:34:20] p2: then there was nothing! (you could turn it on normaly etc.) [12:34:42] p2: also no new suspicious tasks in taskmanager! [12:34:50] Sorunome: O.o [12:35:14] p2: i couldn't believe that it was finished so I made a bot, which lists all tasks, even those that are hidden from the system itself! [12:35:22] p2: Then I had these tasks: [12:36:25] p2: LifeTray.exe LifeEnC2.exe FABS.exe SearchProtocollHost.exe SearchFilterHost.exe MouClient_FD2_1001RL.exe WUDFHost.exe [12:36:36] Sorunome: D: [12:36:40] Sorunome: no idea what they do [12:36:45] Sorunome: but they don't look like system tasks [12:37:02] p2: I killed all via a bot! [12:37:12] p2: but FABS.exe was always again and again there! [12:37:37] p2: I killed that task in a while-loop (with admin rights) But it didn't vanish! [12:38:39] Sorunome: O.o [12:38:41] p2: 5min later the virusscanner found: C:\Users\daniel\AppData\Local\Temp\deo0_sar.exe it said that there was a virus! [12:38:47] p2: deleting impossible! [12:38:54] Sorunome: that's bad D: [12:38:55] p2: I deleted it manually completly! [12:38:59] p2: was still there! [12:39:30] p2: so i made a second bot that deleted that completley (with admin rights) in a while loop! [12:39:42] p2: so both bots ran at the same time [12:40:12] p2: finally it just finished! the trojaner was to slow - programm deleted and task closed! :D [12:40:24] p2: i'm still running the bots, i think it's better! [12:40:49] p2: I searched now on a laptop for a instruction to remove the 'bundestrojaner'! [12:40:58] p2: it sais, that I must search in the registry. [12:41:04] p2: http://board.raidrush.ws/showthread.php?t=807796 [12:41:19] p2: but there was nothing, nothing suspicious! [12:41:35] p2: please ask, if it is completely gone or if i still have to do something [12:41:48] p2: (i unpluged lan as quick as possible of the pc - it is now offline) [12:43:14] p2: quick investigation with Kaspersky said, everything Ok! ATM I'm running a full invastigation! [12:44:07] p2: IMPORTANT: I had a USB-stick with important data plugged into the pc, may I still use it?
Attachment is the prozess list - remember that it was in a while-loop, and always at '[System Process]' it starts again
Title: Re: Virus problem
Post by: p2 on August 03, 2012, 07:10:34 am
Computer: Windows 7 Anti-virus-program: Kaspersky Lab 2012
And that strange not-deletable program was only about 500KB!!
My question: Is the virus really gone? And can I use my flashdrive again? (I was using it while the virus appeared)
And thanx to Sorunome for posting it for me! :)
Title: Re: Virus problem
Post by: DJ Omnimaga on August 03, 2012, 09:50:47 am
What antivirus do you use by the way, if any? I cannot help, though, as I haven't gotten a virus in a while. Sometimes, however, I just relied on system restore to get rid of viruses, and it happened to work. :P It might be leaving traces of viruses there, though, and some viruses actually destroys system restore points.
Title: Re: Virus problem
Post by: Sorunome on August 03, 2012, 10:21:13 am
Computer: Windows 7 Anti-virus-program: Kaspersky Lab 2012
And that strange not-deletable program was only about 500KB!!
My question: Is the virus really gone? And can I use my flashdrive again? (I was using it while the virus appeared)
And thanx to Sorunome for posting it for me! :)
Title: Re: Virus problem
Post by: annoyingcalc on August 03, 2012, 01:25:29 pm
I had that same virus while ago O.O except it had more files, I dont know how I got rid of it though.
Title: Re: Virus problem
Post by: Scipi on August 04, 2012, 07:13:19 am
You could always boot into safe mode and check/recover your flashdrive there. Just make sure hidden and system folders are visible to see if any malicious content is there, as well as check the autorun file.
Title: Re: Virus problem
Post by: p2 on August 04, 2012, 02:03:29 pm
Well, today I got to bring the computer away to repair. The internet wasn't working normally anymore! Only was online about 20% of the time! I think the virus has destroyed some parts of the internet configuration. I dont know how much repairing it will cost and how long it'll take! :(
You could always boot into safe mode and check/recover your flashdrive there. Just make sure hidden and system folders are visible to see if any malicious content is there, as well as check the autorun file.
How to make the system files on a flashdrive visible?? Is it also possible in normal mode?? (not in recovery-mode)
What antivirus do you use by the way, if any? I cannot help, though, as I haven't gotten a virus in a while. Sometimes, however, I just relied on system restore to get rid of viruses, and it happened to work. :P It might be leaving traces of viruses there, though, and some viruses actually destroys system restore points.
All our system restore points are saved on an external database, still 1TB free space for backups and sys restoring points. That external database was not connected to the computer when the virus appeared! and my anti-virus-program is, as I already wrote, Kaspersky Lab 2012 ;)
Title: Re: Virus problem
Post by: imo_inx on August 04, 2012, 04:29:14 pm
I use AVG free antivirus and Microsoft's very own security essentials... I haven't got a virus since I was hacked a long time ago.
Title: Re: Virus problem
Post by: p2 on August 07, 2012, 08:42:41 am
wow... maybe I get that much viruses because I download many things... :P
Title: Re: Virus problem
Post by: Nick on August 07, 2012, 10:17:52 am
did you already get it back? or is it still in repair?
and i only use AVG free too :) and i never got a virus in the last 2 years.. and the last one wasn't even a virus, it was just some malware that installed itself and blocked everything, but i got rid of that myself, so it wasn't really bad :)
Title: Re: Virus problem
Post by: imo_inx on August 07, 2012, 03:41:16 pm
wow... maybe I get that much viruses because I download many things... :P
I probably download more... Does Opera have secuirity? Thats wut I use.
Title: Re: Virus problem
Post by: willrandship on August 07, 2012, 04:03:59 pm
No windows machine can last forever when it's attached to the internet :P
Venom, Opera would have some "Security" by not being a very mainstream browser, but you'd still be fully affected by any viruses coming through file downloads. Mostly you're just avoiding the terrible IE ones, though :P
Do you have any virus software?
for someone actually in a problem with their PC, I recommend installing and scanning with MalwareBytes Anti-Malware. The free version has all the good stuff, and it doesn't interfere with other software much. Don't expect any fancy features though. (I recommend it because it gets a LOT of stuff I've seen other scanners miss)
Oh, by the way, my favorite recommendation in this case is Linux.
Title: Re: Virus problem
Post by: DJ Omnimaga on August 07, 2012, 04:09:35 pm
Don't trust Opera for security. The best way to avoid getting viruses is to make sure Google doesn't state that site could harm your computer and avoid downloading warez or rar/zip files in which it is not guaranteed you'll find what's supposed to be in there. Opera might be secure, but I'm fairly sure that like Mac OS, it only has fewer infections because it's not as popular. I use Opera, btw. An antivirus (preferably a free one) can be nice too, although don't trust those at 100% either.
Linux is another great solution.
Title: Re: Virus problem
Post by: p2 on August 08, 2012, 01:42:45 am
I always only use Firefox for downloading stuff! Sometimes, for browsing, I use IE in Inprivate-mode (loading all my opened websites in firefox takes a while)
I know that downloading such files isn't good. But I for example need all the helpfiles and examples for AutoIt 3 (codinglanguage)! Already downloaded over 2000.html-files. (Didn't want to download them as .rar) (I rare you, NEVER download over 2000 files on one day! I alreadyy make that mistake!) :banghead: But sometimes you only get the files whick you need as .rar or .zip or even as .7zip
I will soon have my own linux (an old Win98 will become my onw linux) :D
Title: Re: Virus problem
Post by: p2 on August 08, 2012, 01:52:12 am
I bet I download more then you... I use Opera, does it have secuirity?
well, I am a massive downloader! ;)
+000275 files in download dir +001981 AutoIt special helpfiles +000391 normal AutoIt help files +102238 files which I have in 1584 dirrefent filders on my desktop! ====================================================== =104885 downloaded files of which I remember
(I have NOT counted the files on all my flashdrives!) ;D
can you top this? 104k files! ;D
/me will create a 'massive downloader' userbar
Title: Re: Virus problem
Post by: Scipi on August 08, 2012, 02:26:31 am
Quote
can you top this? 104k files!
I removed 80 GB worth if files from my computer last month to free up memory... Two weeks later I cap the hard drive capacity again. :P
Don't know how that translates by worth of files, but...
Title: Re: Virus problem
Post by: p2 on August 08, 2012, 02:31:58 am
... *.*
Title: Re: Virus problem
Post by: p2 on August 12, 2012, 01:41:44 pm
two days ago, I got the computer back! together with the warning that the virus came from Softonic Downloader i still wasn't able to delete that program - I can't find it! .____. (I'm now using that computer - read my post "internet problem")
Title: Re: Virus problem
Post by: ben_g on August 12, 2012, 06:51:45 pm
to reduce the chance of getting virusses in the future, it's best to always save files you download, and then check if the extension can be harmless. Also pay attention to files with double extensions, like "help.txt.exe". To not get fooled by this, make sure you have configured windows to show the file extensions, and also make sure that the file type that windows recougnizes matches the extension. Almost everything that has a double extension that ends with .exe, .jar, or any other executable file extension are virusses. Also, sometimes what you download isn't what you wanted to download. Always check the name and the icon too see if you're not downloading something else. And finally, don't trust 'installer' programs that should install only a single file. For example an installer program that should install a readme file. And last but not least: Try to use only legal and preferably popular software. If you download google crome from the official google website, you won't get a virus, but if you want to download a cracked copy of minecraft, you might. And if there's no other popular or legal version, then keep task manager running while opening it, and if it behaves unexpectadely, close it as soon as possible, and do a virus scan afterwards.
If you follow what I typed above, you get considerably less virusses.
Title: Re: Virus problem
Post by: Snake X on August 12, 2012, 09:02:31 pm
ii have avast free edition it was able to pick up anything that came from the internet in real time before it does anything, a pretty good program id say.
Title: Re: Virus problem
Post by: p2 on August 13, 2012, 06:46:03 am
to reduce the chance of getting virusses in the future, it's best to always save files you download, and then check if the extension can be harmless. Also pay attention to files with double extensions, like "help.txt.exe". To not get fooled by this, make sure you have configured windows to show the file extensions, and also make sure that the file type that windows recougnizes matches the extension. Almost everything that has a double extension that ends with .exe, .jar, or any other executable file extension are virusses. Also, sometimes what you download isn't what you wanted to download. Always check the name and the icon too see if you're not downloading something else. And finally, don't trust 'installer' programs that should install only a single file. For example an installer program that should install a readme file. And last but not least: Try to use only legal and preferably popular software. If you download google crome from the official google website, you won't get a virus, but if you want to download a cracked copy of minecraft, you might. And if there's no other popular or legal version, then keep task manager running while opening it, and if it behaves unexpectadely, close it as soon as possible, and do a virus scan afterwards.
If you follow what I typed above, you get considerably less virusses.
I always only use cracked version which I got of friends, using them too! And I NEVER trust downloaders! Who needs to download a program that downloads the program you wanted to download??
Everytime I get a .jaf rile, I first open it with 7zip and check every single file inside! ;)
ii have avast free edition it was able to pick up anything that came from the internet in real time before it does anything, a pretty good program id say.
It always worked fine with Kaspersky! I don't think I'm gonna change the avp!