Author Topic: Virus problem  (Read 4506 times)

0 Members and 1 Guest are viewing this topic.

Offline Sorunome

  • Fox Fox Fox Fox Fox Fox Fox!
  • Support Staff
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 7917
  • Rating: +373/-13
  • Derpy Hooves
    • View Profile
    • My website! (You might lose the game)
Virus problem
« on: August 03, 2012, 07:02:57 am »
First, I'm posting this for p2.
He can't post currently coz he got virus problems
Spoiler For original skype-conversation:
[12:34:09] p2: Ich hatte de bundestrojaner
hab dann mit CTRL+ALT+DEL ins Menü, und dann BenutzerWechseln

dann blieb alles hängen und ich hab notaus!
[12:34:20] p2: danach isch nixmehr gwese!
(lies sich normal anschalten und so
[12:34:42] p2: au keine neuen/verdächtigen prozesse im taskmanager!
[12:34:50] Sorunome: O.o
[12:35:14] p2: ich hab dem frieden nich getraut und jetzt mal nen bot gmacht, der ALLE prozesse aufli´stet, also selbst die versteckten vom system selber!
[12:35:22] p2: dan hatte ich dann die:
[12:36:25] p2: LifeTray.exe
LifeEnC2.exe
FABS.exe
SearchProtocollHost.exe
SearchFilterHost.exe
MouClient_FD2_1001RL.exe
WUDFHost.exe
[12:36:36] Sorunome: D:
[12:36:40] Sorunome: kp was die tuen
[12:36:45] Sorunome: sehen aber nicht nach systema us
[12:37:02] p2: ich hab dann alle mittels nem bot beendet!
[12:37:12] p2: aber der FABS.exe war immer wieder da!
[12:37:37] p2: ich hab des beenden von dem prozess als WWhile-scheife laufen lassen (mit adminrechten)
aber er ging nich weg!
[12:38:39] Sorunome: O.o
[12:38:41] p2: 5min später kam dann auch de Virenschutz und hat entdeckt:
C:\Users\daniel\AppData\Local\Temp\deo0_sar.exe
hat gsagt,m da ischn virus drin!
[12:38:47] p2: löschen unmöglich!
[12:38:54] Sorunome: das ist schlimm D:
[12:38:55] p2: ich habs dann manuell entgültig gelöscht!
[12:38:59] p2: war aber immernoch da!
[12:39:30] p2: also hab ich nen zweiten bot gmacht, der des ding per while-schleife und mit admin-rechten dauernd entgültig löschjt!
[12:39:42] p2: dann liefen also beide bots parallel
[12:40:12] p2: jetzt grad erst wars dann endlich rum!
de trojaner war zu angsam - programm gelöscht und prozess beendet! :D
[12:40:24] p2: ich lass die bots aber grad lieber doch noch weiterlaufen!
[12:40:49] p2: ich hab jetzt aufm anderen pc (laptop) nach anleitungen gsucht, den bundestrojaner zu entfernen!
[12:40:58] p2: und da hieses, ich soll in de registrry suchen!
[12:41:04] p2: http://board.raidrush.ws/showthread.php?t=807796
[12:41:19] p2: aber da war NIX!!
keine versächtigen sachen!
[12:41:35] p2: frag bitte mal, ob ich noch iwas machen soll, oder ober jetzt echt weg isch
[12:41:48] p2: (ich hab inet sofort ausgsteckt am pc - er is grad offline
[12:43:14] p2: schnelluntersuchung mit Kaspersky sagt, alles Ok!
ich lass grad vollständige untersuchung laufen!
[12:44:07] p2: WICHTIG:
ich hatte nen usb mit wichtigen daten eingsteckt, darf ich den weiterhin verwenden??
[12:34:09] p2: I got the 'bundestrojaner'
went with CTRL+ALT+DEL into the menu, klicked then change user

everything froze and so i took away energy supply!
[12:34:20] p2: then there was nothing!
(you could turn it on normaly etc.)
[12:34:42] p2: also no new suspicious tasks in taskmanager!
[12:34:50] Sorunome: O.o
[12:35:14] p2: i couldn't believe that it was finished so I made a bot, which lists all tasks, even those that are hidden from the system itself!
[12:35:22] p2: Then I had these tasks:
[12:36:25] p2: LifeTray.exe
LifeEnC2.exe
FABS.exe
SearchProtocollHost.exe
SearchFilterHost.exe
MouClient_FD2_1001RL.exe
WUDFHost.exe
[12:36:36] Sorunome: D:
[12:36:40] Sorunome: no idea what they do
[12:36:45] Sorunome: but they don't look like system tasks
[12:37:02] p2: I killed all via a bot!
[12:37:12] p2: but FABS.exe was always again and again there!
[12:37:37] p2: I killed that task in a while-loop (with admin rights)
But it didn't vanish!
[12:38:39] Sorunome: O.o
[12:38:41] p2: 5min later the virusscanner found:
C:\Users\daniel\AppData\Local\Temp\deo0_sar.exe
it said that there was a virus!
[12:38:47] p2: deleting impossible!
[12:38:54] Sorunome: that's bad D:
[12:38:55] p2: I deleted it manually completly!
[12:38:59] p2: was still there!
[12:39:30] p2: so i made a second bot that deleted that completley (with admin rights) in a while loop!
[12:39:42] p2: so both bots ran at the same time
[12:40:12] p2: finally it just finished!
the trojaner was to slow - programm deleted and task closed! :D
[12:40:24] p2: i'm still running the bots, i think it's better!
[12:40:49] p2: I searched now on a laptop for a instruction to remove the 'bundestrojaner'!
[12:40:58] p2: it sais, that I must search in the registry.
[12:41:04] p2: http://board.raidrush.ws/showthread.php?t=807796
[12:41:19] p2: but there was nothing, nothing suspicious!
[12:41:35] p2: please ask, if it is completely gone or if i still have to do something
[12:41:48] p2: (i unpluged lan as quick as possible of the pc - it is now offline)
[12:43:14] p2: quick investigation with Kaspersky said, everything Ok!
ATM I'm running a full invastigation!
[12:44:07] p2: IMPORTANT:
I had a USB-stick with important data plugged into the pc, may I still use it?

Attachment is the prozess list - remember that it was in a while-loop, and always at '[System Process]' it starts again

THE GAME
Also, check out my website
If OmnomIRC is screwed up, blame me!
Click here to give me an internet!

Offline p2

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 848
  • Rating: +51/-11
  • I'm back :)
    • View Profile
Re: Virus problem
« Reply #1 on: August 03, 2012, 07:10:34 am »
Computer: Windows 7
Anti-virus-program: Kaspersky Lab 2012

And that strange not-deletable program was only about 500KB!!




My question:
Is the virus really gone?
And can I use my flashdrive again? (I was using it while the virus appeared)



And thanx to Sorunome for posting it for me! :)
*insert supercool signature*

Offline DJ Omnimaga

  • Now active at https://codewalr.us
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55820
  • Rating: +3151/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • DJ Omnimaga Music
Re: Virus problem
« Reply #2 on: August 03, 2012, 09:50:47 am »
What antivirus do you use by the way, if any? I cannot help, though, as I haven't gotten a virus in a while. Sometimes, however, I just relied on system restore to get rid of viruses, and it happened to work. :P It might be leaving traces of viruses there, though, and some viruses actually destroys system restore points.
« Last Edit: August 03, 2012, 09:52:26 am by DJ_O »
In case you are wondering where I went, I left Omni back in 2015 to form CodeWalrus due to various reasons explained back then, but I stopped calc dev in 2016 and am now mostly active on the CW Discord server at https://discord.gg/cuZcfcF


Bandcamp|Reverbnation|Facebook|Youtube|Twitter

Offline Sorunome

  • Fox Fox Fox Fox Fox Fox Fox!
  • Support Staff
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 7917
  • Rating: +373/-13
  • Derpy Hooves
    • View Profile
    • My website! (You might lose the game)
Re: Virus problem
« Reply #3 on: August 03, 2012, 10:21:13 am »
Computer: Windows 7
Anti-virus-program: Kaspersky Lab 2012

And that strange not-deletable program was only about 500KB!!




My question:
Is the virus really gone?
And can I use my flashdrive again? (I was using it while the virus appeared)



And thanx to Sorunome for posting it for me! :)

THE GAME
Also, check out my website
If OmnomIRC is screwed up, blame me!
Click here to give me an internet!

Offline annoyingcalc

  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1950
  • Rating: +140/-72
  • Found in Eclipse.exe
    • View Profile
Re: Virus problem
« Reply #4 on: August 03, 2012, 01:25:29 pm »
I had that same virus while ago O.O except it had more files, I dont know how I got rid of it though.
This used to contain a signature.

Offline Scipi

  • Omni Kitten Meow~ =^ω^=
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1547
  • Rating: +192/-3
  • Meow :3
    • View Profile
    • ScipiSoftware
Re: Virus problem
« Reply #5 on: August 04, 2012, 07:13:19 am »
You could always boot into safe mode and check/recover your flashdrive there. Just make sure hidden and system folders are visible to see if any malicious content is there, as well as check the autorun file.

Imma Cat! =^_^= :3 (It's an emoticon now!)
Spoiler For Things I find interesting:
Spoiler For AI Programming:
Spoiler For Shameless advertising:

Spoiler For OldSig:





Spoiler For IMPORTANT NEWS!:
Late last night, Quebec was invaded by a group calling themselves, "Omnimaga". Not much is known about these mysterious people except that they all carried calculators of some kind and they all seemed to converge on one house in particular. Experts estimate that the combined power of their fabled calculators is greater than all the worlds super computers put together. The group seems to be holding out in the home of a certain DJ_O, who the Omnimagians claim to be their founder. Such power has put the world at a standstill with everyone waiting to see what the Omnimagians will do...

Wait... This just in, the Omnimagians have sent the UN a list of demands that must be met or else the world will be "submitted to the wrath of Netham45's Lobster Army". Such demands include >9001 crates of peanuts, sacrificial blue lobsters, and a wide assortment of cherry flavored items. With such computing power stored in the hands of such people, we can only hope these demands are met.

In the wake of these events, we can only ask, Why? Why do these people make these demands, what caused them to gather, and what are their future plans...

Offline p2

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 848
  • Rating: +51/-11
  • I'm back :)
    • View Profile
Re: Virus problem
« Reply #6 on: August 04, 2012, 02:03:29 pm »
Well, today I got to bring the computer away to repair.
The internet wasn't working normally anymore!
Only was online about 20% of the time!
I think the virus has destroyed some parts of the internet configuration.
I dont know how much repairing it will cost and how long it'll take! :(
You could always boot into safe mode and check/recover your flashdrive there. Just make sure hidden and system folders are visible to see if any malicious content is there, as well as check the autorun file.
How to make the system files on a flashdrive visible??
Is it also possible in normal mode?? (not in recovery-mode)

I only know how to make hidden files visible.

What antivirus do you use by the way, if any? I cannot help, though, as I haven't gotten a virus in a while. Sometimes, however, I just relied on system restore to get rid of viruses, and it happened to work. :P It might be leaving traces of viruses there, though, and some viruses actually destroys system restore points.
All our system restore points are saved on an external database, still 1TB free space for backups and sys restoring points. That external database was not connected to the computer when the virus appeared!
and my anti-virus-program is, as I already wrote, Kaspersky Lab 2012 ;)
*insert supercool signature*

Offline imo_inx

  • Manman, SaviourOfTheMultiverse!
  • LV6 Super Member (Next: 500)
  • ******
  • Posts: 473
  • Rating: +27/-8
  • imo_inx
    • View Profile
Re: Virus problem
« Reply #7 on: August 04, 2012, 04:29:14 pm »
I use AVG free antivirus and Microsoft's very own security essentials... I haven't got a virus since I was hacked a long time ago.


Offline p2

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 848
  • Rating: +51/-11
  • I'm back :)
    • View Profile
Re: Virus problem
« Reply #8 on: August 07, 2012, 08:42:41 am »
wow...
maybe I get that much viruses because I download many things... :P
*insert supercool signature*

Offline Nick

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1166
  • Rating: +161/-3
  • You just got omnom'd
    • View Profile
    • Nick Steen
Re: Virus problem
« Reply #9 on: August 07, 2012, 10:17:52 am »
did you already get it back? or is it still in repair?

and i only use AVG free too :) and i never got a virus in the last 2 years.. and the last one wasn't even a virus, it was just some malware that installed itself and blocked everything, but i got rid of that myself, so it wasn't really bad :)

Offline imo_inx

  • Manman, SaviourOfTheMultiverse!
  • LV6 Super Member (Next: 500)
  • ******
  • Posts: 473
  • Rating: +27/-8
  • imo_inx
    • View Profile
Re: Virus problem
« Reply #10 on: August 07, 2012, 03:41:16 pm »
wow...
maybe I get that much viruses because I download many things... :P

I probably download more... Does Opera have secuirity? Thats wut I use.
« Last Edit: August 07, 2012, 03:42:21 pm by iNk&Venom »


Offline willrandship

  • Omnimagus of the Multi-Base.
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2953
  • Rating: +98/-13
  • Insert sugar to begin programming subroutine.
    • View Profile
Re: Virus problem
« Reply #11 on: August 07, 2012, 04:03:59 pm »
No windows machine can last forever when it's attached to the internet :P

Venom, Opera would have some "Security" by not being a very mainstream browser, but you'd still be fully affected by any viruses coming through file downloads. Mostly you're just avoiding the terrible IE ones, though :P

Do you have any virus software?

for someone actually in a problem with their PC, I recommend installing and scanning with MalwareBytes Anti-Malware. The free version has all the good stuff, and it doesn't interfere with other software much. Don't expect any fancy features though. (I recommend it because it gets a LOT of stuff I've seen other scanners miss)

Oh, by the way, my favorite recommendation in this case is Linux.

Offline DJ Omnimaga

  • Now active at https://codewalr.us
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55820
  • Rating: +3151/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • DJ Omnimaga Music
Re: Virus problem
« Reply #12 on: August 07, 2012, 04:09:35 pm »
Don't trust Opera for security. The best way to avoid getting viruses is to make sure Google doesn't state that site could harm your computer and avoid downloading warez or rar/zip files in which it is not guaranteed you'll find what's supposed to be in there. Opera might be secure, but I'm fairly sure that like Mac OS, it only has fewer infections because it's not as popular. I use Opera, btw. An antivirus (preferably a free one) can be nice too, although don't trust those at 100% either.

Linux is another great solution.
In case you are wondering where I went, I left Omni back in 2015 to form CodeWalrus due to various reasons explained back then, but I stopped calc dev in 2016 and am now mostly active on the CW Discord server at https://discord.gg/cuZcfcF


Bandcamp|Reverbnation|Facebook|Youtube|Twitter

Offline p2

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 848
  • Rating: +51/-11
  • I'm back :)
    • View Profile
Re: Virus problem
« Reply #13 on: August 08, 2012, 01:42:45 am »
I always only use Firefox for downloading stuff!
Sometimes, for browsing, I use IE in Inprivate-mode (loading all my opened websites in firefox takes a while)

I know that downloading such files isn't good.
But I for example need all the helpfiles and examples for AutoIt 3 (codinglanguage)!
Already downloaded over 2000.html-files. (Didn't want to download them as .rar)
(I rare you, NEVER download over 2000 files on one day! I alreadyy make that mistake!)  :banghead:
But sometimes you only get the files whick you need as .rar or .zip or even as .7zip

I will soon have my own linux (an old Win98 will become my onw linux) :D
*insert supercool signature*

Offline p2

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 848
  • Rating: +51/-11
  • I'm back :)
    • View Profile
Re: Virus problem
« Reply #14 on: August 08, 2012, 01:52:12 am »
I bet I download more then you... I use Opera, does it have secuirity?

well, I am a massive downloader! ;)

+000275 files in download dir
+001981 AutoIt special helpfiles
+000391 normal AutoIt help files
+102238 files which I have in 1584 dirrefent filders on my desktop!
======================================================
=104885 downloaded files of which I remember

(I have NOT counted the files on all my flashdrives!) ;D


can you top this?
104k files! ;D


* p2 will create a 'massive downloader' userbar


*insert supercool signature*