[g.s]

Im going nut's..

How do i get this **** nuked, for all eternity..

And what is responsible for this..

Merry Xmas..

[Wicked Klown]

Ok maybe I'm lost here. Why would you want to remove a website that isn't yours?

[g.s]

Its not the website

[SteveLord]

Your post still makes zero sense. If this is to somehow lead into a discussion about downloading YouTube videos, you must not have seen the thread from the other day that was locked for going there.

[Wicked Klown]

Is this what your talking about?

[Pinky]

Quote:

Originally Posted by Wicked Klown

Is this what your talking about?

Must be.

Combofix is snagging nearly everything right now, be sure to download it and run it in safe mode. Then run malwarebytes to pickup the leftovers. This 1-2 punch has been removing 99% of the viruses lately, and I've probably battled 50+ in the past month alone. I'm sick of the fakealerts that mark all the files as hidden (easily fixed with the "unhide" app circulating), then have to find and backup the temp folder the vorus moves the desktop and start menu shortcuts to, then finally start the removal that takes forever because most machines infected easily are running XP and are usually slower than ****. Ugh.

Although not the same as described above, I've only had one removal failure this month - a google redirect that was buried lord knows where. Ended up spending way too much time on it and moving on, but some of my last results of researching turned up some legacy virus scanners that will get some of the older redirect infections that I guess many compact scanners like combofix don't even check for.

[Mother Goose]

Quote:

Originally Posted by Pinky

Must be.

Combofix is snagging nearly everything right now, be sure to download it and run it in safe mode. Then run malwarebytes to pickup the leftovers. This 1-2 punch has been removing 99% of the viruses lately, and I've probably battled 50+ in the past month alone. I'm sick of the fakealerts that mark all the files as hidden (easily fixed with the "unhide" app circulating), then have to find and backup the temp folder the vorus moves the desktop and start menu shortcuts to, then finally start the removal that takes forever because most machines infected easily are running XP and are usually slower than ****. Ugh.

Although not the same as described above, I've only had one removal failure this month - a google redirect that was buried lord knows where. Ended up spending way too much time on it and moving on, but some of my last results of researching turned up some legacy virus scanners that will get some of the older redirect infections that I guess many compact scanners like combofix don't even check for.

Pinky, it sounds to me like you work in repair. Out of curiosity, what proportion of computers that you work on use windows vs. Unix vs. Mac?

[SteveLord]

Quote:

Originally Posted by Pinky

Must be.

Combofix is snagging nearly everything right now, be sure to download it and run it in safe mode. Then run malwarebytes to pickup the leftovers. This 1-2 punch has been removing 99% of the viruses lately, and I've probably battled 50+ in the past month alone. I'm sick of the fakealerts that mark all the files as hidden (easily fixed with the "unhide" app circulating), then have to find and backup the temp folder the vorus moves the desktop and start menu shortcuts to, then finally start the removal that takes forever because most machines infected easily are running XP and are usually slower than ****. Ugh.

Although not the same as described above, I've only had one removal failure this month - a google redirect that was buried lord knows where. Ended up spending way too much time on it and moving on, but some of my last results of researching turned up some legacy virus scanners that will get some of the older redirect infections that I guess many compact scanners like combofix don't even check for.

Thankfully, I've only dealt with a handful this year. Combofix, RKill, Mbam ftw.

Quote:

Originally Posted by Mother Goose

Pinky, it sounds to me like you work in repair. Out of curiosity, what proportion of computers that you work on use windows vs. Unix vs. Mac?

Rogue antivirus is the most popular today and predominantly Windows. There are just so many features that can be exploited to mimic actual programs or applications within Windows. Surged in the XP days and just adapts with every new OS Microsoft releases. Bypasses, disables, corrupts or deletes your antivirus with ease.

[Pinky]

Quote:

Originally Posted by Mother Goose

Pinky, it sounds to me like you work in repair. Out of curiosity, what proportion of computers that you work on use windows vs. Unix vs. Mac?

With regards to infections 100% Windows. We only support a handful of Macs and zero linux boxes (we have one linux web server at the office).

Quote:

Originally Posted by SteveLord

Rogue antivirus is the most popular today and predominantly Windows. There are just so many features that can be exploited to mimic actual programs or applications within Windows. Surged in the XP days and just adapts with every new OS Microsoft releases. Bypasses, disables, corrupts or deletes your antivirus with ease.

Sums it up well (by rogue antivirus I assume you mean fake alert malware, which claims to be something it isn't and provides false scan 'results').


A mod PM'd me asking if Combofix is really safe to recommend. It's a tough question, the install itself is smooth if you do as it says. The scanner hasn't had a single false detect in the 18 months I've been using it. It would seem safe, not sure how people could make things worse by using it. It's a fair question and worth mentioning.

[madhatter256]

Quote:

Originally Posted by Pinky

Must be.

Combofix is snagging nearly everything right now, be sure to download it and run it in safe mode. Then run malwarebytes to pickup the leftovers. This 1-2 punch has been removing 99% of the viruses lately, and I've probably battled 50+ in the past month alone. I'm sick of the fakealerts that mark all the files as hidden (easily fixed with the "unhide" app circulating), then have to find and backup the temp folder the vorus moves the desktop and start menu shortcuts to, then finally start the removal that takes forever because most machines infected easily are running XP and are usually slower than ****. Ugh.

Although not the same as described above, I've only had one removal failure this month - a google redirect that was buried lord knows where. Ended up spending way too much time on it and moving on, but some of my last results of researching turned up some legacy virus scanners that will get some of the older redirect infections that I guess many compact scanners like combofix don't even check for.

When I worked as a tech, 90% of my work involved removing such infections.

I had a nasty one that wouldn't go away either. Ended up because of a semi-legit program that was never picked up any of the scans that was letting this stuff get inside. Not even nod32 picked it up as the customer brought it back a month later after installing nod32. For a whole year this PC would come back.

I always used a cocktail of virus removals. I started with BitDefender rescue CD, ERD Commander scan tool (Win7 & Vista OS only), then I loaded up the PC, removed any antivirus installed on it (norton/mcafee/MSE) then ran a cocktail of combofix (first), malwarebytes and MSE/Avast. Worked 95% of the time. Well in many cases I never had to use ERD commander or combofix...

About combofix... delete all remnants of it AFTER it is finished doing its job. Do not keep in your PC as I've had infections come back from the quarantine folder combofix creates and combofix is easy to alter by rogue antivirus programs, so always download the latest version of it.

Towards the tail-end of my days as a technician, I started to see more rootkits in PC, even in the MBR.

Had to redo an entire RAID once.

[Pinky]

It's good advice to flush the quarantine of any anti virus app after you've confirmed the infection is gone and your applications are working.

Most malware now comes as some form of rootkit. Thankfully most removal software works at removing rootkits, but to varying degrees. Malwarebytes doesn't remove rootkits very well but does seem to grab all the registry settings, which is why I run combofix first and let Malwarebytes run second as cleanup. It's also not simply enough to remove the infected files, you need to remove the registry entries so I haven't seen the sense in running a bootable scan in years. Since they're rootkits they'll just come back at next startup when that registry key is accessed/run. Most bootable scanners don't mount the registry.

[RollingThunder]

Guys,

This is an excellent thread for those who have experienced this and for those who need help.
However, not everyone has access to General Discussion so let's move this to the Microsoft Operating Systems.

RT

[g.s]

Its gone................

Took me a few hours.........

Feel like a complete human being again..............

[Pinky]

Quote:

Originally Posted by g.s

Its gone................

Took me a few hours.........

Feel like a complete human being again..............

Any tips/tricks? Did it remove itself?

[g.s]

I dont know what i did, i did a lot of things...

removed all the suspicious files, and did a combofix, and a kaspersky cleaning..

[Mario1]

The redirect thing is done by the virus editing your host file.
P.S
90% of the time you can remove a virus by simply going to msconfig and checking the "Startup" tab, if it ain't there its either in %temp% or %appdata% (file/injector/file for persistence).

[g.s]

Yes, but i prefer to nuke em..

[Pinky]

Quote:

Originally Posted by Mario1

The redirect thing is done by the virus editing your host file.
P.S
90% of the time you can remove a virus by simply going to msconfig and checking the "Startup" tab, if it ain't there its either in %temp% or %appdata% (file/injector/file for persistence).

This should not be a definitive statement. I've encountered plenty of malware that fit neatly into neither "fix" as you would suggest. Things have progressed quite a bit since 2005 when that statement was true.

[Pinky]

Quote:

Originally Posted by g.s

I dont know what i did, i did a lot of things...

removed all the suspicious files, and did a combofix, and a kaspersky cleaning..

Okay, just wanted to know any magic in case I come across it. Battling Vista Antivirus 2012 now on a client's machine, what a bugger!

BTW, as a head's up - Norton's Power Scanner is actually decent, found things combofix did not.

[Mario1]

Quote:

Originally Posted by Pinky

This should not be a definitive statement. I've encountered plenty of malware that fit neatly into neither "fix" as you would suggest. Things have progressed quite a bit since 2005 when that statement was true.

I was in the crypter business until a few months ago (got my paypal closed, now I have to wait 180 days) and I don't see any big changes.
No idea if its the same thing on vb6/C# crypters, but VB .NET ones trend to save their persistence file in AppData or Temp, our made a process called wmpnetvk.exe in AppData and a randomly generated name for the injector.
RATs like D-C/BS/P-Y/CG (not giving exact names so I don't get a warning or something) are fairly easy to remove, since the process/service made has some dumb explanation next to it and is viewable in the "Startup" tab of msconfig.
Sure, advanced botnets & etc like AryaN are hard to remove, especially when they're scantime/runtime FUD, but then again - most of the guys who run botnets infect PCs with good DL/UL rates, since they mostly DDoS from them.
Payment systems have advanced within the years, lets take LibertyReserve as an example - you have to enter 1000 codes with the mouse, thus they aren't being logged if you're victim of a keylogger. So yeah anyways, its unlikely these days that you'll get any important data stolen off you, if you have any common sense, that is.