pouët.net

Asshole virus

category: general [glöplog]

Who is the motherfucker who would build this and be proud of?

Anyways. I can't trust anything now. Listen to me, I had a virus or spyware that showed windows saying that my computer is infected and I had to go to their page. It changed also my background, didn't let me enter the task manager or desktop properties or anything and displayed a "VIRUS ALERT" down right near the clock.

Usually I don't take the solution of format but try to delete what could be the virus and of course searching with some programms and removing from registry but sometimes this is not enough. Because as you erase things, new things are born. But this time I formated again the C.

And when I formatted I thought that it would be all gone. But there it is again. At first I thought the reason: "when it happened it was after I installed a pirated version of Ad-aware. Maybe this pirated version was a trap with also a virus included". After the format I reinstalled the same one again. And got my explorer popping windows and stuff and then the desktop changing with the virus alert.

I couldn't understand? I have formatted C and reinstalled everything from the beginning, never touched or ran anything from D or E hdisks. So I thought it was the pirated version having a trojan or virus trap.

So I formatteed for 2nd time and never touched that antivirus again. Sometimes I get some things that tell me there might be still a virus or once google.com opened another advertisement page and said "WTF!!! I formatted everything, didn't installed the pirated software this time or anything else pirated, just installed the driver CD for my motherboard and internet (which is commercial CD, not copy, not pirated, used for years without any of this), installed commercial versions of firefox, this time after the incident installed commercial trial versions of Ad-Aware, AVG, Spybot, Hijack This, search all my drives for virii (I found some trojans in zipped files of demos or emuls but deleted this, and never touched them before).

Ok, now it didn't appear again. But I am not sure..

..and my question is what could it be. What could it be that even after totally formatting my hdisk and reinstalling windows, it could appear. Of course it appeared when I installed the internet and browsed something, but that something was pouet, google, firefox, winrar, winamp sites for getting the official progs I need. I didn't went to something suspisious. wtf?

1) Could my brother's computer has the same virus and travelling through the network? But it's fine, no problems like me, and also closed when I reformated everything.

2) Could it be in the boot sector? How can I be sure about the boot sector. If I format the disk, does it also erase the boot sector? Am I fine with a simple (not quick) format?

3) What could it be lurking in my PC that even after formatting the hdisk to reappear so soon?

0) I have a theory. Someone is watching me. They are angry about my anti-hacker articles in my blog or something.

000) Are there good maybe freeware programs for antivirus and antispyware that you could suggest. Except the ones I mentioned?
added on the 2008-10-05 16:03:48 by Optimus Optimus
antivir from
www.free-av.de
added on the 2008-10-05 16:09:27 by ara ara
Optimus, if it's still there after reboot it might be a rootkit, I'd suggest you to try rewriting MBR or the boot sector, if it can't write saying some lame error has occured then it indeed is a rootkit. Also, in such a case GMER might be helpful too, though it might be hard to use the tool if you haven't used it before.
added on the 2008-10-05 16:14:41 by decipher decipher
reboot = reformatting... Sorry, kinda sleepy.
added on the 2008-10-05 16:15:05 by decipher decipher
optimus, this sounds like an autorun.inf virus. It replicates itself in all hard drives, network drives and removable storage drives, and the moment your system tries to access the drive, it releases the payload.
added on the 2008-10-05 16:24:43 by aMUSiC aMUSiC
@Optimus: I'm sorry to hear that dude. We, sceners should not be interrupted by stupid viruses but shit happens.

I'm using Avast for a long time (home edition - free version) and I didn't have any virus problems for many years. But I'm not telling you that Avast is the best AV protection application. It's just what I use and it works for me.
added on the 2008-10-05 16:25:18 by Skate Skate
Download Hiren's BootCD with the latest virus definitions included. Scan your HDs, reinstall the bootsectors. According to my experiences, that will do it.
added on the 2008-10-05 16:32:57 by Jailbird Jailbird
Well, thank you! That is more helpfull than I thought. I have two-three good reasons of why this happened and some tools to try this night.
added on the 2008-10-05 18:49:35 by Optimus Optimus
Quote:
We, sceners should not be interrupted by stupid viruses but shit happens.

What?
added on the 2008-10-05 18:53:27 by ilmarque ilmarque
for asshole virus, use this :
BB Image
added on the 2008-10-05 18:59:39 by Tigrou Tigrou
I dropped windows almost entirely after a previous dealing with a virus at my parents' house, just after the pouet.net virus incident. The windows ecosystem is in my mind completely fucked up.
added on the 2008-10-05 19:02:39 by _-_-__ _-_-__
Quote:
1) Could my brother's computer has the same virus and travelling through the network? But it's fine, no problems like me, and also closed when I reformated everything.


Yes, viruses can spread through networks, also usb keys/external drives, flash cards, etc.. everything that got a FS and eventually some PE to infect.

Quote:
2) Could it be in the boot sector? How can I be sure about the boot sector. If I format the disk, does it also erase the boot sector? Am I fine with a simple (not quick) format?


Yes it could be. You can be sure by fixing the MBR, also using fixing tools designed for low level viruses (the trick is to find the threat name/version), if you 'format your harddrive' (in fact formatting a partition at a time, only) it doesn't erase the boot sector, it doesn't EVEN erase the disk most of the time it just says to the block array "ok consider every block as free from now", also formatting is telling a bunch of blocks that they're now rather m$ than linux, it is NOT, NEVER been and NEVER will be erasing data from HDD. In the case of a MBR infection no, formatting doesn't simply do it. The thing is, most of MBR based viruses are just writting an address to a partition into the MBR because its too small to contain a high-level virus, while booting it runs the virus at the specified address, if after erasing data and such its still there, there is probably more infection bootcamp.

Quote:
3) What could it be lurking in my PC that even after formatting the hdisk to reappear so soon?


You suggested right imho, a MBR infector or something that infected every thing in your LAN, including your other computers, usb keys etc..everything writable, it may also be a big big flaw in your OS security scheme (i.e. not patching your windows against lovesan during the strike), but there is no wide OS-based infection at the moment about a big flaw, it is usually about the user stupidity/lack of awareness or bad luck.

Quote:
0) I have a theory. Someone is watching me. They are angry about my anti-hacker articles in my blog or something.


Highly unprobable, this kind of methods make me think about a spyware kinda, telling your pc is infected, changing backgrounds, leading you to some fraud page, etc.. evil viruses do not directly annoy users, evil viruses are sneaky.

good luck lad, regards.
added on the 2008-10-05 19:02:42 by SilkCut SilkCut
@optimuz :
can you tell me if "Papakomopoulos" is a real Greek surname?
added on the 2008-10-05 21:30:55 by loaderror loaderror
Quote:
0) I have a theory. Someone is watching me. They are angry about my anti-hacker articles in my blog or something.


ookay... have you forgotten some medicine lately?
added on the 2008-10-05 21:45:32 by uncle-x uncle-x
you guys seen that movie "hackers"? z0mfg!
added on the 2008-10-05 22:17:20 by supah supah
Ok, first off, ill admit i didnt read all the responses, but a couple of hints:

-It can spread thru the network. Disconnect while installing.
-Download the redist-version of SP2/3 (whatever is your choice). Install it without connecting.
-Once thats done connect, and install any other windows patches (thats if you have a legal version)

And the most probable cause :

Windows respects autorun.inf on disk partitions. Any time you access those it runs whatever is in that file. Problem is the file and whatever else it needs is hidden (usually in Recycled).

So my advice? Get a Linux livecd, boot it, mount ALL of your partitions, then with the command line (because i have no clue what GUI youll have), do this magic command while on the drive - ls -la. This WILL show you all of the files. If you spot any Autorun.inf - dont delete it just yet! cat autorun.inf, understand what its doing - most probably running something from Recycled or System Volume Information. Find those, destroy them (with the almighty rm), the get rid of the autorun file. Also, do this for any USB drives, thumbrives or whatnot - they are most probably also a vector.

Then, install a free, maybe even opensource antivirii (ClamWin is one).

And FINALLY - STOP USING WINDOWS. If there is an app you MUST run, there's wine (or Crossover if you go the hackintosh route), or vmWare, also for Linux or MacOS.

Im not starting a flamewar, im just informing you - you DO NOT have to put up with this kind of shit.

Just my 0.02C
added on the 2008-10-05 22:45:22 by Movi Movi
If you don't want to switch to linux over crap like this, you'd probably be safe installing Vista (sp1) also. UAC will catch pretty much anything malicious running at start up, provided it's not specifically designed to bypass it. I'm not saying Vista is foolproof, I've had a very similar virus in Vista as well, but that's due to my bad habit of disabling my a/v for running intensive apps.

If you wanna know my personal experience, through a bunch of years experimenting I've found that the combination of Avast Antivirus and Comodo firewall pretty much turns your PC into a impenetrable fortress (Comodo will ask your permission for *everything*, not just net stuff, but accessing registry, service controllers, etc. It's actually really interesting seeing what some apps try to get away with).
But dont you feel irritated by those extra steps you have to take all the time to make everything work? I was.
added on the 2008-10-05 23:21:03 by Movi Movi
Papakomopoulos, even if a weird sounding name I have not heard before, sounds like a greek name to me.
added on the 2008-10-05 23:39:36 by Optimus Optimus
It doesn't seem to be autorun.inf
dir /ah would be enough to see the hidden files like this, wouldn't it? Nothing is there..

I am going to try the other tools now.
Though it seems I don't have any more attacks since I reboot again. But I don't know about tomorrow. It could return..
added on the 2008-10-05 23:41:24 by Optimus Optimus
In my 3 years of running Linux, I never got a virus.

JUST SO YOU KNOW
added on the 2008-10-06 04:58:04 by LiraNuna LiraNuna
another vote for avast, never had a virus with it.
added on the 2008-10-06 07:17:16 by Oswald Oswald
Somehow I can think of Optimus doing this
added on the 2008-10-06 07:48:15 by Jcl Jcl
In my 12 years of running windows (95 and up), i never got a virus.

JUST SO YOU KNOW.

Ok i did get one once, but that was on my work PC, so that doesn't count.
added on the 2008-10-06 09:36:12 by uncle-x uncle-x

login