[tomdkat]

Ok, post your virus/malware infection horror or "war" stories here.

I was given a machine to work on and I was told it was "infected" with something and wasn't running right. It's running Windows XP Pro SP2.

What I wasn't told is the variety of things this machine was infected with:

• Virtumonde (and Virtumode.prx)
• MicroAntivirus
• MyWay.MyWebSearch
• MyWebSearch
• RapidAntivirus
• Smitfraud-C
• Zango
• ZangoShoppingReport

and that's just what Spybot S&D 1.6 found.
MalwareBytes found Vundo and traces of Virtumode and some other stuff.

I'm running an AntiVir virus scan now and it's finding other things with more cryptic names.

Spybot found quite an assortment of vermin, I think.

What "war stories" do you have?

Peace...

[hrlow2]

Not sure if this qualifies as a "war" story, but my next door neighbor purchased a used PC and right away he had popups from (----). He asked me to take a look.
SuperAntiSpyware found 973 tracking cookies and references to 175 different adware files.
MalwareBytes found another 79 items. Ran both 2 times until nothing was showing up. Avira AntiVir could detect nothing, so I defragged his drive for him and turned it back over to him.
2 weeks later, he calls me back over to take another look at it. Says I must not have got everything because it was running slow and the popups were back. Grabbing my USB stick with my programs, I went back over.
649 tracking cookies from the "DarkSide" of the web. Opened up History in IE and looked at sites visited.WOW isn't the word. When confronted about this and showing him the dates each was visited, he admitted to going there. He thought that I wouldn't clean his machine again if I thought he had brought it on himself.
I did straighten it out for him again and then tried to educate him on the hazards of going to those sites and I made some configuration changes in IE to block ALL cookies, tightened up on firewall security settings and installed SpywareGuard(minus the desktop icon so he doesn't know it's there) as a little extra protection.
Went back for a followup and checkup 10 days later. IE history showed he still visited those sites, but scans were coming up clean. I count that as a Victory of sorts.
Thanks for "listening"

[karbo]

Tracking cookies are rarely a big deal. Every time I scan my computer with SAS, I get a few, and so what. I delete them and the next day they're back again because I've revisited those websites. If you block cookies, a LOT of sites won't load or work properly. Websites have to be financed some way...

[hrlow2]

If they aren't a "big deal" , then why does my antispyware throw up a red flag whenever one wanted to be installed. Said HIGH security risk.

[karbo]

Some of them might pose a risk but most are quite harmless.

[atnskyline]

yes but if you delete them, then they will come back when you need them. i delete them. why take the risk.


M story. last year during finals i had just a nasty something-to this day no clue- all it did was slow my very fast pc down. i chanced some startup settings and it went to normal. the fan and cpu were running 100% at idle during it!

story 2
at 2 in the morning my borther wanted to go on facebook, his pc off so he used mine and clicked a link-to see himself- and it installed this virus that created a runtime error, 2 of them. nothing else was wrong. mcafee detected nothing. ahemmmmmmm piece of crap mcafee.......ahemmmm( sorry i had to clear my throught!) so i called geek squad and the hung up on me after they answered. so i brought it to firedog at cirucuit city. they said they cant do anything about it. i paid them 150$ and all they did was install avast home. they didnt even run it! so i brought it home and ran it. it picked up all sorts of crap. so to this day i trust only avast because that free little program gets rid of more than the " bi, rough, expensive pais bloatware.

[mrss]

I was up past midnight on a stormy night, watching youtube, when the audio was suddenly taken over by chinese pop music, the kind of stuff you might hear in a Hello Kitty cartoon, if such a thing exists. Sandwiched between the wacky music was a british sounding voice.. I closed the browser, but the music kept playing. Just before I powered down the equipment, I determined it was internet radio from Hong Kong.

Anyway, the next day, I reformatted the PC.

[hrlow2]

I've got my popcorn ready waiting to hear what karbo has to offer.

[Frank4d]

"Home Search Assistent"... very nasty stuff when it was new and there were few tools to remove it.

[karbo]

Quote:

Originally Posted by hrlow2

I've got my popcorn ready waiting to hear what karbo has to offer.

The worst infection I've ever had a couple of years ago while running McAfee (before I installed ESET Smart Security, the best! ) was a Trojan who had managed to take over a few important system files. Those files were always asking to access the Internet but they weren't normally supposed to. They were all in Windows system32: lsass, winlogon and spoolsv. They were all transformed by the virus. After a thorough antimalware cleanup (Combofix, SDFix, etc.), I had to replace the files manually by the right ones. What a nightmare! Unfortunately, my printer never wanted to work after that. I couldn't even uninstall and reinstall it or update the driver or anything. It was crazy!

So, I ended up reformating and reinstalling Windows XP Pro.

[hrlow2]

OK.Thank you.

[echicken]

It was late at night, and I was bored out of my mind. I had nothing to do, and Windows Update kept telling me to restart my computer. So, I did, and when it booted up again, a IE window came up telling me about the specs of the update. I didn't feel like opening my firefox, so I just used Internet Explorer to check the status on my mail package.
Bam.
A popup comes up, and my desktop background changed.
I was lucky that I acted fast and with a quick key combo, I killed the processes that the virus started and closed IE. (This is one of the reasons why I avoid IE as much as possible)

So, I start trying to clean the virus.
I remove all the added entries to the startup run key, and go to display properties to change my background back, when I notice that three of the tabs are gone. (Theme, Background, and Settings).
I look online and restore them with a registry fix, and I started looking for other things that the virus infected.

Eventually, I had to reinstall because the popups kept coming on, but my computer was back to the way it was thanks to my external hard drive.