[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4762: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4764: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4765: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4766: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
ClanKiller.com - View topic - Virus Hunt (Journal/help thread)
It is currently Thu Nov 21, 2024 7:18 am



Reply to topic  [ 5 posts ] 
Virus Hunt (Journal/help thread) 
Author Message
Minor Diety
User avatar

Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK
Reply with quote
Post Virus Hunt (Journal/help thread)
Oook. Just a journal really to help me hunt this punk down but long story short. I've got some kind of virus on my laptop.

Symptoms
Searching on google, click on required search link opens up some other webpage which is advert related.
"Windows Security Centre" service is switched off. Upon going in to services to reactive it, it will deactive after approximately 10 seconds.

Results so far
Googling for the second symptom turned up a few results on how to enable it again, but not much on any possible virii with the exclusion of one - which I performed said fix for to no result. I forget what it was but as I return here throughout my search I will update it again.

Tried so far
Trend Micro [Clean]
AdAware [Turned up a few low level things]
Malwarebyte [turned up a few results]
Avast [Couple of results]
Avast Boot Scan - Turns up results that can not be removed, I will scan again and write down the name of the file

Progression since
I have just finished running a custom scan in Avast which is a lot more thorough that the default scans. I have come accross the virus definition stated below, but I am getting the same error that I got in boot time scan (Which is that it can't be removed, repaired or moved to chest because "The operation is not supported for this type of archive. (42111)")
Win32:AgentTQQ [Trj]

Next step
Google virus name (obv) and I'm also going to run a virus scan in safemode, to see if that works. Will post back results.


You do not have the required permissions to view the files attached to this post.

_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts


Sun Jan 23, 2011 2:33 pm
Profile WWW
Felix Rex
User avatar

Joined: Fri Mar 28, 2003 6:01 pm
Posts: 16662
Location: On a slope
Reply with quote
Post Re: Virus Hunt (Journal/help thread)
if you can, get a bootable antivirus on a dvd or thumb drive or something. That way the virus isn't screwing with the antivirus since it won't be running.

If you have a virus name, you can try googling it to see if there's manual removal instructions.

Or.. you can say f*ckit, wipe the box completely clean and reinstall windows. Nuke it from orbit. It's the only way to be sure.

_________________
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.


Mon Jan 24, 2011 7:32 pm
Profile WWW
Minor Diety
User avatar

Joined: Mon Mar 31, 2003 7:23 am
Posts: 14892
Location: behind a good glass of Duvel
Reply with quote
Post Re: Virus Hunt (Journal/help thread)
- thread hijack

Just finished the most annoying BS ever having to do with a virus/trojan, but apparently seem to have saved everything thanks to Windows System Restore of all things. :roll:

So basically, a few days ago Firefox and/or windows security gets infected by some sort of BS malware thing. It was more annoying than dangerous, but still. Every time I would fire up Firefox or any program related to the Windows Security Center, it'd prompt a fake (it had spelling errors and all) version of the Security Center and start a 'scan' that would 'find' all sorts of viruses and invited you to visit other sites or buy shit. Clearly, this sucked ass. I could circumvent it easily by using another browser and killing the process manually the minute it did start, but that wasn't going to do.

So I resort to the usual routine...I try hijackthis first, which didn't do shit except for mess up my Steam install (but that was my fault for being a little too...crude in my efforts). Then I do the rounds of free virus scans, but almost all of them find absolutely nothing. Ugh. Finally, a sort of downloadable client virus scan by Kaspersky actually finds something and asks me to delete it. I agree. I reboot and...something's wrong.

The malware was gone, surely enough. But my Windows install was corrupted. EVERY shortcut to a program stopped working, as did any automatic program startup. Even going in explorer and manually clicking the .exe files wouldn't work. Everything gave me a 'not assigned to any function, choose program you want to open this with'. :/ The ONLY thing that worked was starting the .exes manually as administrator. And, bizarrely, only the internet explorer shortcut still worked but IE had reverted to a set (couldn't change in any way) super tiny font. The fuck?

At that point I was considering a brand new install or even a Windows 7 upgrade, but I decided to give it one more shot using the Vista install DVD. Windows Repair was useless - apparently the only fucking thing that 'repairs' is boot files. More out of desperation than any real hope, I used System Restore from about a week earlier. And lo and behold, it actually works and everything seems to be back to normal. Steam install was still fucked, but I just reinstalled. The biggest pain will now be downloading my games again, but eh, there are worse things.

Still, a bizarre episode. Kind of annoyed that something as silly as this problem would a) not be found at all by many virus scanners and b) removing it fucked up the install.

_________________
"I find a Burger Tank in this place? I'm-a be a one-man cheeseburger apocalypse."

- Coach


Sun May 01, 2011 2:08 am
Profile
Minor Diety
User avatar

Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK
Reply with quote
Post Re: Virus Hunt (Journal/help thread)
I had pretty much that same virus after click on an image found using google image search - Malwarebytes got ride of it for me.

On my laptop, windows sercurity center still won't enable - but I don't want to reinstall windows until I hijack my brothers keyboard from his laptop and put it in to this one. This one got a drink spilled in to it by a guest one day, and the laptop keyboard now likes to randomly activate the shift keys.

This doesn't happen all the time, but often enough that it pisses me off when I'm typing in a password!

_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts


Mon May 02, 2011 4:52 am
Profile WWW
Minor Diety
User avatar

Joined: Mon Mar 31, 2003 7:23 am
Posts: 14892
Location: behind a good glass of Duvel
Reply with quote
Post Re: Virus Hunt (Journal/help thread)
Thanks I'll think of using Malwarebytes if I ever see it returning. :) I don't care too much about the windows security center, but that annoying malware...ugh.

_________________
"I find a Burger Tank in this place? I'm-a be a one-man cheeseburger apocalypse."

- Coach


Mon May 02, 2011 5:20 am
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 5 posts ] 

Who is online

Users browsing this forum: No registered users and 12 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware.