Need help with a virus/worm.

[Pebkio]

Okay, so I don't use any virus protection program, so I have to deal with the occasional virus. I can handle them though, I'm actually pretty good with virus hunting. But, every-so-often I get this one I can't handle. It usually leads me to backing-up all of my installation files and wiping the machine. I don't want to do that again, so maybe one of you can give me some advice (perhaps even beyond *gasp* posting adverts to your favorite invasive program... seriously, don't do that).

What's happening is that now, all of my settings to block all script files except for stuff I approve is being ignored. Many sites that still use just html is being filled with "adscript" ads. They weren't there before, they aren't the ads you normally see, and they're even in places like the middle of paragraphs. When clicking on a link in google I'll sometimes get redirected to a bs "search site" which just posts links to other worm-wridden sites. Finally, I also get a tab-up advertisement from any site I go to (even the Escapist) for that fake news report about the mom that makes money from rehosting sites or whatever (spoiler: it's a lie and probably a pyramid scheme if it actually exists).

Anyway, this particular worm doesn't have it's own executable file, is not a startup script, and has no library file (dll). It doesn't even replace an existing library file because I would find that too. My only guess is that it slightly modifies a library file used by all of my browsers.

So, any ideas on how this worm is doing it's business?

 

[Antari]

There are too many options as to how it could be going about its business. Your better off using software to clean your system, unless you really like spending your entire life searching the registry for any and all new entries. For virii, just use Microsoft Security Essentials, its FREE and works. But it doesn't know how to deal with most Adware. Spybot Search & Destroy will take care of general ad's and malware, but can't deal with most virii. Using both should take care of your problem. If it doesn't, its either time for a reformat. Or Good luck finding it.

 

[JesterRaiin]

maybe one of you can give me some advice

No real time scanner ?
Dude...

Switch to Linux, problem solved.

 

[Scarim Coral]

May I ask why you don't use any virus protection programs at all?

 

[Fishyash]

I recommend that you use avast AVG Norton spybot avira malwarebytes?

...I don't know why you don't use an antivirus program at all. You are not perfect, and unless you browse extremely safely (as in, never download anything ever and don't go beyond google, facebook and youtube) it's not really worth the hassle IMO.

 

[Pebkio]

And dont forget; the best anti-virus is common sense. If you are downloading a different type of malware every few weeks, you might want to be a little more careful.

I don't, but the rare mod does come biggy-backed with some annoying worm.

May I ask why you don't use any virus protection programs at all?

Because I have not the money for a real program, and most of the "free" ones out there either just show me what problems I have and then offer to remove them only if I pay... or... they've got their own problems and gateways into my computer. Often both.

And seeing as how I've removed all but one of them myself, it's just felt invasive and unnecessary. That's why, all I need, is to find out exactly how to get at this annoying one and I'll be back on the gravy train.

 

[Pebkio]

Noscript, Avast! and Malwarebytes are all free, you know.

Those names mean nothing to me, but you mentioned them as free in the subtext of virus/worm protectors so I automatically think poorly of them. Now you've put me in the awkward position of asking you to become an advert for them when I kind-of asked that no one do that.

No, okay, go ahead: Tell me why Noscript, Avast!, and Matlwarebytes are that great.

 

[Esotera]

No, okay, go ahead: Tell me why Noscript, Avast!, and Matlwarebytes are that great.

Noscript is great for stopping browser exploits (mostly cross-tab XSS) and also malicious javascript and flash code. The others, I don't really know about because I run Linux, and am pretty careful about what and where I download from. You don't need virus protection as long as you're downloading from trusted sources.

 

[ms_sunlight]

You are a hazard to other PC users. Ever hear of herd immunity? As well as the viruses you spot, you probably have viruses you don't even know you have. Without antivirus protection, your computer could be part of a botnet sending spam and you wouldn't even know about it.

For goodness sakes, install an antivirus. You have no excuse, given that there are several excellent ones that are completely free, and that do everything that boxed retail antivirus software does.

This article compares several free antivirus packages [http://www.pcmag.com/article2/0,2817,2388652,00.asp] but pick any of the reputable packages like AVG or Avast! and you won't go wrong. Any protection is better than none.

 

[Pebkio]

Well, that confirms what I thought about Noscript, it already practices the settings I already had, and will thusly be redundant when I can get things back in order. Thanks for the info though.

Anyone else?

 

[Pebkio]

You are a hazard to other PC users. Ever hear of herd immunity? As well as the viruses you spot, you probably have viruses you don't even know you have. Without antivirus protection, your computer could be part of a botnet sending spam and you wouldn't even know about it.

Except that would already show up as an open connection whenever I ran a check. Yes I've heard of herd immunity; it's the reason why I spend a full night tearing though my system to find all of the more subtle worms after I find a brazen one.

 

[Hateren47]

Get malwarebytes Anti-malware seriously. No Windows computer should be without it. It's not an antivirus (the clue is in the name) and it doesn't run on start up like an antivirus would. Install it and then update and run once a month. I don't care how good you are with computers you're not faster and better at removing malware than Anti-Malware is. Link [http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html](hosted at techspot).
You should get an antivirus software as well and there are a few free ones that are very good. I use Microsofts Security Essentials because it's very basic, fast, free and very low on false positives. You could technically live without it and so could I but it's better to be safe than sorry IMO.

Anyway unless it is a virus, and they are rare these days, real viruses, I'm certain Anti-Malware can remove it. Try it. Run it once a month. It really is that good. If it won't run it's something a little sturdier than the most common infections and you need to run Rkill [http://www.bleepingcomputer.com/forums/topic308364.html] before running Anti-malware. I've only had to do that once with a fake antivirus someone had installed and ended up with a completely locked down computer so it's probably not necessary but now it's out there.

Protect your computer mate, you're doing everyone a favour like ms sunlight said.

 

[SpAc3man]

Run Rkill then a scan of Malwarebytes in safe mode. Install Avast or MS Security Essentials or check to see if a paid-for security suite license comes as a part of your ISP contract. I get 5 copies of McAfee with my internet connection.

Seriously though, not having AV on ANY operating system is just dumb. OSX has a higher rate of Java based malware infections than Windows these days because users foolishly thought they were immune. I don't give a shit if you are good at removing infections. You are causing unnecessary risk to other people who may not know what they are doing.

 

[Smooth Operator]

I understand if you don't like anti-viruses but in cases like this you do need to run a scan full system scan, some nifty viruses hide their tracks so it seems like none of the actions are connected to a specific file but it's always something there.

Just get one antivirus, run a scan and then disable it.

 

[brainslurper]

Stop using windows. Or give someone with an OS X or Linux computer your hard drive so they can virus scan it.

 

[Mr_Universal]

free version of COMODO is the best thing i can suggest, i have no real experience with hunting down those things myself.