Need help with a virus/worm.

[Jazoni89]

Even if your dead set against getting a program to stop viruses from infecting your computer at least download malwarebytes and combofix to remove the virus instead of trying to do it yourself.

Malwarebytes will find and remove most common viruses (for free) and if it cant remove them it will give you the name of them so you have a place to start googling from. Combofix will does much the same thing only its more intrusive so i would only use it if you know what your doing with a computer.

Finally I've also been running without virus protection for 3 years now and have only got 1 minor virus. Maybe you should be a bit safer about what your looking at on the web.

Edit: also have you checked your hosts file to see if the virus changed anything there?

I have Avira, but my computer isn't what you call secure, and I've only had a few very minor HTML, and Java based Viruses in the last couple of years, and I downloaded quite a bit, even on some very dodgy sites.

As long you go on google linked sites, keep your windows firewall on, and don't download Torrents or Porn, or go on any Pornographic website, you will be be fine for the most part, and you probably won't need any Anti Virus whatsoever.

I do think people blow Computer Viruses out of proportion sometimes, hell they even have Anti Virus for frikken Tablets now for fucks sake, and that just takes the biscuit.

99 per cent of all Viruses are made and designed for a Windows based OS, Making Tablet Antivirus absolutely worthless. Fear mongering at it's most finest, or worst as it seems.

 

[Viridian]

As long you go on google linked sites, keep your windows firewall on, and don't download Torrents or Porn, or go on any Pornographic website

don't download Torrents or Porn, or go on any Pornographic website

Pornographic website

Spoiler

OT: Yeah, just keep a free antivirus like Avast or use Linux, like many people have already said. And to be honest, keeping an antivirus isn't that much of a hassle.

 

[JesterRaiin]

These problems are often resolved by google-fu and sudo.
Virus/worms/troians/rootkits can f*ck up not only your files but hardware as well...

Your argument is invalid.

Having to use console commands to do simple tasks is a problem in my eyes. Maybe you're fine with that, but most people just don't want to deal with it.

Define simple tasks.
Give examples.

 

[Headdrivehardscrew]

I hate to say this, but your approach is really, really dangerous and anti-social. If you don't use any virus-protection or counter-measure by default, it's very hard to know where to start.

See, I give my folks/friends a hard time already when they come over with USB drives and sticks and they expect me to plug it into any computer beyond the 'dumb' smart TV. That's just not going to happen. I've seen my fair share of malware, and I can tell you that the current breed is just not something I want to grow grey hair over. As with making babies when not wanting to make babies - it's better to be safe than sorry. With so many useful free anti-malware software available, I'd really like to hear your reasoning behind "So I don't use any antivirus software"... you're not just putting your own data at risk, you're being a potential hazard to all your mail-acquaintances, mugbook friends, instant messaging buddies and whatnot. Even if you would not be wielding malware magnet number one (Windows), not using any antivirus/anti-malware solution is really evil.

Modern day malware is perfectly able to start out as a worm, then quickly evolve into a plenty more elaborate headache by downloading further (random) payloads. All your passwords can be collected and added to the black hat folks' rainbow table of silly passwords. Executables can be infected on the fly, detection routines can be bent and tricked, and your only viable option is within the bounds of Dr. Web, 'safe mode' and kissing all your data goodbye and starting from scratch - proper scratch, at the very most convenient worst.

 

[Bvenged]

May I ask why you don't use any virus protection programs at all?

Because I have not the money for a real program, and most of the "free" ones out there either just show me what problems I have and then offer to remove them only if I pay... or... they've got their own problems and gateways into my computer. Often both.

And seeing as how I've removed all but one of them myself, it's just felt invasive and unnecessary. That's why, all I need, is to find out exactly how to get at this annoying one and I'll be back on the gravy train.

Microsoft Security Essentials. It's Microsoft, free and good at its job. I use it on this piece of 8 year old crap and it doesn't hinder a thing. I've got a pentium 4, 2.6Gh, 2gb RAM computer and I used to have performance problems with McAffee all the time. With Security Essentials I've never had a virus with its firewall though... and I get mods all the time.

 

[Tharwen]

These problems are often resolved by google-fu and sudo.
Virus/worms/troians/rootkits can f*ck up not only your files but hardware as well...

Your argument is invalid.

Having to use console commands to do simple tasks is a problem in my eyes. Maybe you're fine with that, but most people just don't want to deal with it.

Define simple tasks.
Give examples.

Things like installing drivers, getting software from the online repository for your distro (assuming there is one), and installing Flash.

 

[spectrenihlus]

Gotta say I am really loving Microsoft security essentials.

 

[JesterRaiin]

Define simple tasks.
Give examples.

Things like installing drivers, getting software from the online repository for your distro (assuming there is one), and installing Flash.

C'mon, do better research - those tasks were already automated a few years ago. You don't need console for that.

 

[Pebkio]

Snip

Okay so, time for another story:

Once upon a time I decided to listen to people who had no idea how to actually do anything. Several of them gushed about this program... called Malwarebytes. So that's the program I got, installed and used. This program did indeed find a few registry entries and a file that was causing my settings to change back to a weak default, as well as ads to appear in paragraphs. Those are indeed gone (although I had to delete the file, MB wouldn't do it itself). But on this day, it was reinforced that none of you know much about the program you blindly follow. For now popups are severely frequent. After several hours, I found that MalwareBytes was constantly using my CPU to set up it's constant "protection", a good 75% of my CPU... constantly.

It then pretended to close when I told it to, and when I used task manager to end it's drain on my system, it proceeded to crash both task manager and explorer.exe, so I could no longer do anything. After a restart, I told Windows to no longer load it at startup and restarted a second time. Now here's where the twist is, kiddos, because it still has a script hiding in my registry to open anyway, and I still can't end it, because it'll just hose my system again.

Now, here we have everyone's favorite program... and it's WORSE THAN THE VIRUS I NEEDED TO GET RID OF! I'm going to have to hunt this thing like a virus, and it'll probably take safe mode to get it cleared off my system. See, now instead of my story from over five years ago, I now have this one as a good, very good, reason not to trust any programs you barf at me. Thanks. I wish I could've quoted every single one of you so you'd get this as a message. But I just had to choose the most insulting of you.

 

[JesterRaiin]

Snip

After several hours, I found that MalwareBytes was constantly using my CPU to set up it's constant "protection", a good 75% of my CPU... constantly.

Interesting.
Once, after some suspicious alerts and warning i replaced my AV software (it was Avira free) with something more powerful (either RegRun or Nod 32 - i don't remember) and it essentially broke my PC - new AV behaved like The Punisher teleported in the center of warzone. It detected viruses and suspicious behavior practically everywhere and tried to fight with everyone at once.

With not enough system resources, considerably weak processor the software that was supposed to guard my system made it unresponsive. Re-installation was the only solution at this point.

Point is : MalwareBytes shouldn't behave like that - it's quite amiable, solid app.
I suspect that either there's problem with your version of this app (you installed some cracked sh*t, or something that pretends to be MalwareBytes - the Internet is full of such "releases"), OR there's some heavy sh*t hiding in your OS.

I wouldn't blame that application.
Ockham's Razor suggests that it's better to consider your case "special one" than claim that all those happy Malwarebytes users are lying.

 

[Pebkio]

Ockham's Razor suggests that it's better to consider your case "special one" than claim that all those happy Malwarebytes users are lying.

I would agree with you, except it's not finding anything. Ever-so-often, maybe every ten minutes, it'll shove out a pop-up saying "blocked suspicious contact with " (I've recorded up to ten so far)... but it won't tell me from where, or even quarantine the offending file/script. I mentioned that I was keeping track... and that's because this best AV program evar doesn't even keep a record of activity it's prevented. How can that be helpful?

Incidentally, I did manage to stop the service and found that my settings were being reset again and adchoice ads were everywhere, so at least it's shown to me that whatever is happening, it's happening through streaming internet. But again, I have to point out that it hasn't found a single anything that even might be the cause of this. And why yes, the first thing I found to change was how it was ignoring peer to peer files. My trial leaves me with 12 more days of protection, which I'll just use to stop contact with these 11 (now) different IP addresses. In the meantime, it's set-up for a wiping.

Edit: No wait, I found the logs for the IPs it's been blocking... it was in the program event log with other as-important stuff such as "Program started successfully". So I guess I was wrong, it IS keeping track... kind-of...

PS. I can't hope for Malware Bytes to protect me from something it doesn't recognize, so it's out. My original question from the original post still stands. Does anyone know what file(s) might be causing this? I'm tired of wiping my machine whenever I run into this particular worm.

 

[JesterRaiin]

Ockham's Razor suggests that it's better to consider your case "special one" than claim that all those happy Malwarebytes users are lying.

I would agree with you, except it's not finding anything. Ever-so-often, maybe every ten minutes, it'll shove out a pop-up saying "blocked suspicious contact with " (I've recorded up to ten so far)... but it won't tell me from where, or even quarantine the offending file/script. I mentioned that I was keeping track... and that's because this best AV program evar doesn't even keep a record of activity it's prevented. How can that be helpful?

Easy.
You're expecting instant, wondrous solution for the problems created by none other than yourself.
Applications are TOOLS. They can help, but with the exception of very easy cases they won't make the job for you. Your input is still needed.

Let's see...
- Disconnect your machine physically from the Internet. Is there a difference ?
- Download and run <link=http://www.revouninstaller.com/download/revouninstaller.zip>Revo uninstaller and UNINSTALL MalwareBytes properly.
- Provide screenshots from msconfig ("services" and "startup" tabs with "hide all Microsoft services" checked). We shall see if something isn't overlooked.
- Later we'll try CFix and SDF - but first i'd like to see some screenshots.

My former suggestion stands still : consider using Linux in the future - there are numerous versions aka distributions and i'm sure you'll find some that suits your needs.

 

[Pebkio]

- Disconnect your machine physically from the Internet. Is there a difference ?

I do that every night, and yes, there is a quite a difference. I don't get popups, but then I also don't open up my browsers. I also don't get a message that MB had to stop malicious contant, because that contact can't actually happen.

- Download and run <link=http://www.revouninstaller.com/download/revouninstaller.zip>Revo uninstaller and UNINSTALL MalwareBytes properly.

As I said earlier, I'm using right now to block said malicious contact, but that's about it, I've stopped running scans as it keeps not finding anyting, I'll get rid of it when the problem is taken care of...

- Provide screenshots from msconfig ("services" and "startup" tabs with "hide all Microsoft services" checked). We shall see if something isn't overlooked.

I like you, and your attitude about this. So I will, to you message box... note, though, that I'm not entirely sure that it isn't a Microsoft service/program that's been altered.

My former suggestion stands still : consider using Linux in the future - there are numerous versions aka distributions and i'm sure you'll find some that suits your needs.

I totally would... except I don't know it... and this is my only computer. I would probably set up a simple, fairly-manual, version if I had a second rig to practice on. Also, if I wasn't leaching (with permission, mind you) and had a better connection to actually successfully download anything bigger than 10 megs. Basically, I like the suggestion, but several reasons make the suggestion unachievable right now.

 

[Pebkio]

If he was that good, he would simply re-image his machine from a recent back up and be done with it in half an hour or less.

Just noticed this...

Welp, he has me there, I probably should have done that... well, if I had the money to actually get enough external space to image the harddrive of which I'm already using over 75%. I thought I mentioned I was on a budget of $1.23... if I didn't:

Good point, I would've done that but I'm a budget of $0.24 (I got a soda, and it was tasty).

 

[JesterRaiin]

- Provide screenshots from msconfig ("services" and "startup" tabs with "hide all Microsoft services" checked). We shall see if something isn't overlooked.

I like you, and your attitude about this. So I will, to you message box... note, though, that I'm not entirely sure that it isn't a Microsoft service/program that's been altered.

Cleaning some things before going further will be a good start.

My former suggestion stands still : consider using Linux in the future - there are numerous versions aka distributions and i'm sure you'll find some that suits your needs.

I totally would... except I don't know it... and this is my only computer. I would probably set up a simple, fairly-manual, version if I had a second rig to practice on. Also, if I wasn't leaching (with permission, mind you) and had a better connection to actually successfully download anything bigger than 10 megs. Basically, I like the suggestion, but several reasons make the suggestion unachievable right now.

You don't have to install Linux to practice it. Most user-friendly distributions like JoliOS are able to run from DVD/CD (it's called Live CD Session). You can also install them to USB pendrive or even SD card.

Some people use dual-system solution. They (for example) surf the Internet on Linux and switch to Windows only to play games or use some applications.

 

[Pebkio]

You don't have to install Linux to practice it. Most user-friendly distributions like JoliOS are able to run from DVD/CD (it's called Live CD Session). You can also install them to USB pendrive or even SD card.

Some people use dual-system solution. They (for example) surf the Internet on Linux and switch to Windows only to play games or use some applications.

Oh, did not know that. Now if only I had a pendrive, writeable CD... or even an SD... wait. I do! Wow, 2 gb? Glad I checked, I'm sure a simple version would fit there. I'mma go look into this.

Edit: Oh wait, the download speeds of 10/kb a second... at best...

 

[MysticToast]

Ockham's Razor suggests that it's better to consider your case "special one" than claim that all those happy Malwarebytes users are lying.

I would agree with you, except it's not finding anything. Ever-so-often, maybe every ten minutes, it'll shove out a pop-up saying "blocked suspicious contact with " (I've recorded up to ten so far)... but it won't tell me from where, or even quarantine the offending file/script. I mentioned that I was keeping track... and that's because this best AV program evar doesn't even keep a record of activity it's prevented. How can that be helpful?

I hope someone will correct me if I'm wrong, but MMBAM doesn't offer real time protection without you paying for it. Sounds to me like you got an imitation rather than the real program

 

[Pebkio]

I hope someone will correct me if I'm wrong, but MMBAM doesn't offer real time protection without you paying for it. Sounds to me like you got an imitation rather than the real program

What, MB doesn't come with a two-week trial to get you used to the paying service and then yanks it from you? Y'know, like every free AV service does? Also, wow, I got an imitation... from the site malwarebytes.org. That's a pretty spiffy imitation. Is it really on a site with, for example, a lot of numbers in the name? Ironically?

 

[MysticToast]

I hope someone will correct me if I'm wrong, but MMBAM doesn't offer real time protection without you paying for it. Sounds to me like you got an imitation rather than the real program

What, MB doesn't come with a two-week trial to get you used to the paying service and then yanks it from you? Y'know, like every free AV service does? Also, wow, I got an imitation... from the site malwarebytes.org. That's a pretty spiffy imitation. Is it really on a site with, for example, a lot of numbers in the name? Ironically?

You know what, screw it. You don't want help or advice if it contradicts with anything you've said in the thread. I was making an observation based on what I know about malware scanning programs and what information you've given us. And no, MBAM doesn't do that, and I haven't seen any AV do that to me. Go be a douche to someone else

 

[JesterRaiin]

Some people use dual-system solution. They (for example) surf the Internet on Linux and switch to Windows only to play games or use some applications.

Oh, did not know that. Now if only I had a pendrive, writeable CD... or even an SD... wait. I do! Wow, 2 gb? Glad I checked, I'm sure a simple version would fit there. I'mma go look into this.

Edit: Oh wait, the download speeds of 10/kb a second... at best...

Different distributions, different sizes. <link=http://www.jolicloud.com/jolios/download>JoliOS weighs 700 Mb, <link=http://fedoraproject.org/en/get-fedora>Fedora around 600.

What, MB doesn't come with a two-week trial to get you used to the paying service and then yanks it from you? Y'know, like every free AV service does? Also, wow, I got an imitation... from the site malwarebytes.org. That's a pretty spiffy imitation. Is it really on a site with, for example, a lot of numbers in the name? Ironically?

Actually you could change that attitude a little. People are trying to help you here. It's not nice to treat them with Big Cake o' Irony just like that...