Need help with a virus/worm.

[Trippy Turtle]

Oh shit, if your getting Google redirects then you might have a virus that is so annoying to get rid of its not funny.

Spoiler: If its the virus I had here's what I done.

I used MMBAM to get rid of it but it doesn't fully work. It quarantines it and I can delete it but it always manages to reinstall itself. Until I deleted most of the problem it set up its own proxy and told me everything I had on my computer was infected. Even my logoff script. All I have left of it is when I turn on my old laptop if I check my processes their is a process using up 99% of my cpu usage called DWM (Desktop windows manager) but instead of Microsoft is publisher it's "Home Computing". If I left the process going for too long my laptop would overheat.

On a side has anyone had the virus calling itself Antivirus-Action? That thing was horrible.

 

[Cpl.Flint]

Microsoft security essentials. It's actually pretty damned good. Its lightweight. It's non intrusive. It updates regularly and its free. I use it personally on all the computers in the house. It just works and idiot proof.

My other personal favourite is Comodo Internet Security. Anti virus, Firewall and a sandbox all in one. Heavy duty and will take time to convince the sandbox and firewall that not everythings evil. But I find its awesome if you can spare the resources it requires to run smoothly.

 

[McMullen]

And dont forget; the best anti-virus is common sense. If you are downloading a different type of malware every few weeks, you might want to be a little more careful.

I don't, but the rare mod does come biggy-backed with some annoying worm.

May I ask why you don't use any virus protection programs at all?

Because I have not the money for a real program, and most of the "free" ones out there either just show me what problems I have and then offer to remove them only if I pay... or... they've got their own problems and gateways into my computer. Often both.

And seeing as how I've removed all but one of them myself, it's just felt invasive and unnecessary. That's why, all I need, is to find out exactly how to get at this annoying one and I'll be back on the gravy train.

This is why sometimes I think people should get a license before being allowed to use computers.

First, if you don't know any free, good antimalware software, it's because you didn't look carefully enough. It shouldn't take you longer than 10 minutes of googling to learn about malwarebytes, spybot, mse, avast, or even free versions of commercial av products.

Second, if you're downloading mods, or any script or software made by random users, you need an antivirus program, plain and simple. Even some software by corporations contains malware, but if you download enough third-party files, you WILL get infected.

Third, the days when it was easy to tell if you've been infected are over. The most successful viruses are stealthy and do not hog resources, create popups, redirect you to attack sites, or do anything to indicate that they're on your machine. Some will even check for and remove other common viruses, just to reduce the risk that you'll find them in the process of getting rid of the others. This is because viruses are most profitable (and they are a for-profit "industry") when they can sit on your computer harvesting your information and using your machine as a platform to launch attacks on other machines for as long as possible.

Fourth, and this is why I think people shouldn't be allowed to use computers without licenses, is that when you allow yourself to get infected, you are a risk to anyone you communicate with online. People on your network will get attacked, people in your email contacts will get attacked, people you share CDs and removable media with will get attacked, and maybe even people on forums that you visit will get attacked. Viruses are contagious, and some are very good at spreading through all sorts of channels.

Please, please fix your lack of security. You don't need to get super paranoid, you just need to have basic protection in place and browse smartly. Viruses are profitable because of people like you. Please don't be one of those people.

 

[Owyn_Merrilin]

Run Rkill then a scan of Malwarebytes in safe mode. Install Avast or MS Security Essentials or check to see if a paid-for security suite license comes as a part of your ISP contract. I get 5 copies of McAfee with my internet connection.

Seriously though, not having AV on ANY operating system is just dumb. OSX has a higher rate of Java based malware infections than Windows these days because users foolishly thought they were immune. I don't give a shit if you are good at removing infections. You are causing unnecessary risk to other people who may not know what they are doing.

This poster wins for mentioning Rkill. The only other thing is to do some research and find out exactly what virus you have; when you have symptoms this specific, it's usually not that hard to look up. The reason I suggest looking it up is because, depending on the virus, malwarebtes and Rkill may not be enough on their own. Sometimes you need to alter some registry values and run a third program, such as this Rootkit removal tool Kaspersky gives away for free.

Also, seriously, it's 2012. Get some kind of basic antivirus program. Avast, Avira, AVG, something. Not doing it is like having sex with Ke$ha and skipping out on the condom.

Edit:

Because I have not the money for a real program, and most of the "free" ones out there either just show me what problems I have and then offer to remove them only if I pay... or... they've got their own problems and gateways into my computer. Often both.

Okay, I just noticed this. The OP /really/ needs to do some research on basic computer security. The "free antivirus" programs he's talking about are rogue anti-malware apps, like that Antivirus 2011 scam that's such a pain in the butt to remove. A reformat followed by an immediate download of some decent (and free; again, Avast, Avira, AVG, all good) antimalware software is starting to look like a better idea by the moment.

 

[Tharwen]

maybe one of you can give me some advice

No real time scanner ?
Dude...

Switch to Linux, problem solved.

And a hundred new problems created.

 

[sean360h]

Get no script for your browser

kaspersky and nod are the best antivruses out there get them

switch to linux

other than kaspersky has removal tools that can help

http://support.kaspersky.com/viruses/utility

Getting malwarebytes is a good idea or advira

 

[sean360h]

Damn you captcha for making me double post

 

[Pebkio]

Okay... so... enough with the adverts and scare-tactics, really. I get it, really, but if everyone was so reliant on programs to figure out how modern worms are working, than you wouldn't be able to be so reliant on programs to etc etc.

Listen, I'll make this simple, you can all keep posting about how your programs are infallible, and that by not believing in them, all of my things are infected because I don't really know anything at all.

And while you're all busy not knowing how worms work... maybe somebody who actually knows more modern tricks can message me. I'm trying really hard not to dislike you guys, but assuming that I don't know what my system has, is doing, or anything about computers is starting to get insulting.

Maybe I should tell you guys a little story:

Once upon a time, I also just relied on programs to keep me protected. But then, one day, after cleaning someone's computer using three different programs, I noticed that there was still a virus on the machine. This virus was called Radio and it had three separate programs that ran in tandem... and that reinserted one another in case something happened. And on that day, I learned that programs can be tricked and worked around. So I went and found a new program, named Spybot, and then I learned that programs can be worse than the actual virus. It was then that I remembered safe-mode, and I got rid of Radio myself. And all was good in the land of 2004. The end.

 

[Antari]

Okay... so... enough with the adverts and scare-tactics, really. I get it, really, but if everyone was so reliant on programs to figure out how modern worms are working, than you wouldn't be able to be so reliant on programs to etc etc.

Listen, I'll make this simple, you can all keep posting about how your programs are infallible, and that by not believing in them, all of my things are infected because I don't really know anything at all.

And while you're all busy not knowing how worms work... maybe somebody who actually knows more modern tricks can message me. I'm trying really hard not to dislike you guys, but assuming that I don't know what my system has, is doing, or anything about computers is starting to get insulting.

Maybe I should tell you guys a little story:

Once upon a time, I also just relied on programs to keep me protected. But then, one day, after cleaning someone's computer using three different programs, I noticed that there was still a virus on the machine. This virus was called Radio and it had three separate programs that ran in tandem... and that reinserted one another in case something happened. And on that day, I learned that programs can be tricked and worked around. So I went and found a new program, named Spybot, and then I learned that programs can be worse than the actual virus. It was then that I remembered safe-mode, and I got rid of Radio myself. And all was good in the land of 2004. The end.

I've been using computers for over 20 years. Its OK to let a program do it for you, as long as you've researched the program is capable of doing it for you. Instead of living in a paranoid time wasting your existence, let a few of the programmers out there who cared about their jobs to help you. I gave you two examples that will work for nearly every solution that isn't a week old. Trust them or not, its up to you. But it works for atleast 80% of the planet, so I wouldn't dismiss it quite so readily.

 

[Rippzen]

Even if your dead set against getting a program to stop viruses from infecting your computer at least download malwarebytes and combofix to remove the virus instead of trying to do it yourself.

Malwarebytes will find and remove most common viruses (for free) and if it cant remove them it will give you the name of them so you have a place to start googling from. Combofix will does much the same thing only its more intrusive so i would only use it if you know what your doing with a computer.

Finally I've also been running without virus protection for 3 years now and have only got 1 minor virus. Maybe you should be a bit safer about what your looking at on the web.

Edit: also have you checked your hosts file to see if the virus changed anything there?

 

[The Heik]

Okay, so I don't use any virus protection program, so I have to deal with the occasional virus. I can handle them though, I'm actually pretty good with virus hunting. But, every-so-often I get this one I can't handle. It usually leads me to backing-up all of my installation files and wiping the machine. I don't want to do that again, so maybe one of you can give me some advice (perhaps even beyond *gasp* posting adverts to your favorite invasive program... seriously, don't do that).

What's happening is that now, all of my settings to block all script files except for stuff I approve is being ignored. Many sites that still use just html is being filled with "adscript" ads. They weren't there before, they aren't the ads you normally see, and they're even in places like the middle of paragraphs. When clicking on a link in google I'll sometimes get redirected to a bs "search site" which just posts links to other worm-wridden sites. Finally, I also get a tab-up advertisement from any site I go to (even the Escapist) for that fake news report about the mom that makes money from rehosting sites or whatever (spoiler: it's a lie and probably a pyramid scheme if it actually exists).

Anyway, this particular worm doesn't have it's own executable file, is not a startup script, and has no library file (dll). It doesn't even replace an existing library file because I would find that too. My only guess is that it slightly modifies a library file used by all of my browsers.

So, any ideas on how this worm is doing it's business?

Yeah, it's because you DON'T HAVE A VIRUS PROTECTION PROGRAM!!!!!!!

Seriously man, there are quite literally hundreds of absolutely free VPP's that you could download in a few minutes, many of which can protect you against most anything shy of a dedicated hacking attempt. Not having some sort of defence is just asking for your computer to get bugged up the ass.

OP: the bug is most likely coming from your browser, rather than on your computer itself. try debugging (or if that doesn't work, reinstalling) your browser and install a VPP add-on for it (I recommend NoScript and AdBlocker). It should solve your problem.

 

[Elvis Starburst]

Okay... so... enough with the adverts and scare-tactics, really. I get it, really, but if everyone was so reliant on programs to figure out how modern worms are working, than you wouldn't be able to be so reliant on programs to etc etc.

Listen, I'll make this simple, you can all keep posting about how your programs are infallible, and that by not believing in them, all of my things are infected because I don't really know anything at all.

And while you're all busy not knowing how worms work... maybe somebody who actually knows more modern tricks can message me. I'm trying really hard not to dislike you guys, but assuming that I don't know what my system has, is doing, or anything about computers is starting to get insulting.

Maybe I should tell you guys a little story:

Once upon a time, I also just relied on programs to keep me protected. But then, one day, after cleaning someone's computer using three different programs, I noticed that there was still a virus on the machine. This virus was called Radio and it had three separate programs that ran in tandem... and that reinserted one another in case something happened. And on that day, I learned that programs can be tricked and worked around. So I went and found a new program, named Spybot, and then I learned that programs can be worse than the actual virus. It was then that I remembered safe-mode, and I got rid of Radio myself. And all was good in the land of 2004. The end.

Paranoid much? Just do some research into some other programs, make sure they're reliable for the easier stuff, and if you must handle the large scale things, or any virus/infection the program might not reach, then use your almighty skills to deal with it yourself. It's not hard. I use AVG and it's stopped a Trojan from spreading, so I think that's good enough for me. Don't trust the program? Don't get it. But do some research on them before readily dismissing every single program we suggest to you. You asked for some help, we're giving it to yo, even if it's not exactly what you were expecting. Ok?

 

[MRMIdAS2k]

Look, if you're so goddamn smart, remove it yourself.

oh wait you can't.

so get a fucking program to fix it, get a goddamn anti-virus, get malwarebytes, and shut the fuck up complaining about ONE program that missed a virus 5 FUCKING YEARS AGO.

'kay?

 

[Stingy Fellow]

I usually don't pop in on things like this, because quite frankly if you think you are such a l33t techno master then I think you should deal with your own fucking problems and stop asking for and then dismissing the advice of several strangers wasting minutes of their life trying to help you; but this kind of interested me so I'll offer my limited knowledge on the subject for you to regally dismiss.

Viruses these days are very smart, the nastier ones are occasionally made by the dark side of the anon demographic, and unless you work for the government in the anti-cyber terror section, I doubt you're as knowledgeable as some of these malicious knobs, but that's irrelevant here.

I recently had to reformat my laptop do to a very very nasty virus that I got because /I/ thought I was too intelligent to get, one that subtly took over more and more of my computer every time I went into safe mode to try and root it out, and after a while I couldn't even get onto Google because it had gotten to my browser, and I rebooted, looked up avast, installed it, ran it, immediately got 10 critical message about this virus, deleted it, and I haven't so much as gotten a wimpy Trojan since then.

You probably don't even care for my input because you're the t3<hn0 w1z4rd, but why even ask for help from the lowly masses if you aren't even going to fucking listen to us?

 

[JesterRaiin]

maybe one of you can give me some advice

No real time scanner ?
Dude...

Switch to Linux, problem solved.

And a hundred new problems created.

These problems are often resolved by google-fu and sudo.
Virus/worms/troians/rootkits can f*ck up not only your files but hardware as well...

Your argument is invalid.

 

[xDarc]

If he was that good, he would simply re-image his machine from a recent back up and be done with it in half an hour or less.

 

[Tharwen]

maybe one of you can give me some advice

No real time scanner ?
Dude...

Switch to Linux, problem solved.

And a hundred new problems created.

These problems are often resolved by google-fu and sudo.
Virus/worms/troians/rootkits can f*ck up not only your files but hardware as well...

Your argument is invalid.

Having to use console commands to do simple tasks is a problem in my eyes. Maybe you're fine with that, but most people just don't want to deal with it.

 

[Laughing Man]

Listen, I'll make this simple, you can all keep posting about how your programs are infallible, and that by not believing in them, all of my things are infected because I don't really know anything at all.

NO, I'll make this simple, their are a number of folk here that have given good advice, they have given you info about a number of programs, some good some not as good and their are some who have recounted their tales of similar situations and what they have taken away from it.

The consensus is that some sort of AV is a sensible precaution, I would agree I have had several computers over the last 15 years and they have all had some form of Firewall and AV installed and as a result I have never had to deal with a virus on my own computer. Chance s are that their will be a number of other posters here that will share a similar experience and they have expressed the same thought, use an AV of some sort.

The biggest thing that we can take away from this though is that YOU are the one asking US for help, we have given you help and YOU have decided that you know better.

What I would suggest is that you

a). Go download a program called Hijack This (Not AV, not Adware fixer)
b). Save the log that the program creates and then post with details about the issues you are having on the Bleeping Computer forums.
c). Wait till one of the guys there helps you and follow what they say
d). See how far you get when people who know what they are talking about get told that you do not want to install software they are asking you to use to help fix a problem that YOU caused.