Can someone please help me out

Closed
dan_the_tax_man - Feb 8, 2009 at 01:01 PM
Keifermail Posts 28 Registration date Saturday February 7, 2009 Status Member Last seen February 15, 2009 - Feb 15, 2009 at 01:40 AM
Hello,
i have a virus on my pc that prevents me from going to certain sites and i cant restore, i cant download antivirus software. i get the active x warnings. i cant change my security settings in internet explorer because they keep changing back. sometimes in internet explorer it will jump me to a different place. when i ran avg the first time i thought it eliminated everything but i cvouldnt tell it did captrure 22 things. windows xp internet explorer 7.0

3 responses

crateamp Posts 7 Registration date Saturday February 7, 2009 Status Member Last seen February 10, 2009
Feb 8, 2009 at 01:51 PM
Hey Dan...You may not like what im about to tell you but.....this will be a tedious process....so...sit back..and be prepared....(not really that bad but it will be time consuming)
1.st..download the following programs.....in order an use them in order as i tell you....

ComboFix..... https://combofix.org/

VUNDOFIX... http://vundofix.atribune.org/

HijackThis.... https://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

SpyBot S&D.... https://www.safer-networking.org/download/

TrojanRemover... https://www.simplysup.com/

SuperAntiSpyWare....https://www.superantispyware.com/download.html

You must be logged in as administrator.

First thing you want to do is log off an log on as Administrator....Start COMBOFIX......follow instructions....after ComboFix has run...Start VUNDOFIX...follow directions....after Vundo...startTrojanRemover...follw directions...after TrojanRemover.... startStart Super antispyware...(this will take some time because it is very indepth..and is very very good)......Next..Run SPYBOT..and iniate"" TEA TIMER""( great idea to prevent unwanteds from doin things without you permission)...than last but not least run HIJACKTHIS....(tho i dont recomend using this if you are not aware of the problems that may incur..novice/professionals only...)

After Combo..and Vundo have cleaned what they find...TrojanRemover will definately find all the unwanted Trojans and worms...including backdoors and Active X .
There you go.....all are FREE Except TrojanRemover.(free for 30 days).but its worh the money to buy.

I run this setup on every computer in my shop....nothing leaves my shop until its cleaned by these programs....worth every bit of time it takes to get the job done.
I put all these onto a usb drive and is always in my bag of goodies...no techie should be without em...
good luck and have fun
0
Keifermail Posts 28 Registration date Saturday February 7, 2009 Status Member Last seen February 15, 2009 5
Feb 8, 2009 at 06:24 PM
I am writing to express gratitude for Morphine on this forum for solving my problem. This invasive "virus/malware/painintheass" seems to be diffrent on every machine and it may take several tries to find the solution as I discovered. I also would like to try and figure out where the "bug" came from. I have related below two possible causes. Please others post their stories and let's see if we can come up with the vector.

I acquired this "virus/malware/headache" on 1/27/2009. My last download from Microsoft was a routine updating of Office 2007. I know this because when I tried to use system restore my last save point was the day before I updated Office. I do not believe that Office is the culprit but I would like to know what the last thing others downloaded before they acguired "the bug." A more likely cause would be my habit of occassionally watching videos on Pornhub. This may be TMI, but hey, if we are to figure out where this thing came from I will be the first to admit to frequenting Pornhub as a possibility. If others suspect the same please post your thoughts.

Now about this bug....

This thing is incredible!

It hijacks every browser on your computer- Explorer, Firefox, Chrome and Safari. When you attempt to Update Windows it sends you to a very good "fake Google page." Every click or search in the fake google page seems to add more malware and directs one to porn sites. i.e. Gay Porn (not that there is anything wrong with that) Just happens that I am straight. I also believe that this is the reason it is worse on some machines than others. I recognized the Google page as fake because I use iGoogle as my home page and there was no button for iGoogle. When I attempted to search is when it became very apparent. It sent you straight to the page it wanted to. It seems that the more you use this fake page the worst the infection becomes.

It doesn't stop at hijacking the browser, it also prevents your Antivirus from updating. I had Trend Micro orginally and went out and bought Kaspersky after being told that it was the best by the IT guys at work This thing shut down Kaspersky's like it owned it. (I had a Disk version of Kaspersky manufactured in Oct 2008. I do believe that had I had Kaspersky before and it was updated, instead of Trend Micro, I would have never caught the bug.) I found this forum yesterday morning Googling "virus hijacks browser and disables updates."

As Morphine sugested: I downloaded the free Trojan Remover 6.7.5. (It is free for 1st 30 days) Find it here:

https://www.simplysup.com/tremover/download.html

Then I ran it. It found the offending file and it stated that it needed to be deleted- which I did by clickin OK or something. I thought I had solved the problem and did nothing else other than attempt to update Kaspersky and Windows. Both failed before completing.

Whoever wrote this "bug" is a genuis, and a sadistic bastard! It is like the last boss fight in good Videogame, you can't kill it with just one weapon. It apprently hides in your RAM and attaches itself back into the registry. That is why you have to have SmitFraudFixTool. Find it here:

http://smitfraudfixtool.com/

This program will cost you unfortnately. I already had RegCure but it did not work- its not made to chase bugs. I paid $39.00 for it and can run it on three computers. Anyway, after running the Trojan Remover again and immediately afterwards running SmitFraudFixTool and cleaning out 3156 so called "bad files." I then updated Kaspersky and ran a system scan which finally put the noose on the damn thing for good. This forum was a godsend!

My computer is now running like a dream! Thank you Morphine for the solution. Please others post their battles with this Monster.
0
Keifermail Posts 28 Registration date Saturday February 7, 2009 Status Member Last seen February 15, 2009 5
Feb 15, 2009 at 01:40 AM
This thing is called the "Kido Worm" , "Downadup" and "Conficker." It began in Oct. 2008 but in December it evolved into a Superworm. Its ability to thwart any attempt to delete it and to spread via USB devices is confounding.

There is a lot of info out there if you Google these names. It is an interesting Worm as it seems to disable every defense before the victim can even launch a counter attack. It disables system restore, shuts off Microsoft updates, blocks Antivirus updates, hijacks the browser (Safari, Explorer, Chrome and Firefox) and finally it downloads more malicious software as it goes. It is impossible to give one set of instructions to remove the Virus as it is different on every machine.

The latest variant of the worm now lets it spread via thumb drives. It operates by copying itself in a random folder created inside the Recycler directory, which is used by the Recycle Bin to store deleted files, and creating an autorun.inf file in the root folder. The worm executes automatically if the Autorun feature is enabled.

Certain TCP functions are also patched to block access to security-related Web sites by filtering every address that contains certain strings. This makes it harder to remove because information about it is difficult to gather from an infected computer. Additionally, the sneaky little worm removes all access rights of the user, except execute and directory usage, to protect its file. Microsoft has created a removal tool for this worm, but if you are infected you must find an uninfected computer to download Microsoft's Malicious Software Removal Tool.

See the following link: http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

If you have the Kido/Conficker worm you will no be able to link to the above link.

Microsoft states,
"If your computer is infected with the Conficker worm, you might be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or to access certain Web sites, such as Microsoft Update. If you can't access those tools, try using the Windows Live OneCare Safety Scanner. If that doesn't work, read the following Microsoft Help and Support articles on an uninfected computer. "

My advise is to get the removal tool on a brand new/clean USB device from another computer and then load it onto your computer. The surprising thing is that this thing started in Oct. and already has infected 12.9 million computers. Microsoft has offered a 250K reward to help catch the culprits that created this worm.

Hope this helps,

Keifer
0