The No.1 Website for Pro Audio
 All  This Thread  Reviews  Gear Database  Gear for sale     Latest  Trending
The Virus Is Winning
Old 27th June 2009
  #1
Lives for gear
 
Higgs's Avatar
 

The Virus Is Winning

This isn't really music related, so if this is inappropriate for the forum just me know and I will delete it. FWIW this is the same system I use as my DAW.

I'm running updated versions of AVG, Avast, and Avira, but they are not finding the virus that is redirecting my browsers (explorer and firefox both) when I click links in search engines. I click on the links, and I end up somewhere totally different. ANY suggestions?

P.S. The computer is never at questionable sites, so I don't even know where this thing could have came from.

Anyway, thanks in advance.
Old 28th June 2009
  #2
Deleted User
Guest
There is/was some malware going around that reprograms your router if you didn't set up security (no password for the router configuration, etc). It could be that. Any computer that connects to that router may have caused the problem, so that is why it may not be picked up on your virus protection. You can reset and then reprogram the router to get rid of the problem.
Old 28th June 2009
  #3
Lives for gear
 
Higgs's Avatar
 

Thanks chucks for the suggestion!

I should have mentioned, I'm stuck with dialup here.
Old 28th June 2009
  #4
Sounds very much like you have a trojan which has tinkered your DNS settings to redirect you away from internet security sites where you might get help.

If you can get to this page, check it out: Browser shuts, redirects Trojan.CWS or Worm.IM.Sohanad - MajorGeeks Support Forums
Old 28th June 2009
  #5
Gear Head
 

My sister's computer had a similar worm called Vundo (i.e. whenever she clicked a link from google it redirected to some adware/ fake antivirus page), I also couldn't connect to the windows update server or the windows defender update website from her computer becuase the worm had somehow disabled it in the registry.

Ultimately vundo was too entrenched (i.e. it was almost impossible to run antivirus without deleting system files) and the computer so slow (and i kept getting popups spamming the desktop) I just had my sister back up her personal files and reformatted it for her.

Reformatting is not the best solution, though, especially if you have a lot of personal files or authenticated software, so you might try this site:

(assuming Vundo is the problem and not some other worm) Trojan TR/Vundo.Gen ssttt.dll virus

or seek advice on a more specific forum UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions - TechSpot OpenBoards

(also i've read in the past that it's not really a good idea to have more than one antivirus program installed at once)
Old 28th June 2009
  #6
As a favor, I deloused an thoroughly infected machine --it had 92 instances of the most pernicious of its several viruses and about 17 of the second most pernicious... and a bunch of miscellaneous lesser malware/spyware/adware. I'd cleaned up one of their machines before with a much more straightforward infection.

In addition to blocking access to all the major security sites, the worst of the malwares also managed to co-opt Norton Anti-Virus and used that questionable piece of software to protect itself. So I had to uninstall Norton on top of it; fortunately Norton bowed to user pressure and created the Norton Removal Tool. In the old days Removing Norton or MacAffee was almost as hard as removing some trojans and viruses.

Another thing that complicates things is that the folks who seem to get their computers infected (present company not necessarily included mind you) is that they often have two or three (or more) different and ineffective 'security' softwares installed. Not uncommonly, along with the nightmare-ware, they've also managed to download and install bogus anti-virus or other 'security' software, often with vaguely familiar but generic trade names like SuperDuperAnti-Spy. And then there are the multi-level marketing scumware 'security' packages.

And these folks had that big time. They kept DLing and installing stuff.

It got infected the first time cruising porn and sites or through peer 2 peer crackware sharing. It was never determined which of those activities was the culprit. The next time it got infected because someone opened malware attachment on an email. (She said she knew better but she did it, anyway. But she'll never do it again. ??? It cost them a couple hundred bucks -- and at that I was cutting them a 50% discount off my book rate, it was not pretty. But I spent a lot of time waiting, so at least I got some guitar playing in.)


If you're sufficiently motivated you can disinfect some ridiculously infected machines. But at a certain point, you have to decide how much effort it's worth. I don't take that work myself, anymore, because to really do it, sometimes you have to spend hour after hour tracking stuff down and killing one infection after another. There are times when it may be worth it to someone to spend hundreds of bucks disinfecting a machine... but it's often hard to predict how long it's going to take.


On my own machines, I seem to get by on common sense, moderate caution, and the occasional online scan at Trend Micro -- and the NoScript plug-in in Firefox.

Stuff happens, of course. One wrong click on an email attachment, say, and you could be on the teflon chute to hell. And people really have been infected by so-called drive-by attacks, lured to a malevolent website (often by the promise of porn or crackware but it could just as easily be cute bunny pictures -- or 'free' song lyrics -- I had NoScript light up one time on a lyrics site, it thwarted some kind of suspicious cross site script well outside the norm of XSS advertising, etc).


Any discussion of malware or hardware failure always should remind us of the principle rule of smart computing: Back up frequently in an organized, disciplined manner. (And do as I say, not as I do. heh )

Even if your machine has no exposure to possible infection vectors like the internet or USB drives and thumbdrives, it's still quite possible it may suffer some form of hardware failure. [re USB thumbdrives: Our friends in China Inc have managed to ship out boxed drives with various forms of trojans already on the drive and ready to roll at the drop of a hat. USB thumb drives are especially dangerous because the drives can be set to autoplay whatever software the OS finds on the thumb drive. At one point, something like 40% of the US military's computers in Afghanistan had real spyware on it because the Afghan flea markets were flooded with infected USB thumb drives that soldiers snapped up. Obviously, cameras could be another infection vector, though I haven't heard of that yet, myself.]

More fun in the modern world and, sadly, it's even spreading to the Mac world, with socially engineered malware and spyware even targeting the Mac. (Because you have to log in as an admin on the Mac to install software, it provides an extra layer of protection. MS, driven by the neurotic desire to seem "user friendly" (I could have told them what they really needed to change), was all about auto-play this and that and only backed off with Vista, putting more barriers between the user and software installations, wanted or otherwise. What's really funny (in a hollow kind of way) is that that added security was one of the things that Windows users really didn't like about Vista. So MS was reported to have removed some of the new security restrictions that made Vistas generally quite secure. (It's done much better than OS X in the PWN2OWN annual hacking contests.)
Old 28th June 2009
  #7
Lives for gear
 

Arrow

anti-malware
Old 28th June 2009
  #8
Lives for gear
 
Kamurah's Avatar
 

Malwarebytes.org



This one seems to get updated regularly and has also often detected numerous offenders that Mr. Norton gleefully ignored.

Highly recommended.....and free.
Old 28th June 2009
  #9
Lives for gear
 
Kamurah's Avatar
 

as an anecdotal / ancillary post...

Two days ago I scanned (with the above mentioned software) a computer (laptop) we had given to my wife's sister (as a gift).

We gave the comp to her approximately three weeks ago.


When scanned...the comp had 174 instances of malicious code. (whoa - insert best Neo impersonation here).

Norton was running realtime 24/7 prior to the scan and detected NONE of the code.


I only ran the scan because they came to visit and were complaining that the computer had become "extremely slow". OMFG.


Now it is snappy and happy again....(at least for another two weeks )

BTW the comp is not used in a porn or torrent environment (to my knowledge).
Old 28th June 2009
  #10
It's the cute bunny picture infection vector, no doubt! heh


With re Norton (& McAffee, et al):
a study a while back indicated that the then-most-recent patches/patterns of major anti-virus software (including that of Trend Micro, I have to add) missed 80% of the most recent threats -- which is often what you have to worry about most on the net.

And always-loaded background scanning AV software is vampiric in its effect on the OS, for the most part. Some of it can be turned off, but even then parts of it may still remain running and taking CPU or making intermittent system checks.


One piece of software that is important is a proper firewall. The firewall built into Windows, when properly configured, is fine. If you're worried about outgoing traffic, OTOH, you may want to check into more advanced firewalls. That said, two way firewalls can be a pain if you have a lot of software that wants to access the internet (as so much does nowadays).


BTW, I wasn't familiar with MalwareBytes -- but I see it gets a pretty good write up on CNET's Download.com: Malwarebytes Anti-Malware - Free software downloads and reviews - CNET Download.com -- looks like there's a free version that you use as needed and a $25 version that will run in background to ostensibly protect you in realtime.
Old 28th June 2009
  #11
Gear Addict
 

Wipe hard drive. Reinstall Windows and the programs you want. Tweak your system the way you want. Then ghost it. When trouble arises recover your machine from the ghost image.
Old 28th June 2009
  #12
I've found and removed some pretty nasty virus' and trojan's with "Super Anti-spyware" free edition. Give it a shot. "Filemon" and "HiJack This" are also useful for monitoring file and program activity, which can lead you back to the malicious programs.
Old 28th June 2009
  #13
Lives for gear
 
bitman's Avatar
This will fix it in 10 minutes or so.
Combofix.

A guide and tutorial on using ComboFix

I use it 5 or 6 times a week professionally at Up and Running Computer Services day by day.

The author is a saint.

:Ron
Old 28th June 2009
  #14
Gear Head
 

Quote:
On my own machines, I seem to get by on common sense, moderate caution, and the occasional online scan at Trend Micro -- and the NoScript plug-in in Firefox.
Yeah I've managed to keep this machine clean for a couple years now, currently with Trend Micro in the background, Windows Defender, and relatively tight settings on firefox (i.e. to prompt whenever a website attempts to upload a file or launch an application using the about:config page and network.protocol-handler.warn-external.itms). I scan every file I download before opening and disable scripts and images etc in email. The biggest loopholes are websites, because even apparently reliable ones sometimes use dodgy advertising services.

I havn't heard o that NoScript plugin, will have to give it a look... Good luck @ Higgs

oh, also relevant to the conversation: Microsoft announces free antivirus, limited public beta - Ars Technica ... the beta is ccurrently full but if it's anything like Windows Defender this service should be pretty decent & reliable (although because it's microsoft it's also a pretty large target... gotta envy Apple and their small user base sometimes).

Last edited by Raketen; 28th June 2009 at 06:37 AM.. Reason: additions
Old 28th June 2009
  #15
Lives for gear
 
Jovas's Avatar
Quote:
Originally Posted by Higgs View Post
This isn't really music related, so if this is inappropriate for the forum just me know and I will delete it. FWIW this is the same system I use as my DAW.

I'm running updated versions of AVG, Avast, and Avira, but they are not finding the virus that is redirecting my browsers (explorer and firefox both) when I click links in search engines. I click on the links, and I end up somewhere totally different. ANY suggestions?

P.S. The computer is never at questionable sites, so I don't even know where this thing could have came from.

Anyway, thanks in advance.
Get a trial version of Kaspersky, AdWare, remove the old virus and malware software, and it should kill it all. Also make sure AdWare(Lavasoft) is performing a FULL system scan, it wil also wipe register files clean.
Old 28th June 2009
  #16
Lives for gear
 
Higgs's Avatar
 

Wow, thanks so much everyone! I'm guessing that at least one of those suggestions will take care of it. Time to find out!
Old 28th June 2009
  #17
Lives for gear
 
Teddy Ray's Avatar
 

those redirect bugs are nasty. do you have any "free" software on a thumb drive or external media? Do you use any cracked software? Do you use bit-torrent? the DAW PC should not be connected to the internet.

first try the malwarebytes(as close to a standard as ive seen in the av community)

if that doesnt work, do NOT try to do this yourself.

go to BleepingComputer.com -> HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

and follow the instructions. those guys are top notch.
Old 28th June 2009
  #18
The bleepingcomputer.com forum looks pretty good. In fact, it may have been one of the places I went when delousing that friend's nightmare machine I mentioned in an earlier post.

I, myself, DL'd Malwarebytes because of the glowing recommendations here and on CNET's Download.com and ran it (suprise, clean! heh As expected. But, you know, when you run a scan, it's always in the back of your head.)


With regard to keeping one's DAW machine off the net -- always the safest course, naturally. And if one has money riding on his DAW, probably a very sensible course of action. But if one is careful, one can usually get by.

(As noted there were some mainstream sites that got tricked into serving up malware from their own adservers a year or two ago -- and I got an intrusion from malware on AllMusic Guide, which I backed out of --never ever click on a malware or suspicious adware dialog box -- use Alt-F4 to close the window and if that doesn't work -- as it didn't in this case -- use the three fingered salute [ctrl-alt-delete] to bring up Win Task Manager and then manually end the browser instances that are hosting the potential intrusion. I went on to run a Trend Micro on-demand online scan which found a malware payload had been downloaded to my machine but not run/installed since I'd caught it in time.)


PS... The NoScript FireFox add-in might prove to be a life-saver. You can tinker its settings from very tight (no javascript at all) to moderately so (only javascript from the site's own server, no cross-site scripting [XSS]) to pretty loose. You can find it on the FireFox Add-Ins page.
Old 28th June 2009
  #19
try Opera.

as for the malware stuff:
try an onlinescanner (McAfee or similar),
scan your pc with this scanner
download the stuff you need to clean this virus/trojan (mcafee stinger, avast 1.5.. one of those small programs that are free and easy to use)
start the PC with F8 (no network and stuff)
scan your pc
clean your pc
boot again.
scan the pc again with your installed avast scanner (one of the best scanners out there)

don't forget to use a good firewall. the most out there suck.
Old 28th June 2009
  #20
Lives for gear
 

from my long PC only days:

download trojan remover. fast scan will remove redirecting type stuff also superantispyware as a secondary measure should fix u up.
Old 29th June 2009
  #21
Gear Maniac
 
Ladia - Audeum's Avatar
 

Smile Antivirus

Hello guys !
here is the FREE magic trio that will solve this situation...

Revo - removes undelatable files and uninstalls problematic programs.
Malwarebytes - antispyware.
CCleaner - system and registry cleaner, it's awesome.

Neither of these programs run in the background to slow your system down, they are being updated almost daily and they work !

Let me know in case of any additional questions !

have a great day !
Old 29th June 2009
  #22
Lives for gear
 
guavadude's Avatar
What about Macs? Any suggestions on how to keep them happy?
Any recommended freeware?

thanks
Old 29th June 2009
  #23
Gear Head
 

Quote:
What about Macs? Any suggestions on how to keep them happy?
Any recommended freeware?
Yeah, there are a bunch... here's a good free one Apple - Downloads - Networking & Security - ClamXav
Old 29th June 2009
  #24
Gear Maniac
 
Ladia - Audeum's Avatar
 

Smile

For Apple : DISKWARRIOR.
I don't know how much should I stress this out to everyone who is on a Mac.
There is a reason why Macs have a higher HDD failure rate than PCs. Due the file system and fragmentation HDDs in a Mac work so much harder, not even mentioning the performance boost. Use Diskwarrior to keep your disks in check and defragmented.

Have a great day !
Old 29th June 2009
  #25
Lives for gear
 

Quote:
Originally Posted by Higgs View Post
Wow, thanks so much everyone! I'm guessing that at least one of those suggestions will take care of it. Time to find out!
Your host file has been hijacked.
Here's how to fix it:
How do I reset the hosts file back to the default?
Old 29th June 2009
  #26
Lives for gear
 
Higgs's Avatar
 

Before I got around to trying everyone's suggestions, I got OWNED by the virus. It took full control of my system.

I then took my laptop and downloaded Malwarebytes (as advised by several here,) then booted up this system in safemode (also as suggested,) then installed the program. It found a lot of evil stuff (eighty some files.) This got me control back on the computer, and also fixed the original redirect problem, but every time I run Malwarebytes it finds new issues. The thing is keeps self replicating itself.

I'll try some more of the suggestions and see where that gets me. So far everyone here has been a great deal help to me.

Many thanks!
Old 30th June 2009
  #27
Lives for gear
 
terrytee's Avatar
 

Quote:
Originally Posted by 357mag View Post
Wipe hard drive. Reinstall Windows and the programs you want. Tweak your system the way you want. Then ghost it. When trouble arises recover your machine from the ghost image.
thumbsup
Old 30th June 2009
  #28
Quote:
Originally Posted by Higgs View Post
The thing keeps self replicating itself.
One trick for this.

1. Make a note of the viruses you delete and where they are installed.

2. After deleting them create a fake copy of each virus using the text tool. For example if the virus is called "pckiller.exe" Name your text file the exact same thing and put it in the exact same place as the real virus. Also, make the file read only so the spyware can't delete it. When the spyware goes to reinstall the virus it can't because your phoney virus is already there. You'll also get an error message from windows telling you exactly which string in the registry tried to reinstall the virus. Write this down. If you're confortable using regedit you can go into the registry and kill it yourself.
Old 30th June 2009
  #29
Lives for gear
 
Jovas's Avatar
Stop downloading porn bro! tutt
Old 30th June 2009
  #30
Quote:
Originally Posted by Jovas View Post
Stop downloading porn bro! tutt
you can just start your computer and leave it on for a while without a firewall and virsus scanner. it will be infected.
Post Reply

Welcome to the Gearslutz Pro Audio Community!

Registration benefits include:
  • The ability to reply to and create new discussions
  • Access to members-only giveaways & competitions
  • Interact with VIP industry experts in our guest Q&As
  • Access to members-only sub forum discussions
  • Access to members-only Chat Room
  • Get INSTANT ACCESS to the world's best private pro audio Classifieds for only USD $20/year
  • Promote your eBay auctions and Reverb.com listings for free
  • Remove this message!
You need an account to post a reply. Create a username and password below and an account will be created and your post entered.


 
 
Slide to join now Processing…
Thread Tools
Search this Thread
Search this Thread:

Advanced Search
Forum Jump
Forum Jump