Tekforums
Chat => Entertainment & Technology => Topic started by: M3ta7h3ad on November 27, 2007, 00:08:14 AM
-
I am a fool
I am a fool
I am a fool
For the first time since I can remember, ive managed to infect myself with bloody spyware. Best bit is... it totally f**ks over firefox, yet didnt screw over IE7. :D
Stupid lying software website. "we scan all of our software to make sure its 100% spyware and adware free"
ass.
RIght now as I rebooted and windows is now refusing to boot (thank god I have a centos partition on this drive), any suggestions as to a decent live cd for disinfection of my windows drive? :)
-
not even booting in safe mode with networking?
if it does then try www.ewido.com
Thats AVGs Anti-spyware online scan. Also if you can find it Webroot system analyser is pretty good, but its more of a system inspection tool than removal.
-
nope :(
-
If you can get it into safemode. Try downloading it on another computer and transfer using a USB memory dongle.
Otherwise saving it might involve some surgery, take out the drive, connect it to a clean computer with the stuff installed and then give it a good software kicking?
Dont know any live distros for that sort of use.
Come to think of it there was a vulnerability that allows a trojan or something to use IE to infect FF, either is proofed on its own but due to passing it over it doesnt get checked. It was supposedly going to get fixed by altering FF.
Never trust a site though, even magazine cover disks have been known to carry viruses by accident, and yes, I have been infected by one. Way back when my compy was a Comodore Amiga. Have found another on a CD cover disk and a third was released on a DVD.
-
Hirens bootCD has antiviral tools f-prot and McAfee + S&D
I put it here (http://bmorell.com/files/hirens.bootcd.9.2.iso) temporarely cause the download when one finds it is usually really slow.
-
thanks bear : ) will download it when I get home :)
-
If you can get it into safemode. Try downloading it on another computer and transfer using a USB memory dongle.
Otherwise saving it might involve some surgery, take out the drive, connect it to a clean computer with the stuff installed and then give it a good software kicking?
Dont know any live distros for that sort of use.
Come to think of it there was a vulnerability that allows a trojan or something to use IE to infect FF, either is proofed on its own but due to passing it over it doesnt get checked. It was supposedly going to get fixed by altering FF.
Never trust a site though, even magazine cover disks have been known to carry viruses by accident, and yes, I have been infected by one. Way back when my compy was a Comodore Amiga. Have found another on a CD cover disk and a third was released on a DVD.
It wasnt infected because of visiting a site, I installed a small app that played an MP3 file at full volume when a time was reached. I could have coded it up myself in 10 minutes, but a 30 second google search sent me to a software download website like you usually get like tucows and whatnot... checked the software, seemed legit.
Noticed nothing odd when I installed it, then I had a niggle... a pop up appeared after leaving firefox open on my own website (was testing it for compatibility on browsers... and had just left it in the background) I knew my site was clean... and had a niggle. shutdown, and started back up in the morning, and BOOM... hit by god knows what. Spybot seems to fight like crazy on startup in safemode and in normal mode, resulting in 100% cpu usage, and no explorer.exe loading.
A live cd for scanning is the only thing that can help. I have a bartpe cd around somewhere but its rigged up for defrag and not much else... so somewhat useless.
-
once you get going, install and run adaware and sbearch and destroy
google em... or download em from my webspace..
http://www.knighty1.com/aawsepersonal.exe
http://www.knighty1.com/spybotsd14.exe
I always keep them there handy for when Im sorting out other peeps computers !
-
slightly off topic but scheduled tasks (control panel) can play MP3s for you. Just set a time to run the mp3 file and itll play.
-
lol spybot is the reason I cant get into windows. :)
In general I hate anti-spyware crap, and I hate nag screens "omgz you saved a file... you surez!?" hence me never using them. What I do normally use is a firewall of some kind, and an anti-virus like nod32. However this is a fairly fresh install of xp, so never got around to putting them on here.
Doh.
-
slightly off topic but scheduled tasks (control panel) can play MP3s for you. Just set a time to run the mp3 file and itll play.
you are sh*tting me? seriously? Youre god like steve... yes! :D Woo for alarm clock :)
-
or buy a £4 value radio-alarm from Tesco and dont run your PC all night? :P
-
I have stopped using adaware and S&D and using AVG anti spyware instead and so far I am very pleased.
BTW meta did u get it sorted ?
-
I have stopped using adaware and S&D and using AVG anti spyware instead and so far I am very pleased.
BTW meta did u get it sorted ?
Downloaded it last night :) Ran it and did an fprot check, came up with nothing. Only thing is I dont see where the S&D application is as I only see Mcafee and F-Prot.
So nope still not fixed :(
lol @ bigsoy. Reason im trying this out is because I currently have dodgy sinuses, meaning that my hearing is pretty much crap at the moment. What was a loud siren alarm from my old alarm clock, is now a feeble "woo woo" sound. I literally do not hear it. My computer on the other hand is a loud bastard :) on full volume itll get me out of bed.
-
S&D is in wintools and can run from windows environment only I believe.
Have u checked for root-kits ? AVG has a free root-kit revealer.
-
I havent checked for anything as I cant get into windows.
What I really need is someone to upload a UBCD they created, as the creator for UBCD only runs in windows, and I dont have a windows install to use.
-
it may sound pointless, but if its a fresh install,
format -> reinstall?
-
Its not fresh totally... already has a lot of photos and stuffs on there. :( Dont want to lose them if I can help it.
-
You should be able to get stuff from the HDD using the bootCD though.
-
You should be able to get stuff from the HDD using the bootCD though.
and put where? I can get stuff from the hd using the linux install, if I just wanted to toast windows I could, but I dont want to. I want to repair the bloody thing.
-
You should be able to get stuff from the HDD using the bootCD though.
and put where? I can get stuff from the hd using the linux install, if I just wanted to toast windows I could, but I dont want to. I want to repair the bloody thing.
make a sub folder on the HDD, move everything to that subfolder & reinstall without formating
-
I guess that is why I allways have two partitions on my HDDs so I allways can save stuff but still format C: if needed. Is that centos partition to small ?
-
You should be able to get stuff from the HDD using the bootCD though.
and put where? I can get stuff from the hd using the linux install, if I just wanted to toast windows I could, but I dont want to. I want to repair the bloody thing.
make a sub folder on the HDD, move everything to that subfolder & reinstall without formating
You know as well as I do, that results in a hashup :) Yes it works, but ugh... its untidy.
CentOS is fine, but I use that partition for work related schenanigans. Dont want to fill it with stuff. :) nor lose it.
Im getting there slowly though, just all the "rescue cd" stuff requires windows to run, to make the image. Which is shocking considering they are designed to rescue windows. :)
-
Hey fella,
This is a big download so do it if you like...
Bitdefender have a rescue boot CD you can cut onto a disk (if you can access another machine).
http://download.bitdefender.com/rescue_cd/bitdefender_2008_RescueCD_v2.iso
Cheers,
Tongy
-
LiveXP CD
http://www.nu2.nu/pebuilder/
http://pcquest.ciol.com/content/handson/2004/104040510.asp
-
ah thanks there tongy. definately going to give that a shot.
I did a bit of manual "hmm... wtf is that?!" removal via hijackthis yesterday. Got it running inside of safemode after scanning from linux. :)
-
http://www.nu2.nu/pebuilder/
http://pcquest.ciol.com/content/handson/2004/104040510.asp
PE Builder is useless in this case as I mentioned above. Requires windows to build the image.
-
http://www.nu2.nu/pebuilder/
http://pcquest.ciol.com/content/handson/2004/104040510.asp
PE Builder is useless in this case as I mentioned above. Requires windows to build the image.
Oh I thought you had another machine to work from is it centos u use to get and make the BitdefenderCD ?
-
You should be able to get stuff from the HDD using the bootCD though.
and put where? I can get stuff from the hd using the linux install, if I just wanted to toast windows I could, but I dont want to. I want to repair the bloody thing.
make a sub folder on the HDD, move everything to that subfolder & reinstall without formating
You know as well as I do, that results in a hashup :) Yes it works, but ugh... its untidy.
CentOS is fine, but I use that partition for work related schenanigans. Dont want to fill it with stuff. :) nor lose it.
Im getting there slowly though, just all the "rescue cd" stuff requires windows to run, to make the image. Which is shocking considering they are designed to rescue windows. :)
Its not untidy.. everything is dumped into a directory - say oldhdd
Then you reinstall windows.
Copy what you want from oldhdd directory & then delete oldhdd directory.
I do it all the time.
-
and what exactly happens to your installed programs? registry entries? and other useful bits and pieces...
:o... they get left on the system, unusable because they are missing registry keys, or system files have changed and so the incorrect version of a dll is on the system, meaning I then have to go through and delete the programs manually... however some may work, so then Ive got to bloody remake the shortcuts and what not... yes... not untidy at all.
If you are going to install windows, format - reinstall is the best way, every time.
EIther way its not a choice here.
Yes @ bear, same computer. dual boot.
-
Hey fella,
This is a big download so do it if you like...
Bitdefender have a rescue boot CD you can cut onto a disk (if you can access another machine).
http://download.bitdefender.com/rescue_cd/bitdefender_2008_RescueCD_v2.iso
Cheers,
Tongy
This looks like it could do the job. Fired up its malware scanner automatically, and is already scanning away here. :) hopefully itll clear up any issues left on here :)
-
How is it comming along ?
Well depending of space in your centos partition, a virtual machine in linux to install XP to build a bootable XP CD maybe could be a way to go.
-
Not good.
Somehow my computer is now spankingly clean according to the following.
F-Prot
NOD32
AVG Spyware
HijackThis (cant see a thing thats odd there...)
Bit Defender.
Stinger
All with the latest defs.
Yet if I start up in normal mode, NOD32s firewall takes up 100% cpu as its blocking all the SMTP requests from the "system" process.
Seriously... my system is totally clean according to all that.
Only thing left to try is housecall online.
-
Well AVG rootkit revealer have u tried that ?
also install something else than NOD32 , check your PM
-
Install something else other than nod32?
I have AVG, Spybot, F-Prot, think I already scanned it with Alwil, and ANTIVIR, Stinger.
Whatever I have, I think nothing can find it.
Nod32s firewall is the only thing stopping my computer sending out several million emails a minute.
-
What is sending out all those emails ? Is it through Outlook ?
Remove outlook and get a another mailprogram like
Foxmail, Thunderbird or the like.
and u got a new PM :D
-
What is sending out all those emails ? Is it through Outlook ?
Remove outlook and get a another mailprogram like
Foxmail, Thunderbird or the like.
and u got a new PM :D
Nope :) Its going as the system process according to netstat -b.
-
I dont suppose it would be quicker to reinstall?
Check the number of active users, some set up their own account and hide that way.
-
What is sending out all those emails ? Is it through Outlook ?
Remove outlook and get a another mailprogram like
Foxmail, Thunderbird or the like.
and u got a new PM :D
Nope :) Its going as the system process according to netstat -b.
Is it through an instance of svchost ? check if it is located somewhere else
than in \system32 xp uses svchost but there can be false ones, one can try
turning them of one at the time to see if the emailing stops.
-
Not SVChost, but actually the system process.
Its the hardest core thing ive ever had to deal with, the little bastard appears to have added its own code to a system dll or something, hooked into the system process and blammo... despite all other trails of it being removed, this one last thing is screwing it all up.
A reinstall would be faster yes, but ugh... I just didnt want to hose this installation. Guess only path left is the hosage way really.
-
Hard work but u could replace all *.dll with fresh ones.
Have you downloaded all security uppdates ?
Try windizupdate.com
-
If I remember rightly I thinks theres an SFV check I can do that will do the same from a cd. May try that first before a wipe :)
-
run webroot system analyser to see what its got in there. Itll uaully give you a pretty good report. Then run spysweeper. user the "Masters" files from System analyser rather than the ones in spysweeper and itll normally pick things up better. After that if it still wont shift then you may need to try Counterspy. This is provided you have managed to get it booting.
-
run webroot system analyser to see what its got in there. Itll uaully give you a pretty good report. Then run spysweeper. user the "Masters" files from System analyser rather than the ones in spysweeper and itll normally pick things up better. After that if it still wont shift then you may need to try Counterspy. This is provided you have managed to get it booting.
Decided to wipe it after all. Now just to get pxeboot working.
Got it as far as mounting a network share, just need to get the installer working.