Home Technical Stuff and Help

Brutal Malware

AhnimusAhnimus Posts: 10,560
edited November 2006 in Technical Stuff and Help
A few weeks ago I was surfing the web. I don't normally have auto-protection against malware, but I don't normally download suspicious files. I do have ActiveX, Java and everything set to prompt in IE. I browsed a website and BAM! 20+ malware is installed.

I got rid of most of it using Spybot, Trend-Micro AntiSpyware, Adaware, AVG AntiSpyware and Hijack This. My boot is clean, my process list is clean, only essential services running, etc..

So, I'm back to my normal stuff and I start getting all kinds of pop-ups, even with TeaTimer, AVG, ZoneAlarm and AnalogX's POW! pop-up stopper, these pop-ups keep happening. What's worse is my PC is covertly connecting to an audio stream that says "Thank you for visiting surveryclub.com..." and goes into this whole spiel about paid surveys. It's really fucking annoying.

I know my shit about computers, but this is driving me insane. I made some changes last night that seems to have stopped the pop-ups and audio streams, but I can't access the internet, according to WinXP Help and Support diagnostics my NIC isn't responding, but according to Device Manager it's functioning properly. My connection is established without failure, but I'm unable to resolve DNS address.

So, I went into command and ran these commands:
netsh winsock reset
netsh interface ip reset

and it didn't fix the problem, any ideas?
FYI I don't have a windows disc.
I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire
Post edited by Unknown User on

Comments

  • jojojojo Posts: 645
    not sure i don't know nearly as much as you do

    castlecops.com was a great help to me to get rid of some nasty stuff
    Ralph: Me fail English? That's unpossible.
  • normnorm Posts: 31,146
    Sorry :( I had a similar experience a couple of years back. I did the same things you did but I could never get rid of it so I had to reformat.
  • AhnimusAhnimus Posts: 10,560
    jojo wrote:
    not sure i don't know nearly as much as you do

    castlecops.com was a great help to me to get rid of some nasty stuff

    Yea, I searched the web for all the files and nothing has come up that helped.
    :(
    I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire
  • AhnimusAhnimus Posts: 10,560
    cutback wrote:
    Sorry :( I had a similar experience a couple of years back. I did the same things you did but I could never get rid of it so I had to reformat.

    I should format anyway, it's just a long process backing everything up.

    My HDD is 99% fragmented, I tried running defrag and after 9 hours it produced an error and was still 99% fragmented. My computer is also barking now, it sounds like the HDD is grinding to a halt.
    I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire
  • jojojojo Posts: 645
    oh I wish yo much luck mine has been hinky lately and begging for some TLC but i hate doing it
    Ralph: Me fail English? That's unpossible.
  • turnedmyworldtoblackturnedmyworldtoblack Posts: 151
    Does your computer let you restore it to a previous date where everything worked? That could work.

    If you can figure out maybe three or four words to describe your malware and google it you will probably find some people who had the same problem and maybe even a solution.

    Im sure you already knew of these or did it but also re installing your NIC cards drivers or rolling them back.

    You could also use bittorrent to get a copy of windows and just reformat.

    Also maybe using a third party program to view your processes just in case the malware hides it from the windows process list. Any smart programmer would hide it.
  • jlew24asujlew24asu Posts: 10,118
    99% fragmented???? malware that can not be removed??

    one word

    reformat.

    no other way


    you work in IT? you should be able to get your hands on a XP disk.

    my $0.02.
  • AhnimusAhnimus Posts: 10,560
    Well, I have it nailed down to one process, it's an svchost with PID 952.

    As soon as I kill the process my internet works again. I can't figure out which service it is though. I have the Process ID, but nowhere in windows will it tell me the command that is running it.
    I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire
  • jlew24asujlew24asu Posts: 10,118
    Ahnimus wrote:
    Well, I have it nailed down to one process, it's an svchost with PID 952.

    As soon as I kill the process my internet works again. I can't figure out which service it is though. I have the Process ID, but nowhere in windows will it tell me the command that is running it.


    its probably something in the registry that needs to be changed. but im sure you know that can easily F things up.
  • ItsEvolutionBaby74ItsEvolutionBaby74 Posts: 490
    Ahnimus wrote:
    Well, I have it nailed down to one process, it's an svchost with PID 952.

    As soon as I kill the process my internet works again. I can't figure out which service it is though. I have the Process ID, but nowhere in windows will it tell me the command that is running it.

    Nachia/Welchia worm...
    "Feel it rising, yeah next stop falling!"

    <a href=http://www.topcomments.com><img src=http://i142.photobucket.com/albums/r114/tcbm7/img/other/44.gif title="MySpace Comments" border=0></a><br><left><a href='http://www.topcomments.com'><font size="2">MySpace Comments</font></a></left>
  • iluvcatsiluvcats Posts: 5,153
    I refuse to use IE. I have used it at work a few times. I always run Ad-aware(sp?) and there's always spyware after IE.

    good luck.
    9/98, 9/00 - DC, 4/03 - Pitt., 7/03 - Bristow, 10/04 - Reading, 10/05 - Philly, 5/06 - DC, 6/06 - Pitt., 6/08 - Va Beach, 6/08 - DC, 5/10 - Bristow, 10/13 B'more
    8/08 - Ed solo in DC, 6/09 Ed in B'more,
    10/10 - Brad in B'more
  • AhnimusAhnimus Posts: 10,560
    All the adware/spyware is gone. A few devices got messed up in the process. I still have one device not working, that is the DVD drive. The drive is detected and the driver is working, but a required service isn't running. :(
    I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire
  • iluvcatsiluvcats Posts: 5,153
    ok, when your computer is 100 percent cootie-free, then you can by my myspace friend :)
    9/98, 9/00 - DC, 4/03 - Pitt., 7/03 - Bristow, 10/04 - Reading, 10/05 - Philly, 5/06 - DC, 6/06 - Pitt., 6/08 - Va Beach, 6/08 - DC, 5/10 - Bristow, 10/13 B'more
    8/08 - Ed solo in DC, 6/09 Ed in B'more,
    10/10 - Brad in B'more
  • turnedmyworldtoblackturnedmyworldtoblack Posts: 151
    Ahnimus wrote:
    All the adware/spyware is gone. A few devices got messed up in the process. I still have one device not working, that is the DVD drive. The drive is detected and the driver is working, but a required service isn't running. :(

    Im sure you tried it but did you try re installing the drivers?
  • LizardjamLizardjam Posts: 1,121
    Seriously, backup and reformat sounds like the best option. You must know someone who knows someone and can get a copy of xp?
    bugs in the way...I feel about you

    "New music, new friends. Pearl Jam."

    I like our socks. I hear we make a fine sock. I always say, You might not love our records, but I think you'll like our socks. - Stone

    "This record is us speaking out in class." -EV on PJ
  • AhnimusAhnimus Posts: 10,560
    Lizardjam wrote:
    Seriously, backup and reformat sounds like the best option. You must know someone who knows someone and can get a copy of xp?

    I agree, I just need my DVD to work so I can back-up :)
    I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire
  • LizardjamLizardjam Posts: 1,121
    Ahnimus wrote:
    I agree, I just need my DVD to work so I can back-up :)

    Did you say it's a laptop or pc? Make it external see if you can reinstall it that way.....would that work? I know if I didn't have all the crap at work to use, a lot of this would be a lot harder to obtain. So my suggestions may stem from that, sorry.
    bugs in the way...I feel about you

    "New music, new friends. Pearl Jam."

    I like our socks. I hear we make a fine sock. I always say, You might not love our records, but I think you'll like our socks. - Stone

    "This record is us speaking out in class." -EV on PJ
  • AhnimusAhnimus Posts: 10,560
    Lizardjam wrote:
    Did you say it's a laptop or pc? Make it external see if you can reinstall it that way.....would that work? I know if I didn't have all the crap at work to use, a lot of this would be a lot harder to obtain. So my suggestions may stem from that, sorry.

    No it's good, I want to hear suggestions. Thanks :)

    It's a PC. I tried deleting the driver and reinstalling it, but even Daemon Tools doesn't work :(
    I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire
  • LizardjamLizardjam Posts: 1,121
    Ahnimus wrote:
    No it's good, I want to hear suggestions. Thanks :)

    It's a PC. I tried deleting the driver and reinstalling it, but even Daemon Tools doesn't work :(

    How old is the drive?
    bugs in the way...I feel about you

    "New music, new friends. Pearl Jam."

    I like our socks. I hear we make a fine sock. I always say, You might not love our records, but I think you'll like our socks. - Stone

    "This record is us speaking out in class." -EV on PJ
  • AhnimusAhnimus Posts: 10,560
    Lizardjam wrote:
    How old is the drive?

    Well, the drive is about 2 years old. But virtual drives don't work either.
    I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire
  • LizardjamLizardjam Posts: 1,121
    I think I'm out of suggestions. Sorry.
    bugs in the way...I feel about you

    "New music, new friends. Pearl Jam."

    I like our socks. I hear we make a fine sock. I always say, You might not love our records, but I think you'll like our socks. - Stone

    "This record is us speaking out in class." -EV on PJ
  • AhnimusAhnimus Posts: 10,560
    Lizardjam wrote:
    I think I'm out of suggestions. Sorry.

    That's ok, thanks for taking the time Lizardjam :)
    I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire
Sign In or Register to comment.