Brutal Malware
 
            
                
                    Ahnimus                
                
                    Posts: 10,560                
            
                        
            
                    A few weeks ago I was surfing the web. I don't normally have auto-protection against malware, but I don't normally download suspicious files. I do have ActiveX, Java and everything set to prompt in IE. I browsed a website and BAM! 20+ malware is installed.
I got rid of most of it using Spybot, Trend-Micro AntiSpyware, Adaware, AVG AntiSpyware and Hijack This. My boot is clean, my process list is clean, only essential services running, etc..
So, I'm back to my normal stuff and I start getting all kinds of pop-ups, even with TeaTimer, AVG, ZoneAlarm and AnalogX's POW! pop-up stopper, these pop-ups keep happening. What's worse is my PC is covertly connecting to an audio stream that says "Thank you for visiting surveryclub.com..." and goes into this whole spiel about paid surveys. It's really fucking annoying.
I know my shit about computers, but this is driving me insane. I made some changes last night that seems to have stopped the pop-ups and audio streams, but I can't access the internet, according to WinXP Help and Support diagnostics my NIC isn't responding, but according to Device Manager it's functioning properly. My connection is established without failure, but I'm unable to resolve DNS address.
So, I went into command and ran these commands:
netsh winsock reset
netsh interface ip reset
and it didn't fix the problem, any ideas?
FYI I don't have a windows disc.
                I got rid of most of it using Spybot, Trend-Micro AntiSpyware, Adaware, AVG AntiSpyware and Hijack This. My boot is clean, my process list is clean, only essential services running, etc..
So, I'm back to my normal stuff and I start getting all kinds of pop-ups, even with TeaTimer, AVG, ZoneAlarm and AnalogX's POW! pop-up stopper, these pop-ups keep happening. What's worse is my PC is covertly connecting to an audio stream that says "Thank you for visiting surveryclub.com..." and goes into this whole spiel about paid surveys. It's really fucking annoying.
I know my shit about computers, but this is driving me insane. I made some changes last night that seems to have stopped the pop-ups and audio streams, but I can't access the internet, according to WinXP Help and Support diagnostics my NIC isn't responding, but according to Device Manager it's functioning properly. My connection is established without failure, but I'm unable to resolve DNS address.
So, I went into command and ran these commands:
netsh winsock reset
netsh interface ip reset
and it didn't fix the problem, any ideas?
FYI I don't have a windows disc.
I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire
Post edited by Unknown User on 
0
            Comments
- 
            not sure i don't know nearly as much as you do
 castlecops.com was a great help to me to get rid of some nasty stuffRalph: Me fail English? That's unpossible.0
- 
            Sorry I had a similar experience a couple of years back.  I did the same things you did but I could never get rid of it so I had to reformat.                        0 I had a similar experience a couple of years back.  I did the same things you did but I could never get rid of it so I had to reformat.                        0
- 
            jojo wrote:not sure i don't know nearly as much as you do
 castlecops.com was a great help to me to get rid of some nasty stuff
 Yea, I searched the web for all the files and nothing has come up that helped. I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire0 I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire0
- 
            cutback wrote:Sorry I had a similar experience a couple of years back.  I did the same things you did but I could never get rid of it so I had to reformat. I had a similar experience a couple of years back.  I did the same things you did but I could never get rid of it so I had to reformat.
 I should format anyway, it's just a long process backing everything up.
 My HDD is 99% fragmented, I tried running defrag and after 9 hours it produced an error and was still 99% fragmented. My computer is also barking now, it sounds like the HDD is grinding to a halt.I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire0
- 
            oh I wish yo much luck mine has been hinky lately and begging for some TLC but i hate doing itRalph: Me fail English? That's unpossible.0
- 
            Does your computer let you restore it to a previous date where everything worked? That could work.
 If you can figure out maybe three or four words to describe your malware and google it you will probably find some people who had the same problem and maybe even a solution.
 Im sure you already knew of these or did it but also re installing your NIC cards drivers or rolling them back.
 You could also use bittorrent to get a copy of windows and just reformat.
 Also maybe using a third party program to view your processes just in case the malware hides it from the windows process list. Any smart programmer would hide it.0
- 
            99% fragmented???? malware that can not be removed??
 one word
 reformat.
 no other way
 you work in IT? you should be able to get your hands on a XP disk.
 my $0.02.0
- 
            Well, I have it nailed down to one process, it's an svchost with PID 952.
 As soon as I kill the process my internet works again. I can't figure out which service it is though. I have the Process ID, but nowhere in windows will it tell me the command that is running it.I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire0
- 
            Ahnimus wrote:Well, I have it nailed down to one process, it's an svchost with PID 952.
 As soon as I kill the process my internet works again. I can't figure out which service it is though. I have the Process ID, but nowhere in windows will it tell me the command that is running it.
 its probably something in the registry that needs to be changed. but im sure you know that can easily F things up.0
- 
            Ahnimus wrote:Well, I have it nailed down to one process, it's an svchost with PID 952.
 As soon as I kill the process my internet works again. I can't figure out which service it is though. I have the Process ID, but nowhere in windows will it tell me the command that is running it.
 Nachia/Welchia worm..."Feel it rising, yeah next stop falling!"
 <a href=http://www.topcomments.com><img src=http://i142.photobucket.com/albums/r114/tcbm7/img/other/44.gif title="MySpace Comments" border=0></a><br><left><a href='http://www.topcomments.com'><font size="2">MySpace Comments</font></a></left>0
- 
            I refuse to use IE. I have used it at work a few times. I always run Ad-aware(sp?) and there's always spyware after IE.
 good luck.9/98, 9/00 - DC, 4/03 - Pitt., 7/03 - Bristow, 10/04 - Reading, 10/05 - Philly, 5/06 - DC, 6/06 - Pitt., 6/08 - Va Beach, 6/08 - DC, 5/10 - Bristow, 10/13 B'more
 8/08 - Ed solo in DC, 6/09 Ed in B'more,
 10/10 - Brad in B'more0
- 
            All the adware/spyware is gone. A few devices got messed up in the process. I still have one device not working, that is the DVD drive. The drive is detected and the driver is working, but a required service isn't running. I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire0 I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire0
- 
            ok, when your computer is 100 percent cootie-free, then you can by my myspace friend 9/98, 9/00 - DC, 4/03 - Pitt., 7/03 - Bristow, 10/04 - Reading, 10/05 - Philly, 5/06 - DC, 6/06 - Pitt., 6/08 - Va Beach, 6/08 - DC, 5/10 - Bristow, 10/13 B'more 9/98, 9/00 - DC, 4/03 - Pitt., 7/03 - Bristow, 10/04 - Reading, 10/05 - Philly, 5/06 - DC, 6/06 - Pitt., 6/08 - Va Beach, 6/08 - DC, 5/10 - Bristow, 10/13 B'more
 8/08 - Ed solo in DC, 6/09 Ed in B'more,
 10/10 - Brad in B'more0
- 
            Ahnimus wrote:All the adware/spyware is gone. A few devices got messed up in the process. I still have one device not working, that is the DVD drive. The drive is detected and the driver is working, but a required service isn't running. 
 Im sure you tried it but did you try re installing the drivers?0
- 
            Seriously, backup and reformat sounds like the best option. You must know someone who knows someone and can get a copy of xp?bugs in the way...I feel about you
 "New music, new friends. Pearl Jam."
 I like our socks. I hear we make a fine sock. I always say, You might not love our records, but I think you'll like our socks. - Stone
 "This record is us speaking out in class." -EV on PJ0
- 
            Lizardjam wrote:Seriously, backup and reformat sounds like the best option. You must know someone who knows someone and can get a copy of xp?
 I agree, I just need my DVD to work so I can back-up I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire0 I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire0
- 
            Ahnimus wrote:I agree, I just need my DVD to work so I can back-up 
 Did you say it's a laptop or pc? Make it external see if you can reinstall it that way.....would that work? I know if I didn't have all the crap at work to use, a lot of this would be a lot harder to obtain. So my suggestions may stem from that, sorry.bugs in the way...I feel about you
 "New music, new friends. Pearl Jam."
 I like our socks. I hear we make a fine sock. I always say, You might not love our records, but I think you'll like our socks. - Stone
 "This record is us speaking out in class." -EV on PJ0
- 
            Lizardjam wrote:Did you say it's a laptop or pc? Make it external see if you can reinstall it that way.....would that work? I know if I didn't have all the crap at work to use, a lot of this would be a lot harder to obtain. So my suggestions may stem from that, sorry.
 No it's good, I want to hear suggestions. Thanks 
 It's a PC. I tried deleting the driver and reinstalling it, but even Daemon Tools doesn't work I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire0 I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire0
- 
            Ahnimus wrote:No it's good, I want to hear suggestions. Thanks 
 It's a PC. I tried deleting the driver and reinstalling it, but even Daemon Tools doesn't work 
 How old is the drive?bugs in the way...I feel about you
 "New music, new friends. Pearl Jam."
 I like our socks. I hear we make a fine sock. I always say, You might not love our records, but I think you'll like our socks. - Stone
 "This record is us speaking out in class." -EV on PJ0
- 
            Lizardjam wrote:How old is the drive?
 Well, the drive is about 2 years old. But virtual drives don't work either.I necessarily have the passion for writing this, and you have the passion for condemning me; both of us are equally fools, equally the toys of destiny. Your nature is to do harm, mine is to love truth, and to make it public in spite of you. - Voltaire0
Categories
- All Categories
- 149K Pearl Jam's Music and Activism
- 110.1K The Porch
- 278 Vitalogy
- 35.1K Given To Fly (live)
- 3.5K Words and Music...Communication
- 39.2K Flea Market
- 39.2K Lost Dogs
- 58.7K Not Pearl Jam's Music
- 10.6K Musicians and Gearheads
- 29.1K Other Music
- 17.8K Poetry, Prose, Music & Art
- 1.1K The Art Wall
- 56.8K Non-Pearl Jam Discussion
- 22.2K A Moving Train
- 31.7K All Encompassing Trip
- 2.9K Technical Stuff and Help





