Go Back   Two Wheel Fix > General > Off Topic

Reply
 
Thread Tools Display Modes
Old 02-21-2009, 05:56 PM   #21
Papa_Complex
Nomadic Tribesman
 
Papa_Complex's Avatar
 
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
Default

Quote:
Originally Posted by JoJoYZF View Post
And go fuck yourself, thanks for your input.


My buddy just reformatted it and its back to normal. Thanks everyone.
I recommend that you set hings up to try and mitigate this sort of thing, in future. Install Microsoft Defender and Spybot Search and Destroy. Run Spybot's "immunization"; it blocks known bad websites, which can infect your system. Make sure that you install a good antivirus and, most importantly, keep it updated.
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising"

http://www.morallyambiguous.net/
Papa_Complex is offline   Reply With Quote
Old 02-21-2009, 09:02 PM   #22
Lamnidae
CMDLINE
 
Lamnidae's Avatar
 
Join Date: Feb 2008
Location: Huntsville, AL
Moto: 2008 Black/Grey Hayabusa
Posts: 1,406
Default

Quote:
Originally Posted by JoJoYZF View Post
And go fuck yourself, thanks for your input.


My buddy just reformatted it and its back to normal. Thanks everyone.



bwahahha.


but seriously, keep your sensitive data on another drive, it's probably one of the easiest things to do to mitigate the risk of getting "free stuff"


Hey, i'm not passing judgement, I myself have gone for free stuff too.... just in different ways.


Anyways, seriously one of the biggest things that people DONT do is keep their shit up to date. Do your updates, they're there for a reason.




Douche.

Quote:
Originally Posted by Papa_Complex View Post
I recommend that you set hings up to try and mitigate this sort of thing, in future. Install Microsoft Defender and Spybot Search and Destroy. Run Spybot's "immunization"; it blocks known bad websites, which can infect your system. Make sure that you install a good antivirus and, most importantly, keep it updated.
.... what he, me, and a lot of everyone else has said.




Seriously, if you're gonna go try to get "free stuff" like that, look into the VMware option.
__________________
Quote:
Originally Posted by PhiSig1071 View Post
TLS' are more fun then a room full of hookers and a gallon zip-loc of X, but almost as likely to get you in trouble.
Lamnidae is offline   Reply With Quote
Old 02-21-2009, 10:16 PM   #23
pauldun170
Serious Business
 
pauldun170's Avatar
 
Join Date: Nov 2008
Location: New York
Moto: 1993 ZX-11 2008 CBR1000rr
Posts: 9,723
Default

Malwarebytes should take care of AV2009 and it's variants
__________________


Quote:
Originally Posted by Dave View Post
feed your dogs root beer it will make them grow large and then you can ride them and pet the motorcycle while drinking root beer
pauldun170 is offline   Reply With Quote
Old 02-22-2009, 12:44 AM   #24
JoJoYZF
Bring on the Zombies!
 
JoJoYZF's Avatar
 
Join Date: Feb 2008
Location: Cleveland
Moto: 2000 Yamaha YZF600R
Posts: 2,691
Default

Everything I had on this comp was saved since I dont have much on it. I only had a few job related things and those are all on my jump drive. And honestly I didnt have all that much music on here. Maybe 3-400 songs and about 5 movies. Now that Im done with school I pretty much only use my laptop for playing online. And now it is protected with a few different things. I was one of those that would only run programs to check for viruses every once in a while, but even though I didnt lose much, it was still enough of a hassle that Im keeping it protected now.
JoJoYZF is offline   Reply With Quote
Old 02-22-2009, 01:11 AM   #25
L8 Braker
Swollen Member
 
L8 Braker's Avatar
 
Join Date: Nov 2008
Posts: 558
Default

Quote:
Originally Posted by pauldun170 View Post
Malwarebytes should take care of AV2009 and it's variants
This is one of the best you will find
L8 Braker is offline   Reply With Quote
Old 02-22-2009, 08:45 AM   #26
Lamnidae
CMDLINE
 
Lamnidae's Avatar
 
Join Date: Feb 2008
Location: Huntsville, AL
Moto: 2008 Black/Grey Hayabusa
Posts: 1,406
Default

Quote:
Originally Posted by JoJoYZF View Post
I was one of those that would only run programs to check for viruses every once in a while, but even though I didnt lose much, it was still enough of a hassle that Im keeping it protected now.
Yeah thats how it typically works.... even though you don't loose much, you still loose stuff (time, mostly) and it's a hassle.
__________________
Quote:
Originally Posted by PhiSig1071 View Post
TLS' are more fun then a room full of hookers and a gallon zip-loc of X, but almost as likely to get you in trouble.
Lamnidae is offline   Reply With Quote
Old 02-22-2009, 10:33 AM   #27
Angee
Dutch's PITA
 
Angee's Avatar
 
Join Date: Nov 2008
Location: Back in Nashville!
Moto: I ride Dutch...and an 09 Kawi 250
Posts: 735
Default

Keep a copy of MalWareBytes on you computer. I've had that virus (more like Trojan) and you have to remove it MULTIPLE times in safe mode, the again in regular mode, then safe mode agin. AVG CAN NOT CATCH THIS ONE, NOR CAN ADAWARE! We have all kinds of "tech tools" here and none of them worked except the MWB. Bitch is, it keeps replicating itself, which is why you have to do it in safe mode and on every profile on your computer. AVG is the best I've found for antivirus, but it's not infallible. MWB Rocks!

Oh, and don't try to remove a virus while you're drunk...that popup is how it blew up on me...I was in Nashville and it was 4am and we were drunk...
__________________
Quote:
Originally Posted by another board
If any of us were still questioning your sexuality, you just added the last banana to your fruit salad, buddy.
Quote:
Originally Posted by anthonyk View Post
Those things are awesome. We gave out the clap and syphilis last christmas.
Angee is offline   Reply With Quote
Old 02-22-2009, 12:42 PM   #28
Papa_Complex
Nomadic Tribesman
 
Papa_Complex's Avatar
 
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
Default

Quote:
Originally Posted by pauldun170 View Post
Malwarebytes should take care of AV2009 and it's variants
Unless your system has already been added to the bot-net. At that point I haven't found anything short of reinstallation that can guarantee a clean system.
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising"

http://www.morallyambiguous.net/
Papa_Complex is offline   Reply With Quote
Old 02-22-2009, 01:35 PM   #29
Papa_Complex
Nomadic Tribesman
 
Papa_Complex's Avatar
 
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
Default

Quote:
Originally Posted by Angee View Post
Keep a copy of MalWareBytes on you computer. I've had that virus (more like Trojan) and you have to remove it MULTIPLE times in safe mode, the again in regular mode, then safe mode agin. AVG CAN NOT CATCH THIS ONE, NOR CAN ADAWARE! We have all kinds of "tech tools" here and none of them worked except the MWB. Bitch is, it keeps replicating itself, which is why you have to do it in safe mode and on every profile on your computer. AVG is the best I've found for antivirus, but it's not infallible. MWB Rocks!

Oh, and don't try to remove a virus while you're drunk...that popup is how it blew up on me...I was in Nashville and it was 4am and we were drunk...
You need a copy of ERD Commander 2005 or something similar, if you can law your hands on it. Boot from the ERD CD and go into both the Windows and Windows\System32 directories. Sort the directories by date and delete files that don't look kosher, that all came in on the same date. Most will have random names. You may also find a file that starts with two or three underscores in the sys32 directory, that may not show the same date. Kill it. Delete everything in Windows\Temp. Also delete everything in any user's internet cache and Application Data\Temp directories under their user accounts. There will be executable files there that get called in the registry. Kill the files and the registry entries don't matter.

In regedit Go to HKLM\Software\Microsoft\WindowsNT\CurrentVersion\W inlogon\Notify and in there you'll see at least one of the randomly named files being called at boot. Kill that key. It's the reinfect vector and why you couldn't kill it without multiple attempts. It starts as soon as Windows does.

While you're in there, look for processes in HKLM\System\CurrentControlSet\Services that don't belong. I realize that it's hard to sort through that mess, but there may well be a service running that allows the system to be controlled externally, as part of the bot-net. It's gotta go. There may even be more than one. In one case I found two separate services and four items in Notify.

While in ERD, use a memory key to copy your tools to the hard drive. I use Spybot and HijackThis. Once you've done your cleaning in ERD, reboot into safe mode and run HIjackThis. You'll find several BHO, toobar, autorun entries that don't belong. Keep an eye open for entries that say "file missing." Since you deleted a ton of stuff already in the previous steps, a lot of the bad stuff will show up this way. If so, kill it. Also keep an eye open for browser hijacks and other stuff that doesn't belong. If you miss it, then the system will reinfect when you reboot it.

Now reboot and restart in Safe Mode with Networking. Install Spybot, update it, and run it. Try running your antivirus at this point too, if it isn't too broken. Once all of this has been done either the system is clean, or it isn't. If it isn't, then it will never be, because you haven't managed to find all of the infection vectors.

This is why I have just been reinstalling Windows lately, rather than trying to clean them.

**EDIT** I should add that none of this is necessary if the user doesn't click on that damned "antivirus" pop-up in the first place. If they don't, then AVG, McAfee, likely any reasonable anti-virus will get rid of the basic infection. Even Spybot will kill it as "Fake-AV" when you run it. The problem is that nothing can stop it, once someone has actually TOLD Windows to install something.
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising"

http://www.morallyambiguous.net/

Last edited by Papa_Complex; 02-22-2009 at 01:44 PM..
Papa_Complex is offline   Reply With Quote
Old 02-22-2009, 04:49 PM   #30
Lamnidae
CMDLINE
 
Lamnidae's Avatar
 
Join Date: Feb 2008
Location: Huntsville, AL
Moto: 2008 Black/Grey Hayabusa
Posts: 1,406
Default

^____ be careful when going in and mucking with your system directories and the registry....
__________________
Quote:
Originally Posted by PhiSig1071 View Post
TLS' are more fun then a room full of hookers and a gallon zip-loc of X, but almost as likely to get you in trouble.
Lamnidae is offline   Reply With Quote
Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 07:17 PM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.