Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  
Pages: 1 [2]

Author Topic: A very persistent virus  (Read 3178 times)

ed boy

  • Bay Watcher
    • View Profile
Re: A very persistent virus
« Reply #15 on: March 23, 2011, 01:16:05 pm »

It appears that the Zbot is not responsible for the google redirects - I used a tool called gooredfix, which fixed the redirecting problem, though the Zbot is hanging around.
Logged

Sowelu

  • Bay Watcher
  • I am offishially a penguin.
    • View Profile
Re: A very persistent virus
« Reply #16 on: March 23, 2011, 01:26:30 pm »

Forgive me for saying so, but I wouldn't be sad if someone forcibly formatted your machine for you right now.  DO NOT LET A BOT COMPROMISED MACHINE ON THE INTERNET.  YOU, YES YOU PERSONALLY, ARE MAKING THE INTERNET WORSE FOR EVERYONE ELSE.  If you can't fix it, reformat.
Logged
Some things were made for one thing, for me / that one thing is the sea~
His servers are going to be powered by goat blood and moonlight.
Oh, a biomass/24 hour solar facility. How green!

ed boy

  • Bay Watcher
    • View Profile
Re: A very persistent virus
« Reply #17 on: March 23, 2011, 02:11:31 pm »

Don't get me wrong, I'm still trying to sort the Zbot out. I just though I would post that in case anyone else was suffering it too, so they know how to fix it.
Logged

GlyphGryph

  • Bay Watcher
    • View Profile
Re: A very persistent virus
« Reply #18 on: March 23, 2011, 02:23:27 pm »

Fix it now. Stop being on the internet. Your computer is infectious, and is actively making things worse RIGHT NOW!

Heheheh.

But seriously, fix that junk.
Logged

ed boy

  • Bay Watcher
    • View Profile
Re: A very persistent virus
« Reply #19 on: March 23, 2011, 03:28:25 pm »

That's why I've disconnected the infected one, and am using another one to browse the internet.
Logged

white_darkness

  • Bay Watcher
    • View Profile
Re: A very persistent virus
« Reply #20 on: March 23, 2011, 04:26:23 pm »

One of the points of a botnet besides having raw computing power and a large distribution base to start a DDOS attack from, is getting more infected software on to muddy the waters and further rip-off the victims.

I gave you a link with manual removal instructions, since in all honesty, you could spend the next month with everyone recommending their sure fire personal favorite malware suite.  And from some of what I've read, it won't make a difference, even if you run through all of them.
Logged

ed boy

  • Bay Watcher
    • View Profile
Re: A very persistent virus
« Reply #21 on: March 23, 2011, 05:10:28 pm »

I went through the manual removal instructions, but they didn't work. It appears that those are orientated for a variant other than the one I have.
Logged

white_darkness

  • Bay Watcher
    • View Profile
Re: A very persistent virus
« Reply #22 on: March 23, 2011, 06:00:53 pm »

So you're blessed with one of the post-2010 versions ala "Trend Micro blogs that the recent variants (as of 26 Apr 2010), use random names for files and directories in a major change. The earlier variants used fixed file names. In addition this trojan now inject themselves into ctfmon.exe, explorer.exe, rdpclip.exe, taskeng.exe, taskhost.exe and wscntfy.exe"

That just makes it more fun, since explorer.exe is a core windows file.  Ctfmon.exe is for "alternative user input" and multi-language support.  It's a nightmare to shut off if it's not needed.

Taskeng and taskhost, handle process scheduling in Windows 7 and the OS that I prefer not to speak of, so it doesn't exist in windows xp.  Rdpclip handles file copying operations.

There's always this as something to try, which if it works, certainly no reason to complain.  Bitdefender is at least a legit company.


So far the only variations from those instructions I referenced have been on an ancient "removal instructions" forum posting over at the Spybot website (from 2007).

Otherwise, you're looking at random file names.  I have no idea what your computer comfort level is, and 90% of stuff looks random to most people.  Reinstalling may be easier, particularly with the hooking into such common windows processes.
Logged

ed boy

  • Bay Watcher
    • View Profile
Re: A very persistent virus
« Reply #23 on: March 26, 2011, 06:25:22 am »

It turns out that the virus has actually been gone for some time. The reason why none of the scans were finding anything is because it had already been gotten rid of. Sophos simply did not automatically recognize that it had gone, which was why I thought it was hanging around.
Logged
Pages: 1 [2]