Antivirus 2008 Pro

[Tere]

Hi All,
I thought I'd give you all a heads up concerning a rather nasty peice of software thats floating around the internet at the moment, and something that unfortunately my computer has been infected by. A few weeks back now I was roaming nothingtoxic.com and watching the weird mpegs they have on the site when my comp suddenly dl'd a codec through me being suckered into clicking the 'no' box on a pop up. The codec then dl'd a rogue antivirus program onto my comp. This antivirus 2008 pro then went on to delete most of my C drive, hiding the rest of it from me, it comes packaged with pretty much every type of trojan, parasite, malware, spyware, and nasty bug ever created to fuck you up and it unpacks every one of em onto your pc at the same time.

First off it overode my norton 360, rendering it totally useless, i cant even start my norton up, it then deleted my desktop, hid my c drive, deleting parts of it, barraged me with popups, some people who were in my outlook inbox  has been attacked by my machine over the last few weeks, the frigging task manager and regedit functions are not working for me, selective startup doesnt work, the virus is present in safe mode, i have several keyloggers active which are slowing the pc down to a crawl, barely any internet connection, and when ido get it, it only lasts for as long as i can keep the popups under control, which aint long, notepad doesnt work, system tools dont work, it has somehow corrupted my partitioned drive with the boot stuff on it so i cant nuke the hardrive and reinstall windows from this partition, all restore points have been deleted apart from a currupted version, and every time i think ive got the beast under control, and deleted it from my machine, on reboot its back again. And theres a hugely annoying text message next to my clock that says VIRUS ALERT!

I swear to god its shagging the wife too.

Anyhow, if you ever get a pop up saying to dl antivirus 2008 pro - dont click that pop up box, use task manager to close it otherwise you too could be having endless hours of fun on a frazzled machine.

Ive never had a virus on any of my machines before that I havent been able to manually remove, but this one is so difficult because it morphs into so many different things, is a variant of hundreds of different viruses, and i spend my days googling the nternet at work for help on removing it but due to the individuality of each case everyone who gets it has to do different shit to get rid of it!

Im pretty pissed at the moment with all this crap . Even symantec who have been helping me the last week havent got rid of it yet and i have ongoing support tickets with them.

Take care out there, this is no usual bug, in fact id say its pretty fucking nasty.

[NavadaDucrot]

OUch m8,  that is horrible but I have to say this made me laugh none stop.

I swear to god its shagging the wife too.

Lynn

[Sleeper]

ouch. format your hard drive. u can try saving the stuff u want to keep, but if it reinfects your fresh installation then format once more and know even the stuff u wanted to save was screwed. most viruses spread and mutate into important areas of windows and not so much things like your text/bookmark/mp3s/videos (again i said 'most') so changes are you can save stuff if it's not already too late. anyways formatting is always an easy fix.. whatever happens GL

[Nath Natty Lars]

Been there done that one Tere.  I got it fixed on a XP Home computer I worked on.   With XP home you have access to the computer from safe mode with networking and from there you should be able to download my favorite little backup virus checker called FreeAV (website is in foreign language but they are cool.  Program can from from safemode and mostly kill this bugger.  Then, once you have some control back (but a somewhat still screwed machine) install Kaspersky Internet Security (my favorite front line antivirus).

Good luck!

-Natty

[Tere]

Been there done that one Tere.  I got it fixed on a XP Home computer I worked on.   With XP home you have access to the computer from safe mode with networking and from there you should be able to download my favorite little backup virus checker called FreeAV (website is in foreign language but they are cool.  Program can from from safemode and mostly kill this bugger.  Then, once you have some control back (but a somewhat still screwed machine) install Kaspersky Internet Security (my favorite front line antivirus).

Good luck!

-Natty

Hmm, the virus is present in safe mode. also, ive found some regestry entries that duplicate as soon as theyre deleted. Ive started the machine with all processes stopped but  the virus is still active - basicly i cant seem to start the machine without starting the virus.

Is freeAV free to use or do i need to pay a subscription to use it? The spyware i have spyhunter&spyzooka, i have to pay regestration fee to actually use it as anything other than a scanner. They didnt remove the virus btw cos the files immediately reappear straight after theyre deleted - about 30 cookies, 6 files and 3 regestry entries according to my 2 programs. ill try anything -i just want my machine back.  i wont log into eu atm cos i kno ive got keloggers running, and even tho ive the gc i wont take any chances so until this shit is off my machine theres no eu for me.

[Nahash]

Hey, I feel your pain on this one. I spent 5 hours the other week trying to fix my fathers computer which matches about 90% of the symptoms you described. After all of that, we still couldn't get it 100% clean, so we were forced to move everything onto an external that he wanted to save, virus scan that, and then reformat the whole computer. It was horrible, anyway, sorry to hear about your luck on that one. I did find out though that it uses some kind of injection method to go into a safe-mode process and put in registry entries to change everything around (The one that I troubleshooted took away the desktop, deleted the start menu buttons, disabled regedit and another program used to fix XP, disabled command prompt, hid the C drive, and created a new user) Hope you get better luck! Good should always follow bad....rarely happens, but should :P. Talk to you guys later.

[Nath Natty Lars]

FreeAV is free to use as annoyware at this point.  It should get you back to a somewhat working machine.  Then Kaspersky... you might need to do a system restore back a week or so also.

[Nath Natty Lars]

I'm not having much luck with my neighbor's computer.  Her son downloaded a "codec" that started all of this.   Maybe it's the tequilla, or the bottle of Captain Morgan, or maybe the Yegermeister, but the combination of this virus and a hangover from hell, I can't seem to fix it.

[Tere]

I managed to fix my machine now, unfortunately the only way i could do so was by deleting all the partitions , reformatting and reinstalling windows. I managed to save all my pictures but everything else is toast....and thats a lot of important data lost.

I checked out a couple of techie forums on this virus(bleeping computer, Aumha) and it seems that every case is different for each user - the symptons are similar but the files your looking for are always different. One file on my comp which was actually the ZLOB virus was called VentSrv2 - thats a ventrilo file and it was IN the vent folder - so maybe this peice of crap copies file names somehow thats on your comp, adding a digit to make it different? Another file turned out to be a song file in my ITunes folder - it wasnt a wmv or w/e it was actually a .exe file named after a song in my folder(with a set of digits after the song name) but in fact was the VundoB Virus....and no, it wasnt there before i got the antivirus 2008 pro codec on my machine.

Ive rea these two forums above and some people seem to have saved their comps by following the techies advice,but after my experience i would advise to reformat and start again. I would also advise very careful checking of files if your saving data before reformatting as i noticed those 2 files above named after existing innocent files on my computer - be careful not to pass the virus to your newly installed machine.

[admin]

Ick..no fun. Viruses are nasty buggers to get rid of once you have them.

I had written a big long post in response to this thread a few days ago with advice on what to try & whatnot, but I got auto-logged out of the forum before I hit the post button and lost everything I wrote.

A couple of things I included in the post as a sidenote though were that if anyone needs a free virus scanner to check out avast! at www.avast.com. It is free for home computer use.

Trend Micro also has what is called "housecall" which is a free-to-use over-the-internet virus scanner. Just go to www.trendmicro.com then find the link to housecall from there. It is, of course, always better to have virus detection installed on your machine though rather than relying on something like housecall.

A few tips to anyone who gets infectedby a virus:

1) For viruses that cause pop-ups:
disable your internet connection, then open internet explorer, click tools>internet options
go to the programs tab, and click on the manage add-ons button
disable all add-ons, including browser-helper objects
MAKE SURE YOU HIT THE APPLY BUTTON
click OK
close internet explorer, then re-activate your internet connection
Doing the above steps can disable some viruses that hide as internet explorer add-ons and cause pop-ups, which can also give a virus scanner the ability to remove some viruses that otherwise could not be removed because they were in use.

2) press CTRL+ALT+DEL or CTRL+SHIFT+ESC to open task manager. Click the processes tab. Look for any files in use under the username that you do not recognize. If you see some that you do not recognize, click the process and click end task, then click yes to the warning box. (DO NOT end SYSTEM tasks unless you absolutely know exactly what you're terminating; doing so can cause instability if the wrong processes are disabled)

3) If you're browsing the web and something starts downloading on your computer automatically, disable your internet connection by right clicking on it in the system tray, and selecting disable. Sometimes it is possible to stop the download before it completes this way.

4) Make sure your security settings for internet explorer's internet zone are always at least as strong as the default settings for that zone. Internet explorer>tools>internet options>security tab>internet zone>default (or higher if you wish, though setting the security too high will limit functionality)

5) I know nobody trusts Microsoft much, but...they do have a really handy little tool called the windows malicious software removal tool that actually does work most of the time if your windows machine gets infected by a virus. It can remove a lot of viruses that some virus scanners can't touch. It can be downloaded from the microsoft website.