Topic: HIDEOUS VIRUS!!!

[kirkn]

I had that about two weeks ago. Believe it or not, all I did was a system restore and that got rid of it.

Yep, I've had it twice on my computer and my son got it once on his.  That was all it took.  Nothing since, and that's been maybe 6 months?

[mlinder]

What do you guys recommend for spyware and antivirus for a Linux computer?

After I get all the old stuff off the Gateway I plan on installing Linux.

You don't need any.

Well, can't agree with that. There may not be as many because it is a relatively small segment (target) of the OS world, but there are Linux viruses. I would install anti-virus software on any OS.

You can't really get a virus in linux unless you are running as su or sudo all the time, which you shouldn't be.

[78CB750CAFE]

I just received the nastiest virus I've gotten in a long time.

It started by emulating the windows live virus scanner, then it would tell me everything I clicked was infected. and if I clicked check for viruses it would check very quickly and tell me I had key loggers trojans and many other "horrible" things that weren't there.
   I couldn't start up my AVG scanner, start up menu, task manager, or share my C:\ drive (so I could check for viruses from the laptop) because it would tell me it was infected.


I noticed it wouldn't start the fake virus scanner until midway through loading everything in the system tray so I opened the task manager before the "virus" loaded up. IT WORKED!!! I shut down 3 programs before it started up- I don't know what they were called but I knew I didn't recognize them... they were something like "jkqs... something like that.   I'm now running AVG in hopes that it finds it. I'll report back the results.

ya got me thinking twice about mounting that drive you are sending me 

[Bob Wessner]

What do you guys recommend for spyware and antivirus for a Linux computer?

After I get all the old stuff off the Gateway I plan on installing Linux.

You don't need any.

Well, can't agree with that. There may not be as many because it is a relatively small segment (target) of the OS world, but there are Linux viruses. I would install anti-virus software on any OS.

You can't really get a virus in linux unless you are running as su or sudo all the time, which you shouldn't be.

And "Winnies" shouldn't open strange eMails or click on links they know nothing about, but they do sometimes. 

[Industrial Cafe]

I just received the nastiest virus I've gotten in a long time.

It started by emulating the windows live virus scanner, then it would tell me everything I clicked was infected. and if I clicked check for viruses it would check very quickly and tell me I had key loggers trojans and many other "horrible" things that weren't there.
   I couldn't start up my AVG scanner, start up menu, task manager, or share my C:\ drive (so I could check for viruses from the laptop) because it would tell me it was infected.


I noticed it wouldn't start the fake virus scanner until midway through loading everything in the system tray so I opened the task manager before the "virus" loaded up. IT WORKED!!! I shut down 3 programs before it started up- I don't know what they were called but I knew I didn't recognize them... they were something like "jkqs... something like that.   I'm now running AVG in hopes that it finds it. I'll report back the results.

ya got me thinking twice about mounting that drive you are sending me 

I'll check it with all the new scanners I found first.

[mlinder]

What do you guys recommend for spyware and antivirus for a Linux computer?

After I get all the old stuff off the Gateway I plan on installing Linux.

You don't need any.

Well, can't agree with that. There may not be as many because it is a relatively small segment (target) of the OS world, but there are Linux viruses. I would install anti-virus software on any OS.

You can't really get a virus in linux unless you are running as su or sudo all the time, which you shouldn't be.

And "Winnies" shouldn't open strange eMails or click on links they know nothing about, but they do sometimes. 

Ubuntu installs with 'su' disabled, and all super-user actions must be accompanied by a password, or actual 'sudo' commands from the terminal.

[Bob Wessner]

OK, I was just trying to say, as a defined pessimist, nothing is perfect, nor infallible. 

[Industrial Cafe]

it came back. it must be related to something somewhere... working on it with malwarebytes and combofix again.
I didn't do malwarebytes last time... not sure why.  lazy i guess.

[mlinder]

OK, it's a rootkit or similarly obnoxious and persistent infection.

Go download unhackme at

http://www.greatis.com/unhackme/

disable system restore, (right click "my computer", go to "properties", go to "system restore", check "turn off system restore", click apply, wait til it's done, then click 'ok')

install unhackme, run "check me now", then if that says "congratulations, no rootkit found", click "check startup processes" or whatever, let it reboot.

Remove anything that doesn't have "svchost" in it, and don't let it remove "catchme" if it shows up.

It will reboot again, if it got what you told it to out, it will check, then boot up to your desktop. If this happens, then run combofix again.
If unhack me keeps finding #$%* on every boot up that it couldn't remove, let me know what it is. We'll go from there.

[Inigo Montoya]

I go with bob. Just because you need a password does not mean a person wont get a virus. Just like on windows uac, many people just click ok and continue on without reading anything, no different for the same type of person to type in a password without reading. I know to read things instead of blindly clicking but many users do not. That can't really be denied.

[mlinder]

I go with bob. Just because you need a password does not mean a person wont get a virus. Just like on windows uac, many people just click ok and continue on without reading anything, no different for the same type of person to type in a password without reading. I know to read things instead of blindly clicking but many users do not. That can't really be denied.

You're mistaken.

Anything that 'runs' on linux that makes system changes REQUIRES actual keyboard input. A virus can't do that.

/edit: please don't bury the instructions to IC above in arguments about linux security, until he completes them.

[Industrial Cafe]

that unhackme appears to cost money.

[mlinder]

that unhackme appears to cost money.

No, there is a 30 day 'free trial'.

http://www.averscanner.com/unhackme.zip

/edit: just so you know, as I told you to 'stop' everything but entries with svchost and catchme, it will stop your antivirus and googleupdater and whatever else crap you ahve on startup. You will probably ahve to re-enable AVG, etc, unless you pay attention and tell it not to 'remove' those registry entries.

[Industrial Cafe]

oh, thanks!

I also found a verified torrent with crack, I'm going to DL the 30 day trial.

 I'll just hold on to the torrented one...

[Industrial Cafe]

malwarebytes is still running...
I'm going to wait for it to finish.

I'll report back the results when it's done.

[mlinder]

oh, thanks!

I also found a verified torrent with crack, I'm going to DL the 30 day trial.

 I'll just hold on to the torrented one...

Don't use software from torrents when you have legit downloads. Lot's of your bad crap comes from torrents.. .I don't know how many virus' I've seen embedded in pirated antivirus programs :/

please read my edited post above re: unhackme

[Industrial Cafe]

Don't use software from torrents when you have legit downloads. Lot's of your bad crap comes from torrents.. .I don't know how many virus' I've seen embedded in pirated antivirus programs :/

please read my edited post above re: unhackme

ah, thanks.

that's why I said I'd just hold on to the torrented one (which means leave it alone/delete it)

[mkramer1121]

do what i posted originally it works you need to be in safe mode so the program wont load to begin with

[mlinder]

do what i posted originally it works you need to be in safe mode so the program wont load to begin with

What he's got will more than likely still load in safemode.

I'm basically giving him the same rundown as the bleepingcomputer tutorial, though we are getting a bit deeper in at the moment.

It's a good tutorial, though.

[Industrial Cafe]

do what i posted originally it works you need to be in safe mode so the program wont load to begin with

yeah it loads in safemode too. locks up and won't get past the balck screen with all the "goings on".

[Industrial Cafe]

malwarebytes is taking forever cause I have 7 hard drives in the 200+gig range

[mlinder]

Use malwarebytes to finish the clean up for you.

End it and follow the instructions above.

remember to disable system restore.

/edit: christ I can't type.

[Industrial Cafe]

got it, should I stop malwarebytes mid coitus?

[333]

got it, should I stop malwarebytes mid coitus?

Is that a technical term, Brian?

[Industrial Cafe]

yeah