Author Topic: HIDEOUS VIRUS!!!  (Read 13496 times)

0 Members and 4 Guests are viewing this topic.

Offline HAIRHEAD

  • Full Member
  • *
  • Posts: 43
Re: HIDEOUS VIRUS!!!
« Reply #75 on: February 07, 2010, 03:30:06 PM »
I STRONGLY recommend anyone affected to check out; GEEKS TO GO, or MAJOR GEEK for TONS of FREE artillery and advice on getting rid of viruses,malware,etc...

Cheers,
77 R100/7 cafe,75 CB550 caffeinated,74 CB450(520)TWIN, 73TX650,72 CB750,72 CB350 TWIN,75 XL100,

Offline mlinder

  • "Kitten Puncher"
  • Really Old Timer ...
  • *******
  • Posts: 5,013
  • Stop Global Tilting now!
    • Moto Northwest
Re: HIDEOUS VIRUS!!!
« Reply #76 on: February 07, 2010, 04:30:40 PM »
I STRONGLY recommend anyone affected to check out; GEEKS TO GO, or MAJOR GEEK for TONS of FREE artillery and advice on getting rid of viruses,malware,etc...

Cheers,

They can just get it here, from me and others who do this for a living. :)
No.


Offline 333

  • Time for change
  • Really Old Timer ...
  • *******
  • Posts: 7,558
  • Mail List Member #162 - Call me Stan
Re: HIDEOUS VIRUS!!!
« Reply #77 on: February 07, 2010, 04:38:18 PM »
Mark is lucky that we don't have his phone number.  We'd be callin' him all the time.
Go metric, every inch of the way!

CB350F0  "Scrouching Tiger"
CT70K0    "Sneezing Poodle"

www.alexandriaseaport.org

Offline mlinder

  • "Kitten Puncher"
  • Really Old Timer ...
  • *******
  • Posts: 5,013
  • Stop Global Tilting now!
    • Moto Northwest
Re: HIDEOUS VIRUS!!!
« Reply #78 on: February 07, 2010, 08:19:20 PM »
Mark is lucky that we don't have his phone number.  We'd be callin' him all the time.

Um, I think you DO have my number... just don't put it up here. :)
No.


Offline Zaipai

  • I am getting closer to being an
  • Old Timer
  • ******
  • Posts: 3,400
    • My Home page
Re: HIDEOUS VIRUS!!!
« Reply #79 on: February 07, 2010, 08:29:54 PM »
I've had some good luck with Malwarebytes.
It can find and clean a lot of stuff.

If not, give up and do what I did - switch to Linux.
-K

+1 for Linux!

Also, Just a note, we use MicroSofts Security essentials virus scan on all 30,000 PCs at work and have no problems with viruses at least sense Oct/Nov when we pushed it out. Its also way easier on system resources since most if its frame work is already in Windows.

As for Linux we run ClamAV because we are a belts and suspenders kinda IT shop. Good thing too because some one posted a Linux screensaver (package part of Xscreensaver) on gnome-look and it got a few Linux folks. So no one is immune however Linux is way low on the target list for these guys, its about the money and the money is in numbers and the numbers is Windows PC's..

Just my 2 cents.. Also nice work mlinder you posted great directions..

.: Scott :.
« Last Edit: February 07, 2010, 08:59:45 PM by Zaipai »
Its my Avatar..

75 CB550F  | 


Offline Laminar

  • Retsam
  • Master
  • *****
  • Posts: 1,632
Re: HIDEOUS VIRUS!!!
« Reply #80 on: February 07, 2010, 08:58:01 PM »

Offline Gordon

  • Global Moderator
  • Really Old Timer ...
  • *****
  • Posts: 12,114
  • 750K1, 550K2
Re: HIDEOUS VIRUS!!!
« Reply #81 on: February 08, 2010, 08:26:22 PM »
Crap!  My computer has some nasty malware, too! >:(

I can't even use it.  I'm on the computer at work right now.  It started out by redirecting any google or yahoo search, and constantly bringing up advertisment pop-ups in IE, even though I always use Firefox.  I ran multiple scans with Spybot S&D, Malware Bytes, Avast, and ComboFix, all in normal mode and in safe mode.  A lot of items were detected and removed, but now Windows won't even open.

The computer will boot up just fine, but then when it prompts me to choose whether I want to log in as the Owner or Administrator, regardless of the which one I choose, it will log in and then immediately log out.

Do I need to do a system recovery?  If so, what will that do, if anything, to the files on the hard drive?   

Offline mlinder

  • "Kitten Puncher"
  • Really Old Timer ...
  • *******
  • Posts: 5,013
  • Stop Global Tilting now!
    • Moto Northwest
Re: HIDEOUS VIRUS!!!
« Reply #82 on: February 08, 2010, 08:27:33 PM »
Crap!  My computer has some nasty malware, too! >:(

I can't even use it.  I'm on the computer at work right now.  It started out by redirecting any google or yahoo search, and constantly bringing up advertisment pop-ups in IE, even though I always use Firefox.  I ran multiple scans with Spybot S&D, Malware Bytes, Avast, and ComboFix, all in normal mode and in safe mode.  A lot of items were detected and removed, but now Windows won't even open.

The computer will boot up just fine, but then when it prompts me to choose whether I want to log in as the Owner or Administrator, regardless of the which one I choose, it will log in and then immediately log out.

Do I need to do a system recovery?  If so, what will that do, if anything, to the files on the hard drive?   

If you can wait til tomorrow, I will help you with this, ok?
No.


Offline Gordon

  • Global Moderator
  • Really Old Timer ...
  • *****
  • Posts: 12,114
  • 750K1, 550K2
Re: HIDEOUS VIRUS!!!
« Reply #83 on: February 08, 2010, 08:33:32 PM »
If you can wait til tomorrow, I will help you with this, ok?

I'd be happy to wait if you can help! :) 

I have a PalmTx that I can get online with at home.  It's really hard to navigate this website on it, but I think it's do-able.  I'll check in tomorrow morning.  Thanks!

Offline mlinder

  • "Kitten Puncher"
  • Really Old Timer ...
  • *******
  • Posts: 5,013
  • Stop Global Tilting now!
    • Moto Northwest
Re: HIDEOUS VIRUS!!!
« Reply #84 on: February 08, 2010, 08:39:05 PM »
If you can wait til tomorrow, I will help you with this, ok?

I'd be happy to wait if you can help! :) 

I have a PalmTx that I can get online with at home.  It's really hard to navigate this website on it, but I think it's do-able.  I'll check in tomorrow morning.  Thanks!
Ima go watch season finale of Heroes. You have a machine you can download stuff to and burn a CD? Or do you have an OS disk? We have some registry fixing to do.
Your winlogon regestry entry has been changed by the malware from the proper 'userinit' to something else.
If not, we can prolly do this from the logon screen.
No.


Offline Gordon

  • Global Moderator
  • Really Old Timer ...
  • *****
  • Posts: 12,114
  • 750K1, 550K2
Re: HIDEOUS VIRUS!!!
« Reply #85 on: February 08, 2010, 08:41:56 PM »
You have a machine you can download stuff to and burn a CD? Or do you have an OS disk? We have some registry fixing to do.

Neither, unfortunately.  That's our only computer, and it came with XP installed and no disk.  I can't download or burn anything at work either. 

Gotta get back to work for now...

Offline mlinder

  • "Kitten Puncher"
  • Really Old Timer ...
  • *******
  • Posts: 5,013
  • Stop Global Tilting now!
    • Moto Northwest
Re: HIDEOUS VIRUS!!!
« Reply #86 on: February 08, 2010, 08:48:00 PM »
OK, we'll try this a different way.

Quick try here, ok?

at the login screen, try cntrl+alt+del, see if we can't bring up the task manager.
At the task manager, hit "new task".
Type in "regedit"
If it lets you in, go to

hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon

in there, over to the right, you'll see a dword named userinit

right click it, go to 'change value' or whatever and put in "userinit.exe" without the quotes.

Save it, restart, then follow my instructions from the begining of this thread.

If that doesn't work, Ill need you to get somewhere you can download and burn an .iso for us to fix this.
No.


Offline Achmed

  • Enthusiast
  • **
  • Posts: 206
Re: HIDEOUS VIRUS!!!
« Reply #87 on: February 08, 2010, 09:06:57 PM »
Check out the big brain on Brett! You're a smart motherfukker, aren't you.

It's cool you guys are helping each other out.

Offline Laminar

  • Retsam
  • Master
  • *****
  • Posts: 1,632
Re: HIDEOUS VIRUS!!!
« Reply #88 on: February 08, 2010, 09:28:29 PM »
Ima go watch season finale of Heroes. You have a machine you can download stuff to and burn a CD? Or do you have an OS disk? We have some registry fixing to do.
Your winlogon regestry entry has been changed by the malware from the proper 'userinit' to something else.
If not, we can prolly do this from the logon screen.

Did they finally figure out a plot for this season? I hung on through the past few seasons but about 4 or 5 episodes into this one I gave up - it was a mess, with little to no continuity or excitement, at least for me.

Offline mlinder

  • "Kitten Puncher"
  • Really Old Timer ...
  • *******
  • Posts: 5,013
  • Stop Global Tilting now!
    • Moto Northwest
Re: HIDEOUS VIRUS!!!
« Reply #89 on: February 08, 2010, 10:10:04 PM »
Check out the big brain on Brett! You're a smart motherfukker, aren't you.

It's cool you guys are helping each other out.

The metric system!

I'm here to help, when I'm not here to hurt.
No.


Offline mlinder

  • "Kitten Puncher"
  • Really Old Timer ...
  • *******
  • Posts: 5,013
  • Stop Global Tilting now!
    • Moto Northwest
Re: HIDEOUS VIRUS!!!
« Reply #90 on: February 08, 2010, 10:10:54 PM »
Ima go watch season finale of Heroes. You have a machine you can download stuff to and burn a CD? Or do you have an OS disk? We have some registry fixing to do.
Your winlogon regestry entry has been changed by the malware from the proper 'userinit' to something else.
If not, we can prolly do this from the logon screen.

Did they finally figure out a plot for this season? I hung on through the past few seasons but about 4 or 5 episodes into this one I gave up - it was a mess, with little to no continuity or excitement, at least for me.

Yeah dude, there's a reason it was all disjointed like that. I felt the same way as you, but kept watching. It comes together, more or less.
No.


Offline Duke McDukiedook

  • Space Force 6 Star General
  • Really Old Timer ...
  • *******
  • Posts: 12,690
  • Wish? Did somebody say wish?
Re: HIDEOUS VIRUS!!!
« Reply #91 on: February 08, 2010, 10:21:47 PM »
That show had good potential- then they took a big dump on the viewers mid-first season and haven't stopped shoveling it since.

I stopped watching after the a couple of eps into season 2.
"Well, Mr. Carpetbagger. We got somethin' in this territory called the Missouri boat ride."   Josey Wales

"It's Baltimore, gentlemen. The gods will not save you." Ervin Burrell

CB750 K3 crat | (2) 1986 VFR750F

Offline Laminar

  • Retsam
  • Master
  • *****
  • Posts: 1,632
Re: HIDEOUS VIRUS!!!
« Reply #92 on: February 08, 2010, 10:41:08 PM »
I think less people #$%*ing and conniving and more wrecking-#$%*-with-superpowers would have kept my attention better. But then again, I enjoyed Transformers 2.

Offline mlinder

  • "Kitten Puncher"
  • Really Old Timer ...
  • *******
  • Posts: 5,013
  • Stop Global Tilting now!
    • Moto Northwest
Re: HIDEOUS VIRUS!!!
« Reply #93 on: February 09, 2010, 06:26:41 AM »
Gordon, are you going to be able to have access to a computer that works, with a CD burner?

Please let me know.
No.


Offline 333

  • Time for change
  • Really Old Timer ...
  • *******
  • Posts: 7,558
  • Mail List Member #162 - Call me Stan
Re: HIDEOUS VIRUS!!!
« Reply #94 on: February 09, 2010, 07:19:42 AM »
Mark is lucky that we don't have his phone number.  We'd be callin' him all the time.

Um, I think you DO have my number... just don't put it up here. :)

Actually, I think I deleted it before I could write it down.  It's okay.  I know how to get you if I really need you.
Go metric, every inch of the way!

CB350F0  "Scrouching Tiger"
CT70K0    "Sneezing Poodle"

www.alexandriaseaport.org

Offline Frostyboy

  • Retired: Never was an
  • Expert
  • ****
  • Posts: 1,227
  • Circa 1951
Re: HIDEOUS VIRUS!!!
« Reply #95 on: February 09, 2010, 08:03:08 AM »
This is all very interesting. I'm not experiencing any particular problems, however just like maintaining a SOHC, I thought I'd run combofix just to see if my machine is healthy.
It produced a text file a mile long that means diddly squat to me. I'm not sure if it found anything or not.
mlinder, you sound like a very generous IT type of guy. Can you interpret the report if I post it or send it to you?
I don't want to impose, it's just from your comments here:
"I'm here to help, when I'm not here to hurt." it sounds like you might.
Feel free to tell me to go my own way if it's a problem. Cheers.  :-[
Last year I joined a support group for procrastinators.
We haven't met yet.
[CB550F1]

Offline mlinder

  • "Kitten Puncher"
  • Really Old Timer ...
  • *******
  • Posts: 5,013
  • Stop Global Tilting now!
    • Moto Northwest
Re: HIDEOUS VIRUS!!!
« Reply #96 on: February 09, 2010, 09:05:20 AM »
Just post the first page here. f it found something, the list will start with "other deletions".

Happy to help.
No.


Offline Frostyboy

  • Retired: Never was an
  • Expert
  • ****
  • Posts: 1,227
  • Circa 1951
Re: HIDEOUS VIRUS!!!
« Reply #97 on: February 09, 2010, 06:22:46 PM »
Thanks for that. Below is all that is under "Other Deletions" but there's many pages more to it. There's a long list in "Find3M Report". Is that of any significance?

((((   Other Deletions   ))))
c:\documents and settings\Willie\My Documents\cc_20090715_1253.reg
c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll

Cheers.
Last year I joined a support group for procrastinators.
We haven't met yet.
[CB550F1]

Offline mlinder

  • "Kitten Puncher"
  • Really Old Timer ...
  • *******
  • Posts: 5,013
  • Stop Global Tilting now!
    • Moto Northwest
Re: HIDEOUS VIRUS!!!
« Reply #98 on: February 10, 2010, 06:46:06 AM »
Nope.

You did have a bit malware there.
Weatherbug, whichc is pretty mild, but then that other is a registry change. No idea what it is.
Lookis like you are ok, though, just keep running your regular anti-malware and antivirus programs, on a regular schedule. :)
No.


Offline Frostyboy

  • Retired: Never was an
  • Expert
  • ****
  • Posts: 1,227
  • Circa 1951
Re: HIDEOUS VIRUS!!!
« Reply #99 on: February 11, 2010, 01:19:37 AM »
Thanks mlinder,
You've put my mind at rest. I can explain the other entry there. I often run a little proggy called CCleaner. It clears out temp files, web history etc & asks if I want to back up before it changes anything. That's one out of quite a number that are still on the machine. Going by the file name it was a backup created on 15 July 09. I wonder what was different for it to pick that one. Never mind, all's good.
Cheers  :)
Last year I joined a support group for procrastinators.
We haven't met yet.
[CB550F1]