Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Virus/Rootkit/Malware Help
New Posts  All Forums:Forum Nav:

Virus/Rootkit/Malware Help

post #1 of 12
Thread Starter 
Hey all,

So recently (and I'll be damned if I know how) I seem to have aquired a rather nasty virus. So far the only noticable effect has been this random pop up when I use google & hijacks the results once or twice. However, when I did some searching I found some threads about what I may have. I went onto MS's site, nabbed their malicious software removal kit & it said I had a, Trojan "DOS/Alureon.A". After it was done it said it was "partially removed". I have no idea what that's supposed to mean and it left me with no further steps to fully rid myself of this. So I did some more searching for that & had recommendations for Kasperskie's TDSSKiller. I nabbed that and ran it andit SEEMED to have cleaned the virus out, however the page hijacks continue. I ran both tools a few more times and eventually they both come back clean, with the exception that when I run TDSSKiller with Detect TDLFS file system checed it finds other viruses that apparently Norton finally woke up to (this whole time no scan has picked up anything via Norton) and detected said FS's and seems to quarentine them, but TDSSKiller still sees i with that option checked.

Any idea what all this means? Next steps?

Thanks!
Main Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 930 @ 3.8GHz ASUS P6T XFX Radeon HD5850 Corsair Vengance 8gb DDR3 1600mhz 
Hard DriveOptical DriveOSMonitor
WD Caviar Green 1TB 7200RPM x2 LITE-ON Black 4x Blu-ray BD-ROM 8x DVD-ROM Microsoft Windows 7 Home Premium 64-bit Edition Acer 17" LCD 
PowerCaseMouse
Antec EarthWatts 650W Cooler Master HAF 922 Microsoft Intelimouse Optical 
  hide details  
Reply
Main Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 930 @ 3.8GHz ASUS P6T XFX Radeon HD5850 Corsair Vengance 8gb DDR3 1600mhz 
Hard DriveOptical DriveOSMonitor
WD Caviar Green 1TB 7200RPM x2 LITE-ON Black 4x Blu-ray BD-ROM 8x DVD-ROM Microsoft Windows 7 Home Premium 64-bit Edition Acer 17" LCD 
PowerCaseMouse
Antec EarthWatts 650W Cooler Master HAF 922 Microsoft Intelimouse Optical 
  hide details  
Reply
post #2 of 12
well... I would just say use Malwarebytes?
[ WOMD ] Rainuke
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7-2600k Asrock Z77E-ITX R9 290X Crucial Ballistix Sport 
Hard DriveHard DriveCoolingOS
Seagate 7200 RPM Samsung 830 128GB XSPC AX240 kit - With custom Components windows 8 professional 
MonitorKeyboardPowerCase
2x Asus VG248QE Coolermaster TK Coolermaster Hybrid Define R4 
MouseMouse PadAudioAudio
Razer Mamba Rainbow dash custom Schitt Modi Bose Companion 3 
Audio
Objective 2 
  hide details  
Reply
[ WOMD ] Rainuke
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7-2600k Asrock Z77E-ITX R9 290X Crucial Ballistix Sport 
Hard DriveHard DriveCoolingOS
Seagate 7200 RPM Samsung 830 128GB XSPC AX240 kit - With custom Components windows 8 professional 
MonitorKeyboardPowerCase
2x Asus VG248QE Coolermaster TK Coolermaster Hybrid Define R4 
MouseMouse PadAudioAudio
Razer Mamba Rainbow dash custom Schitt Modi Bose Companion 3 
Audio
Objective 2 
  hide details  
Reply
post #3 of 12
Howdy DefenderX1 and *brohoof* kyismaster wink.gif

After reading that block of unformatted text that lost sense near the end, from what I could gather, you've caught a virus and have most of it removed. But it continues to redirect your webpages and some antivirus programs still say you have something.

Malwarebytes is also my fix-all go-to program of choice, but might I suggest running it from a live CD? There are also a bunch other tools to try!
http://www.hirensbootcd.org/download/

ps - There was this terrible ad on the link that simply says "Download", the actual download link says Hirens.BootCD.15.1.zip and has a picture of a hard drive next to it.

Good luck and let us know how things go!
Neckpain
(12 items)
 
LAN rig
(8 items)
 
 
CPUMotherboardGraphicsRAM
i7 4930k Sabertooth x79 Nvidia 650ti Corsair Vengeance 
CoolingOSMonitorKeyboard
H100 Linux Mint ASUS 21.5" CMSTORM Quick Fire 
PowerCaseMouseAudio
Enermax 1050W Corsair Vengeance Series C70 Logitech Performance MX Xonar DX 
CPUMotherboardGraphicsRAM
AMD A10 5800K ASRock FM2A75M-ITX AMD Radeon HD 7660D samsung wonder ram 
Optical DriveCoolingOSOS
None Stock Linux Mint 14 64bit Windows Server 2012 
  hide details  
Reply
Neckpain
(12 items)
 
LAN rig
(8 items)
 
 
CPUMotherboardGraphicsRAM
i7 4930k Sabertooth x79 Nvidia 650ti Corsair Vengeance 
CoolingOSMonitorKeyboard
H100 Linux Mint ASUS 21.5" CMSTORM Quick Fire 
PowerCaseMouseAudio
Enermax 1050W Corsair Vengeance Series C70 Logitech Performance MX Xonar DX 
CPUMotherboardGraphicsRAM
AMD A10 5800K ASRock FM2A75M-ITX AMD Radeon HD 7660D samsung wonder ram 
Optical DriveCoolingOSOS
None Stock Linux Mint 14 64bit Windows Server 2012 
  hide details  
Reply
post #4 of 12
run a full scan of malwarebytes and see how that does - just as others have said
ShadowForge
(12 items)
 
Defiant
(14 items)
 
CarbonCat
(13 items)
 
CPUMotherboardGraphicsRAM
Phenom II x6 1405T (unlocked Athlon II X4 640T) ASUS M5A99X EVO AM3+ Asus ENGTX470/2DI/1280MD5/V2 16 GB (4x4GB) G.Skill DDR3 1600 CAS9 1.35v 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Blue 250 2.5" Laptop Drive WD Caviar Black 1TB 3.5" Pioneer BDR-203 BluRay Burner Corsair H60 push 
OSOSMonitorPower
Windows 7 Pro x64 Ubuntu 11.10 Samsung 40" 60hz  ANTEC NEO ECO 520W 
CaseMouse
NZXT Gamma Microsoft Bluetooth Notebook Mouse 5000 
CPUMotherboardGraphicsRAM
i7 - 2600k [5.0 1.42v] ASUS P8Z68 Deluxe Sapphire HD6950 2gb Dirt 3 Edition 8GB G.Skill DDR3 2133 CAS11 
Hard DriveOSMonitorKeyboard
60GB G.Skill Sniper + 2x1TB Spinpoint F3 Raid0 Win 7 Pro x64 ASUS VW266H Razer Blackwidow 
PowerCaseMouse
Seasonic X750 Gold Corsair Carbide 500R White G9 
  hide details  
Reply
ShadowForge
(12 items)
 
Defiant
(14 items)
 
CarbonCat
(13 items)
 
CPUMotherboardGraphicsRAM
Phenom II x6 1405T (unlocked Athlon II X4 640T) ASUS M5A99X EVO AM3+ Asus ENGTX470/2DI/1280MD5/V2 16 GB (4x4GB) G.Skill DDR3 1600 CAS9 1.35v 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Blue 250 2.5" Laptop Drive WD Caviar Black 1TB 3.5" Pioneer BDR-203 BluRay Burner Corsair H60 push 
OSOSMonitorPower
Windows 7 Pro x64 Ubuntu 11.10 Samsung 40" 60hz  ANTEC NEO ECO 520W 
CaseMouse
NZXT Gamma Microsoft Bluetooth Notebook Mouse 5000 
CPUMotherboardGraphicsRAM
i7 - 2600k [5.0 1.42v] ASUS P8Z68 Deluxe Sapphire HD6950 2gb Dirt 3 Edition 8GB G.Skill DDR3 2133 CAS11 
Hard DriveOSMonitorKeyboard
60GB G.Skill Sniper + 2x1TB Spinpoint F3 Raid0 Win 7 Pro x64 ASUS VW266H Razer Blackwidow 
PowerCaseMouse
Seasonic X750 Gold Corsair Carbide 500R White G9 
  hide details  
Reply
post #5 of 12
Thread Starter 
Thanks all. I'll be downloading malwarebytes momentarily.

On a side note, I went to their site (http://www.malwarebytes.org/) and clicking download redirected me to this site (h t t p:// w w w .bleepingcomputer . c o m /download/anti-virus/malwarebytes-anti-malware?1). Wasn't sure what that was or why their main site would redirect there so I just close the page & found a different link for it.
Main Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 930 @ 3.8GHz ASUS P6T XFX Radeon HD5850 Corsair Vengance 8gb DDR3 1600mhz 
Hard DriveOptical DriveOSMonitor
WD Caviar Green 1TB 7200RPM x2 LITE-ON Black 4x Blu-ray BD-ROM 8x DVD-ROM Microsoft Windows 7 Home Premium 64-bit Edition Acer 17" LCD 
PowerCaseMouse
Antec EarthWatts 650W Cooler Master HAF 922 Microsoft Intelimouse Optical 
  hide details  
Reply
Main Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 930 @ 3.8GHz ASUS P6T XFX Radeon HD5850 Corsair Vengance 8gb DDR3 1600mhz 
Hard DriveOptical DriveOSMonitor
WD Caviar Green 1TB 7200RPM x2 LITE-ON Black 4x Blu-ray BD-ROM 8x DVD-ROM Microsoft Windows 7 Home Premium 64-bit Edition Acer 17" LCD 
PowerCaseMouse
Antec EarthWatts 650W Cooler Master HAF 922 Microsoft Intelimouse Optical 
  hide details  
Reply
post #6 of 12
Quote:
Originally Posted by DefenderX1 View Post

Thanks all. I'll be downloading malwarebytes momentarily.
On a side note, I went to their site (http://www.malwarebytes.org/) and clicking download redirected me to this site (h t t p:// w w w .bleepingcomputer . c o m /download/anti-virus/malwarebytes-anti-malware?1). Wasn't sure what that was or why their main site would redirect there so I just close the page & found a different link for it.

http://www.malwarebytes.org/products/malwarebytes_free <-

should direct you to
this download link:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
[ WOMD ] Rainuke
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7-2600k Asrock Z77E-ITX R9 290X Crucial Ballistix Sport 
Hard DriveHard DriveCoolingOS
Seagate 7200 RPM Samsung 830 128GB XSPC AX240 kit - With custom Components windows 8 professional 
MonitorKeyboardPowerCase
2x Asus VG248QE Coolermaster TK Coolermaster Hybrid Define R4 
MouseMouse PadAudioAudio
Razer Mamba Rainbow dash custom Schitt Modi Bose Companion 3 
Audio
Objective 2 
  hide details  
Reply
[ WOMD ] Rainuke
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7-2600k Asrock Z77E-ITX R9 290X Crucial Ballistix Sport 
Hard DriveHard DriveCoolingOS
Seagate 7200 RPM Samsung 830 128GB XSPC AX240 kit - With custom Components windows 8 professional 
MonitorKeyboardPowerCase
2x Asus VG248QE Coolermaster TK Coolermaster Hybrid Define R4 
MouseMouse PadAudioAudio
Razer Mamba Rainbow dash custom Schitt Modi Bose Companion 3 
Audio
Objective 2 
  hide details  
Reply
post #7 of 12
Thread Starter 
I found it ok, but their site wasn't linking to CNet, it was going to bleepingcomputer.com. Could've been the virus.

Though at this point things are looking good. Malwarebytes doesn't find anything now so I think I'm ok,. Any sure-fire way to tell it's dead outside of just waiting to see?
Main Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 930 @ 3.8GHz ASUS P6T XFX Radeon HD5850 Corsair Vengance 8gb DDR3 1600mhz 
Hard DriveOptical DriveOSMonitor
WD Caviar Green 1TB 7200RPM x2 LITE-ON Black 4x Blu-ray BD-ROM 8x DVD-ROM Microsoft Windows 7 Home Premium 64-bit Edition Acer 17" LCD 
PowerCaseMouse
Antec EarthWatts 650W Cooler Master HAF 922 Microsoft Intelimouse Optical 
  hide details  
Reply
Main Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 930 @ 3.8GHz ASUS P6T XFX Radeon HD5850 Corsair Vengance 8gb DDR3 1600mhz 
Hard DriveOptical DriveOSMonitor
WD Caviar Green 1TB 7200RPM x2 LITE-ON Black 4x Blu-ray BD-ROM 8x DVD-ROM Microsoft Windows 7 Home Premium 64-bit Edition Acer 17" LCD 
PowerCaseMouse
Antec EarthWatts 650W Cooler Master HAF 922 Microsoft Intelimouse Optical 
  hide details  
Reply
post #8 of 12
Quote:
Originally Posted by DefenderX1 View Post

I found it ok, but their site wasn't linking to CNet, it was going to bleepingcomputer.com. Could've been the virus.
Though at this point things are looking good. Malwarebytes doesn't find anything now so I think I'm ok,. Any sure-fire way to tell it's dead outside of just waiting to see?

if it keeps directing you, then you have a spyware infection.

If malwarebytes can't detect it, your kinda doomed.

Malwarebytes is a spyware detector lol.
[ WOMD ] Rainuke
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7-2600k Asrock Z77E-ITX R9 290X Crucial Ballistix Sport 
Hard DriveHard DriveCoolingOS
Seagate 7200 RPM Samsung 830 128GB XSPC AX240 kit - With custom Components windows 8 professional 
MonitorKeyboardPowerCase
2x Asus VG248QE Coolermaster TK Coolermaster Hybrid Define R4 
MouseMouse PadAudioAudio
Razer Mamba Rainbow dash custom Schitt Modi Bose Companion 3 
Audio
Objective 2 
  hide details  
Reply
[ WOMD ] Rainuke
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7-2600k Asrock Z77E-ITX R9 290X Crucial Ballistix Sport 
Hard DriveHard DriveCoolingOS
Seagate 7200 RPM Samsung 830 128GB XSPC AX240 kit - With custom Components windows 8 professional 
MonitorKeyboardPowerCase
2x Asus VG248QE Coolermaster TK Coolermaster Hybrid Define R4 
MouseMouse PadAudioAudio
Razer Mamba Rainbow dash custom Schitt Modi Bose Companion 3 
Audio
Objective 2 
  hide details  
Reply
post #9 of 12
You got a TDSS rootkit. It's created a partition on your drive where it reinstalls itself after reboot among other things. Have you removed the partition? You probably need Combofix at this point to kill it completely. Try MBAM first as suggested.
Edited by opensesame - 3/15/12 at 11:26pm
post #10 of 12
Quote:
Originally Posted by opensesame View Post

You got a TDSS rootkit. It's created a partition on your drive where it reinstalls itself after reboot among other things. Have you removed the partition? You probably need Combofix at this point to kill it completely. Try MBAM first as suggested.

Not necessarily. Download TDSSKiller here http://support.kaspersky.com/downloads/utils/tdsskiller.zip and run it. It will pick up the TDSS family of rootkits but it will also pick up the ZeroAccess rootkits as well. If this comes up clean, and malwarebytes you most likely don't have a virus. I'd also run these in safe mode as well.
ShadowForge
(12 items)
 
Defiant
(14 items)
 
CarbonCat
(13 items)
 
CPUMotherboardGraphicsRAM
Phenom II x6 1405T (unlocked Athlon II X4 640T) ASUS M5A99X EVO AM3+ Asus ENGTX470/2DI/1280MD5/V2 16 GB (4x4GB) G.Skill DDR3 1600 CAS9 1.35v 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Blue 250 2.5" Laptop Drive WD Caviar Black 1TB 3.5" Pioneer BDR-203 BluRay Burner Corsair H60 push 
OSOSMonitorPower
Windows 7 Pro x64 Ubuntu 11.10 Samsung 40" 60hz  ANTEC NEO ECO 520W 
CaseMouse
NZXT Gamma Microsoft Bluetooth Notebook Mouse 5000 
CPUMotherboardGraphicsRAM
i7 - 2600k [5.0 1.42v] ASUS P8Z68 Deluxe Sapphire HD6950 2gb Dirt 3 Edition 8GB G.Skill DDR3 2133 CAS11 
Hard DriveOSMonitorKeyboard
60GB G.Skill Sniper + 2x1TB Spinpoint F3 Raid0 Win 7 Pro x64 ASUS VW266H Razer Blackwidow 
PowerCaseMouse
Seasonic X750 Gold Corsair Carbide 500R White G9 
  hide details  
Reply
ShadowForge
(12 items)
 
Defiant
(14 items)
 
CarbonCat
(13 items)
 
CPUMotherboardGraphicsRAM
Phenom II x6 1405T (unlocked Athlon II X4 640T) ASUS M5A99X EVO AM3+ Asus ENGTX470/2DI/1280MD5/V2 16 GB (4x4GB) G.Skill DDR3 1600 CAS9 1.35v 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Blue 250 2.5" Laptop Drive WD Caviar Black 1TB 3.5" Pioneer BDR-203 BluRay Burner Corsair H60 push 
OSOSMonitorPower
Windows 7 Pro x64 Ubuntu 11.10 Samsung 40" 60hz  ANTEC NEO ECO 520W 
CaseMouse
NZXT Gamma Microsoft Bluetooth Notebook Mouse 5000 
CPUMotherboardGraphicsRAM
i7 - 2600k [5.0 1.42v] ASUS P8Z68 Deluxe Sapphire HD6950 2gb Dirt 3 Edition 8GB G.Skill DDR3 2133 CAS11 
Hard DriveOSMonitorKeyboard
60GB G.Skill Sniper + 2x1TB Spinpoint F3 Raid0 Win 7 Pro x64 ASUS VW266H Razer Blackwidow 
PowerCaseMouse
Seasonic X750 Gold Corsair Carbide 500R White G9 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Virus/Rootkit/Malware Help