Overclock.net › Forums › Software, Programming and Coding › Networking & Security › A trojan or adware maybe?
New Posts  All Forums:Forum Nav:

A trojan or adware maybe? - Page 3

post #21 of 29
This little thing is probably more powerful than most AV and AS software. It has found things ad aware and spybot have missed

ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

It'll tell you where the problem lies
Mira
(17 items)
 
R a z a N e u n
(15 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i5 2400S ASRock Z77 Extreme 4 AMD Radeon R9 390 Crucial Ballistix Tracer 
Hard DriveHard DriveOptical DriveCooling
Samsung SSD 850 Pro 256GB Western Digital WD50000LPLX LG BR/DVD/CD Burner Air Nation 
OSMonitorMonitorMonitor
Windows 10 Home RCA 32" 1080p RCA 32" 1080p LG 32" 1080p 
KeyboardPowerCaseMouse
Cooler Master Devastator II Ultra 1000w PC Voodoo Rage Cooler Master Devastator II 
Mouse Pad
Custom 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q8400 EP45-UD3L ATI Radeon HD 6950 Crucial Ballistix Tracer 
Hard DriveOptical DriveCoolingOS
1TB Western Digital LiteON DVD+-RW ArcticCooling CPU | 4x 80mm Case Fans Windows 7 Ultimate (64bit) 
MonitorKeyboardPowerCase
Sony 46" + LG 32" Logitech G15 Silverstone ST60F 600W VoodooPC Rage D:100 
MouseMouse PadAudio
Logitech VX Revolution Vera Wang AltecLansing 5.1 300W Surround 
  hide details  
Reply
Mira
(17 items)
 
R a z a N e u n
(15 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i5 2400S ASRock Z77 Extreme 4 AMD Radeon R9 390 Crucial Ballistix Tracer 
Hard DriveHard DriveOptical DriveCooling
Samsung SSD 850 Pro 256GB Western Digital WD50000LPLX LG BR/DVD/CD Burner Air Nation 
OSMonitorMonitorMonitor
Windows 10 Home RCA 32" 1080p RCA 32" 1080p LG 32" 1080p 
KeyboardPowerCaseMouse
Cooler Master Devastator II Ultra 1000w PC Voodoo Rage Cooler Master Devastator II 
Mouse Pad
Custom 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q8400 EP45-UD3L ATI Radeon HD 6950 Crucial Ballistix Tracer 
Hard DriveOptical DriveCoolingOS
1TB Western Digital LiteON DVD+-RW ArcticCooling CPU | 4x 80mm Case Fans Windows 7 Ultimate (64bit) 
MonitorKeyboardPowerCase
Sony 46" + LG 32" Logitech G15 Silverstone ST60F 600W VoodooPC Rage D:100 
MouseMouse PadAudio
Logitech VX Revolution Vera Wang AltecLansing 5.1 300W Surround 
  hide details  
Reply
post #22 of 29
Yeah I dont understand the constant IE7 bashing either. I really think its just another "cool to hate Microsoft" thing.

I rarely have problems at all with it. And even when I do if I use firefox Spybot will still find the exact same problems. Maybe it's just me not configuring firefox correctly but hey when all I have to do is run spybot once a week or so who cares. It's not that hard.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Conroe E6600 @2.95 ghz Asus P5B Deluxe wifi MSI Geforce 8800 GTX OC 2 gigs of Gskill ddr2 800 
Hard DriveOSMonitorKeyboard
250 gig Win XP w/SP2 Samsung 226bw Logitek 
PowerCaseMouse
Be Quiet! 700 Watt Quad Rail Clio Razer Copperhead 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Conroe E6600 @2.95 ghz Asus P5B Deluxe wifi MSI Geforce 8800 GTX OC 2 gigs of Gskill ddr2 800 
Hard DriveOSMonitorKeyboard
250 gig Win XP w/SP2 Samsung 226bw Logitek 
PowerCaseMouse
Be Quiet! 700 Watt Quad Rail Clio Razer Copperhead 
  hide details  
Reply
post #23 of 29
Thread Starter 
k, I'll try both of those suggestions and get back to you guys
    
CPUMotherboardGraphicsRAM
Q6600 @ 3Ghz GA-P35-DS3L Rev. 2.0 Powercooler 4870 8Gb GSkill 
Hard DriveOptical DriveOSMonitor
500Gb WD+640Gb WD Lite-on 20x Vista Home Premium 64x 1920x1200 24" +1400x1050 20" 
PowerCase
650 watt OP650 CM Stacker 830 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Q6600 @ 3Ghz GA-P35-DS3L Rev. 2.0 Powercooler 4870 8Gb GSkill 
Hard DriveOptical DriveOSMonitor
500Gb WD+640Gb WD Lite-on 20x Vista Home Premium 64x 1920x1200 24" +1400x1050 20" 
PowerCase
650 watt OP650 CM Stacker 830 
  hide details  
Reply
post #24 of 29
Quote:
Originally Posted by Murlocke View Post
1. Please spell check.
2. Its spyware/adware.
3. Download http://www.safer-networking.org/ and http://www.lavasoftusa.com/
4. Update definitions for both and scan, not at the same time.
5. To avoid this happening in the future download firefox. http://www.mozilla.com/en-US/firefox/
6. Never use IE again.

You will get spyware and adware with IE. If you really like IE (which I have no idea why you would...) than you will have to deal with that and have to scan for adware/spyware quite a bit.
Please dont recommend something that isnt true. And I have been using IE since I got my first computer and never had any problems with it, there are more ways to get spyware/adware then by IE.(if you even can get it off of IE)
The Beast
(14 items)
 
  
CPUMotherboardGraphicsRAM
i7 6700k ASRock Z170 Gaming K6+ ASUS GTX 1080 Ti Strix G.Skill Tridentz DDR4 3200MHZ 2x8GB 16GB 
Hard DriveCoolingOSMonitor
Samsung 850 EVO 500GB Corsair GTX H110i Windows 10 Pro 64bit 28" Samsung 4K 
KeyboardPowerCaseMouse
Corsair Strafe RGB EVGA 1000W G2 Phanteks Evolv ATX Tempered Glass edition G700s 
  hide details  
Reply
The Beast
(14 items)
 
  
CPUMotherboardGraphicsRAM
i7 6700k ASRock Z170 Gaming K6+ ASUS GTX 1080 Ti Strix G.Skill Tridentz DDR4 3200MHZ 2x8GB 16GB 
Hard DriveCoolingOSMonitor
Samsung 850 EVO 500GB Corsair GTX H110i Windows 10 Pro 64bit 28" Samsung 4K 
KeyboardPowerCaseMouse
Corsair Strafe RGB EVGA 1000W G2 Phanteks Evolv ATX Tempered Glass edition G700s 
  hide details  
Reply
post #25 of 29
Most computer enthusiasts who's been in the "game" long enough should know that 99.9999% of all the malware coders/crackers are targeting MicroSoft. Though many of them have claimed that it is a campagin against MS' monoply, their real motive is rather blurred...

MS Windows DO have way too many loopholes to be exploited and it IS MS' fault to begin with to neglect internet security in the first place. And so yes, IE is MUCH EASIER to infect than any other browsers. It is a fact.
New rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon64 X2 5000 BE @3.3GHz ASUS M2R32-MVP HD3870 512MB CrossFire GeIL Esoteria 4x1GB DDR2-1100 
Hard DriveOptical DriveOSMonitor
WD Raptor 150GB Lite-On LH-20A1L DVDRW Vista Ultimate 32-bit ViewSonic 22" HD LCD 1680x1050 
KeyboardPowerCaseMouse
Logitech Media Elite PC Power & Cooling Silencer 750W Quad TT Armor Extreme Full ATX Logitech G5 Laser 
  hide details  
Reply
New rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon64 X2 5000 BE @3.3GHz ASUS M2R32-MVP HD3870 512MB CrossFire GeIL Esoteria 4x1GB DDR2-1100 
Hard DriveOptical DriveOSMonitor
WD Raptor 150GB Lite-On LH-20A1L DVDRW Vista Ultimate 32-bit ViewSonic 22" HD LCD 1680x1050 
KeyboardPowerCaseMouse
Logitech Media Elite PC Power & Cooling Silencer 750W Quad TT Armor Extreme Full ATX Logitech G5 Laser 
  hide details  
Reply
post #26 of 29
crimsonite is correct.

we are not saying firefox is not impossible to infect.

The ratio of user to infections is much higher for IE. Microsoft programs are MUCH easier to infect. and for this problem many users have switched over to firefox.

and infections ALSO depend on the user. May be you're a "perfect" internet user. a "perfect" internet user is less likely to get an infection.
liger-zero
(13 items)
 
  
CPUMotherboardGraphicsRAM
930/920/920/2500k/2500k/x4-640/x4-630/ x58Pro/x58Ext/P6TD/P8P67/P35/A780L/785GM-E51/H55M 5870CFX/GTX260Sli/5870/GTX260-Sli/GTX260/9600/8800 Gskill/Gskill/Gskill/Gskill/Corsair/Corsair/GSkill 
Hard DriveOptical DriveOSMonitor
OWC 6G Extreme PRO / Crucial M4 SAMSUNG DVD-RW DL X64 Win 7 | X86 xp pro | OSX | Ubuntu | Backtrack Samsung 23 x 5 
KeyboardPowerCase
Saitek 850TX/MXS600/750TX/750TX/EA500/EA500/EA500/MxS500 700d + Rackmount server chassis 
  hide details  
Reply
liger-zero
(13 items)
 
  
CPUMotherboardGraphicsRAM
930/920/920/2500k/2500k/x4-640/x4-630/ x58Pro/x58Ext/P6TD/P8P67/P35/A780L/785GM-E51/H55M 5870CFX/GTX260Sli/5870/GTX260-Sli/GTX260/9600/8800 Gskill/Gskill/Gskill/Gskill/Corsair/Corsair/GSkill 
Hard DriveOptical DriveOSMonitor
OWC 6G Extreme PRO / Crucial M4 SAMSUNG DVD-RW DL X64 Win 7 | X86 xp pro | OSX | Ubuntu | Backtrack Samsung 23 x 5 
KeyboardPowerCase
Saitek 850TX/MXS600/750TX/750TX/EA500/EA500/EA500/MxS500 700d + Rackmount server chassis 
  hide details  
Reply
post #27 of 29
Thread Starter 
It ended up being a trojan (trojan.vundo to be exact). It has infected all my main system files and none of those programs could get rid of it. Thanks Modki for the suggestion of dr.web..that thing is the only program that found the virus but it couldn't cure it unfortunately. I had to do a system recovery and I'm running Dr.web again to see if the virus is stil there. I may have to disable the restore points and recover again since viruses have a nasty way of coming back through those. I know IE has more viruses, spyware, etc. for it but I like it more and like the program better. I was thinking that norton should protectme from things like that but I guess not. Thznks for the help..Back to recoveries, virus scans, and driver re-installs
    
CPUMotherboardGraphicsRAM
Q6600 @ 3Ghz GA-P35-DS3L Rev. 2.0 Powercooler 4870 8Gb GSkill 
Hard DriveOptical DriveOSMonitor
500Gb WD+640Gb WD Lite-on 20x Vista Home Premium 64x 1920x1200 24" +1400x1050 20" 
PowerCase
650 watt OP650 CM Stacker 830 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Q6600 @ 3Ghz GA-P35-DS3L Rev. 2.0 Powercooler 4870 8Gb GSkill 
Hard DriveOptical DriveOSMonitor
500Gb WD+640Gb WD Lite-on 20x Vista Home Premium 64x 1920x1200 24" +1400x1050 20" 
PowerCase
650 watt OP650 CM Stacker 830 
  hide details  
Reply
post #28 of 29
Vundo=Virtumonde, a trojan that has given millions big headaches. Download VundoFix http://www.atribune.org/ccount/click.php?id=4

Instructions:
· Please download VundoFix.exe to your desktop.
· Double-click VundoFix.exe to run it.
· Put a check next to Run VundoFix as a task.
· You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
· When VundoFix re-opens, click the Scan for Vundo button.
· Once it's done scanning, click the Remove Vundo button.
· You will receive a prompt asking if you want to remove the files, click YES
· Once you click yes, your desktop will go blank as it starts removing Vundo.
· When completed, it will prompt that it will shutdown your computer, click OK.
· Turn your computer back on.


After this is done, you will need to remove some of its reg strings with HiJackThis. Scan&Savelog then copy paste it to your reply post.
New rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon64 X2 5000 BE @3.3GHz ASUS M2R32-MVP HD3870 512MB CrossFire GeIL Esoteria 4x1GB DDR2-1100 
Hard DriveOptical DriveOSMonitor
WD Raptor 150GB Lite-On LH-20A1L DVDRW Vista Ultimate 32-bit ViewSonic 22" HD LCD 1680x1050 
KeyboardPowerCaseMouse
Logitech Media Elite PC Power & Cooling Silencer 750W Quad TT Armor Extreme Full ATX Logitech G5 Laser 
  hide details  
Reply
New rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon64 X2 5000 BE @3.3GHz ASUS M2R32-MVP HD3870 512MB CrossFire GeIL Esoteria 4x1GB DDR2-1100 
Hard DriveOptical DriveOSMonitor
WD Raptor 150GB Lite-On LH-20A1L DVDRW Vista Ultimate 32-bit ViewSonic 22" HD LCD 1680x1050 
KeyboardPowerCaseMouse
Logitech Media Elite PC Power & Cooling Silencer 750W Quad TT Armor Extreme Full ATX Logitech G5 Laser 
  hide details  
Reply
post #29 of 29
No here's what you do.

1. First run Spybot S&D make sure it catches most of it.

2. Next run Dr.Web

3. Write down the files that are there "system32/ytmvf.dll" "system32/yaysvvr.dll" stuff like that. Write down the exact names.

4. Now reboot with your Windows CD/DVD and select the restore console option after it's all loaded.

5. You'll be asked to login to a Windows installation (Usually #1) and give the admin password.

6. Once you're there type in "cd system32" and then "dir [name of file]" (the file names you got in step 3.)

7. Once it shows you it's still there type in "del [name of file]"

Repeat that for each one.

8. Reboot into safemode and run spybot again. There that's it.

You got Virtumundo. It's been plaguing everyone on the net recently.
Mira
(17 items)
 
R a z a N e u n
(15 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i5 2400S ASRock Z77 Extreme 4 AMD Radeon R9 390 Crucial Ballistix Tracer 
Hard DriveHard DriveOptical DriveCooling
Samsung SSD 850 Pro 256GB Western Digital WD50000LPLX LG BR/DVD/CD Burner Air Nation 
OSMonitorMonitorMonitor
Windows 10 Home RCA 32" 1080p RCA 32" 1080p LG 32" 1080p 
KeyboardPowerCaseMouse
Cooler Master Devastator II Ultra 1000w PC Voodoo Rage Cooler Master Devastator II 
Mouse Pad
Custom 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q8400 EP45-UD3L ATI Radeon HD 6950 Crucial Ballistix Tracer 
Hard DriveOptical DriveCoolingOS
1TB Western Digital LiteON DVD+-RW ArcticCooling CPU | 4x 80mm Case Fans Windows 7 Ultimate (64bit) 
MonitorKeyboardPowerCase
Sony 46" + LG 32" Logitech G15 Silverstone ST60F 600W VoodooPC Rage D:100 
MouseMouse PadAudio
Logitech VX Revolution Vera Wang AltecLansing 5.1 300W Surround 
  hide details  
Reply
Mira
(17 items)
 
R a z a N e u n
(15 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i5 2400S ASRock Z77 Extreme 4 AMD Radeon R9 390 Crucial Ballistix Tracer 
Hard DriveHard DriveOptical DriveCooling
Samsung SSD 850 Pro 256GB Western Digital WD50000LPLX LG BR/DVD/CD Burner Air Nation 
OSMonitorMonitorMonitor
Windows 10 Home RCA 32" 1080p RCA 32" 1080p LG 32" 1080p 
KeyboardPowerCaseMouse
Cooler Master Devastator II Ultra 1000w PC Voodoo Rage Cooler Master Devastator II 
Mouse Pad
Custom 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q8400 EP45-UD3L ATI Radeon HD 6950 Crucial Ballistix Tracer 
Hard DriveOptical DriveCoolingOS
1TB Western Digital LiteON DVD+-RW ArcticCooling CPU | 4x 80mm Case Fans Windows 7 Ultimate (64bit) 
MonitorKeyboardPowerCase
Sony 46" + LG 32" Logitech G15 Silverstone ST60F 600W VoodooPC Rage D:100 
MouseMouse PadAudio
Logitech VX Revolution Vera Wang AltecLansing 5.1 300W Surround 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › A trojan or adware maybe?