[Hellstryker]

thecooki3m0nster (10:34:41 PM): is spybot a free program?
thecooki3m0nster (10:50:19 PM): well I think I know what my problem is
thecooki3m0nster (10:50:29 PM): and would appreciate it extremely if you could get back sometime soon
Durandal42x (11:02:00 PM): Back
Durandal42x (11:02:06 PM): I was watching BSG.
Durandal42x (11:02:10 PM): And yes, it is.
Durandal42x (11:02:16 PM): But dude
Durandal42x (11:02:18 PM): Seriously
Durandal42x (11:02:21 PM): Run an MBAM Scan first.
Durandal42x (11:02:25 PM): I sent you the .exe
Durandal42x (11:04:09 PM): And really
Durandal42x (11:04:17 PM): Spybot isn't all that great at detecting malware.
Durandal42x (11:04:27 PM): It certainly didn't help with the Vundo at all.
Durandal42x (11:04:38 PM): Plus tea timer is a ****ing resource hog
thecooki3m0nster (11:05:10 PM): no, but I think I have a rootkit,
thecooki3m0nster (11:05:22 PM): or at the least some kind of hidden process routing my network connection
Durandal42x (11:05:37 PM): Vundo routes network connections. It's not a rootkit.
Durandal42x (11:05:40 PM): But alright.
Durandal42x (11:06:05 PM): If this doesn't work, run an MBAM scan.
Durandal42x (11:06:10 PM): Man, this sucks.
Durandal42x (11:06:16 PM): I wanted to do some BF 2 tonight, too.
thecooki3m0nster (11:06:22 PM): well I can still play games I think.
thecooki3m0nster (11:06:26 PM): and I'd love to run an MBAM scan
thecooki3m0nster (11:06:31 PM): but when I click it nothing happens
Durandal42x (11:06:42 PM): Yeah, but spybot hogs ridiculous amounts of resources.
Durandal42x (11:06:46 PM): And.. what the ****?
Durandal42x (11:06:49 PM): That doesn't make any sense.
thecooki3m0nster (11:06:56 PM): i really don't give a **** how many resources it hogs.
thecooki3m0nster (11:07:05 PM): I have a lot in reserve,
thecooki3m0nster (11:07:11 PM): and honestly, it's worked pretty well for me in the past.
thecooki3m0nster (11:07:23 PM): i can't download any sort of file,
Durandal42x (11:07:29 PM): It lags my computer, and it's not as though your slightly better video card will have anything to do with it.
thecooki3m0nster (11:07:32 PM): i can't access registration forms
thecooki3m0nster (11:07:41 PM): and i can't view most images on webpages
ATTENTION (11:07:45 PM): Transfer complete: spybotsd162.exe.
Durandal42x (11:08:09 PM): If worse comes to worse,
thecooki3m0nster (11:08:12 PM): and more, and especially, importantly,
thecooki3m0nster (11:08:16 PM): the program magically disappearing
Durandal42x (11:08:21 PM): I could send you my MBAM Install
thecooki3m0nster (11:08:21 PM): despite having been installed before the virus.
Durandal42x (11:08:30 PM): What program?
thecooki3m0nster (11:08:38 PM): what else.
thecooki3m0nster (11:08:40 PM): spybot.
Durandal42x (11:08:46 PM): That's crazy.
Durandal42x (11:09:03 PM): Whoever coded that virus did a damn good job
thecooki3m0nster (11:09:13 PM): yeah tell me about it.
thecooki3m0nster (11:09:20 PM): I think it's mostly just spyware/adware
thecooki3m0nster (11:09:24 PM): since I tested it out,
thecooki3m0nster (11:09:30 PM): and when wikipedia'ing the word "Virus"
thecooki3m0nster (11:09:38 PM): takes me to some kind of rogue antispyware site or some ****
Durandal42x (11:09:44 PM): Yeah
Durandal42x (11:09:48 PM): Antivirus 2009
Durandal42x (11:09:49 PM): Right?
thecooki3m0nster (11:10:02 PM): Microsoft Antispyware 2009
Durandal42x (11:10:08 PM): Same thing.
Durandal42x (11:10:10 PM): Differant name.
thecooki3m0nster (11:11:12 PM): I occasionally have problems with the DCOM server process launcher upon startup,
thecooki3m0nster (11:11:21 PM): which caused me to believe it was possibly a rootkit.
thecooki3m0nster (11:11:38 PM): I also occasionally have problems with viewmgr.exe, apparently some strange autonomous service installed along with AIM
thecooki3m0nster (11:11:49 PM): that has nothing to do with AIM
thecooki3m0nster (11:12:23 PM): and for clarification, when I say I have problems with DCOM
thecooki3m0nster (11:12:38 PM): I mean the process terminates unexpectedly and the computer is forced reboot
thecooki3m0nster (11:13:07 PM): i'm pretty sure all that is gone already.
thecooki3m0nster (11:13:10 PM): whatever is left, i can't find it.
thecooki3m0nster (11:13:38 PM): oh that's definitely tricky.
thecooki3m0nster (11:13:51 PM): when I ran regedit, it said "registry editing has been disabled by your administrator"
Durandal42x (11:13:57 PM): Wow.
Durandal42x (11:14:01 PM): That's ****ed up.
thecooki3m0nster (11:19:37 PM): oh and if it helps
thecooki3m0nster (11:19:38 PM): STOP 0x0000007E oxC0000005 0xB6C88F8C 0xBAD075AB 0xVAS072A4)
thecooki3m0nster (11:19:48 PM): upon rebooting once I got a BSOD with those adresses
thecooki3m0nster (11:20:43 PM): I need to reboot.
thecooki3m0nster (11:21:02 PM): before I go
thecooki3m0nster (11:21:06 PM): send me WinPatrol as well
thecooki3m0nster (11:21:12 PM): so I can peek at my hidden processes
ATTENTION (11:21:50 PM): Transfer complete: wpsetup.exe.
thecooki3m0nster (11:31:36 PM): okay rebooting
Durandal42x (11:32:06 PM): Alright.
thecooki3m0nster signed off at 11:34:00 PM.
thecooki3m0nster is offline and will receive your IMs when signing back in.
thecooki3m0nster signed on at 11:35:36 PM.
thecooki3m0nster (11:36:15 PM): I forgot how much I liked winpatrol.
thecooki3m0nster (11:36:25 PM): it even has a delayed startup functionality, which I forgot about,
Durandal42x (11:36:33 PM): Hey,
thecooki3m0nster (11:36:35 PM): but which is immensely useful since I can delay the startup of AIM a few seconds.
Durandal42x (11:36:38 PM): If you don't figure this out soon
Durandal42x (11:36:48 PM): I can always post our convo on HLP.
Durandal42x (11:37:08 PM): I'm sure they're far more knowledgable on this subject than you or I.
thecooki3m0nster (11:37:44 PM): it certainly wouldn't go unappreciated.
Durandal42x (11:37:52 PM): I'll do so now, then.
thecooki3m0nster (11:37:59 PM): when I try to run spybot it shows up in my processes but doesn't do anything

thecooki3m0nster (11:38:05 PM): like back with those mod .exe's
Durandal42x (11:38:10 PM): Oh boy.
thecooki3m0nster (11:38:17 PM): and MBAM does nothing at all, not even a process entry.
thecooki3m0nster (11:38:25 PM): I was checking off some startup options of mine,
thecooki3m0nster (11:38:31 PM): and I discovered some weird entry that had no name

[IceFire]

If it were me...and I've dealt with a computer in that sort of predicament before...I'd grab what I needed and reformat the sucker.  And not just a reformat.  I would kill all the partitions on the drive and start over with a new partition and a full format (not quick...full) of the drive.

That is quicker then trying to pull apart what is probably multiple infections of a variety of types that have gotten into god knows where.  Could I, with some Google searching and the right software, pull it all apart? ...probably...but stuff would still be screwed up somewhere and it'd be a nightmare to fix.

Thats my 0.02 cents.

[Herra Tohtori]

I don't know if Avast!'s boot check run would reveal anything, but aside from that I can only ask if you've run the standard Hijack This, it should tell pretty much everything that is going on in the PC though understanding it's output is a different matter.

In general I would probably concur with IceFire's statement that it might be easier to do backups regarding data and then do a complete cleanup of the whole thing.

[S-99]

Scary and funny stuff. Reminds me of antivirus 2009, and this year, antivirus 2010. It doesn't do ****, and when it's on your computer it will disregard your former antivirus and disable your firewall and feed information of your surfing habits to god knows where. It also disables internet explorer, but i just think the coders for antivirus 2009 and 2010 weren't smart enough to think about the "firefox" variable.

You also want to do more than just scan once with any currently updated antivirus software.

[Hellstryker]

It also disabled his folder options. He's basicly said "**** it, reinstalling"

[watsisname]

Yeah, I had to go through the same thing a couple months back.  It's a bit of a hassle to reinstall everything but in the end it just makes everything so much easier and faster.

[MP-Ryan]

Anytime you get multiple infections you should reformat - a single infection can be taken care of with Avast, but if you've got more than one then it's quite possible you have many others.

A quick way to ensure you never get caught badly is to separate partitions into a discrete Windows partition, containing the OS and all installed software, and a Data partition, containing all your personal folders, documents, data, and backups.  Better still if they are separate physical hard disks, but you can also use RAID and partitions.

My system is set up for RAID mirroring on the two physical drives.  I then have three partitions (Windows, Data, Swap).  I also have an external hard disk with automated backup software that backs up the entire Data drive and a few folders on the Windows drive once a day.  The external drive is actually a good option, and they're cheap (mine was $120 CAD for a 500 GB drive).  Mine's USB-only, but some models also have eSATA ports which makes them even faster.

[Daniel P]

These rouge antispyware did play a number on my computer. 

Luckily I managed to download a real antivirus software and now IT fix. 

Only dumb people only download these.

Always check your files before downloading them. And some time they self download. 

[Hellstryker]

These rouge antispyware did play a number on my computer. 

Luckily I managed to download a real antivirus software and now IT fix. 

Only dumb people only download these.

Always check your files before downloading them. And some time they self download. 

You know, I thought about saying something really, really insulting but instead of angering Kara, I'll just say that you've got to learn. And it turns out it was a rootkit.

[captain-custard]

you can always try combofix

[S-99]

I will link everybody to my other thread.
Easy stuff to mitigate infection and help insure security in the future.