Go Back   Team-BHP > Around the Corner > Shifting gears


Reply
 
Thread Tools Search this Thread
Old 15th April 2006, 10:26   #1
BANNED
 
viper's Avatar
 
Join Date: Mar 2005
Location: Mumbai
Posts: 1,769
Thanked: 8 Times
Default Help with Suspected Virus

Hi Guys,

Just received a msg on my MSN Messenger window from one of my contacts with a link leading to msnmessenger profiles with my name and asking if it was me. I clicked on the link and a dos application downloaded.

Now I cannot find the file which got downloaded to my default download folder from where I doubleclicked it.

Within a minute I got a Windows file error message on my screen(XP SP2) asking me to restore my original files as they have been replaced by some other files. I tried running a Norton Antivirus scan but even my NAV is acting up saying that I should register and activate my product which was already activated and valid till Dec 2006.

Please help what should I do.

Viper
viper is offline   Reply With Quote
Old 15th April 2006, 11:23   #2
BANNED
 
Join Date: Feb 2005
Location: Bombay
Posts: 628
Thanked: Once
Default

Viper,
Sometimes Norton does not catch the virus.. try using a WORMKILLER app or something..here's the link.
http://www.freedownloadscenter.com/B...killer-xp.html
Hope it helps!
Cheers
2L8uLoose is offline   Reply With Quote
Old 15th April 2006, 11:25   #3
aZa
Senior - BHPian
 
aZa's Avatar
 
Join Date: Mar 2006
Location: Noida / Delhi
Posts: 1,595
Thanked: 17 Times
Default

Heya Viper

1. Never download / accept / click on links from unknown ppl
2. Check the authenticity of the url and extention etc.
3. Norton sucks
4. be uptodate with MS patches
5. Get NoD32

if ur faithful norton has been pwn3d then try downloading Stinger from mcafee its a small standalone viruss scanner for latest threats. if u have a firewall then u would know which application is connecting to the net or just use tcpview and check them out.


cheers
aZa is offline   Reply With Quote
Old 15th April 2006, 11:38   #4
BANNED
 
viper's Avatar
 
Join Date: Mar 2005
Location: Mumbai
Posts: 1,769
Thanked: 8 Times
Default

Guys,

I just reinstalled my Windows and the funny thing is I did not log onto MSN. But this window popped up and someone buzzed me. User Called "I will get my revenge Pete".

Am scared since I have a lot of data and no back up. He lp
viper is offline   Reply With Quote
Old 15th April 2006, 11:53   #5
Senior - BHPian
 
abhibh's Avatar
 
Join Date: Sep 2005
Location: Back in the HOOD near you!
Posts: 2,767
Thanked: 33 Times
Default

Hi,

If you have original windows i will suggest you 2 things that will keep you safe each and everytime.

1. Windows one Care Live. You can get it online for free at http://www.windowsonecare.com/purchase/default.aspx . install the beta for free will take around 15 - 30 mins on 256k connection. Its online installation. You should atleast have 256 MB RAM unshared.

2. Windows Defender. http://www.microsoft.com/athome/secu...e/default.mspx .
Its a spyware remover from misrosoft for free for its customers.

I have been using Onecare form past 3 months and not a single problem. Its very light and good. And windows defemder i have been using for past 1 month and it simply rocks. Dont even let you know about any spyware that hits yer computer.

P.S. I have 1 Gb ram and used to use norton and Mcaffe. Norton was so heavy and mcafee was so buggy at times. Used NOD but was not uptomark. Though Kaspersky was good but used to update defination everyday

Cheers.
abhibh is offline   Reply With Quote
Old 15th April 2006, 11:57   #6
Senior - BHPian
 
abhibh's Avatar
 
Join Date: Sep 2005
Location: Back in the HOOD near you!
Posts: 2,767
Thanked: 33 Times
Default

Hi,

Are yo on lan. If yes then one can netsend you these messgaes easily if they know yer computername. But if you are not on lan then it must be a Trojan.
http://windowsupdate.microsoft.com/ Go here and update yer windows and i m sure problem will go away. Do rememerb to install windows onecare and defender.
abhibh is offline   Reply With Quote
Old 15th April 2006, 12:05   #7
BHPian
 
freakrz's Avatar
 
Join Date: Nov 2004
Location: Hyderabad
Posts: 176
Thanked: 50 Times
Default

you reinstalled windows and still got infected.did you format your hard drive.or just upgraded on the existing system.

ok..first check all the processes that are running in the background.
hit CTRL + ALT + DEL and check for the processes.it will be helpful to give you a clear idea if you could provide the process names running.

Do this in safemode..you can enter safemode by pressing F8 just after you start your p.c and before the starting windows screen pops up..

check your start up.to do that --> click start menu --> run --> type msconfig
-->enter..->a window will be displayed in that check the start up .remove all the unnecessary stuff.all that you dont want to start when windows starts up..like winamp,yahoo messenger,msn etc..you can start up after you start windows..they dont require to be in the start up.

since you have stated msn messenger,through which ur being threatend..i would like to suggest you to disable the messenger service.that would protect you to a certain extent.till you clean up the system.

step 1 : Right click on My Computer
Click Manage
Click on Services & Applications
Click on Services
Step 2: On the right side of the same window scroll down .you will find "messenger"
Double Click that --> a window pops open
stop the service
in the start up type --> select "Disabled"

If you have a service named messenger sharing...Follow the same steps as above..and disable it.

now get a firewall, something like zone alarm or outpost,which is available free online.install it..and just watch the logs..i know this is getting complicated..but do that only if you want to find who 's bothering you..well i could give you more details..if you want to..just p.m me..

AVG is a better antivirus and its available free online...you can download it here...

http://free.grisoft.com/doc/2/lng/us/tpl/v5

if you could give me some more details about the virus or what ever errors you r encountring..i could give you more detail about the cleaning procedure...
freakrz is offline   Reply With Quote
Old 15th April 2006, 12:52   #8
BANNED
 
viper's Avatar
 
Join Date: Mar 2005
Location: Mumbai
Posts: 1,769
Thanked: 8 Times
Default

Hi Guys,

What I have figured out is that it is a Trojan. Got detected by a older version of Panda anti virus. Norton i snot getting completely uninstalled and all antivirus programs are not working. it says expired. The virus is in System win32/hosts or something like that.

Viper
viper is offline   Reply With Quote
Old 15th April 2006, 15:31   #9
BANNED
 
viper's Avatar
 
Join Date: Mar 2005
Location: Mumbai
Posts: 1,769
Thanked: 8 Times
Default

Hi Guys,

Have finally identified the problem. It is a FakeMSN8Beta virus which from one file has multiplied into 90 files in 20 mins.

It is located in C:\WINDOWS\System32\taskkill.com
and C:\WINDOWS\System32\netstat.com.

AM now formatting my comp to prevent any further problems as my whole comp is acting up.

Viper
viper is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Singer Mika Singh suspected in a hit-n-run. Crashes Hummer. MARCUS_520i Super-Cars & Imports in India 16 17th April 2011 19:47
A Suspected Drug Dealer's Garage - "And I thought I've seen it all!" Scorcher The International Automotive Scene 29 13th June 2010 14:03
Small Accident due to suspected suspension rod-end failure jalsa777 Street Experiences 17 12th March 2009 13:17
Suspected street racing leaves 3 dead: Again amit Street Experiences 4 30th January 2006 11:34


All times are GMT +5.5. The time now is 14:27.

Copyright 2000 - 2017, Team-BHP.com
Proudly powered by E2E Networks