Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 22
Members Online: 0

Registered Members: 82815
Newest Member: medjiking
Latest Articles
View Thread

HellBound Hackers | Computer General | Trouble Shooting

Page 1 of 2 1 2 >
Author

Virus

t0xikc0mputer
Member



Posts: 112
Location: t0xik waste dump
Joined: 07.01.11
Rank:
Newbie
Posted on 20-01-11 22:24
Hello all,

I have a virus, well I wouldn't exactly call it a major problem but, it is irritating and I would like a little more info on it. The virus is called "Security Suite," but it also has other names. I have my suspicions as to where it came from as it has infected my computer, and a laptop. They both share many programs, but there is one that I find suspicious, it is called "AirMouse." It goes along with an iphone application called airmouse. I downloaded it on both computers, and a month later (for each of them!) this virus pops up. It is nothing fatal, and is neither a trojan, or password stealer, etc. It is just trying to get money. What happens is that, all of these alerts come up in different forms saying that "your computer is infected with such and such virus." I know that it is fake because, it says that the virus was sent from an ip-address that is grammatically incorrect, and I have dealt with it before. I was wondering if the program I described actually installed the virus, or if I am wrong, also I was wondering how to get it off. Malwarebyte's is currently scanning on high intensity, but if for whatever reason, it doesn't pick it up, what do you recommend I do?

Thanks, I appreciate it,

t0xik


Author

RE: Virus


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-01-11 23:22
What operating systems?

Generally what I do is run ComboFix, and if that doesn't do it run HijackThis. I don't think that ComboFix works on 64-bit systems, but I'd have to check. You can still post the HijackThis log here.

this look like it?
http://www.bleepi. . .rity-suite




Edited by on 20-01-11 23:26
Author

RE: Virus

t0xikc0mputer
Member



Posts: 112
Location: t0xik waste dump
Joined: 07.01.11
Rank:
Newbie
Posted on 21-01-11 00:17
maug wrote:
What operating systems?

Generally what I do is run ComboFix, and if that doesn't do it run HijackThis. I don't think that ComboFix works on 64-bit systems, but I'd have to check. You can still post the HijackThis log here.

this look like it?
http://www.bleepi. . .rity-suite


Yes it does, but there is an updated look for it, that doesn't say security suite. I recognized it instantly from previous problems.

And thanks for your ideas, it never hurts to try stuff.

Edit: I run a windows vista home premium, and it sucks.

Thanks,
t0xik




Edited by t0xikc0mputer on 21-01-11 01:13
Author

RE: Virus

t0xikc0mputer
Member



Posts: 112
Location: t0xik waste dump
Joined: 07.01.11
Rank:
Newbie
Posted on 21-01-11 01:27
Actually, malwarebyte's didn't work. I was investigating around, before I did what you recommended, and I discovered two things.

1. It is a copycat security suite, same thing, same format, different person.

2. It is an html file, and I have found the file location. There is just one problem, when I try to move the file to the recycle bin, it just says that the file is running in another program. The problem is that I have no idea how to close the program.

Further instruction required

Also for those that are curious, I found it in the temp folder.

Thanks,

t0xik


Author

RE: Virus

techb
Member



Posts: 384
Location:
Joined: 15.02.09
Rank:
Moderate
Posted on 21-01-11 02:11
When it pops up again, bring up your task manager and see what all is running. You can usually track down the location this way. I had a virus that was in the users AppData on windows 7. It had random text as a name. This one sucked though cause when it was running it wouldn't let me open anything else, including a cmd or tskmgr. So I placed a batch to open tskmgr in my startup file.

Malware bytes, AVG, and AVG's live cd didn't pick it up.


www.userbars.com/74460/665255/337-7865-ubda3219.gif
kbcarte.wordpress.com
Author

RE: Virus

t0xikc0mputer
Member



Posts: 112
Location: t0xik waste dump
Joined: 07.01.11
Rank:
Newbie
Posted on 21-01-11 13:13
techb wrote:
When it pops up again, bring up your task manager and see what all is running. You can usually track down the location this way. I had a virus that was in the users AppData on windows 7. It had random text as a name. This one sucked though cause when it was running it wouldn't let me open anything else, including a cmd or tskmgr. So I placed a batch to open tskmgr in my startup file.

Malware bytes, AVG, and AVG's live cd didn't pick it up.


Its same thing, same random numbers in appdata, same not being able to load stuff up, except this time, I outsmarted it in a way. To open things, you have to open them in the first twenty seconds of the computer starting up/logging in.

Can you please send me the batch code (in the forum of course) to open taskmanager.

Thanks,
t0xik


Author

RE: Virus


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-01-11 14:06
Im thinking booting up in safemode. Then you should be able to remove it.

Otherwise safemode with network, and do a online scan.


Author

RE: Virus

t0xikc0mputer
Member



Posts: 112
Location: t0xik waste dump
Joined: 07.01.11
Rank:
Newbie
Posted on 21-01-11 14:16
No scans I have tried have worked, and detected it. I think I got it. I put taskmgr in the startup folder and deleted the files for the virus (C:\Users\"my user"\AppData\Local\Temp\"virus folder"Wink

Something odd that is still a problem, is that although I can use all of the programs again, the internet is still not working correctly. (by still, I mean that it was disabled other than the sites that the virus wanted me to go to.) There is no error from the virus, but, no webpages whatsoever are working. They all have the Internet Explorer, "Diagnose connection problems" thing, which doesn't actually do a bit of good for me right now.

Any ideas, please speak your mind.

Thanks,
t0xik


Author

RE: Virus


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-01-11 14:23
backup your registry and run a reg cleaner.

www.ccleaner.com is a possible program, it also makes a backup of your registry.


Author

RE: Virus


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-01-11 14:26
lol ok, have you checked your network? router etc?

if everything's good, you have checked and there are no suspiciou processes running there anymore, try the netsh command.

if regedit and taskmgr is disabled then the malware has made changes to that on the registry. you can download a vbs script that automatically fixes this (regedit and taskmgr enable) just google.

the netsh command might work too:

c:\netsh int ip reset all

and

c:\netsh winsock reset

then restart.

hijackthis is also a good way to inspect your registry and delete a file/files on reboot.

you can also try bitdefender to scan.

if nothing else and you think it has gone deep, just reinstall.




Edited by on 21-01-11 14:27
Author

RE: Virus

t0xikc0mputer
Member



Posts: 112
Location: t0xik waste dump
Joined: 07.01.11
Rank:
Newbie
Posted on 21-01-11 15:35
gruenfeld777 wrote:
lol ok, have you checked your network? router etc?

if everything's good, you have checked and there are no suspiciou processes running there anymore, try the netsh command.

if regedit and taskmgr is disabled then the malware has made changes to that on the registry. you can download a vbs script that automatically fixes this (regedit and taskmgr enable) just google.

the netsh command might work too:

c:\netsh int ip reset all

and

c:\netsh winsock reset

then restart.

hijackthis is also a good way to inspect your registry and delete a file/files on reboot.

you can also try bitdefender to scan.

if nothing else and you think it has gone deep, just reinstall.


I checked the network and router already. No suspicious processes. I will try the netsh command though. I have also used CCleaner already though. I also reenabled taskmgr by putting it in start. The virus is already gone, I believe, I just need to get the internet back up and running. Its all connected and everything, outlook express even works. The prob is internet explorer. (as usual Wink)




Edited by t0xikc0mputer on 21-01-11 15:38
Author

RE: Virus


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-01-11 21:00
So you tried the fixes mentioned in my link and they did not work? Just because the GUI is different doesn't mean the same fix won't work.




Edited by on 21-01-11 21:01
Author

RE: Virus

t0xikc0mputer
Member



Posts: 112
Location: t0xik waste dump
Joined: 07.01.11
Rank:
Newbie
Posted on 21-01-11 22:41
wat u mean? nvr mind. I got it all fixed up. I hadn't realized that the virus was accessing the internet through a proxy server, so I just unchecked use proxy server, and deleted the last tidbits of the virus.

All done.

Thanks for your help everyone, even though I did not use it.

t0xik


Author

RE: Virus

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 22-01-11 09:51
t0xikc0mputer wrote:
Thanks for your help everyone, even though I did not use it.


That's a surefire way to get help in the future.

BTW maug was correct on using ComboFix to get rid of this, If the system restore point won't work (Didn't see anyone mention that) ComboFix always does. I've removed the same virus several times already this year.



i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: Virus

t0xikc0mputer
Member



Posts: 112
Location: t0xik waste dump
Joined: 07.01.11
Rank:
Newbie
Posted on 22-01-11 13:10
Yeah, I was just a little too lazy to install programs, and transfer them to the other computer. And it would have been to challenging because I would have had to run them in like the first twenty seconds of the computer loading.

I'm positive that I will need help in the future, and if the virus is not as simple, or even if it is, I am sure that I will use it.

Thanks,

t0xik


Author

RE: Virus

t0xikc0mputer
Member



Posts: 112
Location: t0xik waste dump
Joined: 07.01.11
Rank:
Newbie
Posted on 22-01-11 15:40
Dude, had you read the forum posts, that is almost exaclty what I did, to some degree. (the manually deleting part)


Author

RE: Virus


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-11 04:16
Next time to make it easier on yourself, read the forum posts that you asked for. Combofix doesn't install, it just runs. That would have gotten it, according to Korg.

If you followed the link, they mention that you can run RKill, and then scan with malwarebytes (which you said was running but couldn't see it). That would have gotten it.

And if both of those didn't work, again you could have looked at the link (in the first response to your thread) and you would have found a guide that takes you through the entire removal process, hand in hand, with pretty screen shots at every turn. That would have gotten it.

I don't like you anymore.




Edited by on 23-01-11 04:18
Author

RE: Virus

t0xikc0mputer
Member



Posts: 112
Location: t0xik waste dump
Joined: 07.01.11
Rank:
Newbie
Posted on 23-01-11 13:31
I don't like you anymore.


Sorry, I had to impress someone, so I did it manually.
I'm sorry you don't like me anymore. I deserve no more than that. Frown


Author

RE: Virus

starofale
Member



Posts: 218
Location: England
Joined: 05.12.07
Rank:
Moderate
Posted on 23-01-11 22:45
t0xikc0mputer wrote:
Thanks for your help everyone, even though I did not use it.

t0xik
Grin
I like you just for that quote
Author

RE: Virus

t0xikc0mputer
Member



Posts: 112
Location: t0xik waste dump
Joined: 07.01.11
Rank:
Newbie
Posted on 23-01-11 22:56
starofale wrote:
t0xikc0mputer wrote:
Thanks for your help everyone, even though I did not use it.

t0xik
Grin
I like you just for that quote


I kind of regret saying that, but at least not everyone hates me. Frown


Page 1 of 2 1 2 >