Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Ioric Kittencuddler]

I've gotten this strange malware on my computer that keeps trying to get me to download a fake malware cleaning tool.

It's made a weird little red icon with a white X in my taskbar's running processes that keeps saying, "Your computer is infected!  It is recommended to start spyware cleaner tool."

And now it's replaced my desktop background with an image saying "Warning!" in flashing red and yellow, then "Dangerous Spyware" in white.  It's actually hard to read the warning since one of the things the malware program did was make all the text under my icons have a solid background. 

It says something about being careful that you valueble information doesn't fall into "the third hands"... 

[Cheeetar]

Does it do anything else? It sounds like a joke virus.

[inaluct]

Shit, you should be worried. The Third Hands are a secretive group of hacker terrorists on steroids based in Ukraine. They were the ones responsible for that 2002 Moscow theater hostage crisis. They probably know where you live by now.

If I were you, I'd be very worried.

[Ioric Kittencuddler]

I cleaned it with a real malware cleaning program.

Now I just have to worry about the little weird virus I got that disables on access scan for McAfee at start up.  Course for now all I have to do is enable it again, but it's still annoying.

[Flashzom]

Usually the end process tab and Avast will take care of anything, it's like a one two punch.

[Ioric Kittencuddler]

Only if you can find the process.

[mainiac]

Kill them all.  Heaven will sort the sinners and the righteous.

[Yanlin]

Here's how to make sure you don't nix anything you don't want.

Make sure the computer is not infected with ANYTHING. Scan with EVERYTHING POSSIBLE.

Start it in safe mod without networking.

Ctrl+Alt+Del

Processes

Write all of them down. There shouldn't be too many. Most of them should have the user name of SYSTEM. Some should have LOCAL SERVICE or NETWORK SERVICE. But those might not appear in safe mode. Basically shut down EVERYTHING that's not one of the ones you noted and doesn't have one of the above user name origins. You should be OK then.

[Gantolandon]

ComboFix.

[Duke 2.0]

 I think my old computer had this. Naturally Norton didn't give a crap and let it continue on it's merry way. Thus I had to invest in some... specialized tools. Like unlocker to nuke the files this virus is based around. Then closing all processes that it uses. Then going deep into dangerous territory to delete any and all references to this damn thing. Then I cleared all caches and such to make sure it was not hiding in some temporary storage somewhere.

 A week later, I claimed victory over it. It might still be there, but at least I chopped off all it's limbs and senses.

[qwertyuiopas]

Viruses can hide themselves from windows, making it think they don't exist to the point that they aren't even scanned by antivirus programs.

The solution is to boot to linux(if installed, otherwise boot it from the CD because linux can do that) and look again. Any file visible from linux but not from windows could be an issue.

[Sergius]

You can't shut down a process if it's a virus installed as a rootkit. Those are damn hard to remove (not impossible, of course).

Also, a lot of these virus don't have one but two processes, each one making sure the other one is loading and even copying itself again the nanosecond you delete one of them.

I've cleaned some of these with specialized removal tools, or at least a specific set of instructions. I've never had any luck using my own antivirus or a generic ad removal tool.

[woose1]

A week later, I claimed victory over it. It might still be there, but at least I chopped off all it's limbs and senses.

Thats what I did with Vundo.

[Bromor Neckbeard]

Duke 2.0 goes into the hive to confront the beast in its lair.  My pulse rifle's as rusty as my registry editing skills, so I nuke from orbit.

[Tormy]

I've gotten this strange malware on my computer that keeps trying to get me to download a fake malware cleaning tool.

It's made a weird little red icon with a white X in my taskbar's running processes that keeps saying, "Your computer is infected!  It is recommended to start spyware cleaner tool."

And now it's replaced my desktop background with an image saying "Warning!" in flashing red and yellow, then "Dangerous Spyware" in white.  It's actually hard to read the warning since one of the things the malware program did was make all the text under my icons have a solid background. 

It says something about being careful that you valueble information doesn't fall into "the third hands"... 

I've had this malware also in the past. Just download some spyware/malware killer, that will remove it from your computer. Basically this won't damage your OS itself, it's just plain annoying.