What kind of virus is this?? and how the fuck do I remove it??

[DJ_UFO]

First symptom, Internet explorer is fucked up. Full of pop ups, it crashes all the time, it redirect me to a spyware software frequently.

Second symptom, and worst, it doesn't let me install any anti virus software; if I run the application, the process stops. I cannot access any antivirus website, I'm using firefox and none of the antivirus websites work; I have AVG installed and is unable to get the latest virus definitions.

how can I clean this shit?

thanks fellas!

 

[puddlemonkey]

Yikes, AVG is usually good. Have you tried seek and destroy or whatever its called?

 

[pappad]

That almost sounds like the Klez virus. I had to reformat my hard drive after it got me. It is pretty old but that's what it did to me. Sorry I couldn't help more!

 

[DJ_UFO]

Thanks guys.
Yeas puddle I downloaded SPYBOT seek and destroy but the virus doesn't let me install it. When I double click on the file, I choose run, and the process stop. Nothing happens. At least I was able to download mozilla firefox and could install it without problems. But nothing related with anitvirus work.

AVG detected a trojan on 6/15 and deleted the file. That day the problem started. Seems like something else got into here...

 

[Arabian]

Download AVG free trial and it will clear your computer. http://www.grisoft.com/

 

[DJ_UFO]

Download AVG free trial and it will clear your computer. http://www.grisoft.com/

YEah bro. I have it installed but can't find shit. AVG at this point is unable to downmload the new virus definitions and I can't access grisoft website.

 

[Pat_McCrotch]

You could buy a MAC.

 

[chewyxrage]

google "hijackthis"

it's probably the only program that will help you

unfortunately it will take a few hours worth of reading before you even learn how to use it properly

I had to do it in the past, sucked big time.

that or take it to best buy, spend $200 on the geek squad (LAME) but they will fix it.

 

[DJ_UFO]

You could buy a MAC.

I'd love to. But who the fuck is gonna pay for it?

 

[DJ_UFO]

google "hijackthis"

it's probably the only program that will help you

unfortunately it will take a few hours worth of reading before you even learn how to use it properly

I had to do it in the past, sucked big time.

that or take it to best buy, spend $200 on the geek squad (LAME) but they will fix it.

thanks bro. Just downloaded it, but when I try to install it, the virus stop the process.

 

[chewyxrage]

Do you know how to reformat your hard drive?

You can buy a 3 gig flash drive, save your important shit, and bite the bullet, assuming you still have your windows CD and everything....

 

[Delinquent]

are you not able to run an online virus scan such as Trend Micro's? see if you'll be able to run this one

http://housecall.trendmicro.com/

 

[digger]

You might try booting into "safe mode" by hitting F8 while your PC is starting Windows, but the bad guys probably have their hooks in too deep for you to kill their program even in safe mode. You have to keep the virus from starting in order to be able to do anything about it.

Get a friend to download something like the Trinity Rescue Kit and burn a clean CD. It's a self-contained operating system that lets you edit the Windows registry and run four different kinds of antivirus programs while you're booted into a clean non-Windows operating system.

http://trinityhome.org/Home/

 

[DJ_UFO]

Do you know how to reformat your hard drive?

You can buy a 3 gig flash drive, save your important shit, and bite the bullet, assuming you still have your windows CD and everything....

That's one option. I know how to do it. Thanks.

 

[DJ_UFO]

are you not able to run an online virus scan such as Trend Micro's? see if you'll be able to run this one

http://housecall.trendmicro.com/

I tried bro. But the virus won't let me open any website related with anti-virus stuff.

 

[DJ_UFO]

You might try booting into "safe mode" by hitting F8 while your PC is starting Windows, but the bad guys probably have their hooks in too deep for you to kill their program even in safe mode. You have to keep the virus from starting in order to be able to do anything about it.

Get a friend to download something like the Trinity Rescue Kit and burn a clean CD. It's a self-contained operating system that lets you edit the Windows registry and run four different kinds of antivirus programs while you're booted into a clean non-Windows operating system.

http://trinityhome.org/Home/

Thanks Digger. I will have to try that. I need to know first how this shit is called and where is living.

 

[Creepusmaximus]

If you can get to this try. http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

It will remove the problem for free.

AVG is free and works well but you won't get a good install.

This is the best for a scan but you'll have to delete the problem yourself if you don't pay.
http://www.kaspersky.com/virusscanner

At least you should beable to figure out what you have then we can work from there.

 

[Creepusmaximus]

Also if you can't get this all going. Control Alt delete and turn off everything you can. Then try again.

 

[DJ_UFO]

couldn't access neither of both links bro. I already killed any unnecessary unknown process. Fuckin shit! I have Norton security 2005 with an expired license but I can delete the entries from the registry and try re installing it on safe mode. I don't know if that could help. The way to do it for sure is deleting the information from windows registry but I don't know the name of this virus, where is it etc...

 

[chewyxrage]

Damn, you may have to bite it and reformat.

I don't know how people get a virus. Zone alarm & AVG is all I've ever used and never got nothing, besides once when some other dip shit was using my computer.

Did you run some random executable file? Never run shit unless you, yourself, downloaded it from a reputable source.....don't trust files from your friends either. I was once a tool and infected a couple people to spy on what they were doing and fuck with them.

btw, digger posted an awesome link, I'm going to burn that and keep as a safety measure...

 

[DJ_UFO]

Yeah bro. It was my mistake. Basically, and as a heads up for others, I went to a website to download a porn movie where the rapidshare links where posted. It took like 30 seconds to load and AVG detected some trojan. But, STUPID ME, went back the next day to the same site; this time AVG didn't say shit but the Internet explorer got stuck like for 1 minute loading some shit. I think that's when the shit was penetrating me in the ass.

 

[chewyxrage]

Yeah dude, you gotta look at the file first before you download it. A porn isn't gonna be be something you can download in 30 seconds, and the file size will tell you that

Did you download and run it or was it just the website? Do you have zone alarm?

 

[DJ_UFO]

Yeah dude, you gotta look at the file first before you download it. A porn isn't gonna be be something you can download in 30 seconds, and the file size will tell you that

Did you download and run it or was it just the website? Do you have zone alarm?

No it was just the website. The links where dead. But by loading the website, some script shit raped me. And no I don't have zonealarm, and the virus prevent me from going to any web address containing any antivirus or security company name.

 

[chewyxrage]

That's shitty dude. In the future, download zone alarm, it won't let anything access your computer w/o permission. And if you haven't run a program that would require it, you would know and you can deny access.....

 

[DJ_UFO]

yeah. Well at least the damage seems to be only with i. explorer. No problems with firefox, other than being unable to access antivirus websites and avg now can't download the new virus definitions.

 

[chewyxrage]

yeah. Well at least the damage seems to be only with i. explorer. No problems with firefox, other than being unable to access antivirus websites and avg now can't download the new virus definitions.

Using firefox will protect much more from that script bullshit, definitely.

That is the main reason why it's so popular......

 

[Cutiebaby]

I have a similar issue. My internet seems to work fine, no problems with it.
However when I go to "my computer> documents and settings the pop ups for virus protection begin.. I used both my usual ad aware but that did not help so I went ahead and got the avg and well it found the trojan zlob, however I looked this morning and still cannot get into my files without massive pop ups. I don't know what I am going to do now to find this little fucker. I had to clean this whole computer once on my own with no help from a software, I hope I don't have to do it again but that looks the case.

 

[Delinquent]

at least your problem is limited to ie. I just formatted and installed Vista for the first time and explorer.exe keeps restarting on me whenever I open any explorer related window such as my computer, programs and features, etc. I've searched and tried everything but I can't find anyone that has the exact issue as me. Others will have similar issues where explorer will crash but only when viewing IE like you whereas the actual process explorer.exe either just stops responding or completely disappears and restarts

 

[digger]

No it was just the website. The links where dead. But by loading the website, some script shit raped me. And no I don't have zonealarm, and the virus prevent me from going to any web address containing any antivirus or security company name.

Yeah, the antivirus peeps ought to have some random "stealth" names to get around the viruses that block them from running. Wonder why they haven't thought of that?

One possibility -- Find your "hosts" file and see if it has a bunch of new entries. It should be in c:\Windows\System32\drivers\etc\hosts -- open it up in Notepad and remove any entries you find that talk about security sites. That's one way they try to keep you away from the antivirus companies. It might be hooked in deeper, but it's worth a look.

Sounds like you can still get to Task Manager but the bad process is hidden. Will it let you run REGEDIT?

If so, you may be able to find the key where stuff gets started at boot and rip out everything that isn't essential. Look here --
HKEY_Local_Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Also look for things defined as "services" -- that's where the rootkit would start up and hide its helper processes from the Task Manager.

There's no guarantee that will work; Microsoft came up with a way to keep you from being able to remove certain parts of the system even in REGEDIT -- the first thing they used it for was the f-cking Microsoft Game Zone. (Don't get me started on THAT bit of idiocy!) Virus writers use it sometimes, but not all of them.

The rescue kit approach starting from a clean boot is your best shot.

The virus writer is going to try to fight back, first by not letting you edit your config files or Registry, and then by replacing the bad entries and relaunching his code from as many different places as he can. If you miss one, the whole mess starts up again.

For future reference, Spybot S&D has an add-on called "teatimer" that will not let a drive-by download add anynew entries to your registry until you click "OK"; it's simpler to use than ZoneAlarm, and in my opinion it's better for the average user. Unless you are deliberately installing new software, you can Just Say No.

 

[DJ_UFO]

Thank you digger. There are no entries in the host files, and the run section of the windows registry is clean. who knows where this shit is living and what could be the name of this thing.

 

[Arabian]

If Digger cant fix it then you need to go your local Health Department and get a shot

 

[Jon79]

just restore your computer to an earlier date before u got the virus...

 

[DJ_UFO]

just restore your computer to an earlier date before u got the virus...

Can I select the date to restore? I know I have the option booting up to restore last known good configuration but how do i select the date?

 

[Jon79]

Can I select the date to restore? I know I have the option booting up to restore last known good configuration but how do i select the date?

yep just search files for system restore....click on it then select a date to restore it will do it and restart the computer...

 

[drsketch]

Can I select the date to restore? I know I have the option booting up to restore last known good configuration but how do i select the date?

Google, also this will work as long as the virus has not corrupted those files as well. Unfortunately a lot of times they do.

Have you tried a trend micro house call scan?
You can also download and install the fully functional NOD32 AV program and attempt a clean with that.

 

[DJ_UFO]

I'll try the restore as soon as I finish this download.

 

[Cutiebaby]

I am now currently ripping my hair out. I am on my 3rd scan right now and so far nothing has showed up, yet still having issues. The last scan I did using my ad aware found backdoor trojans, so now there is more than just the zlob.....Almost done with this scan and nothing is found, but I still receive pop up ad crap when opening any files from my computer..Next step will be a system restore and if that does not work well then the computer will grow wings and fly through the room!!!
I must say the last little bugger I had on this comp was hard to rid and I had to take care of it all on my own with the registry keys, however this time I just don't have time to play around, not to mention this one is as hidden as they get. Ugh I hate computers.

 

[hanselthecaretaker]

You might try booting into "safe mode" by hitting F8 while your PC is starting Windows, but the bad guys probably have their hooks in too deep for you to kill their program even in safe mode. You have to keep the virus from starting in order to be able to do anything about it.

Get a friend to download something like the Trinity Rescue Kit and burn a clean CD. It's a self-contained operating system that lets you edit the Windows registry and run four different kinds of antivirus programs while you're booted into a clean non-Windows operating system.

http://trinityhome.org/Home/

TITCR. I myself would just go the extra mile and reformat the HDD, install AVG and SuperAntiSpyware and stay away from the porno sites.

 

[John C Calhoun]

You are not going to be able to get rid of these trojans. I had similar problems 5 or 6 months ago. You can use hijack this and scan your registry and then have an expert on one the sites look at it and tell you exactly what to delete, but sometimes this does not even work. In all honesty, the best course of action is to backup important files and then just re-install the operating system. It only takes an hour or two to re-install XP. I wasted 3 days with ad aware, spybot, symantec anti-virus etc. and still could not solve the problem. Just backup and re-install the OS and in a couple of hours you will be back in business. Good luck.

 

[AAP]

All this is good advice on here to follow PRIOR to getting a virus. Right now, you are going to have to reformat. Been there, caught that.

 

[Cutiebaby]

Aha I am awesome and I know it...
I got rid of zlob apparently cause I can get into my files now without aggravation.However I am unable to do a system restore, errrrr...And I am picking up backdoor trojans all up in my windows/system32 file. I really hate having to sit here all damn day with this computer. I have tried multiple tries with various anti virus scans and going no where with them. At one point the trojan or whatever actually messed with my adaware. It said I had 122 critical objects then it froze while conditioning my files, whatever the hell that means. LOL
So maybe eventually I will get it all

 

[Mavafanculo]

Aha I am awesome and I know it...
I got rid of zlob apparently cause I can get into my files now without aggravation.However I am unable to do a system restore, errrrr...And I am picking up backdoor trojans all up in my windows/system32 file. I really hate having to sit here all damn day with this computer. I have tried multiple tries with various anti virus scans and going no where with them. At one point the trojan or whatever actually messed with my adaware. It said I had 122 critical objects then it froze while conditioning my files, whatever the hell that means. LOL
So maybe eventually I will get it all

angel - I sent you an IM with links -- I didnt read the whole thread so it may be fixed already, but try using "spyware doctor" -- it should get rid of whatever remaining issues you have (its worked great for me on XP, havent tried it on Vista)

 

[AAP]

Get a friend to download something like the Trinity Rescue Kit and burn a clean CD. It's a self-contained operating system that lets you edit the Windows registry and run four different kinds of antivirus programs while you're booted into a clean non-Windows operating system.

http://trinityhome.org/Home/

I went there, but didn't see where to download the program...???

 

[beefcake28]

I went there, but didn't see where to download the program...???

I was wondering this too, as I have a nasty little virus I've been trying to get rid of all weekend...