Jump to content


Photo

New Virus in Town - Bad one


  • Please log in to reply
11 replies to this topic

#1 lucindamc123

lucindamc123

    Master Director

  • Pioneers
  • 9177 posts

Posted 30 June 2009 - 06:37 PM

Google was evidently hit by a virus the first part of June. My computer didn't get infected, well it may have had the virus but didn't get active, until Midnight Monday Night. Suddenly, I was on Google and my computer was attacked.

I finally used Kapersky to get rid of all the viruses and other annoying things. Had to reinstalled XP too so it is slow getting things working correrctly again.

This bad virus is called

Rootkit.Win32.TDSS

I used Kapersky to try to get rid of it, however, what happens is that it finds this virus first and then when you click on the Kill tag, it reboots your computer without klling the virus. You have to go to the Kapersky website to get the right script to run to kill it.

Some programs are still a little flaky because of having to reinstall XP and also getting the virus watchdog to accept some programs.

I didn't want this to happen to anyone else. If you do not already do this, I suggest you get a good virus guard program and scan your computer.

I won't even use Google anymore. I switched to Microsoft's new search engine BING. I am also uninstalling all my Google related programs - i.e. Google earth, maps, etc.

#2 -Chris

-Chris

    Moviegoer

  • Members
  • 5 posts

Posted 30 June 2009 - 10:48 PM

Uh oh... that sounds nasty, especially considering its a rootkit...
Thanks for the heads up smile.gif *goes off to run a full virus scan*

#3 lucindamc123

lucindamc123

    Master Director

  • Pioneers
  • 9177 posts

Posted 02 July 2009 - 05:07 AM

QUOTE (-Chris @ Jun 30 2009, 10:48 PM) <{POST_SNAPBACK}>
Uh oh... that sounds nasty, especially considering its a rootkit...
Thanks for the heads up smile.gif *goes off to run a full virus scan*



Well it seems nothing will remove it. The only thing I can do before formatting my C drive is to send a post to Kapersky forums. They said to do this script that will give them all the information about the virus and then they can advise you what to do. Even formatting the c drive may not work as it gets into the memory. I spent the day copying over everything onto my large (1 tetrabyte) drive and if I don't get help from Kapersky, I will have to format the C drive.

And to top it off, since I rinstalled XP, I downloaded IE 8. DO NOT DO IT. IE 8 is horrible. There is some kind of bug in it and it just keeps reappearing constantly and even Microsoft can't seem to fix it. Not only that, of course if you uninstall it, your computer won't work anymore. And IE 7 will not install and of course you can't really download any fixes for your computer from Microsoft now unless you run IE.

If this all doesn't work I am going to have to buy a new computer and scrap this one because it is ruined.

#4 sfdex

sfdex

    Master Director

  • Members
  • 270 posts

Posted 02 July 2009 - 06:58 PM

I seem to remember that you can install Microsoft updates using Firefox. You might give that a try.

Viruses and malware really infuriate me. I've noticed that Google has been running a little flaky lately; I wonder if that has anything to do with what you're reporting, Lucinda.

Good luck with it, and please keep us posted.
MacBook Pro - Intel Core 2 Duo - 2.66 GHz - 4 GB RAM - NVIDIA GeForce 9400M/9600M GT - Snow Leopard (10.6.4)

#5 lucindamc123

lucindamc123

    Master Director

  • Pioneers
  • 9177 posts

Posted 02 July 2009 - 10:37 PM

QUOTE (sfdex @ Jul 2 2009, 06:58 PM) <{POST_SNAPBACK}>
I seem to remember that you can install Microsoft updates using Firefox. You might give that a try.

Viruses and malware really infuriate me. I've noticed that Google has been running a little flaky lately; I wonder if that has anything to do with what you're reporting, Lucinda.

Good luck with it, and please keep us posted.



Well you can't use Firefox anymore to download anything from Microsoft but small updates. But I have to format the hard drive after all. It seems because my XP is messed up now because I updated it. Why, oh why will I never learn to not update something if it is working fine? I don't know if it is because of the update of XP that made the drivers fail but even the update that Nvidia created just today for a new driver to work with xp does not work.

Since the card worked before and I have my old version of XP still on CD, I am haping if I put that on and do not update it, I will be able to get the graphics card working. Of course not even Moviestorm will work now on this computer, much less any other graphics program I need.

And I still have the virus. So the only thing to do is to wipe the drive. Oh, the only program that will even discover you have this Rootkit virus is Kapersky Labs, so I advise everyone to run that software and scan their computers.

This virus resides in the memory so there isn't any way you can manually locate it and just delete it. It doesn't like put a folder on your computer with the virus in it and it isn't in the system registry either. Sometimes you can get rid of these by deleting the system registry for that particular file. Not with this one.

And the IE 8 is really buggy. There is another virus on that, that keeps changing the homepage and makes it unusuable. IE 8 I mean and they don't even seem to know how to get rid of it.

#6 primaveranz

primaveranz

    Master Director

  • Pioneers
  • 5409 posts
  • Gender:Male

Posted 02 July 2009 - 11:39 PM

QUOTE (lucindamc123 @ Jul 2 2009, 10:37 PM) <{POST_SNAPBACK}>
It seems because my XP is messed up now because I updated it.


For future reference Lucinda, if you find something not working after a windows update you can always try going to control panel, choose "add or delete programs", make sure "show updates" is ticked and then just remove the latest windows update. I have used that successfully a few times.

Cheers.


"If we only use 1/3 of our brain, what's the other 1/3 for?"


#7 lucindamc123

lucindamc123

    Master Director

  • Pioneers
  • 9177 posts

Posted 03 July 2009 - 02:23 AM

QUOTE (primaveranz @ Jul 2 2009, 11:39 PM) <{POST_SNAPBACK}>
For future reference Lucinda, if you find something not working after a windows update you can always try going to control panel, choose "add or delete programs", make sure "show updates" is ticked and then just remove the latest windows update. I have used that successfully a few times.

Cheers.


Thank you, if I had known that yesterday, it would have saved me a bit of grief. However, we formated my C drive and reinstalled XP and got the network going now and the first thing I did was reinstall Moviestorm. I have all my downloads and addons in a safe place. Bet I will find it works a lot better now that I got rid of that virus and a ton of others I had gotten, even though I have a firewall and do daily scans.

Now I have to reinstall a lot of stuff but I think for right now it will just be my graphics programs, video editing and animation programs. I did get Fractel Design Painter to work which was good luck as it is an old but excellent program that you cannot find anymore because Metacreations sold out to Corel and Corel messed it up and raised the price really high. And my old program came on the small disks, not CD so I can't reinstall it. However, I had it on my shared drive and it opened right up. I have to reinstall Adobe Photoshop but I do have that on a CD. And I have to reinstall Sony Vegas but I have that on a CD luckily.
There is supposed to be a way, since I have all those programs on my large drive to be able to just add them to the registry but so far I am not sure how to do it and I don't want to copy the whole registry over (I backed up the old registry and saved it) because I might mess something up.

#8 lucindamc123

lucindamc123

    Master Director

  • Pioneers
  • 9177 posts

Posted 04 July 2009 - 04:43 PM

I highly recommend Kaspersky software for virus hunting and cleaning your computer. Although they mainly sell their products, they have a free program available that is the best I have ever used. It found viruses and adware, malware and other annoying things that none of my other programs found.

This is a link to their website. The download instructions are in German so it is a bit tricky to install the software. You will not be sorry.

Scanned all my hard drives and all my addons that I have sent people, as well as all my video files and nothing I have sent anyone had viruses. Nothing anyone sent me had viruses either. None of the things I downloaded had viruses. However, I did get a virus from Iclone. That is not Iclone's fault at all. People who do this kind of thing attack large companies. Also nothing from Moviestorm or any one else's addons had viruses. The worst viruses come from big companies like Microsoft and Google because those are the ones that people who do this kind of thing attack. I even had a virus in a Quicktime MOV file I downloaded from Archive.org.

http://www.kaspersky.com/

My husband is a DBA at a large bank and they have to be very security conscious so he knows all about kind of thing.

It is annoying of course to have to be careful, but I have learned my lesson now.

#9 sfdex

sfdex

    Master Director

  • Members
  • 270 posts

Posted 07 July 2009 - 06:10 PM

Good information, Lucindamc. And I'm glad you're able to recover your software and files after a reformatting of your drive. Lots of people aren't very good about backing up their systems which is a disaster waiting to happen. Mac users have Time Machine. PC users have a range of options. The backup utility I use at work is Syncback SE. (http://www.2brightsparks.com/index.html) It's 30 bucks, but it's worth every penny. I've had entire drives go down, but because I'm compulsive about backing my stuff up, it was just a matter of an hour or so to replace the drive and then copy the terrabytes of info onto the new drive from the backup drive. As opposed to days and days of work to reconstruct projects from scratch. (I have no connection to 2BrightSparks aside from using their software. There are a bunch of good options out there for PCs. Macs, too, beyond Time Machine.)

As it happens, my other half used to work for the Internet Archive here in San Francisco, and I can tell you that they would be very interested to know about a virus that is propagating from a quicktime they're hosting. They're extremely vigilant about scanning items they host.

You can contact them directly via the information here: http://www.archive.o...out/contact.php

If you do contact them, please tell them exactly what file it was that you downloaded from there that contained the virus. (If you still have the URL it came from that's best, but if not, its exact name as it appeared on the Archive.) And if your Kaspersky software provides the information, let them know what virus was embedded in the .mov file. I know that's another thing to do, but if we all keep vigilant, we can help stem the tide of malicious and opportunistic virus and malware propagation.

- Dex


MacBook Pro - Intel Core 2 Duo - 2.66 GHz - 4 GB RAM - NVIDIA GeForce 9400M/9600M GT - Snow Leopard (10.6.4)

#10 lucindamc123

lucindamc123

    Master Director

  • Pioneers
  • 9177 posts

Posted 07 July 2009 - 08:48 PM

QUOTE (sfdex @ Jul 7 2009, 06:10 PM) <{POST_SNAPBACK}>
Good information, Lucindamc. And I'm glad you're able to recover your software and files after a reformatting of your drive. Lots of people aren't very good about backing up their systems which is a disaster waiting to happen. Mac users have Time Machine. PC users have a range of options. The backup utility I use at work is Syncback SE. (http://www.2brightsparks.com/index.html) It's 30 bucks, but it's worth every penny. I've had entire drives go down, but because I'm compulsive about backing my stuff up, it was just a matter of an hour or so to replace the drive and then copy the terrabytes of info onto the new drive from the backup drive. As opposed to days and days of work to reconstruct projects from scratch. (I have no connection to 2BrightSparks aside from using their software. There are a bunch of good options out there for PCs. Macs, too, beyond Time Machine.)

As it happens, my other half used to work for the Internet Archive here in San Francisco, and I can tell you that they would be very interested to know about a virus that is propagating from a quicktime they're hosting. They're extremely vigilant about scanning items they host.

You can contact them directly via the information here: http://www.archive.o...out/contact.php

If you do contact them, please tell them exactly what file it was that you downloaded from there that contained the virus. (If you still have the URL it came from that's best, but if not, its exact name as it appeared on the Archive.) And if your Kaspersky software provides the information, let them know what virus was embedded in the .mov file. I know that's another thing to do, but if we all keep vigilant, we can help stem the tide of malicious and opportunistic virus and malware propagation.

- Dex


I will see if it is still in the records. It may not be because I think I formatted the drive after I ran Kaspersky and then of course I reinstalled Kaspersky. I may have kept a text file though and I will check it.

The only reason I think it might have come from Archive.org is because that is really the only place where I would get a .mov file but I could be wrong. I collect so much stuff, it is hard to weed it out but I also will check all my back up mov files and run the scan again on just those files and see if I can find it.

Well luckily I found all my CD's for everything, except Pinnacle. But I don't need that program anymore anyway as I use Sony Vegas Pro.

Some of my software was older too and of course there would be no way to replace it if I had not found the CD's.

I don't know what to do about DAZ though as I downloaded all that but they don't have anything but my serial numbers on their site. They don't have the files I bought available for re-download. I spent about $200 there but I never used it much and now I use Iclione but it is still a bummer to lose software. I backed up the C drive so everything on that drive that was installed is still there but you can't just copy the registry keys over and make the programs work. You have to reinstall them.


Makes me really grateful for Moviestorm for keeping our downloadable files available forever because I didn't lose any of that and I had backed them all up anyway. I usually do keep all my setup files but I have not found the DAZ files anywhere.

#11 sfdex

sfdex

    Master Director

  • Members
  • 270 posts

Posted 08 July 2009 - 09:40 PM

You can write to Daz and ask them to reset your downloads; they'll do it three or four times, as I recall. (I own Carrara, MimicPro, Hexagon, and a fair amount of their content.)
MacBook Pro - Intel Core 2 Duo - 2.66 GHz - 4 GB RAM - NVIDIA GeForce 9400M/9600M GT - Snow Leopard (10.6.4)

#12 lucindamc123

lucindamc123

    Master Director

  • Pioneers
  • 9177 posts

Posted 09 July 2009 - 02:00 AM

QUOTE (sfdex @ Jul 8 2009, 09:40 PM) <{POST_SNAPBACK}>
You can write to Daz and ask them to reset your downloads; they'll do it three or four times, as I recall. (I own Carrara, MimicPro, Hexagon, and a fair amount of their content.)



Oh good, thanks. That helps a lot. So far I have everything working but one strange thing. WIndows Movie Player will not view movies I make even wmv files. My WMP on my laptop views them fine so I know there is nothing wrong with the codec. And I installed the WMP from Windows. But I don't have all my drivers sorted out quite yet. Movies won't play on Real Player either on this desktop.


  • Please log in to reply


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users