Virus

Virus

PostBy: Dann757 On: Sun Mar 15, 2009 8:20 pm

I clicked on a Harry Potter movie clip last night and knew right away I made a mistake. I saw an .exe flash by and seconds later I had viscious malware pop ups. I tried to run Malwarebytes free anti malware, but it didn't do the trick. I tried to have XP repair itself and eventually got my desktop back. I installed service pack2 which I have on cd, hoping it would help, and got my desktop back with no icons. I tried Norton recovery disc which was useless since I had no recovery points established. I got to a command prompt and found an .exe file in dir:C. It was dated yesterday so I deleted it. Then after service pack 2 installed I lost my usb keyboard and mouse. I couldn't type in my password. I gave up, started in again today and put a ps2 keyboard and mouse in. I got the desktop back and was able to back up a few needed files to cd. I took service pack 3 off Microsoft website which took a couple tries to download. Things seem to be working again.
That really sucked. I think it's called a trojan rogue virus?
Dann757
 

Re: Virus

PostBy: 009to090 On: Sun Mar 15, 2009 8:30 pm

HOLY Crud!!! That is scarey! How come Norton did not find it before it executed? At least Trend Micro gives me a warning, before I open anything malicious.
009to090
 
Stoker Coal Boiler: EFM 520 HighBoy
Hot Air Coal Stoker Stove: DVC-500 x 2
Coal Size/Type: Anthracite Rice

Re: Virus

PostBy: Westy On: Sun Mar 15, 2009 10:52 pm

I use Eset's NOD 32 it's saved me a few times in the last few years. Unlike Norton, it doesn't slow your system down, even while doing a scan in the background.
Westy
 
Stove/Furnace Make: Harman Mark 2


Re: Virus

PostBy: Richard S. On: Mon Mar 16, 2009 1:14 am

Why would you run a .exe from an unknown source? If you haven't already done so make sure file extensions are viewable,

Control Panel :arrow: Folder Options :arrow: View tab ... Under "Hidden files and folders" make sure "hide extensions for known file types" is unchecked.

For the record movie and image files are data files and the chance of getting a virus from them are about none. Generally speaking they are never packaged as .exe's but it's certainly possible. There's only one exploit for actually image files that I'm aware of and that was patched years ago. It pertained to the exif data where malicious code could be injected and it effected a lot of software other than windows.
Richard S.
 
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Re: Virus

PostBy: CapeCoaler On: Mon Mar 16, 2009 9:44 am

The human factor...
Social engineering...
If you click it you can override any protection.
Hence the harry potter movie...
gotta see it...
oops...
CapeCoaler
 
Stoker Coal Boiler: want AA130
Hand Fed Coal Stove: DS Machine BS#4, Harman MKII, Hitzer 503,...
Coal Size/Type: Pea/Nut/Stove

Re: Virus

PostBy: Dann757 On: Mon Mar 16, 2009 11:35 am

Richard S. wrote:Why would you run a .exe from an unknown source?


I thought I was clicking on a play button on a movie clip.
I got AVG free yesterday and it removed two infections:

Trojan horse SHeur2.WAI

Trojan horse Generic13.AZR
Dann757
 

Re: Virus

PostBy: djackman On: Mon Mar 16, 2009 1:02 pm

DVC500_at_last wrote:HOLY Crud!!! That is scarey! How come Norton did not find it before it executed?


The only thing Norton/Symantec is good at detecting is when their license is up for renewal.
djackman
 
Stove/Furnace Make: 1980 vintage Tarm
Stove/Furnace Model: FT22 (aka 202) installed!

Re: Virus

PostBy: CapeCoaler On: Mon Mar 16, 2009 3:49 pm

Run 'combofix' in safe mode.
How to here...download at the bottom
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
CapeCoaler
 
Stoker Coal Boiler: want AA130
Hand Fed Coal Stove: DS Machine BS#4, Harman MKII, Hitzer 503,...
Coal Size/Type: Pea/Nut/Stove