Server Help

Solo Ace · Posted: Sun Sep 11, 2005 5:25 pm *Post maybe stupid* Post subject: !?

Well, as I posted earlier on this forum, I've been to a LAN PARTEH.
I'm not going to whine again about how bad it sucked, but I just found out that one of the computers of my friends got infected with some very lame spyware or virus.

They're just a few processes which spawn an icon next to the clock with a balloon pop-up saying the system is infected with spyware and "Click here for removal instructions".
Clicking the balloon actually runs some program pretending to be an anti-spyware program, while it actually just seems to spread the infection.

After seeing IE actually trying to open weird pages I disconnected the network cables and shut the PC down.

After reboot the desktop wallpaper got changed too into some warning saying the system got infected with spyware.

Booting into safe-mode doesn't really help much, I could try deleting the .exe's, but I'm afraid the whole Windows installation got screwed over already.

I'm just wondering how it got there and what it came from, during our stay there I saw he had some new games installed and some other weird tools, maybe those were infected.

I took the box home (we couldn't get the drive out easily enough), and I'll try to fix it manually, but I probably will have to make an image of the drive, then wipe it completely.

Any other suggestions/ways to determine how these crappy programs got there? I'd really like to know how this shit got there.

LearJett+ · Posted: Sun Sep 11, 2005 7:48 pm *Post maybe stupid* Post subject:

Have you tried Spyware Doctor or Ad-Aware yet? They're free and work nicely.
_________________

Assassin2684 · Posted: Sun Sep 11, 2005 9:35 pm *Post maybe stupid* Post subject:

Spybot:search and destroy
hijackthis

Quan Chi2 · Posted: Sun Sep 11, 2005 9:58 pm *Post maybe stupid* Post subject:

isnt a LAN party full of computer geeks? One of them will figure it out sooner or later...

LearJett+ · Posted: Sun Sep 11, 2005 10:05 pm *Post maybe stupid* Post subject:

What is a LAN party again?

SamHughes · Posted: Sun Sep 11, 2005 10:45 pm *Post maybe stupid* Post subject:

It's a satanic ritual in which some integer of nerdizens gathers in a dark room and worships its local area network by flooding it with packets.

Solo Ace · Posted: Mon Sep 12, 2005 1:43 am *Post maybe stupid* Post subject:

You fools, this isn't just normal adware, spyware, or anything like that.
This is more like a virus, and it actually prevents the user from doing anything.

Hijackthis would be as useless as using msconfig, it protects its spot in the registry.

Don't tell me to use those silly programs, I know them, and they're useless in this case.

I was at the LAN party (well, more like a LAN mess), but I'm back home now.
None of them would figure it out, they know less than I do.
And about nerds/geeks, at least I spend my time to better things than playing CONTINUUM, and it's not anti-social as a few others here are.

.
For most of us it's just about smoking lots of pot and getting all fucked up while playing games (I don't do drugs, though, for me it's just about the event).

You don't have to play games to flood the router we were on, visiting a website was enough.

Mine GO BOOM · Posted: Mon Sep 12, 2005 2:28 am *Post maybe stupid* Post subject:

Hijack This + Safe Mode. Otherwise, run a virus scanner or figure out the name of the virus. How? Google.

Another good option is to plug the hard drive into another computer, or use a bootable Linux distro, or use a bootable anti-virus product to check the drive for viruses.

Maverick · Posted: Mon Sep 12, 2005 6:15 am *Post maybe stupid* Post subject:

Some spyware put themselves into the Add/Remove Software section of control panel and they can be easily removed through it.
Doubt you can do it with your version though.

However, I would just find all infected .exe files and delete them (Shift-Delete). If windows starts to buckle, you can always do a Windows Repair with the Windows XP CD. More of a problem is when the registry gets fucked, however I believe the Windows Repair can do something about that too.

Good luck fixing your computer, Solo Ace.
_________________

Nickname: Maverick (I changed my name!)
TWCore developer | Subspace statistics

wEaViL · Posted: Mon Sep 12, 2005 8:38 am *Post maybe stupid* Post subject:

http://www.frozentech.com/content/livecd.php

Maybe one of them will help ya

Smong · Posted: Mon Sep 12, 2005 9:07 am *Post maybe stupid* Post subject:

Sounds like another case of nortonus antivirusus infecting yet another weak customers computer.

Solo Ace · Posted: Mon Sep 12, 2005 10:09 am *Post maybe stupid* Post subject:

Yeah MGB, I'm going to load a Linux livecd on it and just remove the exe's.
Although, I'm pretty sure it infected loads of other files already, too.

The virus prevents the control panel from being loaded it seems (nothing shows up now).

I don't know, I'll get it fixed.

And Maverick, as you obviously didn't read: the computer's not mine, it's a friend's.

I wouldn't be posting here now if it was mine.

Maverick · Posted: Mon Sep 12, 2005 10:50 am *Post maybe stupid* Post subject:

oh forgot about that part

wEaViL · Posted: Mon Sep 12, 2005 12:05 pm *Post maybe stupid* Post subject:

http://www.f-prot.com/products/home_use/dos/

I think that one will run in dos or windows both... from what I read about it... i would give it a try 1st

Solo Ace · Posted: Wed Sep 14, 2005 7:15 pm *Post maybe stupid* Post subject:

Just for the record, I got the virus removed.
The Windows installation was still crapped though, so my friend and I decided to remove the Windows installation and make a new one.
Yeah, pretty much work for nothing to remove the virus, but well, it was a nice experience to work with these silly livecds.
And, at least the backup of the old install is virus-free now.

Thanks for the tips, all.
I'll try to keep things like these from happening again at his computer, although I used to have things under control there.