I need help with nasty virus? I got while scambaiting.

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Baiting Guru Joined: 31 Jan 2007 Posts: 12237

wingman wrote:

I never had any problems before I started playing around with these scammers

There may be the answer to your question, perhaps scambaiting is not your cup of tea. It is easy to blame the unknown.

I have never had problems before, or after scambaiting. 99% of problems like this are "user error".

Personally I don't think you "caught" anything and it is McAfee just being it's crappy self. There were several good solutions mentioned. Try them and see what happens.

Posted: Wed Nov 07, 2007 12:18 am

OK Folks enough of the nasty and sarcastic comments. If you're not willing to offer any real help/advice, move along.

I'm sorry wingman....

Posted: Wed Nov 07, 2007 12:56 am

For those who gave me the links, thanks. I am working through the scans, one by one.

For the rest of you, sorry I misspoke. I got some kind of malware that is jacking with my system, while looking at some eBay fraud. I went to a phishing site, and my computer has been displying certain symptoms ever since. I just want to fix it.

"user error" doesn't explain why my AV software and windows update suddenly were rendered inoperable. And I agree, the lads of Lagos most likely had nothing to do with this, I just figured it might be something that some of you had experienced before.

Posted: Wed Nov 07, 2007 1:15 am

You can post (I think) if you don't find it. I probably won't be here by the time they finish though. If they all say nothing is wrong, I'd suspect something called a root kit, and you may need a specific utility designed to remove that. I'll probably let some other people cover that in more detail as I need some sleep...

Disabled updates on Windows/McAfee is a clear sign of malware, but I really doubt it came from a phishing site, let alone some mugu e-mail scammer. There is no way a fake eBay page downloaded a virus. It wouldn't look like an eBay page if all of a sudden some window popped up asking you to download something or install an ActiveX control. Yes, I've experienced viruses before (they don't usually live very long on my machine unless I want them to). No, none of them have been related to a phishing site or 419 scambait.

It's common that the symptoms don't fully appear until the next reboot, since they add themselves to a list of programs that run automatically on startup (like the one that displays your desktop, or at one time, the one that stops viruses). Then, once it's started, the machine slows down and suspicious things start happening.

I think some errors can prevent Windows updates from working. Not sure what kind of user error would do that, but I've seen cases where updates fail and aren't caused by malware.

Not all scammers operate out of Lagos. A significant portion operate in Nigeria, but they really come from all around the world.

Posted: Wed Nov 07, 2007 1:21 am

Ok, problem fixed. I had not allowed windows to update for quite some time. Windows malicious software removal tool got the job done.

Thanks for all the help.

Posted: Wed Nov 07, 2007 1:30 am

Well McAfee can't be that good if you just caught a virus (play nice Lokie!).

Okay I'll be nice and get you 90% out of this mess. First off roll the system back to lets say Friday. So Start->Accesories->System Tools->System Restore. Its fairly user friendly, so follow the prompts and guess a "safe" date.

Now once thats rebooted and brought the system upto last weeks config, run McAfee's updator, run the av scan, cross your fingers. DO NOT run IE until McAfee has done its thing, System Restore doesn't restore the browser settings in XP.

Hopefully your now good to go.

SALES PITCH
www.avast.com Free for personal use, and rather good at keeping the system clean and healthy.
www.opera.com A way better browser than Firefox in my opinion.
http://www.microsoft.com/athome/security/spyware/software/default.mspx Surprisingly good anti spyware considering its from Microsoft.
http://www.microsoft.com/security/malwareremove/default.mspx Microsofts monthly malware removal tool.

EDIT: Just spotted you fixed the problem, but as the links are useful posted anyway.

Chuck Norris Joined: 11 Jun 2007 Posts: 1357

Hi! Glad if your problem is fixed. Did you figure out what the issue was? Smile

Anyway, I know I found this thread late, but here are a few pointers that I hope will help: It is imperative to let your Windows update. Not doing so puts you at a much higher risk than if you let it update regularly.

If you still have any concerns, or run into this in the future, download Hijack This from TrendMicro, you can find the latest version here.

Then, go to Castle Cops and register there. Start a topic in this forum, and paste the HijackThis log along with a description of the problem you are experiencing. Within a few days a security expert will walk you through the steps you need to take to get rid of the nasties on your system.

There are a number of great downloads on that site--anti-spyware, ant-trojan tools, etc. that you can check out here.

Posted: Wed Nov 07, 2007 1:49 am

lokie wrote:

Well McAfee can't be that good if you just caught a virus ...

That's not necessarily true. Some viruses are highly specialized and not common and can get around the AV software, especially when they're new.

I caught a virus about two years ago. To this day I don't know how I got it. I'm probably the most cautious user around. The virus killed all the AV software first off. It then copied itself onto every .exe and .com on the whole computer, within minutes. The next step it took was to disable Windows and corrupt all the system software. It then spread through the network. It took out seven machines before I even realized it.

No common AV software could help. Nothing. I finally found a killer that was made especially for that one virus. It ran in DOS - it had to. It killed the virus, but Windows was dead too, so in order to copy out the data that I didn't have backed up, I had to boot in DOS mode and copy by hand. Thank God I'm a strict believer in 8:3 file names.

I saved everything, but I had to format all the disks and reinstall everything, including Windows.

The attack and destruction of my system took about 15 minutes.

As I say, to this day I don't have the slightest idea how it happened.

Posted: Wed Nov 07, 2007 5:21 am

@KD

Putting aside my loathing for Norton and McAfee for a moment, I added my comment with the benefit of seeing that the problem was solved. And most importantly that Microsofts malicious code removal tool had removed it.

Now as you may be aware (or not), Microsoft updates that tool with just the big prevalent viruses. Every first Tuesday of the month the new updated version is released, and depending on what went in that month between 7~14 days out of date. To give you a relevant example of how long the process can take, Storm was only added in Septembers download, a full 9 months after that trojan hit the internet.

So getting back to my comment, theres a reasonable expectation that an anti-virus package that charges a subscription fee for updates should have caught it over the weekend.

Now your comment brings us to the big bad problem of anti-virus. Theres a delay between a virus being released, and a vendor creating an update to identify and remove that virus. So nothing is perfect, theres always some risk. However, a lot of real time scanners are beginning to use heuristics to try and determine if code is safe or malicious. Some are pretty good, some are pathetic. But ultimately the future lies with good heuristics as opposed to large upto date signature files.

Which indirectly brings us to here. I've seen far to many compromised machines enter the workship with Norton or McAfee installed. One thing all those machines share in common is the real time scan was switched off. On an average PC those programs are performance killers, its no surprise a user will switch them off as soon as someone tells them how to. Those machines share another trait in common, boot time checking is also disabled. Again who wants to wait 10~20minutes for their PC to boot. Theres just far to many machines where the installed anti-virus package is just a pretty icon in system tray and not much else.

Time to move on before we start thinking Vista and DRM chips are the solution to our problems Laughing

Posted: Wed Nov 07, 2007 10:10 am

Or you could buy a Mac.

Glad you got it sorted.

Try the Firefox/noscript suggestions. Latest success on my PC was to stop a copy of Prockill getting through. that is a hdd eraser if I've read the write-up correctly.

Baiting Guru Joined: 04 Jan 2006 Posts: 3193

When you do get a new AV solution, make sure that only one of them is doing on-access scanning. Having two of them doing it makes a virus infection seem a good idea. Wink

Baiting Guru Joined: 11 May 2004 Posts: 2163

Breddan Butter wrote:

Quote:

"I need help with nasty virus? I got while scambaiting".

What a strange topic title.
What the hell has scambaiting got to do with you getting a virus?

Maybe he downloaded something his lad has sent to him.

downloading stuff from lads is bad.

Posted: Wed Nov 07, 2007 9:08 pm

I never run as an administrator on my computer and I use Opera. If you're not running as admin, things can't auto-install themselves. IE & Firefox are the most commonly used browsers so the most targeted by viruses.

I have had few problems. Good luck with yours!

Posted: Thu Nov 08, 2007 6:27 pm

Klaasvaak wrote:

Maybe he downloaded something his lad has sent to him.

downloading stuff from lads is bad.

I do that all the time. I just do it in a honey net. Plus, I want the virus samples so I can send them to AV companies if one of my anti-viruses don't detect it (and if it's a lad, ask why it set off my anti-virus from an attached screenshot), but they haven't sent me anything yet... Crying or Very sad

Posted: Thu Nov 08, 2007 7:23 pm

For antimalware tools, I recommend Kaspersky. I found out about it based on a recommendation from Kevin Mitnick. The software is really good, and I have found it better than either McAfee or Norton (I have used both).

Yes, you can easily pick up something nasty from a web site. While I was testing some web spidering software, I came across a site whose default page was a virus. Kaspersky caught it immediately, and I was not running a browser of any type. It was caught through the datastream. Nice!

I personally won't use anything else but Kaspersky on my machines.

I need help with nasty virus? I got while scambaiting.	View next topic View previous topic