Results 1 to 9 of 9

Thread: I got a virus. Anybody know how to remove this? (its a tough one) +rep

  1. #1

    Narkotiq's Avatar
    Join Date
    Feb 2012
    Gender
    Location
    Some where in the city, away from the mutants West Virginia
    Age
    28
    Posts
    618
    Thanks
    82
    Thanked 68 Times in 48 Posts


    Downloads
    126
    Uploads
    0
    Mentioned
    47 Post(s)
    Time Online
    7 d 14 h 7 m
    Avg. Time Online
    5 m
    Rep Power
    6

    I got a virus. Anybody know how to remove this? (its a tough one) +rep

    Infected files:
    80000032.@, 80000064.@ and 00000008.@ theres also one that's just all zeros.

    2 of them show up: Win32NSChanger-VJ[Trj]
    And 2 as a Malware installer.

    I've been googling all day and I keep reading how bad this virus is but I just cant seem to get rid of it.



    No anti-virus will get rid of it. Just says access denied.


    If anybody has had this and knows how to fix it I will +rep the hell out of you for helping me.

  2. #2
    Ciricus's Avatar
    Join Date
    Dec 2011
    Gender
    Posts
    290
    Thanks
    40
    Thanked 132 Times in 86 Posts


    Downloads
    3
    Uploads
    0
    Mentioned
    42 Post(s)
    Time Online
    1 m
    Avg. Time Online
    N/A
    Rep Power
    6
    If your anti-viruses can detect it, then try re-running your computer in safe-mode with network disabled. The reason why the virus can not be deleted is because it starts up hidden as a core process when your computer starts up. (You can not delete files which are running actively on your computer for obvious reasons).

    If you open your computer in safe-mode, only the CORE PREDEFINED PROCESSES SET BY WINDOWS (dunno why i caps'd) wills tart up. Afterwards, run your antivirus and it should berid the trojans. Most trojan types create a new file which creates a backdoor to your computer, rather than infecting an actual windows startup file, and even if it does, without an internet connection, the trojan host can not send commands rejecting deletion.

    Best of luck, if you need to know how to start in safemode just ask.

  3. The Following User Says Thank You to Ciricus For This Useful Post:

    paox3 (07-07-2012)

  4. #3
    paox3's Avatar
    Join Date
    Apr 2012
    Gender
    Location
    Singapore
    Posts
    159
    Thanks
    27
    Thanked 27 Times in 16 Posts


    Downloads
    51
    Uploads
    0
    Mentioned
    25 Post(s)
    Time Online
    3 d 3 h 27 m
    Avg. Time Online
    2 m
    Rep Power
    6
    Do you have any other software for viruses? Like AVG or something else. You could try using those.

    If all else fails, and you don't mind losing data, I'd say just reformat everything.

  5. #4

    Narkotiq's Avatar
    Join Date
    Feb 2012
    Gender
    Location
    Some where in the city, away from the mutants West Virginia
    Age
    28
    Posts
    618
    Thanks
    82
    Thanked 68 Times in 48 Posts


    Downloads
    126
    Uploads
    0
    Mentioned
    47 Post(s)
    Time Online
    7 d 14 h 7 m
    Avg. Time Online
    5 m
    Rep Power
    6
    Way too much important stuff to reformat. I ran a program called Hitman Pro and it seems to have taken care of it.. atleast I hope so. Im not getting alerts every 5 mins now. We'll see how it goes.

  6. #5
    Ciricus's Avatar
    Join Date
    Dec 2011
    Gender
    Posts
    290
    Thanks
    40
    Thanked 132 Times in 86 Posts


    Downloads
    3
    Uploads
    0
    Mentioned
    42 Post(s)
    Time Online
    1 m
    Avg. Time Online
    N/A
    Rep Power
    6
    Quote Originally Posted by Narkotiq View Post
    Way too much important stuff to reformat. I ran a program called Hitman Pro and it seems to have taken care of it.. atleast I hope so. Im not getting alerts every 5 mins now. We'll see how it goes.
    Don't know if you missed my post. Everything I wrote is more or less fullproof without reformatting. If you do not run in safemode, I can garuntee any half decent trojan will simply reinstall itself after deleting it since there's a rootkit most likely.

  7. The Following User Says Thank You to Ciricus For This Useful Post:

    Zachafer (07-07-2012)

  8. #6

    Join Date
    Jan 2012
    Gender
    Location
    Atlanta
    Age
    25
    Posts
    136
    Thanks
    1,372
    Thanked 1,399 Times in 817 Posts


    Downloads
    85
    Uploads
    4
    Mentioned
    628 Post(s)
    Time Online
    14 d 7 h 24 m
    Avg. Time Online
    10 m
    Rep Power
    6
    This is that virus Emily was talking about.

    Go here: http://www.dns-ok.us/

    is it red or green?

  9. #7

    Narkotiq's Avatar
    Join Date
    Feb 2012
    Gender
    Location
    Some where in the city, away from the mutants West Virginia
    Age
    28
    Posts
    618
    Thanks
    82
    Thanked 68 Times in 48 Posts


    Downloads
    126
    Uploads
    0
    Mentioned
    47 Post(s)
    Time Online
    7 d 14 h 7 m
    Avg. Time Online
    5 m
    Rep Power
    6
    Quote Originally Posted by Ryan~ View Post
    This is that virus Emily was talking about.

    Go here: http://www.dns-ok.us/

    is it red or green?
    \
    Actually I went there earlier today and it was green. I didn't have the problem until I went there though. Like 10 mins later all these alerts and stuff started popping up.


    Edit: Still Green

  10. #8

    Join Date
    Jan 2012
    Gender
    Location
    Atlanta
    Age
    25
    Posts
    136
    Thanks
    1,372
    Thanked 1,399 Times in 817 Posts


    Downloads
    85
    Uploads
    4
    Mentioned
    628 Post(s)
    Time Online
    14 d 7 h 24 m
    Avg. Time Online
    10 m
    Rep Power
    6
    Well, that's a government site,so I doubt you'd get it from there.

  11. #9

    Join Date
    Jul 2012
    Gender
    Location
    South Carolina
    Age
    32
    Posts
    51
    Thanks
    4
    Thanked 7 Times in 7 Posts


    Downloads
    5
    Uploads
    0
    Mentioned
    4 Post(s)
    Time Online
    N/A
    Avg. Time Online
    N/A
    Rep Power
    6
    I have a easy way for you to destroy viruses that your antivirus can't seem to kill.
    Forgive my spelling and grammar.

    Tools you will need: A 2+ gb usb drive. Yumi Multi-boot (http://www.pendrivelinux.com/yumi-mu...t-usb-creator/). Ethernet plugin.

    1) Place USB Inside computer.
    2) Turn on Yumi (Ok administrator mode. )
    3) Choose your USB drive.
    4) Choose bitdefender antivirus from the scrolling menu. Then click the opted to download the iso.
    5) Click Create! This will reformat the USB. After it's done creating, you now have a live usb of bitdefender.

    Now to use it.
    1) Plug in your ethernet
    2) Restart the computer and boot into the usb. You can either do this through the bios or through the boot menu. Depending on the computer and it's age. I use my esc or f12 key and it pulls up a boot menu. I choose the usb. If you go through the bios (normally del) choose the boot priority and make the USB on top.
    (Bios Boot Order Changing: http://www.youtube.com/watch?v=smL4hDBrN2A)
    (
    When the usb boots, choose the anti-virus and then boot into bit defender. Make sure your computer is plugged into the internet to make this faster or you will have to cancel the first scan and sign into your wifi. So, if it's Ethernet plugged in, it will update and scan as soon as it turns on.

    The program will update and then virus scan if it has internet access.

    Now what makes this a better approach than starting in safe mode? This method is very intense on the computer. It is booting from the USB. This means everything is placed onto the USB. The OS is a linux based OS, thus the windows virus can not affect it. This method is like sending in the army to break up a bar fight. It will stop every virus that is on the computer and things that windows has allowed to infest directly. Last time i scanned a computer with AVAST on it with this process, I found over 30 viruses.

    Now after the virus scan is done:
    1) Shutdown.
    2) Remove USB drive.
    3) Restart the Computer. It might prompt you to "fix" windows. Windows is not broken. You booted into a different OS, thus windows is confused and thus wants to fix it anything the other OS did. That means, it will try to restore the system. Which isn't a good thing. So, don't let it "fix" windows.
    4) If you don't have a PC cleaner of some type, i would suggest Glary Utilities (http://www.glarysoft.com/products/ut...ties/download/) This is a freeware program that helps repair the basics of windows.
    5) After installing, click scan for issues. Then Fix issues.
    6) Go to Modules > Windows Standard Tools > Disk Defragmenter. (The reason for this is because this virus leaves holes in your file indexing)
    7) After defraging your computer, close all programs except glarys. Then Modules > optimize > registry defrag. (This will organize your registry which will make it easier for your computer to find stuff and help your antivirus determine if something doesn't belong.
    8) After defragings is over with, restart your computer and have fun with your faster, stronger, and happier computer.

    If you have any questions fill free to PM me.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •