Dynaverse.net
Off Topic => Ten Forward => Topic started by: Iceman on June 18, 2004, 04:04:00 pm
-
If anyone knows anything about the new friends.scr virus much help would be appreciated! It basically starts your browser and tries to redirect your home page to some other one, and starts your AIM (or trillian, etc) and puts up its own away message with a link to the program. I can't seem to shake it. I've run ad-aware, spybot, norton, and even tried Norton's manual fix. I can't find anything wrong.
-
Apparently its a version of W32.Yaha.B@mm, however it doesn't disable your .exe's like tha one did.
-
Sorry but I can't help. But you can use this as a chance to format and reinstall everything.
Everything runs smoother after a reinstall. I personally do that every 6 or 8 months.
Mariano
-
Try an online virus scan from someplace like Trend Micro or McAfee. Sometimes this will fix the problem. You can also reformat and reload the system, but I think that should be a last step. Since the virus disabled the antivirus scan and update ability on your system you could also try to use the removal instructions at the Symantec site. Hope this helps.
-
What OS are you running? I am running XP and got a virus a while ago. I just started the install program from the CD and did a recovery. I had to download and install the updates again but everything else was saved. Needless to say, I was much relieved.
-
I fixed it. well I got it from a friend and he fixed it so he showed me how. Seems it was a keystroke logger that periodically sent its logs to someone.
Thanks for all the good advice though guys!
-
Iceman,
Could you tell us anything about what your friend had you do to fix your system? I have been a little paranoid of having picked up a keylogger for about a week now but I do not know any tricks to find it. My Mcafee says I have no problems but I am always suspicious these days the the antivirals can be bypassed.
tx, byzantine
-
Sure, first, if you're running XP (which I hope you are cause if not I don't know what to tell you) go to windows/system32, put the viewer in 'list' mode and set it to view the most recently modified.
If you see netstatt.exe in there, you've got a problem.
Restart your machine in safe mode (not networked) by pressing F8 on the boot screen.
Go to start>search "netstatt" (without the quotes, obviously)
If it finds anything, delete it. Also, be sure to delete the one in the system32 folder, as the search function didn't detect that one.
You'd probably know if you had it, it was very obvious. It'd take over (or launch) trillian, and put up an away message with a link to the file with the program in it, and send you to a page which presumably sent in the keylogger.txt (which you can also delete, in your system32 folder.)
Hope it helped.
-
Thank you for the info Iceman. I think/hope I am clean. (My PC at least, can't speak for my mind
.)
-
Yeah it wasn't hard, and it's a valuable tool (knowing how to check system 32, start in safe mode, etc) I just didn't know how to go about it. Good luck!
-
If anyone knows anything about the new friends.scr virus much help would be appreciated! It basically starts your browser and tries to redirect your home page to some other one, and starts your AIM (or trillian, etc) and puts up its own away message with a link to the program. I can't seem to shake it. I've run ad-aware, spybot, norton, and even tried Norton's manual fix. I can't find anything wrong.
-
Apparently its a version of W32.Yaha.B@mm, however it doesn't disable your .exe's like tha one did.
-
Sorry but I can't help. But you can use this as a chance to format and reinstall everything.
Everything runs smoother after a reinstall. I personally do that every 6 or 8 months.
Mariano
-
Try an online virus scan from someplace like Trend Micro or McAfee. Sometimes this will fix the problem. You can also reformat and reload the system, but I think that should be a last step. Since the virus disabled the antivirus scan and update ability on your system you could also try to use the removal instructions at the Symantec site. Hope this helps.
-
What OS are you running? I am running XP and got a virus a while ago. I just started the install program from the CD and did a recovery. I had to download and install the updates again but everything else was saved. Needless to say, I was much relieved.
-
I fixed it. well I got it from a friend and he fixed it so he showed me how. Seems it was a keystroke logger that periodically sent its logs to someone.
Thanks for all the good advice though guys!
-
Iceman,
Could you tell us anything about what your friend had you do to fix your system? I have been a little paranoid of having picked up a keylogger for about a week now but I do not know any tricks to find it. My Mcafee says I have no problems but I am always suspicious these days the the antivirals can be bypassed.
tx, byzantine
-
Sure, first, if you're running XP (which I hope you are cause if not I don't know what to tell you) go to windows/system32, put the viewer in 'list' mode and set it to view the most recently modified.
If you see netstatt.exe in there, you've got a problem.
Restart your machine in safe mode (not networked) by pressing F8 on the boot screen.
Go to start>search "netstatt" (without the quotes, obviously)
If it finds anything, delete it. Also, be sure to delete the one in the system32 folder, as the search function didn't detect that one.
You'd probably know if you had it, it was very obvious. It'd take over (or launch) trillian, and put up an away message with a link to the file with the program in it, and send you to a page which presumably sent in the keylogger.txt (which you can also delete, in your system32 folder.)
Hope it helped.
-
Thank you for the info Iceman. I think/hope I am clean. (My PC at least, can't speak for my mind
.)
-
Yeah it wasn't hard, and it's a valuable tool (knowing how to check system 32, start in safe mode, etc) I just didn't know how to go about it. Good luck!
-
If anyone knows anything about the new friends.scr virus much help would be appreciated! It basically starts your browser and tries to redirect your home page to some other one, and starts your AIM (or trillian, etc) and puts up its own away message with a link to the program. I can't seem to shake it. I've run ad-aware, spybot, norton, and even tried Norton's manual fix. I can't find anything wrong.
-
Apparently its a version of W32.Yaha.B@mm, however it doesn't disable your .exe's like tha one did.
-
Sorry but I can't help. But you can use this as a chance to format and reinstall everything.
Everything runs smoother after a reinstall. I personally do that every 6 or 8 months.
Mariano
-
Try an online virus scan from someplace like Trend Micro or McAfee. Sometimes this will fix the problem. You can also reformat and reload the system, but I think that should be a last step. Since the virus disabled the antivirus scan and update ability on your system you could also try to use the removal instructions at the Symantec site. Hope this helps.
-
What OS are you running? I am running XP and got a virus a while ago. I just started the install program from the CD and did a recovery. I had to download and install the updates again but everything else was saved. Needless to say, I was much relieved.
-
I fixed it. well I got it from a friend and he fixed it so he showed me how. Seems it was a keystroke logger that periodically sent its logs to someone.
Thanks for all the good advice though guys!
-
Iceman,
Could you tell us anything about what your friend had you do to fix your system? I have been a little paranoid of having picked up a keylogger for about a week now but I do not know any tricks to find it. My Mcafee says I have no problems but I am always suspicious these days the the antivirals can be bypassed.
tx, byzantine
-
Sure, first, if you're running XP (which I hope you are cause if not I don't know what to tell you) go to windows/system32, put the viewer in 'list' mode and set it to view the most recently modified.
If you see netstatt.exe in there, you've got a problem.
Restart your machine in safe mode (not networked) by pressing F8 on the boot screen.
Go to start>search "netstatt" (without the quotes, obviously)
If it finds anything, delete it. Also, be sure to delete the one in the system32 folder, as the search function didn't detect that one.
You'd probably know if you had it, it was very obvious. It'd take over (or launch) trillian, and put up an away message with a link to the file with the program in it, and send you to a page which presumably sent in the keylogger.txt (which you can also delete, in your system32 folder.)
Hope it helped.
-
Thank you for the info Iceman. I think/hope I am clean. (My PC at least, can't speak for my mind
.)
-
Yeah it wasn't hard, and it's a valuable tool (knowing how to check system 32, start in safe mode, etc) I just didn't know how to go about it. Good luck!