Jump to content
Sign in to follow this  
neverbugfree

bugs bugs bugs

Recommended Posts

I have Vista 32bit OS.

I am going to copy/paste what I wrote down this morning in another forum hoping someone can better help me understand what is going on so I can remedy and prevent such in the future.

Well, I'm back with a problem that I think may be a bigger problem than I thought.

A couple months ago I started getting a Trojan fake anti-virus. Completely disabled AVG free and wouldn't allow me to do anything but pay for it.(I didn't of course)

I had my recovery format the Windows partition of C: and restore to factory form that is always tucked away on my D: recovery drive.

This would not last long before the same virus came back. The virus always started with Adobe reader 8.0 asking me to accept terms randomly out of nowhere.

Thanks to jsp user ghot, I was able to clear it and have not had a problem for a couple months.

The other day I see another random Adobe reader 8.0 user agreement asking me to accept. I think to myself "mother $@%^$#" and click the x to close it.

Just an hour ago it randomly came up again. I accepted it this time as nothing important was going and I figured I better just get it over with to see if it's what I thought.

It was another virus as expected. My new anti-virus was quick to pick this up and removed it. Although it did not find the normal fake anti-virus trojan this time. I can't remember the name now, but it was a different sort of trojan with the description of allowing an attacker to send commands. I went to safe mode with networking, updated my super anti spyware and let it run on drive C:. It found nothing, which could be good or bad, I'm not sure yet.

I start Windows normally and Adobe Flash has an update, this could be completely normal as I haven't restarted my computer in 2 weeks or so. Either way I pressed x for now so I could come here.

These virus' can come from 1/4 sites as they are the only sites I use. d2jsp, runescape, runewikia(runescape section of wikipedia), anilinkz(anime streamer).

If I was to think it came from a site, I'd definitely think anilinkz. The problem though, is that it made it's first appearance in so long looking at wikipedia. The second time on anilinkz.(that was just an hour ago)

It is hard for me to fathom wikipedia is causing this. In the past though, it has also shown on wikipedia and only on wikipedia. Still can't fathom it being that.

I don't randomly browse the internet. I stick with those 4 sites because I have no interest elsewhere lately.

I am left to believe a possibility of me being personally attacked. I am not sure how all that would work because I just don't have the knowledge. I can only understand what I see and learn from repetition.

If you actually read my wall of text and have knowledge or opinions to throw my way I would be greatly appreciative.

Is it normal to have the same thing follow me from site to site? My browsing history deletes itself after each exit. I have not used wikia today. So although it's first appearance was from wiki, wiki was not in my agenda today and it's still trying to break in.

If that is normal, why is this virus showing up at random times and not immediately after a repeated command I give my computer? Since this virus is not acting systematical, I'm left thinking it's something based on someone else giving a command.(my opinion doesn't matter really, I more want yours)

How can I prevent this from happening AGAIN? It is seriously a hassle to run anti-virus, then run super spyware in safe mode, then run Kaspersky before I feel safe enough to type my password to some things every time I catch wind of this. Keep in mind a full drive wipe is not possible because this computer didn't come with a disc.(I bought it from my dad years ago and he just never had it) I can only wipe the windows section and restore to factory condition.

Is it actually possible I'm a target, or am I just unlucky with my anime? Something else? Is this virus even gone?

I'm aggravated fellas, what reasons could exist and what options do I have?

Part B:

TDSSkiller app from Kaspersky found nothing for a rootkit. I ran SAS after a definition update on safe mode w/ networking. Nothing new has shown since this morning. A user messaged me though saying "I have gotten virus' near what you explain from runewiki once before when my firewall was disabled. I'd presume it's the ads". My firewall is stock with Windows Defender, but I'm sure many other people who use the site use the same firewall without problem.

Part C: I have not gone to wiki today on purpose. I ran SAS in safe mode with networking after another definition update before going to bed. 4 tracking cookies(not worried about that really, should I be?) and 4 trojan fakegens. I have been using anilinkz and streamed about 10 episodes of an anime I am watching. Why is everything coming at me now? I have taken the steps to remove any current problems to my knowledge. I don't understand how the same site I've been using for 2 months is collecting these virus' now. Also, there was nothing evident about these. SAS just happened to catch them when I was unaware I had anything.

Closing:

I would like to understand what I'm dealing with, and what works to keep me safe and what is a waste of time. I'd rather not have to bother everyone every time I catch wind of something like this. More importantly though... I wish this wind would just stop blowing my way without interfering with my daily usage. If you have questions for me to better understand, please feel free to post it here. Admins can e-mail if you wish, but I will check back regularly hoping to gain knowledge.

I should state, my recovery of drive C: was the first thing I tried as I couldn't get on-line or anything and had zero knowledge at that time. I now use anti-virus Microsoft Security Essentials. I use SAS in safe mode, Kasperky browser free scan, and Kaspersky's TDSSkiller app when I suspect or see any problem. The recovery thing I do not do anymore as I realize it is of no use.

Share this post


Link to post
Share on other sites

I have Vista 32bit OS.

I am going to copy/paste what I wrote down this morning in another forum hoping someone can better help me understand what is going on so I can remedy and prevent such in the future.

...............

Have you run a complete scan? (in safe mode?) Please do so and paste the scan log here.

Share this post


Link to post
Share on other sites

Have you run a complete scan? (in safe mode?) Please do so and paste the scan log here.

------------------------------------------------------------------------------------------------------------------

Numerous times. The only scan I don't make in safe mode is anti-virus. I do not have any saved logs from SAS as my portable version doesn't stay updated. I ran Malwarebytes last night and it found 3 virus that SAS has never found.(At least I have not noticed anything with the same name or path).

-------------------------------------------------------------------------------------------------------------

Scan type: Quick scan

Objects scanned: 141210

Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\deso\AppData\Local\stk.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\deso\AppData\Local\stk.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\deso\AppData\Local\stk.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

---------------------------------------------------------------------------------------------------------------

I ran a full scan after and nothing else was found. To note: I ran this after a full SAS scan.

I will run another complete scan with SAS tomorrow morning and post those logs here.

Share this post


Link to post
Share on other sites

------------------------------------------------------------------------------------------------------------------

I do not have any saved logs from SAS as my portable version doesn't stay updated

With the portable Edition; please redownload the package, as the each package contains the latest definitions.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×