Miata Turbo Forum - Boost cars, acquire cats.
Page 1 of 2
1
2
Show 60 post(s) from this thread on one page

Miata Turbo Forum - Boost cars, acquire cats. (https://www.miataturbo.net/)
-   Insert BS here (https://www.miataturbo.net/insert-bs-here-4/)
-   -   I think I have a virus.. or something? (https://www.miataturbo.net/insert-bs-here-4/i-think-i-have-virus-something-29154/)

ApexOnYou 12-12-2008 02:55 PM
I think I have a virus.. or something?
 
1 Attachment(s)
My internet started acting really weird last night. Random pages would not load, but others would load perfectly fine, and I knew that they were all available.

Today, whenever I search from my Google search bar, I get this weird pop up. Doesn't come up on any other pages, and doesn't come up if I go to Google and search from there.

Any ideas?

I know someone else posted recently asking about what programs to use to get rid of spy ware/viruses, but any recommendations? Key word - free. :)

ApexOnYou 12-12-2008 02:57 PM
Nvm now its doing it from the Google website itself, and my Gmail isn't working. Must be them.

Anyone feel like trying a Google search?

levnubhin 12-12-2008 03:03 PM
no problems here.
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote

ApexOnYou 12-12-2008 03:05 PM
Yeah its me, a friend just confirmed Google is fine. Trying Malwarebytes..

naarleven 12-12-2008 03:29 PM
oh noes the notorious ruskie popup!!

ApexOnYou 12-12-2008 04:03 PM
I think I've tracked it down to csrss.exe, but it wouldn't delete.

Now whenever I search for it on yahoo/google, my search browser gets blocked. Sounds like that antivirus 2009 that someone else had.

WEAK!

Fireindc 12-12-2008 04:22 PM
Try this:

1. Backup all valuable files

2. Delete windows partition.

3. Create new partition.

4. Install Linux (Ubuntu ftw)

5. Never get a virus like that again.

ApexOnYou 12-12-2008 04:24 PM
Ok I am officially lost.

All but one of these were deleted
Malwarebytes' Anti-Malware 1.31
Database version: 1494
Windows 5.1.2600 Service Pack 2

12/12/2008 2:56:06 PM
mbam-log-2008-12-12 (14-56-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 84688
Time elapsed: 49 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\csrss.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\csrss7.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csrss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\csrss7.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Mike\Local Settings\Temp\csrss7.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\jlw2rty7.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\e1ch3i5r.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\csrss.exe (Trojan.Agent) -> Delete on reboot.
Looked after reboot, and csrss.exe is still running. I'm assuming that means its still on my computer. My net problems are still here.

I saw this in the thread about antivirus 2009:
Originally Posted by Saml01 (Post 334102)
Easy as cake to remove.

Go to bleepingcomputer.com and download Combofix.exe. Run it, dont worry about recovery console, just run it. I cleaned 5 computers with it so far without a hitch.

Download MalwareBytes, run that after.

Download Spybot Search and Destroy, immunize your computer and run the scan.

DO ALL THIS IN SAFE MODE.

Install Avast Antivirus.

Done.
Does that apply to me? Do I really need to be in safe mode to get rid of these?

Braineack 12-12-2008 04:26 PM
you have to delete stuff while in safe mode...

Saml01 12-12-2008 04:33 PM
Originally Posted by Braineack (Post 340553)
you have to delete stuff while in safe mode...
Yea.

https://www.miataturbo.net/forum/t28522/#post334102
This should be a sticky in the archive.

Braineack 12-12-2008 04:37 PM
all I know is when i open this thread, my Acrobat 9 asks where my debugger is loaded.....odd.

RotorNutFD3S 12-12-2008 04:42 PM
In Soviet Russia, bear-porn f***s you.

If this is a recent change, you can do a System Restore to a earlier date. You will lose information saved between then and now, however, the bug will be gone too. Then get something like AVGFree or SpyBot Search and Destroy on your PC.

ApexOnYou 12-12-2008 04:56 PM
Tried running combofix but it just dumps right after I open it. I'm about to just have somene else do it, I have zero patience for computers!

hustler 12-12-2008 06:32 PM
I love the "K" bear. lolololoooool

adjemin 12-13-2008 07:48 PM
Sam and Apex, I went to bleepingcomputer and searched for combofix, to no avail. Would you mind posting a link? Thanks.

messiahx 12-13-2008 08:43 PM
Originally Posted by ApexOnYou (Post 340540)
I think I've tracked it down to csrss.exe, but it wouldn't delete.

Now whenever I search for it on yahoo/google, my search browser gets blocked. Sounds like that antivirus 2009 that someone else had.

WEAK!
csrss.exe is a valid windows process, but some malware likes to use the same name.

LOLA - 92 12-13-2008 10:20 PM
CSRSS7.DLL removal instructions:

1. Temporarily Disable System Restore, Reboot computer in SafeMode.

2. Locate CSRSS7.DLL virus files and uninstall CSRSS7.DLL files program. Follow the screen step-by-step screen instructions to complete uninstallation of CSRSS7.DLL.

3. Delete/Modify any values added to the registry related with CSRSS7.DLL, Exit registry editor and restart the computer.

4.Clean/delete all CSRSS7.DLLinfected file(s):CSRSS7.DLL and related, or rename CSRSS7.DLL virus files.

5.Delete all your IE temp files with CSRSS7.DLL manually, run a whole scan with antivirus program.

I cannot verify that this will work, but it is worth a try.

Alexa virus = POPUPTRAF.RU

ApexOnYou 12-13-2008 11:40 PM
Thanks for the info, i'll give it one more try before I bitch out and re-format lol.

Its good to know the name of the virus at least. Crazy Russians!!

ChairFaceChippendale 12-15-2008 07:24 PM
Originally Posted by Fireindc (Post 340551)
Try this:

1. Backup all valuable files

2. Delete windows partition.

3. Create new partition.

4. Install Linux (Ubuntu ftw)

5. Never get a virus like that again.

after not playing with it for a few years i just reinstalled linux (ubuntu) on both of my computers. smartest thing i've done in a while. if i didn't need to run windows/ie for a select few things i'd be done with it entirely.

to the op:

ad-aware is pretty sweet

ApexOnYou 12-16-2008 02:35 AM
I haven't played with Linux since Middle school, tried a bunch of different forms of Linux OS but never got it set up 100%, ended up going back to Winblows. Is there still a lot of down falls for running Linux, as in product support/drivers for hardware? What about just browsing the internet, you tube/applications and what not.


All times are GMT -4. The time now is 04:50 PM.
Page 1 of 2
1
2
Show 60 post(s) from this thread on one page


© 2024 MH Sub I, LLC dba Internet Brands