I think I have a virus.. or something? - Miata Turbo Forum - Boost cars, acquire cats.

Welcome to Miataturbo.net   Members
 


Insert BS here A place to discuss anything you want

Reply
 
 
 
LinkBack Thread Tools Search this Thread
Old 12-12-2008, 03:55 PM   #1
Senior Member
Thread Starter
iTrader: (10)
 
Join Date: Feb 2007
Location: South Eastern Wisconsin
Posts: 1,282
Total Cats: 0
Default I think I have a virus.. or something?

My internet started acting really weird last night. Random pages would not load, but others would load perfectly fine, and I knew that they were all available.

Today, whenever I search from my Google search bar, I get this weird pop up. Doesn't come up on any other pages, and doesn't come up if I go to Google and search from there.

Any ideas?

I know someone else posted recently asking about what programs to use to get rid of spy ware/viruses, but any recommendations? Key word - free.
Attached Thumbnails
I think I have a virus.. or something?-uh.jpg  
ApexOnYou is offline   Reply With Quote
Old 12-12-2008, 03:57 PM   #2
Senior Member
Thread Starter
iTrader: (10)
 
Join Date: Feb 2007
Location: South Eastern Wisconsin
Posts: 1,282
Total Cats: 0
Default

Nvm now its doing it from the Google website itself, and my Gmail isn't working. Must be them.

Anyone feel like trying a Google search?
ApexOnYou is offline   Reply With Quote
Old 12-12-2008, 04:03 PM   #3
Elite Member
iTrader: (30)
 
Join Date: Aug 2007
Location: Va Beach
Posts: 7,282
Total Cats: 0
Default

no problems here.
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
levnubhin is offline   Reply With Quote
Old 12-12-2008, 04:05 PM   #4
Senior Member
Thread Starter
iTrader: (10)
 
Join Date: Feb 2007
Location: South Eastern Wisconsin
Posts: 1,282
Total Cats: 0
Default

Yeah its me, a friend just confirmed Google is fine. Trying Malwarebytes..
ApexOnYou is offline   Reply With Quote
Old 12-12-2008, 04:29 PM   #5
Senior Member
iTrader: (2)
 
Join Date: Apr 2008
Location: Tallahassee, FL
Posts: 1,378
Total Cats: 0
Default

oh noes the notorious ruskie popup!!
naarleven is offline   Reply With Quote
Old 12-12-2008, 05:03 PM   #6
Senior Member
Thread Starter
iTrader: (10)
 
Join Date: Feb 2007
Location: South Eastern Wisconsin
Posts: 1,282
Total Cats: 0
Default

I think I've tracked it down to csrss.exe, but it wouldn't delete.

Now whenever I search for it on yahoo/google, my search browser gets blocked. Sounds like that antivirus 2009 that someone else had.

WEAK!
ApexOnYou is offline   Reply With Quote
Old 12-12-2008, 05:22 PM   #7
Elite Member
iTrader: (13)
 
Join Date: Dec 2006
Location: Taos, New mexico
Posts: 5,703
Total Cats: 237
Default

Try this:

1. Backup all valuable files

2. Delete windows partition.

3. Create new partition.

4. Install Linux (Ubuntu ftw)

5. Never get a virus like that again.
Fireindc is offline   Reply With Quote
Old 12-12-2008, 05:24 PM   #8
Senior Member
Thread Starter
iTrader: (10)
 
Join Date: Feb 2007
Location: South Eastern Wisconsin
Posts: 1,282
Total Cats: 0
Default

Ok I am officially lost.

All but one of these were deleted
Quote:
Malwarebytes' Anti-Malware 1.31
Database version: 1494
Windows 5.1.2600 Service Pack 2

12/12/2008 2:56:06 PM
mbam-log-2008-12-12 (14-56-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 84688
Time elapsed: 49 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\csrss.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\csrss7.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csrss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\csrss7.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Mike\Local Settings\Temp\csrss7.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\jlw2rty7.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\e1ch3i5r.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\csrss.exe (Trojan.Agent) -> Delete on reboot.
Looked after reboot, and csrss.exe is still running. I'm assuming that means its still on my computer. My net problems are still here.

I saw this in the thread about antivirus 2009:
Quote:
Originally Posted by Saml01 View Post
Easy as cake to remove.

Go to bleepingcomputer.com and download Combofix.exe. Run it, dont worry about recovery console, just run it. I cleaned 5 computers with it so far without a hitch.

Download MalwareBytes, run that after.

Download Spybot Search and Destroy, immunize your computer and run the scan.

DO ALL THIS IN SAFE MODE.

Install Avast Antivirus.

Done.
Does that apply to me? Do I really need to be in safe mode to get rid of these?
ApexOnYou is offline   Reply With Quote
Old 12-12-2008, 05:26 PM   #9
Boost Czar
iTrader: (61)
 
Braineack's Avatar
 
Join Date: May 2005
Location: Chantilly, VA
Posts: 72,900
Total Cats: 1,792
Default

you have to delete stuff while in safe mode...
Braineack is offline   Reply With Quote
Old 12-12-2008, 05:33 PM   #10
Elite Member
iTrader: (9)
 
Saml01's Avatar
 
Join Date: Jul 2007
Location: NYC
Posts: 5,730
Total Cats: 2
Default

Quote:
Originally Posted by Braineack View Post
you have to delete stuff while in safe mode...
Yea.

https://www.miataturbo.net/forum/t28522/#post334102
This should be a sticky in the archive.
Saml01 is offline   Reply With Quote
Old 12-12-2008, 05:37 PM   #11
Boost Czar
iTrader: (61)
 
Braineack's Avatar
 
Join Date: May 2005
Location: Chantilly, VA
Posts: 72,900
Total Cats: 1,792
Default

all I know is when i open this thread, my Acrobat 9 asks where my debugger is loaded.....odd.
Braineack is offline   Reply With Quote
Old 12-12-2008, 05:42 PM   #12
Elite Member
iTrader: (33)
 
RotorNutFD3S's Avatar
 
Join Date: Jan 2007
Location: Newnan, GA
Posts: 2,539
Total Cats: 29
Default

In Soviet Russia, bear-**** f***s you.

If this is a recent change, you can do a System Restore to a earlier date. You will lose information saved between then and now, however, the bug will be gone too. Then get something like AVGFree or SpyBot Search and Destroy on your PC.
RotorNutFD3S is offline   Reply With Quote
Old 12-12-2008, 05:56 PM   #13
Senior Member
Thread Starter
iTrader: (10)
 
Join Date: Feb 2007
Location: South Eastern Wisconsin
Posts: 1,282
Total Cats: 0
Default

Tried running combofix but it just dumps right after I open it. I'm about to just have somene else do it, I have zero patience for computers!
ApexOnYou is offline   Reply With Quote
Old 12-12-2008, 07:32 PM   #14
Tour de Franzia
iTrader: (6)
 
hustler's Avatar
 
Join Date: Jun 2006
Location: Republic of Dallas
Posts: 29,114
Total Cats: 351
Default

I love the "K" bear. lolololoooool
hustler is offline   Reply With Quote
Old 12-13-2008, 08:48 PM   #15
Newb
 
Join Date: Jun 2007
Location: Metro Detroit
Posts: 44
Total Cats: 0
Default

Sam and Apex, I went to bleepingcomputer and searched for combofix, to no avail. Would you mind posting a link? Thanks.
adjemin is offline   Reply With Quote
Old 12-13-2008, 09:43 PM   #16
Senior Member
iTrader: (2)
 
Join Date: Jun 2007
Location: Shalimar, FL
Posts: 965
Total Cats: 7
Default

Quote:
Originally Posted by ApexOnYou View Post
I think I've tracked it down to csrss.exe, but it wouldn't delete.

Now whenever I search for it on yahoo/google, my search browser gets blocked. Sounds like that antivirus 2009 that someone else had.

WEAK!
csrss.exe is a valid windows process, but some malware likes to use the same name.
messiahx is offline   Reply With Quote
Old 12-13-2008, 11:20 PM   #17
Senior Member
 
LOLA - 92's Avatar
 
Join Date: Oct 2004
Location: SWAMPS OF FLORIDA !!!
Posts: 1,161
Total Cats: 0
Default

CSRSS7.DLL removal instructions:

1. Temporarily Disable System Restore, Reboot computer in SafeMode.

2. Locate CSRSS7.DLL virus files and uninstall CSRSS7.DLL files program. Follow the screen step-by-step screen instructions to complete uninstallation of CSRSS7.DLL.

3. Delete/Modify any values added to the registry related with CSRSS7.DLL, Exit registry editor and restart the computer.

4.Clean/delete all CSRSS7.DLLinfected file(s):CSRSS7.DLL and related, or rename CSRSS7.DLL virus files.

5.Delete all your IE temp files with CSRSS7.DLL manually, run a whole scan with antivirus program.

I cannot verify that this will work, but it is worth a try.

Alexa virus = POPUPTRAF.RU
LOLA - 92 is offline   Reply With Quote
Old 12-14-2008, 12:40 AM   #18
Senior Member
Thread Starter
iTrader: (10)
 
Join Date: Feb 2007
Location: South Eastern Wisconsin
Posts: 1,282
Total Cats: 0
Default

Thanks for the info, i'll give it one more try before I bitch out and re-format lol.

Its good to know the name of the virus at least. Crazy Russians!!
ApexOnYou is offline   Reply With Quote
Old 12-15-2008, 08:24 PM   #19
Junior Member
iTrader: (1)
 
Join Date: May 2008
Location: NJ
Posts: 146
Total Cats: 0
Default

Quote:
Originally Posted by Fireindc View Post
Try this:

1. Backup all valuable files

2. Delete windows partition.

3. Create new partition.

4. Install Linux (Ubuntu ftw)

5. Never get a virus like that again.

after not playing with it for a few years i just reinstalled linux (ubuntu) on both of my computers. smartest thing i've done in a while. if i didn't need to run windows/ie for a select few things i'd be done with it entirely.

to the op:

ad-aware is pretty sweet
ChairFaceChippendale is offline   Reply With Quote
Old 12-16-2008, 03:35 AM   #20
Senior Member
Thread Starter
iTrader: (10)
 
Join Date: Feb 2007
Location: South Eastern Wisconsin
Posts: 1,282
Total Cats: 0
Default

I haven't played with Linux since Middle school, tried a bunch of different forms of Linux OS but never got it set up 100%, ended up going back to Winblows. Is there still a lot of down falls for running Linux, as in product support/drivers for hardware? What about just browsing the internet, you tube/applications and what not.
ApexOnYou is offline   Reply With Quote
 
 
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -4. The time now is 01:19 AM.