Go Back   Australian Ford Forums > General Topics > Non Ford Related Community Forums > The Bar

The Bar For non Automotive Related Chat

Reply
 
Thread Tools Display Modes
Old 08-11-2007, 02:15 PM   #31
Bucket
XR5 Pilot
 
Bucket's Avatar
 
Join Date: Dec 2004
Location: Perth, Ex NSW
Posts: 1,455
Default

Sounds to me like you may have got a USB born virus.
They hide in .inf script on the Host drive until it is "awoken" when plugged into the Machine.
What it then does is piggyback out on your windows services ports to call a parent server somewhere out there online and download any of the virus files you may try and delete.
In addition to that, it may also hide in your .dll files within the System32 directory protecting itself behind windows' system file protection failsafe.
A couple of programs I can recommend are

Hijackthis www.hijackthis.de ...follow the prompts and copy and paste the log the program generates onto the website and it will analyse it with the most up to date definitions it has. It may alert you to some nasties hiding on your machine.

File Unlocker is also a nifty tool to delete protected files (only if you're sure its the right *bad* file.

Disable system restore as others have said as it may well hide in the restore libraries on your machine.

Go into safemode to give to the best possible chance at deleting the little critters.
May also be worth while running a rootkit scan on your machine. (Available in Beta from Mcafee and a few other Big name AV companies)

We use a customised version of Mcafee here at work and my company's security ops team work very closely with them to get definitions pushed out to remedy stuff that we come across in our daily travels. It works a treat.



If all else fails, blow away the bastard with a format :P
__________________
'08 Ford Mondeo XR5 in Thunder
Bucket is offline   Reply With Quote Multi-Quote with this Post
Old 08-11-2007, 06:55 PM   #32
redslayer
Starter Motor
 
redslayer's Avatar
 
Join Date: Nov 2007
Location: Port Lincoln
Posts: 1
Default virus help

Hey man, scary ... had exactly the same problem happen 2 days ago!!!!! Been on and off the phone to microsoft trying various solutions and finally got to the bottom of it. It was a "Trojan" malicious program and after downloading 3 different security and clean up programs I was finally put on to one that worked, dont know how to give you a link for it but it is called SmitfraudFix and you should be able to find a free download ( unless someone else has a link...). Once installed you need to reboot your computer in "SAFE MODE" - just tap F8 whilst it is rebooting, and then select safe mode from the menu. Open SmitfraudFix and select #2 from the menu.When asked if you want to clean registry answer YES. If 'wininet.dll' is infected ( it will tell you ) click YES to replace with clean version. when program is finished simply reboot in normal mode and you should be all sweet.
By the way if you can tell me how to create/copy a link I can give you the exact program I used.
Good Luck. P.M. me If I can help anymore.
redslayer is offline   Reply With Quote Multi-Quote with this Post
Old 08-11-2007, 07:07 PM   #33
boss-290
Regular Member
 
boss-290's Avatar
 
Join Date: Dec 2005
Location: Victoria
Posts: 384
Default

Save all your documents.

Wipe your Harddrive completely and start afresh.
boss-290 is offline   Reply With Quote Multi-Quote with this Post
Old 08-11-2007, 07:22 PM   #34
red_hotxr6
Banned
 
red_hotxr6's Avatar
 
Join Date: Dec 2005
Location: brisbane
Posts: 2,039
Default

Quote:
Originally Posted by boss-290
Save all your documents.

Wipe your Harddrive completely and start afresh.
This idea sounds good but how do you know what you are saving does not contain the "virus" as well.I have been using spy ware to check the computer and it finds between 6-14 contaminated files, cleans it and the next morning they are back.I just used CClean i think which one of you guys said to use and it came up with 714 infected files, cleaned 54 for me but they want money for the complete thing...
red_hotxr6 is offline   Reply With Quote Multi-Quote with this Post
Old 08-11-2007, 09:13 PM   #35
private9
www.TUFFCARPARTS.com
 
private9's Avatar
 
Join Date: Feb 2006
Posts: 5,221
Default

Fixed!!! A huge thanks to everyone for all the advice, VERY much appreciated!


Quote:
Originally Posted by EA2BA
download smitfraud as well, that will be the main thing you infected yourself with.
Thanks mate, exactly what it was!

Quote:
Originally Posted by redslayer
ey man, scary ... had exactly the same problem happen 2 days ago!!!!! Been on and off the phone to microsoft trying various solutions and finally got to the bottom of it. It was a "Trojan" malicious program and after downloading 3 different security and clean up programs I was finally put on to one that worked, dont know how to give you a link for it but it is called SmitfraudFix and you should be able to find a free download ( unless someone else has a link...). Once installed you need to reboot your computer in "SAFE MODE" - just tap F8 whilst it is rebooting, and then select safe mode from the menu. Open SmitfraudFix and select #2 from the menu.When asked if you want to clean registry answer YES. If 'wininet.dll' is infected ( it will tell you ) click YES to replace with clean version. when program is finished simply reboot in normal mode and you should be all sweet.
By the way if you can tell me how to create/copy a link I can give you the exact program I used.
Good Luck. P.M. me If I can help anymore.
Thanks mate, instructions were perfect!
private9 is offline   Reply With Quote Multi-Quote with this Post
Old 08-11-2007, 09:25 PM   #36
fmc351
let it burn
 
Join Date: Feb 2006
Location: QUEENSLANDER!!!!!
Posts: 2,866
Default

Quote:
Originally Posted by red_hotxr6
This idea sounds good but how do you know what you are saving does not contain the "virus" as well.I have been using spy ware to check the computer and it finds between 6-14 contaminated files, cleans it and the next morning they are back.I just used CClean i think which one of you guys said to use and it came up with 714 infected files, cleaned 54 for me but they want money for the complete thing...
What part of CClean asked for money? Ive never been asked to pay for anything with it. Its not anti spyware, or malware, its simply a registry and temp file cleaner. The registry gets bogged down with dead or old references, so it deletes them or resets them.

You sure you got CClean, and not RegistryCleanFix which on google comes up as 'CCleaner free download' when you google CClean? If you look at the link it is RegistryCleanFix.com not CClean, and is the first google hit.

This is the one you want.
CClean
fmc351 is offline   Reply With Quote Multi-Quote with this Post
Reply

Thread Tools
Display Modes

Forum Jump


All times are GMT +11. The time now is 04:47 PM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Other than what is legally copyrighted by the respective owners, this site is copyright www.fordforums.com.au
Positive SSL