Need help with a virus/worm.

[Pebkio]

Okay, so I don't use any virus protection program, so I have to deal with the occasional virus. I can handle them though, I'm actually pretty good with virus hunting. But, every-so-often I get this one I can't handle. It usually leads me to backing-up all of my installation files and wiping the machine. I don't want to do that again, so maybe one of you can give me some advice (perhaps even beyond *gasp* posting adverts to your favorite invasive program... seriously, don't do that).

What's happening is that now, all of my settings to block all script files except for stuff I approve is being ignored. Many sites that still use just html is being filled with "adscript" ads. They weren't there before, they aren't the ads you normally see, and they're even in places like the middle of paragraphs. When clicking on a link in google I'll sometimes get redirected to a bs "search site" which just posts links to other worm-wridden sites. Finally, I also get a tab-up advertisement from any site I go to (even the Escapist) for that fake news report about the mom that makes money from rehosting sites or whatever (spoiler: it's a lie and probably a pyramid scheme if it actually exists).

Anyway, this particular worm doesn't have it's own executable file, is not a startup script, and has no library file (dll). It doesn't even replace an existing library file because I would find that too. My only guess is that it slightly modifies a library file used by all of my browsers.

So, any ideas on how this worm is doing it's business?

 

[Antari]

There are too many options as to how it could be going about its business. Your better off using software to clean your system, unless you really like spending your entire life searching the registry for any and all new entries. For virii, just use Microsoft Security Essentials, its FREE and works. But it doesn't know how to deal with most Adware. Spybot Search & Destroy will take care of general ad's and malware, but can't deal with most virii. Using both should take care of your problem. If it doesn't, its either time for a reformat. Or Good luck finding it.

 

[JesterRaiin]

maybe one of you can give me some advice

No real time scanner ?
Dude...

Switch to Linux, problem solved.

 

[Scarim Coral]

May I ask why you don't use any virus protection programs at all?

 

[Fishyash]

I recommend that you use avast AVG Norton spybot avira malwarebytes?

...I don't know why you don't use an antivirus program at all. You are not perfect, and unless you browse extremely safely (as in, never download anything ever and don't go beyond google, facebook and youtube) it's not really worth the hassle IMO.

 

[Pebkio]

And dont forget; the best anti-virus is common sense. If you are downloading a different type of malware every few weeks, you might want to be a little more careful.

I don't, but the rare mod does come biggy-backed with some annoying worm.

May I ask why you don't use any virus protection programs at all?

Because I have not the money for a real program, and most of the "free" ones out there either just show me what problems I have and then offer to remove them only if I pay... or... they've got their own problems and gateways into my computer. Often both.

And seeing as how I've removed all but one of them myself, it's just felt invasive and unnecessary. That's why, all I need, is to find out exactly how to get at this annoying one and I'll be back on the gravy train.

 

[Pebkio]

Noscript, Avast! and Malwarebytes are all free, you know.

Those names mean nothing to me, but you mentioned them as free in the subtext of virus/worm protectors so I automatically think poorly of them. Now you've put me in the awkward position of asking you to become an advert for them when I kind-of asked that no one do that.

No, okay, go ahead: Tell me why Noscript, Avast!, and Matlwarebytes are that great.

 

[Esotera]

No, okay, go ahead: Tell me why Noscript, Avast!, and Matlwarebytes are that great.

Noscript is great for stopping browser exploits (mostly cross-tab XSS) and also malicious javascript and flash code. The others, I don't really know about because I run Linux, and am pretty careful about what and where I download from. You don't need virus protection as long as you're downloading from trusted sources.

 

[ms_sunlight]

You are a hazard to other PC users. Ever hear of herd immunity? As well as the viruses you spot, you probably have viruses you don't even know you have. Without antivirus protection, your computer could be part of a botnet sending spam and you wouldn't even know about it.

For goodness sakes, install an antivirus. You have no excuse, given that there are several excellent ones that are completely free, and that do everything that boxed retail antivirus software does.

This article compares several free antivirus packages [http://www.pcmag.com/article2/0,2817,2388652,00.asp] but pick any of the reputable packages like AVG or Avast! and you won't go wrong. Any protection is better than none.

 

[Pebkio]

Well, that confirms what I thought about Noscript, it already practices the settings I already had, and will thusly be redundant when I can get things back in order. Thanks for the info though.

Anyone else?

 

[Pebkio]

You are a hazard to other PC users. Ever hear of herd immunity? As well as the viruses you spot, you probably have viruses you don't even know you have. Without antivirus protection, your computer could be part of a botnet sending spam and you wouldn't even know about it.

Except that would already show up as an open connection whenever I ran a check. Yes I've heard of herd immunity; it's the reason why I spend a full night tearing though my system to find all of the more subtle worms after I find a brazen one.

 

[Hateren47]

Get malwarebytes Anti-malware seriously. No Windows computer should be without it. It's not an antivirus (the clue is in the name) and it doesn't run on start up like an antivirus would. Install it and then update and run once a month. I don't care how good you are with computers you're not faster and better at removing malware than Anti-Malware is. Link [http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html](hosted at techspot).
You should get an antivirus software as well and there are a few free ones that are very good. I use Microsofts Security Essentials because it's very basic, fast, free and very low on false positives. You could technically live without it and so could I but it's better to be safe than sorry IMO.

Anyway unless it is a virus, and they are rare these days, real viruses, I'm certain Anti-Malware can remove it. Try it. Run it once a month. It really is that good. If it won't run it's something a little sturdier than the most common infections and you need to run Rkill [http://www.bleepingcomputer.com/forums/topic308364.html] before running Anti-malware. I've only had to do that once with a fake antivirus someone had installed and ended up with a completely locked down computer so it's probably not necessary but now it's out there.

Protect your computer mate, you're doing everyone a favour like ms sunlight said.

 

[SpAc3man]

Run Rkill then a scan of Malwarebytes in safe mode. Install Avast or MS Security Essentials or check to see if a paid-for security suite license comes as a part of your ISP contract. I get 5 copies of McAfee with my internet connection.

Seriously though, not having AV on ANY operating system is just dumb. OSX has a higher rate of Java based malware infections than Windows these days because users foolishly thought they were immune. I don't give a shit if you are good at removing infections. You are causing unnecessary risk to other people who may not know what they are doing.

 

[Smooth Operator]

I understand if you don't like anti-viruses but in cases like this you do need to run a scan full system scan, some nifty viruses hide their tracks so it seems like none of the actions are connected to a specific file but it's always something there.

Just get one antivirus, run a scan and then disable it.

 

[brainslurper]

Stop using windows. Or give someone with an OS X or Linux computer your hard drive so they can virus scan it.

 

[Mr_Universal]

free version of COMODO is the best thing i can suggest, i have no real experience with hunting down those things myself.

 

[Trippy Turtle]

Oh shit, if your getting Google redirects then you might have a virus that is so annoying to get rid of its not funny.

Spoiler: If its the virus I had here's what I done.

I used MMBAM to get rid of it but it doesn't fully work. It quarantines it and I can delete it but it always manages to reinstall itself. Until I deleted most of the problem it set up its own proxy and told me everything I had on my computer was infected. Even my logoff script. All I have left of it is when I turn on my old laptop if I check my processes their is a process using up 99% of my cpu usage called DWM (Desktop windows manager) but instead of Microsoft is publisher it's "Home Computing". If I left the process going for too long my laptop would overheat.

On a side has anyone had the virus calling itself Antivirus-Action? That thing was horrible.

 

[Cpl.Flint]

Microsoft security essentials. It's actually pretty damned good. Its lightweight. It's non intrusive. It updates regularly and its free. I use it personally on all the computers in the house. It just works and idiot proof.

My other personal favourite is Comodo Internet Security. Anti virus, Firewall and a sandbox all in one. Heavy duty and will take time to convince the sandbox and firewall that not everythings evil. But I find its awesome if you can spare the resources it requires to run smoothly.

 

[McMullen]

And dont forget; the best anti-virus is common sense. If you are downloading a different type of malware every few weeks, you might want to be a little more careful.

I don't, but the rare mod does come biggy-backed with some annoying worm.

May I ask why you don't use any virus protection programs at all?

Because I have not the money for a real program, and most of the "free" ones out there either just show me what problems I have and then offer to remove them only if I pay... or... they've got their own problems and gateways into my computer. Often both.

And seeing as how I've removed all but one of them myself, it's just felt invasive and unnecessary. That's why, all I need, is to find out exactly how to get at this annoying one and I'll be back on the gravy train.

This is why sometimes I think people should get a license before being allowed to use computers.

First, if you don't know any free, good antimalware software, it's because you didn't look carefully enough. It shouldn't take you longer than 10 minutes of googling to learn about malwarebytes, spybot, mse, avast, or even free versions of commercial av products.

Second, if you're downloading mods, or any script or software made by random users, you need an antivirus program, plain and simple. Even some software by corporations contains malware, but if you download enough third-party files, you WILL get infected.

Third, the days when it was easy to tell if you've been infected are over. The most successful viruses are stealthy and do not hog resources, create popups, redirect you to attack sites, or do anything to indicate that they're on your machine. Some will even check for and remove other common viruses, just to reduce the risk that you'll find them in the process of getting rid of the others. This is because viruses are most profitable (and they are a for-profit "industry") when they can sit on your computer harvesting your information and using your machine as a platform to launch attacks on other machines for as long as possible.

Fourth, and this is why I think people shouldn't be allowed to use computers without licenses, is that when you allow yourself to get infected, you are a risk to anyone you communicate with online. People on your network will get attacked, people in your email contacts will get attacked, people you share CDs and removable media with will get attacked, and maybe even people on forums that you visit will get attacked. Viruses are contagious, and some are very good at spreading through all sorts of channels.

Please, please fix your lack of security. You don't need to get super paranoid, you just need to have basic protection in place and browse smartly. Viruses are profitable because of people like you. Please don't be one of those people.

 

[Owyn_Merrilin]

Run Rkill then a scan of Malwarebytes in safe mode. Install Avast or MS Security Essentials or check to see if a paid-for security suite license comes as a part of your ISP contract. I get 5 copies of McAfee with my internet connection.

Seriously though, not having AV on ANY operating system is just dumb. OSX has a higher rate of Java based malware infections than Windows these days because users foolishly thought they were immune. I don't give a shit if you are good at removing infections. You are causing unnecessary risk to other people who may not know what they are doing.

This poster wins for mentioning Rkill. The only other thing is to do some research and find out exactly what virus you have; when you have symptoms this specific, it's usually not that hard to look up. The reason I suggest looking it up is because, depending on the virus, malwarebtes and Rkill may not be enough on their own. Sometimes you need to alter some registry values and run a third program, such as this Rootkit removal tool Kaspersky gives away for free.

Also, seriously, it's 2012. Get some kind of basic antivirus program. Avast, Avira, AVG, something. Not doing it is like having sex with Ke$ha and skipping out on the condom.

Edit:

Because I have not the money for a real program, and most of the "free" ones out there either just show me what problems I have and then offer to remove them only if I pay... or... they've got their own problems and gateways into my computer. Often both.

Okay, I just noticed this. The OP /really/ needs to do some research on basic computer security. The "free antivirus" programs he's talking about are rogue anti-malware apps, like that Antivirus 2011 scam that's such a pain in the butt to remove. A reformat followed by an immediate download of some decent (and free; again, Avast, Avira, AVG, all good) antimalware software is starting to look like a better idea by the moment.