Um... a little help?..

[squiggy_pig]

I recently contracted a nasty virus from this forum... this dirty, dirty forum. Anyone else get infected?

There was a link to a video that required a codec to be viewed, but the "codec" was actually a virus.

Anyway, it's really messing with my system.

If anyone else knows what this is all about I'd greatly appreciate the help!

[MsFrisby]

hahah! Was it one of the porn spams?
_________________
A person's character is their destiny.

[Yarko]

[Major Tom]

hahahaha - i would really like to see an answer to that question.

[squiggy_pig]

Ah... maybe... I didn't know what it was at first though, it was just a link.

I was really dumb to click it. I even assumed it was a virus!

I don't even know what was up with that, going on auto-pilot or something I guess.

[MsFrisby]

Silly boy.

I recommend AVG anti-virus, Spybot and Spyware blaster. Download those (if you can) and run them. Then come back.
_________________
A person's character is their destiny.

[squiggy_pig]

Cool, thanks!

I'll give it a shot...

[WheelsOfConfusion]

Online virus scanners (take a few hours to scan thoroughly)
http://www.pandasoftware.com/products/activescan.htm
http://housecall.trendmicro.com/

Once these have finished, if your problem has been removed or if they tell you how to remove the problem and you have done so, download the following:
Ad-Aware SE (scans and deletes ad-ware)
Spybot Search and Destroy (scans and deletes spyware, + prevention)
Javacool's SpywareBlaster (prevention [adds bad sites to a blocked list])
A-Squared Free Edition (anti-malware scanner against worms, trojans, adware, spyware, etc.)
I recommend having ALL of the above. Then, you need a dedicated firewall and an antivirus program that stay running in the background to block sneaky programs that try to install themselves without your notice, scan your E-mail attachments, restrict internet access to certain programs, etc.

Free Antivirus programs:
Avast!
AVG Antivirus
Antivir

Some free AV programs are almost as good as the ones you buy, some may be better. Here's one article testing three free AV programs, still good even though the article just passed its first birthday. If you feel like shelling out the money, you can choose to buy a system like Norton, McAfee, or others (Panda and TrendMicro both have for-pay AV programs with more comprehensive protection you can download or buy in a store). Remember not to install and run any two AV programs at the same time. It's safer to choose one and stick with that.

Free Firewall programs:
ZoneAlarm
Kerio personal firewall, now owned by Sunbelt.
I know there were some others recommended before but I can't remember them.
Like the AV programs, most companies that put out free firewalls also have for-pay versions available from their sites or through stores.
If you have Windows XP updated through SP2, it has a built-in firewall that you can enable from the Control Panel. It's better than nothing, but it's not as good as any of the free programs above. Also, when you've finished downloading and installing the stuff from above, remember to keep them updated at least once a week and run a scan with each one also at least once a week, preferrably right after updating them. You can stagger them over different days so that one day you scan with Ad-Aware, another you scan with A-Squared, etc. because they often take a long time to do a thorough job. Spybot usually finishes up in fifteen minutes or less. Also, some antivirus programs like AVG can be set to scan automatically at certain times of day, such as when you're sleeping.

Extras to help keep you safe:
GoogleToolbar blocks a lot of pop-ups, plus lets you do a google search whenever you have your browser open. Not bad! Google also has a Googlepack for download that includes a lot of goodies like Ad-Aware, Firefox, Norton Antivirus 2005 Special Edition, and the GoogleToolbar.
Firefox browser: touted as more secure than Internet Explorer because it isn't targetted so heavily by hackers and whatnot, has a large development community from being open source, lack of ActiveX, etc. Has lots of available plug-ins to increase functionality. Also tabbed browsing is the only way to browse.
Avant Browser: (a 3rd party shell for Internet Explorer) has extra features like tabbed browsing, pop-up blocker, ad-blocker, script blocker, and Flash blockers plus more comprehensive tools that can make your browsing experience safer and more pleasant than with regular IE, and is a good way to ween yourself off of that.
Bazooka Spyware Scanner: scans your computer, tells you if you have any spyware, trojans, worms, etc. Unfortunately it won't remove them automatically, but it will tell you how to remove them yourself.

And never, ever, EVER click on any links from spammers or pluggers. You can recognize their posts because they A) have only one or two posts on their account, B) are advertising something, C) toss out mountains and mountains of links, D) Misspell almsot everything, E)Usually nobody replies to them. Tat usually kills of their threads after a day or two, bless 'im.

I was about to set up a thread were everybody could recommend the security software they use so that I could try out alternatives to the stuff I've got, this seems like as good a place as any. So, anybody else, recommend something!

[Edit] Found these recommendations on another forum.

SpywareGuard from the makers of SpywareBlaster. Runs alongside antivirus programs.
Webroot Spysweeper Free online spyware scan
ClamWin open-source Antivirus program, supposedly runs alongside other AV programs without crashing.
iSafer Winsock Firewall.

[Snorri]

Shiiiit.

That's some major weird shit, duuude...
_________________

[Wimbledon]

Wheels, you are some kind of sexy.
_________________
The beatings will stop when morale improves.

[timmccloud]

Yup I know the one. It was one of those spam bot posts for porn. My spyware caught it, and I dissected it for giggles on a spare system I have - it was a real nasty! It installs 3 pairs of services that startup annoying popup adds (your system isn't safe!), and you can't just process terminate one of the services - if you do, the other side of the pair starts it back up again. The only way to get rid of it is to find the names of the processes (and I'm sorry it was two weeks ago and I destroyed all my notes) and crawl through the registry to remove all references to them and their registry keys.

My heart goes out to you dude, that one is a NASTY. And the 10 second porn reel just wasn't worth the two hours of registry hacking necessary to kill it.

It was a funny thread too, because the name of the poster (which I forget) was a great porn name, and there were a couple replies to the post before it was deleted.
_________________
Wow. Tatsuya is god. Or the dragon...

[squiggy_pig]

Hey, me again...

Thanks Wheels, for the suggestions. I've tried pandasoft and trendMicro... trendMicro didn't find all the viruses. Pandasoft seemed to catch everything, but it wouldn't clean anything it deemed to be "malware"... I'd need to pay for that privilege.

I tried a couple other programs on your list, but most of them you have to pay for... unfortunately it'd wait until it scanned my whole system before telling me I had to pay to clean up all the viruses it found! Grrr...

So yeah, I'm still trying. Hopefully I find something that works.

Thanks for your condolences timmccloud. You're definitely right... it's the nastiest one I've ever seen! I'm not sure on how to edit a registry, but I guess that'd be something I could try if I'm unable to find an anti-virus that'll work for me. How would I go about doing that?

[WheelsOfConfusion]

[squiggy_pig]

Well, editing the registry doesn't seem to be an option anyway... the virus won't let me access regedit... it won't let me access the Task Manager either! Sneaky thing...

So I guess an anti-virus is the only option...

I'll check out Panda again. At the very least I could identify the names of the viruses it finds and then look up a way to manually remove them.

[Major Tom]

have you tried starting up in safe mode?

you may be able to avoid the evil processes loading and access regedit at that point.