Jump to content


Sign in to follow this  
anyweb

saw a virus infected XP computer today

Recommended Posts

I don't normally come across virus's or for that matter spend time with them, but this evening I did and to cut a Long story short this was a mix of malware and/or a very very nasty virus from a computer running XP sp3 fully patched with AVG 8.5.

 

By the time I got to it it was in a sad state, with two icons on the desktop for pornotube and some other website, plus every 2 minutes approx a fake Windows Security Alert would pop up telling you that there was such and such a trojan worm found and to fix the problem download and install antimalware.

 

Obviously I didn't install it, but uninstalling it (the AntiMalware fake antivirus product) made no difference, I couldn't stop the popups.

 

In Task MAnager a process appeared called settdebugx.exe, removing it was my first priority and to do so i had to delete all files in the users temp folder and remove two reg files in HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

 

Ok, that was done, but even after removing that I could not install Microsoft Security Essentials, it kept on erroring out during the install with a failure

Event ID 7023 The microsoft Antimalware Service service terminated with the following error. The binding handle is invalid

 

 

I later found out that another hidden virus (service) was stopping the installation of this along with stopping me from installing malwarebytes or hijackthis.

 

In addition the task manager showed every two minutes or so two processses starting up, iexplore.exe and ctfmon.exe, if i left them running the pc would freeze soon after.

 

I then downloaded Microsofts RootKit Revealer which listed something called H8Srts, a hidden service (many times....). this was the virus that was causing me the issues !

 

Removing that involved going to this website to download TDSSKiller, and running that file, which found the hidden service and told me to delete it by typing delete, i rebooted, it was gone, finally and finally i could install antivirus software,

 

what a night, what a mess and I really feel sorry for normal users that are exposed to nasty virus's like this one, I can't imagine how they'd cope with it at all other than a format/reinstall.

 

cheers

niall

Share this post


Link to post
Share on other sites


I don't normally come across virus's or for that matter spend time with them, but this evening I did and to cut a Long story short this was a mix of malware and/or a very very nasty virus from a computer running XP sp3 fully patched with AVG 8.5.

 

By the time I got to it it was in a sad state, with two icons on the desktop for pornotube and some other website, plus every 2 minutes approx a fake Windows Security Alert would pop up telling you that there was such and such a trojan worm found and to fix the problem download and install antimalware.

 

Obviously I didn't install it, but uninstalling it (the AntiMalware fake antivirus product) made no difference, I couldn't stop the popups.

 

In Task MAnager a process appeared called settdebugx.exe, removing it was my first priority and to do so i had to delete all files in the users temp folder and remove two reg files in HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

 

Ok, that was done, but even after removing that I could not install Microsoft Security Essentials, it kept on erroring out during the install with a failure

 

I later found out that another hidden virus (service) was stopping the installation of this along with stopping me from installing malwarebytes or hijackthis.

 

In addition the task manager showed every two minutes or so two processses starting up, iexplore.exe and ctfmon.exe, if i left them running the pc would freeze soon after.

 

I then downloaded Microsofts RootKit Revealer which listed something called H8Srts, a hidden service (many times....). this was the virus that was causing me the issues !

 

Removing that involved going to this website to download TDSSKiller, and running that file, which found the hidden service and told me to delete it by typing delete, i rebooted, it was gone, finally and finally i could install antivirus software,

 

what a night, what a mess and I really feel sorry for normal users that are exposed to nasty virus's like this one, I can't imagine how they'd cope with it at all other than a format/reinstall.

 

cheers

niall

From what you are saying here, it seems to me that your Antivirus program did'n quite did it's job. It didn't protect your PC properly. It happens so often. It happened to me too and to solve the problem I changed the antivirus I had and switched to Kaspersky. It is doing quite a good job, I didn't had any problem with my Pc since I installed Kaspersky. If you want too, you can find it here: google.com

Share this post


Link to post
Share on other sites

i did face a similar issue, i had symantec AV client updated with latest definitions, but the worm still penetrated into my computer.. strange..

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...