1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help with virus.

Discussion in 'BlackHat Lounge' started by Gromered, Jul 29, 2010.

  1. Gromered

    Gromered BANNED BANNED Premium Member

    Joined:
    Jun 20, 2010
    Messages:
    214
    Likes Received:
    73
    Yeah, i was surfing at the internet and saw some great advertisiment where you can picture your self from real picture into cartoon. I started to download that and it was virus. My virus-protections cant delete it. Spybot cannot delete it becouse it says that i am not the administer of this computer.

    Virus is "My way websearch"

    Now my computer is way too slow and that why i can detect that as virus by myself too.

    Yeah, thanks for any help =)
     
  2. charlie3

    charlie3 Senior Member

    Joined:
    Oct 4, 2009
    Messages:
    1,046
    Likes Received:
    468
    Location:
    U of A
    Can you not make yourself the administrator of your computer so you can get Spybot to delete it?

    If all else fails, you can go the fun route and reformat :D
     
  3. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    Code:
    http://www.pchell.com/support/mywebsearch.shtml
     
    • Thanks Thanks x 1
  4. lakerfan2400

    lakerfan2400 BANNED BANNED

    Joined:
    Jun 26, 2009
    Messages:
    69
    Likes Received:
    36
    so people really do fall for those " turn yourself into a cartoon " bullshit ads?
     
  5. Keedev

    Keedev Regular Member

    Joined:
    Apr 2, 2008
    Messages:
    290
    Likes Received:
    100
    Download HiJackThis and see if that takes care of things.


    You probably should change your signature.
     
  6. MrSmith

    MrSmith Newbie

    Joined:
    Sep 15, 2009
    Messages:
    43
    Likes Received:
    88
    System restore will help you get rid of it

    Also..Hijack this is bollocks. It lists like 1000 services active on your PC and it's a guessing game finding the one that's the virus/hijacker, because they use a generic name for it.
     
  7. littleg2008

    littleg2008 Senior Member

    Joined:
    Dec 3, 2009
    Messages:
    861
    Likes Received:
    421
    Location:
    Cambridgeshire, UK
    Best thing for dealing with these is download a tool called malwarebytes

    Will sort you out guaranteed
     
  8. tacopalypse

    tacopalypse Executive VIP Jr. VIP Premium Member

    Joined:
    Nov 30, 2009
    Messages:
    980
    Likes Received:
    2,485
    Home Page:
    safe mode + malware bytes usually works

    if all else fails, reinstall the os
     
  9. bannedfree

    bannedfree Regular Member

    Joined:
    Jan 31, 2010
    Messages:
    444
    Likes Received:
    43
    Occupation:
    World Wide Web Worker
    Location:
    near an active volcano
    Option1: Manipulate your msconfig file
    -goto run
    -type msconfig
    -locate where the virus file is place
    -remove everything that is on start-up tab
    -go to the virus file and delete it

    Option2: Reset your sytem.
    -Sytem Restore

    Option3: Reformat
    -Reformat
     
  10. varioushats

    varioushats Newbie

    Joined:
    Jul 29, 2010
    Messages:
    0
    Likes Received:
    0
    Hi Gromered - bummer!

    I can offer a few hints as I have picked up a few things since getting 2 'drive-by downloads' in two weeks, when using Brute Force SEO. (I don't blame the software, rather the IE vulnerabilities.)

    Anyway, first of all Spybot Search and Destroy. To run as administrator you have to go to the start button, view all programs, find the program, right click and select 'run as administrator' from the right click menu. A bit weird - but that's what you have to do. Now you should be cool with that.

    Malwarebytes: this can work, but as others have pointed out you may need to start your computer in safe mode as the malware might stop Malwarebytes from running.

    For me, system restore worked for one of my malware issues: but failed the second one and I ended up reinstalling Windows.

    Having learned from the experience: I've changed from McAffee to Zone Alarm, as I think it is less targeted by hackers. I started using Spybot Search and Destroy. Using this, I inoculated my browsers. Also, you should set it to auto-update, for which it needs your Windows login (can't do it if you auto-logon, as it uses Windows Scheduler which does not allow that.)

    Finally, I have just started using a Firefox add-on called Noscript. it does mean a few extras clicks when you actually do want a script to run, but it does obviously block others which may have bad intent, so I think it's worth it. Having just had two viruses by simply visiting a website, you just had to do everything you can.


    I now run BF SEO on a dedicated computer - fortunately I had an old one lying around. It takes 6-7 hours for a typical run, so it needs its own machine anyway, really. For me, anyway. I feel much safer.

    Good luck with your virus, and hope this info helps.
     
  11. CyrusVirus

    CyrusVirus BANNED BANNED Premium Member

    Joined:
    Aug 20, 2009
    Messages:
    1,110
    Likes Received:
    686
    hows this, ill give you an easy way to fix this.
    turn your UAC off, it will prompt you that it is not safe, but don't worry, its all good.
    then after you do that. turn your pc off and turn it back on hitting F8 F9 F11 F12 F1, one of those keys will bring you to the boot screen where you can boot into safe mode, after you boot into safe mode, run a scan on your /temp folder, your virus is either in there or in the /windows32 or /windows folder.

    also, if your virus scanner doesnt pick it up, go to demonoid and look up kaspersky, download and install, scan,

    BTW: the UAC will allow you to delete what you want. with it on, it won't allow you to do much as far as the administrator
     
  12. A_Tjuh

    A_Tjuh Regular Member

    Joined:
    Mar 16, 2009
    Messages:
    227
    Likes Received:
    50
    Occupation:
    Technical IT Specialist
    Location:
    @ My Place
    Home Page:
    What OS do you have? If its Vista it might be possible that your admin account isn't active. You can activate it by going to CMD and typing the command :

    Code:
     [LIST=1]
    [*]Logon to Vista using your usual account.
    [*]Launch the cmd prompt - Make sure you select, 'Run as administrator' (if this is not possible most of the time it will still work.)
    [*][B]Net user administrator Passw0rd [/B]
    [*][B]Net user administrator /active:yes[/B]
    [*]Switch User, or logoff
    [*]Logon as Administrator  Password [B]Passw0rd [/B]
    (Your password may be different!)  
    [/LIST]
     
  13. varioushats

    varioushats Newbie

    Joined:
    Jul 29, 2010
    Messages:
    0
    Likes Received:
    0
    Oh - quick extra; the virus forums all seem to recommend running superantispyware too. Didn't work for me - but they hold it in high regards so might be worth trying. M