1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[ViRuS] FiX it - I pay

Discussion in 'BlackHat Lounge' started by healzer, Aug 29, 2011.

  1. healzer

    healzer Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 26, 2011
    Messages:
    2,363
    Likes Received:
    1,966
    Gender:
    Male
    Occupation:
    Marketing automation tools
    Location:
    Somewhere in Europe
    Home Page:
    I have been a target by malware, rootkit, maybe even a bootkit.

    I have searched google - no luck.
    It's something new, it's been on the news 2 weeks ago, VPS are being targeted by a worm ,and these worms are then finding their way to the users main computers...

    I have been a target, of maybe 2 rootkits, No AV can find them,

    I tried IceSword & rootkitrevaler: I get error & cannot start them (rootkits are designed to eliminate them) doesn't work in safemode eaither.


    I tried the Kaspersky recovery disc (fail)
    I have ESET NOD32 AV
    I tried to Reinstall Windows 7
    I tried to isntall windows 7 on a other HDD

    This virus multiplies from one drive to another...

    The reason I HAVE FOUDN THIS VIRUS is because: My Online Bank Account gets a Malware Popup redirecting me to a website to unblock my account, which is fake & made by crackers.

    It could also be possible that the Bank I use is the target, but I doubt it, Belgian banks are pretty secure

    Any Forum you recommend for me to post my story?
    I will pay - 20$ if you can find the problem. (or more)

    I use GMER, if you want any log files just ask, I'm not a Security expert.

    :pirate:
     
    Last edited: Aug 29, 2011
  2. peetu69

    peetu69 Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 7, 2010
    Messages:
    194
    Likes Received:
    131
    Location:
    420
    Type in cmd

    msconfig

    then check everything that is starting when your computer is booting. If it looks suspicious better uncheck it.
    If you are not sure, just google the filename.
     
    • Thanks Thanks x 1
  3. Crazy

    Crazy Jr. Executive VIP

    Joined:
    Jun 13, 2009
    Messages:
    640
    Likes Received:
    319
    Occupation:
    VB, C#, XHTML, CSS, PHP, MySQL, JavaScript, jQuery
    Location:
    Everywhere
    First, Google "autoruns" by Sysinternals and install that. Send me screen shots of your start up configuration.
    Second, download HiJackThis and send me a report.
    Third, send me your mapping from within your hosts file (not sure if it's the same on Win7 but should be in %system%\drivers\etc)
    Forth, download avast! AV and run a boot-time scan.
    Fifth, get Malwarebytes anti-malware and run a full scan.
    Sixth, PM me your Skype or w/e you use.
     
    • Thanks Thanks x 1
  4. saifi2649

    saifi2649 Power Member

    Joined:
    Mar 31, 2011
    Messages:
    505
    Likes Received:
    232
    Occupation:
    jobless
    Location:
    in my gf`s heart :D
    use malwarebyte in safe mode or try to scan with kaspersky 2012 if yor are able to install
     
  5. davids355

    davids355 Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 25, 2011
    Messages:
    8,776
    Likes Received:
    6,307
    Home Page:
    I will fix it for you. I will charge $30 - that is cheap:) I can do it now, I want payment up front, via paypal, I will come in via logmeinrescue - I will send you email link. Let me know via pm.

    Btw if I cannot fix, I will give full refund.
     
  6. ericsson

    ericsson Elite Member Premium Member

    Joined:
    Apr 25, 2009
    Messages:
    2,642
    Likes Received:
    8,132
    Occupation:
    www
    Location:
    Swe
    Home Page:
    I can try to fix it for free..

    I mean, why pay 20-30$ for it..

    We are here to help people out....
     
    • Thanks Thanks x 5
  7. davids355

    davids355 Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 25, 2011
    Messages:
    8,776
    Likes Received:
    6,307
    Home Page:
    You can TRY and fix it, I CAN fix it, its my job. I normally charge £69+vat per hour, so it's only a nominal fee.

    I'm not being an arsehole am I? Op if you are computer savy, I will happily talk you through the whole process via bhw, but if you want me to log in and fix, let me know, it will probably take me 1-2hours and as I said, if your not happy it's solved the problem, I won't charge anything.
     
  8. Crazy

    Crazy Jr. Executive VIP

    Joined:
    Jun 13, 2009
    Messages:
    640
    Likes Received:
    319
    Occupation:
    VB, C#, XHTML, CSS, PHP, MySQL, JavaScript, jQuery
    Location:
    Everywhere
    David, if others are doing it for free let them try first. It's not that complicated.
     
  9. healzer

    healzer Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 26, 2011
    Messages:
    2,363
    Likes Received:
    1,966
    Gender:
    Male
    Occupation:
    Marketing automation tools
    Location:
    Somewhere in Europe
    Home Page:
    I won't be able to pay right now, but I will promise to pay if you fix it, at the beginning of september, thats when my Affiliate pays me (8th sept, I get the Cash)
    @Crazy: I will do it right now
    @ericsson, add me on skype

    (skype: healthchants)
     
  10. youngguy

    youngguy Senior Member

    Joined:
    Apr 11, 2009
    Messages:
    1,053
    Likes Received:
    1,560
    Location:
    Hell
    @davids355: Go away with your red earned pennies. I can fix it in less than 30 mins for free but since ericsson already offered his help to OP, thanks ericsson.
     
    • Thanks Thanks x 1
  11. healzer

    healzer Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 26, 2011
    Messages:
    2,363
    Likes Received:
    1,966
    Gender:
    Male
    Occupation:
    Marketing automation tools
    Location:
    Somewhere in Europe
    Home Page:
  12. shurk

    shurk Junior Member

    Joined:
    Feb 2, 2011
    Messages:
    122
    Likes Received:
    45
    You could try booting with Hirens BootCD (hiren [d0t] info) and using some of those tools, a couple of the tools people have already mentioned are on there.

    You won't be booting to windows so you'll have a better chance of finding the problem and getting rid of it. You may need to change a BIOS setting for the boot order, so the CDROM is before the infected HDD.

    Good luck.
     
  13. extremephp

    extremephp BANNED BANNED

    Joined:
    Oct 19, 2010
    Messages:
    1,293
    Likes Received:
    1,272
    Calm calm, anyone would jump up if they hear someone is paying you for things you used to do usually. :rolleyes:

    If he is good in fixing it up, and if he see someone is paying for it, he will jump up, or even I would if I knew. :p
     
    • Thanks Thanks x 2
  14. youngguy

    youngguy Senior Member

    Joined:
    Apr 11, 2009
    Messages:
    1,053
    Likes Received:
    1,560
    Location:
    Hell
    I know, I replied on his statement:

    Anyway, no big deal :D
     
  15. ericsson

    ericsson Elite Member Premium Member

    Joined:
    Apr 25, 2009
    Messages:
    2,642
    Likes Received:
    8,132
    Occupation:
    www
    Location:
    Swe
    Home Page:
    U normally work with this?
    And? :)
    Why sit here and charge guys having trouble getting rid of it then?

    BHW is like my family. They are my bro´s and sis. And i wouldn´t charge them a single cent for getting rid of a virus.. :)
    That´s my policy ..
     
    • Thanks Thanks x 3
  16. davids355

    davids355 Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 25, 2011
    Messages:
    8,776
    Likes Received:
    6,307
    Home Page:
    I'm not arguing because I noticed people don't do it here.

    I repair pcs and remove viruses every day, I know from experience these things are "sometimes" easy - if you can go in Msconfig (if your a noob) or hjt if your a pro and take out the prob and it's sorted, but sometimes it's not that easy, sometimes the redirect is built in to the tcp stack and sorting the problem is different story - so I'm not going to offer to do it for free or I might regret it. I also know that often (very often) people who know a little bit can cause more problems, I offered a fair price around what op wants to pay.

    If I buy articles/link pushes I don't mind paying the pro's - as I don't have the skills! So I don't feel guilty charging for what I am good at.

    Anyway, I don't mean ANY offence to anyone, as I said I will happily give step by step to op if he wants to do the work, and I am also happy to offer my services.

    IF op gets it fixed free-great, if you still have issues, send me a PM.
     
    • Thanks Thanks x 2
  17. ronegraT

    ronegraT Power Member

    Joined:
    Dec 29, 2010
    Messages:
    620
    Likes Received:
    101
    Occupation:
    sleeping
    Location:
    Sweden
    Its not recomended to install AV programs on a infected computer, but if you like you could do online scans
    Do you know the name of the worm?
     
    • Thanks Thanks x 1
  18. davids355

    davids355 Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 25, 2011
    Messages:
    8,776
    Likes Received:
    6,307
    Home Page:
    Ericsson, you charge for the service that you are skilled at (I look at your sig), you won't charge for this, because your not doing it in a professional capacity.

    I have done other things here for free, but if I am to do something in a professional capacity, I will charge for it - I wouldn't do it for anyone else anywhere else, so I feel I am still offering it as a favour to a bhw member, but as I said I wouldn't be logging in and having a go to save op money, I would be staying there until it was fixed, also btw I would be on logmein, op can watch everything I do to solve problem if he wants.

    Op if you need my help I am happy to take payment later on - I trust you.
     
    • Thanks Thanks x 1
  19. healzer

    healzer Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 26, 2011
    Messages:
    2,363
    Likes Received:
    1,966
    Gender:
    Male
    Occupation:
    Marketing automation tools
    Location:
    Somewhere in Europe
    Home Page:
    My bank which I use has told me to scan with the HouseCall.Trendmicro AV shit, it didn't find anything , I didn't expect it to find anything...

    people , this is a TARGETED attack, people have control over the worm they are spreading, it's not on auto-pilot...

    Crazy & ericcson have been helpful, but we are still trying to find the prob...

    Watch out, if you have a VPS, then the chance of you being targeted is 60% :p
     
  20. ericsson

    ericsson Elite Member Premium Member

    Joined:
    Apr 25, 2009
    Messages:
    2,642
    Likes Received:
    8,132
    Occupation:
    www
    Location:
    Swe
    Home Page:
    davids? No.. Im not making any money with my signature.

    It´s a deal with me and BotWiz really, ok? :)

    I got a service from him, and i put up a banner in my sign for him. Fair Deal. :)