1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What the hell? Computer suddenly infected like crazy

Discussion in 'BlackHat Lounge' started by Adlad, Jul 6, 2009.

  1. Adlad

    Adlad Power Member

    Joined:
    Mar 16, 2009
    Messages:
    638
    Likes Received:
    303
    Okay so I dunno what the fuck just happened, but it's extremely weird. I always keep my computer up to date and secure. I use the latest AVG, clean my temp files, don't download strange .exe programs etc etc. Then just now suddenly Windows tells me my firewall has been turned off and begins scanning with "Antivirus System PRO." It shows the following screen:

    [​IMG]

    Not even complete and 34 threats? Seriously. What the fuck.

    I assume this is some sort of virus scanner from Microsoft built into Windows? Because I've never seen it before and had no idea it was installed on my system.

    So I ran AVG right away to confirm, and surely enough I have a shit ton of stuff on my computer:

    [​IMG]

    Just yesterday I scanned my computer and defragmented the hard drive (I do this at least once a week), and it literally found nothing. And on top of that nothing has changed since yesterday. I have not installed, uninstalled, or even modified my computer one single bit.

    Does anyone know what's going on? My gut instinct is saying that there's a major security flaw in Firefox/Windows and someone has found out how to exploit it. And that this virus scanner is in fact fake and installed by force once you visit an infected site.

    Help would be most appreciated.

    Thanks
     
  2. Adlad

    Adlad Power Member

    Joined:
    Mar 16, 2009
    Messages:
    638
    Likes Received:
    303
    The most fucked up thing about all this is that there I am happily surfing the net, everything is great, and then within the course of 5 seconds my computer has become totally screwed. It really is totally messed up.
     
  3. howlinghawk

    howlinghawk Registered Member

    Joined:
    May 18, 2009
    Messages:
    57
    Likes Received:
    60
    Home Page:
    You downloaded an exe which contains a trojan. txjx4 (Thats for only one of the virus)
    Keep your windows updated using the update manager.
    There are loads of freeware tojan and spyware removers check them out on Google.
    Don't visit any website you just come across.

    If you need type specific help contact me at howling-hawk [at] hotmail .com

    I work as a security expert and consultant part time.

    Im helping you for free don't worry lol :p

    -Howlinghawk
     
    • Thanks Thanks x 1
  4. HiddenAgenda

    HiddenAgenda Newbie

    Joined:
    Mar 25, 2009
    Messages:
    5
    Likes Received:
    2
    If it really was fine yesterday, and it hasn't corrupted your system restore, just run that. You're probably dead on about a new exploit, so just clear it up asap. Trojans can be a PITA.
     
  5. Mr.Whitehat

    Mr.Whitehat Senior Member

    Joined:
    Apr 23, 2009
    Messages:
    855
    Likes Received:
    220
    Occupation:
    Wandering Around !
    Location:
    Dating Moolah Babe^
    I appreciate your effort, bro :)
     
  6. Moneymaka

    Moneymaka Junior Member

    Joined:
    Apr 28, 2009
    Messages:
    154
    Likes Received:
    122
    I had something similar yesterday.
    My computer rebooted because a window update was finished, after the computer rebooted, i had like 20 more processes running than i had before the update.

    My msn skin, colors, everything went back to default. Even my windows theme went back to default.

    Anyone know what's happening?
     
  7. gaabrielz

    gaabrielz Registered Member

    Joined:
    Nov 17, 2008
    Messages:
    60
    Likes Received:
    35
    Occupation:
    Application Developer
    Location:
    Canada
  8. Adlad

    Adlad Power Member

    Joined:
    Mar 16, 2009
    Messages:
    638
    Likes Received:
    303
    Sorry but you're wrong here. I did not download any exe that was infected. That I know 100%. All these trojans suddenly appeared on my computer within seconds of viewing what I assume is a corrupted site.

    I'm no newbie when it comes to computers and I know for sure I've done nothing wrong. I always stay up to date with the latest security patches and scan my system regularly. On top of that I will never execute or install something I've downloaded without scanning it first.

    So yeah, this is a totally new exploit in my opinion, which can completely kill your machine just from you visiting a site
     
  9. Adlad

    Adlad Power Member

    Joined:
    Mar 16, 2009
    Messages:
    638
    Likes Received:
    303
    It's actually quite funny how lethal this was. First it infected my machine was fake anti-virus software. Then it installed over 20+ trojans (confirmed by AVG), then it killed my Windows GUI and deleted my network connections and printer.

    Just got done with a format.

    The scary thing is no anti-virus or anti-spyware would have helped me. It just kept coming back and taking control of my system. The only solution was a complete format
     
    Last edited: Jul 6, 2009
  10. OldMadHatter

    OldMadHatter Junior Member

    Joined:
    Feb 26, 2009
    Messages:
    193
    Likes Received:
    70
    Occupation:
    Running own company
    Location:
    The MadCave
    was any of the services/applications you had running in the background a "server" with access to the Internet? call-home type of thing, eventually downloaded here? :)
    I run most of the stuff which requires Internet access on a virtual machine on a separate VLAN.... I know it's a pain, but any suggestions on how to improve the system are welcome...
     
  11. Silencer

    Silencer Senior Member

    Joined:
    Dec 14, 2008
    Messages:
    1,149
    Likes Received:
    1,639
    its a trojan from an exe.
    Do you have on access protection?
    I use avast free edition.
     
  12. ForeverNever

    ForeverNever Power Member

    Joined:
    Sep 17, 2008
    Messages:
    727
    Likes Received:
    365
    He said no it's not.

    Anyways it could be from a malicious website. Not many out there but they are there. Just be careful.
     
  13. jodyberry

    jodyberry Power Member

    Joined:
    May 21, 2009
    Messages:
    619
    Likes Received:
    170
    I had a very similar virus and had to re-format also.
    And no, I didn't download an exe, but i probably WAS surfing some serial/warez sites (dumb - I know).

    I got a new HD for $50, installed Windows 7 RC, and now use my old HD as a second drive installed on my 2nd IDE channel (for storage and retrieving old files only).
    The only pain was re-installing all my old software, settings, etc.
    Nice thing is that my desktop is CLEAN for a change!! Actually, this is my "once every 2 years" way of cleaning up my system!!
     
  14. ar032

    ar032 Newbie

    Joined:
    Jun 1, 2009
    Messages:
    2
    Likes Received:
    0
    I use hxxp://malwarebytes*org
    It's great and its free
     
  15. thesmashge

    thesmashge Power Member

    Joined:
    Jan 14, 2009
    Messages:
    520
    Likes Received:
    519
    I have the same experince with this thing one month before.....

    I went to a site to download something a pdf opened and then things went wrong........

    This thing will popup every 2 mins or so asking me to buy this thing....

    I kept ignoring it and after one week this thing apparently disappeared without a Trace...

    That's all i can say....Hope it is of some help to you at all.
     
  16. jodyberry

    jodyberry Power Member

    Joined:
    May 21, 2009
    Messages:
    619
    Likes Received:
    170

    Oh, that's right! That's what happened to me too! I found out that it got in to my system via javascript in that PDF file. So it's a good idea to disable javascript within Adobe Reader or Acrobat.
     
  17. Adlad

    Adlad Power Member

    Joined:
    Mar 16, 2009
    Messages:
    638
    Likes Received:
    303
    That's interesting. I'm pretty sure this site did not have a PDF file embedded, but ya never know.

    It's kind of scary how messed up your system can become from just visiting a site though. Especially when you're using the latest version of XP (fully patched), and the latest anti-virus/spyware software.

    I was always under the impression that you had to actually execute something to get a trojan on your system. Of course I've heard of exploits in the past, but never anything this bad. I mean, this thing totally fucked my PC.

    My feeling is that Firefox has a pretty major hole that hasn't been patched yet. Or perhaps the problem is with an add-on such as Adobe or one of the Firefox plugin-ins.

    Who knows.
     
  18. Adlad

    Adlad Power Member

    Joined:
    Mar 16, 2009
    Messages:
    638
    Likes Received:
    303
    No idea. I had about 10 sites up in various tabs. They weren't dodgy ones though... No porn or warez or anything like that. Just normal sites
     
  19. Adlad

    Adlad Power Member

    Joined:
    Mar 16, 2009
    Messages:
    638
    Likes Received:
    303
    Just searching "antivirus system pro infection" on Google... Seems like quite a few people have had this problem. Now I feel quite worried about going to those sites though. Any one of them could just be another trap.

    "This is a new rogue anti-spyware program. Like its predecessors, this program is installed and advertised through the use of Trojans that display fake security alerts on your computer. These security alerts state that your computer is infected and that you should click on them in order to download software that will protect you. Once you click on these alerts, the Trojan will automatically download and install the program on your computer."

    From: hxxp://answers.yahoo.com/question/index?qid=20090604132315AApV9Qp

    Still I have no idea how this made it onto my computer in the first place though
     
  20. silentthunder

    silentthunder Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 6, 2009
    Messages:
    525
    Likes Received:
    1,342
    Occupation:
    cpa
    Location:
    In the pink
    Adlad,

    You actually got off light. 31/2 weeks ago the Business section of USA Today had a story of a variation of your situation when a national wave of such attacks occurred. The most successful was a Norton Anti Virus warning which hijacks the browser and basically holds it for ransom by saying there's a zillion Trojan Horses and worse and if you don't buy their remedy you'll lose your computer. You pay and lose anyway. PC infected beyond repair. One villain made $110,000 in ten days with it according to the the story. The national property damage in one very active day from the scam was in the 10s of millions. The new wave in viral attacks are websites that attack with cookie stuffed malaware exectuions. / :

    silentthunder