The baddest skype virus got me !

[BulgarianBoy92]

The baddest skype virus | KILLED



Yesterday a trusted friend started writing some idiotic stuff, not having sense at all (i'm sure it was him... he laughs like that "HahAHAhahaaHAHA" or he writes "o" with a "0" for ex.), i asked him "Are you high?" and then he posted me an IP that looks something like that: 22..22.22..2. (ip)/"my skype name" "my country" and some other stuff... i clicked it and it downloaded a file... i didn't even open it because it looked fishy... "myskypename.scr (screensaver)... i right clicked the file then properties and it suddenly closed, then i deleted the file with shift+delete...

Then anomalies started happening... 10 minutes later my pc froze for 3 seconds, i knew something was wrong, i went to task manager and found 2 new .exe files: sffsafuiagsifgasf.exe and another one... every time i killed it, new exe's were running with random character names...
I tried to locate the .exe's (in hidden files too) and i saw nothing... i knew the path of the exe but it wasn't there... i searched it with the windows7 search engine and didn't find it... i pasted its name in the start menu search box and it found it but when i deleted it nothing happened... it just popped up again

I knew the precise time when the first file was created and i searched for files created at the same time and deleted all that windows found... but it didnt found the file in task maneger (from witch i saw the creation time)

I went to C:/ where i keep all installations for AV's and important programs, and went in folder NOD32 Antivirus then the folder closed suddenly like the properties window earlier, i navigated there again but it was empty (it deleted all files)... then i googled "skype virus changing name" and the browser closed like the folder, and the properties window... Same thing with, another NOD, spyware remover, adware remover... Everywhere it found an antivirus-related name it closed the program or deleted a file...

I booted up in safe mode, i was disappointed i cant install an antivirus in safemode...
I deleted files with funny names and whatever created in the same day after 7:22 (the precise time it got on my pc) i opened regedit and pasted exe file names from the task maneger in the search box, and deleted the registrities-nothing happened...

I found a program called "PC Tools Spyware Doctor" and im scaning at the moment... if someone had the same problem or a suggestion feel free to post...

 

[crazyeyesreaper]

good example to never click a suspect file not much ican say to help best bet here is malwarebytes

http://www.malwarebytes.org/

but i would suggest a full system reinstall i dont mess with virus wipe the drive reformat reinstall and dont fall for it again

also another example of why ppl shouldn't text like idiots

 

[InTeL-iNsIdE]

Nasty lil bugger.

Either get a few different av programs and anti spyware ( I reccommend spybot s+d) loaded onto a USB stick then try running all of them in safe mode, or whip your hdd out and throw it in another pc and boot from the other pc's OS and again scan with multiple av and spyware programs.


Failing that perhaps you might have to format if its a nasty one and has buggered the registry etc

 

[BulgarianBoy92]

crasyeyesreaper it shows an error when i install it... probably because im in safe mode

 

[crazyeyesreaper]

then i suggest a full install ive only had 3 virus in my lifetime and all 3 times i just said screw it and reinstalled problem solved

either that or do as InTeL-iNsIdE suggested pull the hdd out put it in another machine boot and scan it from that machine

 

[Mussels]

sounds nasty


try looking in MSconfig, its got to start with windows somehow

 

[Error 404]

sounds nasty


try looking in MSconfig, its got to start with windows somehow

Agreed, I had a program that was legit, uninstalled it, and then suddenly next reboot after about 3-4 minutes explorer would freeze, completely.
I went into safe mode, had a look at the services in msconfig, and it was the service with no description next to it. I also found the file and deleted it (shift+delete, none of that recycle bin shiz).
Avast! is able to do a pre-boot scan as well, which means it could find the virus before it starts in windows.

 

[crazyeyesreaper]

i still suggest a reinstall kill it 100% every time

 

[DrPepper]

i still suggest a reinstall kill it 100% every time

Unless it hide's in ze cpu cache.

I almost got a virus from skype too but instead it got me

 

[BulgarianBoy92]

Thank you all for your help, i installed XP on my other hard drive to get an AV program and kill it... xp got infected too, when i clicked "end procces tree" in Taskmaneger it killed it( in Win7 it didnt happen)

now im safe, it shows up again when you doubleclick a hard drive in my computer, but thats not a problem... the NOD32 is scaning at the moment.... i got the "Regedit has been disabled by your administrator" error , but i think i fixed it >>> GPEDIT.MSX; user config; administr. templates; system; prevent acces to registrity tools - disabled it and ill restart after the scan is over

I also removed the startup exe's from msconfig but nothing changed, new ones appeared

 

[Mussels]

honestly, back up data and format. this sounds like one nasty virus.

the fact that it somehow spread to the new OS is rather worrying.

 

[TRIPTEX_CAN]

Disconnect the PC from your network and format it. If that thing jumped from on HDD and infected another OS then it's pretty lethal.

 

[BulgarianBoy92]

honestly, back up data and format. this sounds like one nasty virus.

the fact that it somehow spread to the new OS is rather worrying.

The nastiest thing is the way it spreads... it records random chat from your friend (you) and pastes it, you think that its some kind of a joke, and then he posts a link with your name, country, some IP and other characters, and because the stuff he is saying are actualy his words you think that your friend is just an idiot, and you think that its not spam and get interested and click on the link... i didnt even open the file, i dont know how it spreaded all over the pc...

I usualy eat for breakfast some viruses, but this one

If NOD32 doesnt find anything, ill scan with Kaspersky and if nothing happens - full format

 

[TRIPTEX_CAN]

Give Malwarebytes a shot too if you feel like testing.

 

[Marineborn]

you can run kaspery in safe mode, you have to go into the program files and start its safe mode scanner, it works quite well actually

 

[dr emulator (madmax)]

i used malwarebytes (from here) on someone elses machine but had to go into the system
( whilst in safe mode )then delete the threads it created by using regedit but that's not recomended unless you know what your doing ,and what your looking for

edit

i got the "Regedit has been disabled by your administrator" error

wo didn't see that, sounds a bad un, never had malware do that before and i've had to deal with a few

 

[warup89]

Jesus that's one bad virus, It reminds me when i got something similar years ago on my XP PC. I noticed when you deleted some of the virus's file and then they just re-appear is because there's another file somewhere, creating them. Finding that sucker is hard but not impossible. I eventually did and got rid of the whole thing without never using an anti virus, well i did but just to scan.

hmmm i have an extra machine that i wouldnt mind getting infected by your virus, and then try to kill it.......yeah i have fun doing that (im pc sadistic >=]) but i guess that's just my crazy side talking =P.

 

[BulgarianBoy92]

Give Malwarebytes a shot too if you feel like testing.

I will, after nod finishes scaning.

you can run kaspery in safe mode, you have to go into the program files and start its safe mode scanner, it works quite well actually

I know i can, but i cant install it in safe mode :S

unless you know what your doing ,and what your looking for

I think i know what im doing... if i don't, at least ill learn what not to do next time..

 

[MK4512]

Well, if it's stopping you from opening things, I recommend Unlocker Assistant, and an anti-virus I personally use is Avast. Check out Avast if you are looking to install a new anti-virus to get this thing.

 

[BulgarianBoy92]

99 infiltrations found / 99 files deleted (main hdd)
scanning current HD - 1 infiltration found for now

 

[BulgarianBoy92]

malwarebytes did an awesome job on the smaller hd where i installed XP

37 infiltrations found and they all were viruses of the kind that bothers me

its now scaning the win7 hdd its 320 gb so lets wait

 

[crazyeyesreaper]

good malwarebytes is doing its job then glad you decided to try it

 

[DonInKansas]

Malwarebytes rules, and it can be installed in safe mode.

If you get an error or the virus won't let you install, try renaming the .exe. Sometimes the virus recognizes it by name and blocks it. I call mine by my favorite whiskey.

 

[Marineborn]

I will, after nod finishes scaning.



I know i can, but i cant install it in safe mode :S



I think i know what im doing... if i don't, at least ill learn what not to do next time..

thats what i keep a installed version on a jump drive, or have a secondary harddrive with it on there i can make a primary incase some bad shit goes down, switch harddrive boot up scan the other and kilL KILL KILL!!!!

 

[Espera]

Not sure if this effects internal HDD connections but did you have AUTORUN disabled before you connected the HDD internally or externally?