1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

The baddest skype virus got me !

Discussion in 'General Software' started by BulgarianBoy92, Dec 21, 2009.

  1. BulgarianBoy92

    BulgarianBoy92 New Member

    Joined:
    May 4, 2009
    Messages:
    71 (0.03/day)
    Thanks Received:
    1
    Location:
    Kardzhali
    The baddest skype virus | KILLED

    :twitch:

    Yesterday a trusted friend started writing some idiotic stuff, not having sense at all (i'm sure it was him... he laughs like that "HahAHAhahaaHAHA" or he writes "o" with a "0" for ex.), i asked him "Are you high?" and then he posted me an IP that looks something like that: 22..22.22..2. (ip)/"my skype name" "my country" and some other stuff... i clicked it and it downloaded a file... i didn't even open it because it looked fishy... "myskypename.scr (screensaver)... i right clicked the file then properties and it suddenly closed, then i deleted the file with shift+delete...

    Then anomalies started happening... 10 minutes later my pc froze for 3 seconds, i knew something was wrong, i went to task manager and found 2 new .exe files: sffsafuiagsifgasf.exe and another one... every time i killed it, new exe's were running with random character names...
    I tried to locate the .exe's (in hidden files too) and i saw nothing... i knew the path of the exe but it wasn't there... i searched it with the windows7 search engine and didn't find it... i pasted its name in the start menu search box and it found it but when i deleted it nothing happened... it just popped up again

    I knew the precise time when the first file was created and i searched for files created at the same time and deleted all that windows found... but it didnt found the file in task maneger (from witch i saw the creation time)

    I went to C:/ where i keep all installations for AV's and important programs, and went in folder NOD32 Antivirus then the folder closed suddenly like the properties window earlier, i navigated there again but it was empty (it deleted all files)... then i googled "skype virus changing name" and the browser closed like the folder, and the properties window... Same thing with, another NOD, spyware remover, adware remover... Everywhere it found an antivirus-related name it closed the program or deleted a file...

    I booted up in safe mode, i was disappointed i cant install an antivirus in safemode...
    I deleted files with funny names and whatever created in the same day after 7:22 (the precise time it got on my pc) i opened regedit and pasted exe file names from the task maneger in the search box, and deleted the registrities-nothing happened...

    I found a program called "PC Tools Spyware Doctor" and im scaning at the moment... if someone had the same problem or a suggestion feel free to post... :respect:
     
    Last edited: Dec 22, 2009
    DrPepper says thanks.
  2. crazyeyesreaper

    crazyeyesreaper Chief Broken Rig

    Joined:
    Mar 25, 2009
    Messages:
    8,307 (3.62/day)
    Thanks Received:
    3,032
    Location:
    04578
    good example to never click a suspect file not much ican say to help best bet here is malwarebytes

    http://www.malwarebytes.org/

    but i would suggest a full system reinstall i dont mess with virus wipe the drive reformat reinstall and dont fall for it again :toast:

    also another example of why ppl shouldn't text like idiots
     
    BulgarianBoy92 says thanks.
  3. InTeL-iNsIdE Guest

    Nasty lil bugger.

    Either get a few different av programs and anti spyware ( I reccommend spybot s+d) loaded onto a USB stick then try running all of them in safe mode, or whip your hdd out and throw it in another pc and boot from the other pc's OS and again scan with multiple av and spyware programs.


    Failing that perhaps you might have to format if its a nasty one and has buggered the registry etc
     
  4. BulgarianBoy92

    BulgarianBoy92 New Member

    Joined:
    May 4, 2009
    Messages:
    71 (0.03/day)
    Thanks Received:
    1
    Location:
    Kardzhali
    crasyeyesreaper it shows an error when i install it... probably because im in safe mode
     
  5. crazyeyesreaper

    crazyeyesreaper Chief Broken Rig

    Joined:
    Mar 25, 2009
    Messages:
    8,307 (3.62/day)
    Thanks Received:
    3,032
    Location:
    04578
    then i suggest a full install ive only had 3 virus in my lifetime and all 3 times i just said screw it and reinstalled problem solved :toast:

    either that or do as InTeL-iNsIdE suggested pull the hdd out put it in another machine boot and scan it from that machine
     
    BulgarianBoy92 says thanks.
  6. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    43,157 (11.00/day)
    Thanks Received:
    10,432
    sounds nasty


    try looking in MSconfig, its got to start with windows somehow
     
    BulgarianBoy92 says thanks.
  7. Error 404

    Error 404

    Joined:
    Apr 14, 2008
    Messages:
    1,777 (0.67/day)
    Thanks Received:
    169
    Location:
    South Australia
    Agreed, I had a program that was legit, uninstalled it, and then suddenly next reboot after about 3-4 minutes explorer would freeze, completely.
    I went into safe mode, had a look at the services in msconfig, and it was the service with no description next to it. I also found the file and deleted it (shift+delete, none of that recycle bin shiz).
    Avast! is able to do a pre-boot scan as well, which means it could find the virus before it starts in windows.
     
    BulgarianBoy92 says thanks.
  8. crazyeyesreaper

    crazyeyesreaper Chief Broken Rig

    Joined:
    Mar 25, 2009
    Messages:
    8,307 (3.62/day)
    Thanks Received:
    3,032
    Location:
    04578
    i still suggest a reinstall kill it 100% every time ;)
     
    BulgarianBoy92 says thanks.
  9. DrPepper

    DrPepper The Doctor is in the house

    Joined:
    Jan 16, 2008
    Messages:
    7,483 (2.74/day)
    Thanks Received:
    813
    Location:
    Scotland (It rains alot)
    Unless it hide's in ze cpu cache.

    I almost got a virus from skype too but instead it got me :p
     
  10. BulgarianBoy92

    BulgarianBoy92 New Member

    Joined:
    May 4, 2009
    Messages:
    71 (0.03/day)
    Thanks Received:
    1
    Location:
    Kardzhali
    Thank you all for your help, i installed XP on my other hard drive to get an AV program and kill it... xp got infected too, when i clicked "end procces tree" in Taskmaneger it killed it( in Win7 it didnt happen)

    now im safe, it shows up again when you doubleclick a hard drive in my computer, but thats not a problem... the NOD32 is scaning at the moment.... i got the "Regedit has been disabled by your administrator" error , but i think i fixed it >>> GPEDIT.MSX; user config; administr. templates; system; prevent acces to registrity tools - disabled it and ill restart after the scan is over

    I also removed the startup exe's from msconfig but nothing changed, new ones appeared
     
  11. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    43,157 (11.00/day)
    Thanks Received:
    10,432
    honestly, back up data and format. this sounds like one nasty virus.

    the fact that it somehow spread to the new OS is rather worrying.
     
    BulgarianBoy92 says thanks.
  12. TRIPTEX_CAN

    TRIPTEX_CAN

    Joined:
    Feb 10, 2008
    Messages:
    3,305 (1.22/day)
    Thanks Received:
    723
    Location:
    BC.CAN
    Disconnect the PC from your network and format it. If that thing jumped from on HDD and infected another OS then it's pretty lethal.
     
    BulgarianBoy92 says thanks.
  13. BulgarianBoy92

    BulgarianBoy92 New Member

    Joined:
    May 4, 2009
    Messages:
    71 (0.03/day)
    Thanks Received:
    1
    Location:
    Kardzhali
    The nastiest thing is the way it spreads... it records random chat from your friend (you) and pastes it, you think that its some kind of a joke, and then he posts a link with your name, country, some IP and other characters, and because the stuff he is saying are actualy his words you think that your friend is just an idiot, and you think that its not spam and get interested and click on the link... i didnt even open the file, i dont know how it spreaded all over the pc...

    I usualy eat for breakfast some viruses, but this one :twitch:

    If NOD32 doesnt find anything, ill scan with Kaspersky and if nothing happens - full format
     
  14. TRIPTEX_CAN

    TRIPTEX_CAN

    Joined:
    Feb 10, 2008
    Messages:
    3,305 (1.22/day)
    Thanks Received:
    723
    Location:
    BC.CAN
    Give Malwarebytes a shot too if you feel like testing.
     
    BulgarianBoy92 says thanks.
  15. Marineborn

    Marineborn New Member

    Joined:
    Jan 17, 2009
    Messages:
    2,144 (0.91/day)
    Thanks Received:
    312
    you can run kaspery in safe mode, you have to go into the program files and start its safe mode scanner, it works quite well actually
     
    BulgarianBoy92 says thanks.
  16. dr emulator (madmax)

    dr emulator (madmax)

    Joined:
    May 5, 2009
    Messages:
    2,241 (1.00/day)
    Thanks Received:
    176
    Location:
    the uk that's all you need to know ;)
    i used malwarebytes (from here) on someone elses machine but had to go into the system
    ( whilst in safe mode )then delete the threads it created by using regedit but that's not recomended unless you know what your doing ,and what your looking for:rolleyes:

    edit
    wo didn't see that, sounds a bad un, never had malware do that before and i've had to deal with a few :eek:
     
    Last edited: Dec 21, 2009
    BulgarianBoy92 says thanks.
  17. warup89

    warup89

    Joined:
    Mar 9, 2006
    Messages:
    1,137 (0.33/day)
    Thanks Received:
    105
    Location:
    WA
    Jesus that's one bad virus, It reminds me when i got something similar years ago on my XP PC. I noticed when you deleted some of the virus's file and then they just re-appear is because there's another file somewhere, creating them. Finding that sucker is hard but not impossible. I eventually did and got rid of the whole thing without never using an anti virus, well i did but just to scan.

    hmmm i have an extra machine that i wouldnt mind getting infected by your virus, and then try to kill it.......yeah i have fun doing that (im pc sadistic >=]) but i guess that's just my crazy side talking =P.
     
    BulgarianBoy92 says thanks.
  18. BulgarianBoy92

    BulgarianBoy92 New Member

    Joined:
    May 4, 2009
    Messages:
    71 (0.03/day)
    Thanks Received:
    1
    Location:
    Kardzhali
    I will, after nod finishes scaning. :rockout:

    I know i can, but i cant install it in safe mode :S

    I think i know what im doing... if i don't, at least ill learn what not to do next time..
     
    Last edited: Dec 21, 2009
  19. MK4512

    MK4512 New Member

    Joined:
    Aug 26, 2009
    Messages:
    222 (0.10/day)
    Thanks Received:
    42
    Location:
    Toronto, Canada
    Well, if it's stopping you from opening things, I recommend Unlocker Assistant, and an anti-virus I personally use is Avast. Check out Avast if you are looking to install a new anti-virus to get this thing.
     
    BulgarianBoy92 says thanks.
  20. BulgarianBoy92

    BulgarianBoy92 New Member

    Joined:
    May 4, 2009
    Messages:
    71 (0.03/day)
    Thanks Received:
    1
    Location:
    Kardzhali
    99 infiltrations found / 99 files deleted (main hdd)
    scanning current HD - 1 infiltration found for now
     
  21. BulgarianBoy92

    BulgarianBoy92 New Member

    Joined:
    May 4, 2009
    Messages:
    71 (0.03/day)
    Thanks Received:
    1
    Location:
    Kardzhali
    malwarebytes did an awesome job on the smaller hd where i installed XP

    37 infiltrations found and they all were viruses of the kind that bothers me :rockout:

    its now scaning the win7 hdd its 320 gb so lets wait :respect:
     
  22. crazyeyesreaper

    crazyeyesreaper Chief Broken Rig

    Joined:
    Mar 25, 2009
    Messages:
    8,307 (3.62/day)
    Thanks Received:
    3,032
    Location:
    04578
    good malwarebytes is doing its job then glad you decided to try it
     
    BulgarianBoy92 says thanks.
  23. DonInKansas

    DonInKansas

    Joined:
    Jun 2, 2007
    Messages:
    5,112 (1.73/day)
    Thanks Received:
    1,295
    Location:
    Kansas
    Malwarebytes rules, and it can be installed in safe mode.

    If you get an error or the virus won't let you install, try renaming the .exe. Sometimes the virus recognizes it by name and blocks it. I call mine by my favorite whiskey. :D
     
    BulgarianBoy92 says thanks.
  24. Marineborn

    Marineborn New Member

    Joined:
    Jan 17, 2009
    Messages:
    2,144 (0.91/day)
    Thanks Received:
    312
    thats what i keep a installed version on a jump drive, or have a secondary harddrive with it on there i can make a primary incase some bad shit goes down, switch harddrive boot up scan the other and kilL KILL KILL!!!!
     
    BulgarianBoy92 says thanks.
  25. Espera New Member

    Joined:
    Nov 23, 2009
    Messages:
    46 (0.02/day)
    Thanks Received:
    13
    Not sure if this effects internal HDD connections but did you have AUTORUN disabled before you connected the HDD internally or externally?
     
    BulgarianBoy92 says thanks.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page