not sure yet what it is, but all of a sudden lsass.exe started asking for permission thru zonealarm to access the local network. from there it asks for permission to access the internet to an IP address that points to a yahoo.com geocities link. checked it on sam spade, just a dead end.
inetinfo.exe is also asking for the same permissions, but I denied that outright, since I'm not running a MS server. so far avast scans have found nothing, adaware shuts down halfway through, and the computer itself shuts down when I try to access the internet or open certain programs.
I tried to run reg edit, but it disabled that too. It even reboots the system in safe mode when I tried that. same for the cmd prompt. Instant reboot.
it isn't sasser, rontokbro has a lot of the symptoms, incuding placing a scheduled task to run every day at 5:08. still trying to figure it out. Sucks. I can't figure this one out.
If any of you geniuses have different ideas, I'd sure be up to hearing them
got me a virus
Moderator: ElTaco
-
Mister Bushice
- Drinking all the beer Luther left behind
- Posts: 9490
- Joined: Fri Jan 14, 2005 2:39 pm
-
Mister Bushice
- Drinking all the beer Luther left behind
- Posts: 9490
- Joined: Fri Jan 14, 2005 2:39 pm
My virus/worm has a first name.. its Brontok.A.HVM31
now I need to kill it.
now I need to kill it.
If this were a dictatorship, it'd be a heck of a lot easier, just so long as I'm the dictator." —GWB Washington, D.C., Dec. 19, 2000
Martyred wrote: Hang in there, Whitey. Smart people are on their way with dictionaries.
War Wagon wrote:being as how I've got "stupid" draped all over, I'm not really sure.
-
Mister Bushice
- Drinking all the beer Luther left behind
- Posts: 9490
- Joined: Fri Jan 14, 2005 2:39 pm
Fixed it. What a mother fucker this one was. It was disguised as a windows file folder on my removable drive. when I clicked on that folder (which was named to look exactly like all my others in that drive), it triggered the worm.
To fix it, I needed to stabilize the system by quarantining the main components. I found this program called security task manage at neuber.com, a neat little program that displays all running tasks and programs and what they are, including their origins. This enabled me to quarantine the main parts of this thing so I could use the browser as well as other programs, since one of the components of this worm includes a long list of file extension names that will trigger a reboot. these include .exe .html, and basically any extension you might need to help you solve it.
Then I found, after about 90 minutes of searching (I had no luck at symantec, sophos, or mcafee) a nifty little program called Brontok washer 1.5, developed by some hairy smelly guy overseas somewhere. It's a free program, found it on softpedia.com. It did a scan and found ever single component of this thing, all infected files, and went in and removed all the registry entries and finally cleaned out the recycle bin. Awesome. Very well designed program.
20 minutes later I'm back to normal.
Thank GOD and god I had zonealarm up and running. It was my last line of defense to prevent this thing from taking all my email addresses and passwords and shipping them out over the net.
I'd like to wrap my hands around the neck of the asshole that designed this waste of worm code and dip his balls in acid.
To fix it, I needed to stabilize the system by quarantining the main components. I found this program called security task manage at neuber.com, a neat little program that displays all running tasks and programs and what they are, including their origins. This enabled me to quarantine the main parts of this thing so I could use the browser as well as other programs, since one of the components of this worm includes a long list of file extension names that will trigger a reboot. these include .exe .html, and basically any extension you might need to help you solve it.
Then I found, after about 90 minutes of searching (I had no luck at symantec, sophos, or mcafee) a nifty little program called Brontok washer 1.5, developed by some hairy smelly guy overseas somewhere. It's a free program, found it on softpedia.com. It did a scan and found ever single component of this thing, all infected files, and went in and removed all the registry entries and finally cleaned out the recycle bin. Awesome. Very well designed program.
20 minutes later I'm back to normal.
Thank GOD and god I had zonealarm up and running. It was my last line of defense to prevent this thing from taking all my email addresses and passwords and shipping them out over the net.
I'd like to wrap my hands around the neck of the asshole that designed this waste of worm code and dip his balls in acid.
If this were a dictatorship, it'd be a heck of a lot easier, just so long as I'm the dictator." —GWB Washington, D.C., Dec. 19, 2000
Martyred wrote: Hang in there, Whitey. Smart people are on their way with dictionaries.
War Wagon wrote:being as how I've got "stupid" draped all over, I'm not really sure.
Cool topic to bad I missed all the fun.
since I have only 28 days to regester windows? I just flush the HD and start over, so most of the shit I get won't be around long enough to do any damage.
Right now Iam using XofSpy zone alarm registry mechanic and spy doctor and they all find something the other didn't :lol
since I have only 28 days to regester windows? I just flush the HD and start over, so most of the shit I get won't be around long enough to do any damage.
Right now Iam using XofSpy zone alarm registry mechanic and spy doctor and they all find something the other didn't :lol
