Board index » cppbuilder » Undetectable Virus

Undetectable Virus


2005-05-03 05:49:52 PM
cppbuilder98
I have a virus that's undetectable and I've run *every thing*
against it and still it persists.
What's happening is that after I launch my browser, after an
unspecified period of time, another instance of my browser gets
launched that's nothing more than a pop-up. This is compounded
by the fact that the second instance installs all kinds of
hijackers ect. ect. ... if I don't close it down in time (and
Yes, I have disabled 3rd party extensions and restarted).
When I used the Task Manager, I shut down every thing that the
system didn't need to continue running and I confirmed that all
of the registry entries for both Run and Runonce in both the
local machine and user were not problematic. Still it persists.
I used ther Task Masnager to observe what was happening when it
was happening and it seems to me that explorer.exe is connected
to my problem. IIRC, explorer.exe used n memory and now it uses
n + x memory. This (and other things) lead me to think that my
problem is related to explorer.exe. The 'other things' is the
fact that my cpu is being flexed (I can tell by when the fan
kicks into high gear) and in the Task Manager, at that moment,
cpu usage for explorer.exe jumps from 0-02% to 50-80% usage.
I did a search of my registry and found several entries related
to 'explorer.exe' (none of which I understood). What i need to
know is if it's possible to modify the behavior of explorer.exe
and if so, what do I need to look for.
~ JD
 
 

Re:Undetectable Virus

Quote
I have a virus that's undetectable and I've run *every thing*
against it and still it persists.
In fact that's not a virus (I think), it's a spyware. Spyware can produce
almost the same damage (to the OS) as a virus nowadays.
I have 5 free Spyware removers installed on my PC and every of
them detects something that the rest of them have "forgotten".
I suggest you to start with them. Also MS made one free beta spyware-remover
and they said its good. But, be reserved with spyware-removers that are
not authorized, because some of them injects more spyware on your OS
(that was reported in some magazines).
--
Best regards,
Vladimir Stefanovic
 

Re:Undetectable Virus

JD < XXXX@XXXXX.COM >wrote:
Quote
[...]
www.getfirefox.com/
Quote
~ JD
Schobi
--
XXXX@XXXXX.COM is never read
I'm Schobi at suespammers dot org
"The presence of those seeking the truth is infinitely
to be prefered to those thinking they've found it."
Terry Pratchett
 

{smallsort}

Re:Undetectable Virus

Hendrik Schober wrote:
Quote
www.getfirefox.com/
..but don't expect it to be perfect. I'm still using it but I've found
a few sites now that don't render correctly (where 'correctly' is
defined as 'the way that over 90% of Browsers in use across the
Internet today would show them" <g>)
I also find that Windows update and Office update require IE5 or later.
For some reason on all my machines when a page fails to load (even if
it's because the URL is wrong) Firefox fails to display it's error
dialog box, fails to clear the prior page and fails to clear the
address bar. This can be very confusing and annoying since it acts like
it successfully loaded the page.
--
Andrue Cope [TeamB]
[Bicester, Uk]
info.borland.com/newsgroups/guide.html
 

Re:Undetectable Virus

I think you're looking in the wrong spot.
It is very easy to install spywares in IE, that will only launch if IE
is open, and install stuff without you knowing it.
Try running "adaware" and "spybot s&d", i'm quite sure you will find a
whole bunch of nice little thingies...
And yes, I know Firefox is not the answer, but by using it, you divide
by at least 20 the risk of getting those spywares back...
 

Re:Undetectable Virus

OBones < XXXX@XXXXX.COM >wrote:
Quote

[...] Try running "adaware" and "spybot s&d",
I already said that I ran *everything* against it and I meant
exactly that and yes I have the latest definition files.
Quote
i'm quite sure you will find a whole bunch of nice little thingies...
I've hunted these {*word*81}s down myself before when the other
applications failed to remove them. This one is different ...
there is no trace (that I can find) but my observations make
me think that explorer.exe loaded it as part of explorer.exe.
Quote
And yes, I know Firefox is not the answer, but by using it, you divide
by at least 20 the risk of getting those spywares back...
It's never been an issue before because I've always been better
but this one is KMA.
~ JD
 

Re:Undetectable Virus

JD wrote:
Quote
OBones < XXXX@XXXXX.COM >wrote:

>[...] Try running "adaware" and "spybot s&d",

I already said that I ran *everything* against it and I meant
exactly that and yes I have the latest definition files.
stop-sign? www.stop-sign.com/
ALL my anti-virus stuff said my kids machines were clear - stop sign
found 4 'adware' packages which were competing to start up - and
screwing both machines :(
Only had to pay once and the machines are clean and stop-sign gives
messages when norton and mcafee simply ignore them !
Not saying that it's the answer, and I'm not sure it's to be trusted,
but i certainly did a job.
Quote
>i'm quite sure you will find a whole bunch of nice little thingies...

I've hunted these {*word*81}s down myself before when the other
applications failed to remove them. This one is different ...
there is no trace (that I can find) but my observations make
me think that explorer.exe loaded it as part of explorer.exe.
Yep - the kids pay for the protection ;) since they 'must use' IE. My
machines don't have a problem - or IE :)
Quote
>And yes, I know Firefox is not the answer, but by using it, you divide
>by at least 20 the risk of getting those spywares back...

It's never been an issue before because I've always been better
but this one is KMA.
One of my major customers relied on IE - until Norton let him down. It
took two days to repair the damage, by which time Mozilla was the
default browser ...
--
Lester Caine
-----------------------------
L.S.Caine Electronic Services
 

Re:Undetectable Virus

As Mr Stefanovic has mentioned, what you describe is more likely the
behavior of spyware than of a virus. There are free anti-spyware
tools that you can use.
Start by opening Internet Explorer, selecting Tools and then
Manage_Add-ons Consider disabling anything that seems suspicious.
You can go back in later and enable any that turn out to be something
you want.
On my machine I have experienced good results with
AdAware
www.lavasoftusa.com/
and
SpyBot
www.safer-networking.org/
On my wife's machine I have also loaded this, which
seems to be very good
MS' Beta Anti-Spyware
tinyurl.com/5gxqq
or, in its long form
https://www.microsoft.com/athome/security/spyware/software/default.mspx
I recommend that you install and run both of AdAware and SpyBot and
that you consider installing and running the MS tool. Note that while
the MS tool is described as beta software it is a thinly veiled
version of a commercial product that they bought and does not seem to
be a buggy beta release.
I have an array of links to AntiVirus and AntiSpyware programs on my
pages. You might give it a look:
www.mulroy.org/tools2.htm
. Ed
Quote
JD wrote in message
news:42774940$ XXXX@XXXXX.COM ...

I have a virus that's undetectable and I've run *every thing*
against it and still it persists.

What's happening is that after I launch my browser, after an
unspecified period of time, another instance of my browser gets
launched that's nothing more than a pop-up. This is compounded
by the fact that the second instance installs all kinds of
hijackers ect. ect. ... if I don't close it down in time (and
Yes, I have disabled 3rd party extensions and restarted).

When I used the Task Manager, I shut down every thing that the
system didn't need to continue running and I confirmed that all
of the registry entries for both Run and Runonce in both the
local machine and user were not problematic. Still it persists.

I used ther Task Masnager to observe what was happening when it
was happening and it seems to me that explorer.exe is connected
to my problem. IIRC, explorer.exe used n memory and now it uses
n + x memory. This (and other things) lead me to think that my
problem is related to explorer.exe. The 'other things' is the
fact that my cpu is being flexed (I can tell by when the fan
kicks into high gear) and in the Task Manager, at that moment,
cpu usage for explorer.exe jumps from 0-02% to 50-80% usage.

I did a search of my registry and found several entries related
to 'explorer.exe' (none of which I understood). What i need to
know is if it's possible to modify the behavior of explorer.exe
and if so, what do I need to look for.
 

Re:Undetectable Virus

"JD" < XXXX@XXXXX.COM >wrote in message
Quote
What's happening is that after I launch my browser, after an
unspecified period of time, another instance of my browser gets
launched that's nothing more than a pop-up. This is compounded
by the fact that the second instance installs all kinds of
hijackers ect. ect. ... if I don't close it down in time (and
Yes, I have disabled 3rd party extensions and restarted).
Check that the home page is really set to what you think it is set to. Also,
check if you get the same behaviour if you launch IE whilst not connected to
the internet.
Des
 

Re:Undetectable Virus

Andrue Cope [TeamB] < XXXX@XXXXX.COM >wrote:
Quote
Hendrik Schober wrote:

>www.getfirefox.com/

..but don't expect it to be perfect. I'm still using it but I've found
a few sites now that don't render correctly (where 'correctly' is
defined as 'the way that over 90% of Browsers in use across the
Internet today would show them" <g>)
I don't expect it to be. Hoever, I expect it
to be immun against what plagues of that one
Browsers in use by 90% across the internet
today.
Also, while I don't know much about HTML to
make up my own mind about this, sensible
people keep telling me that the problem with
IE is that it somehow renders even perversly
wrong pages and its high usage tempts the
authors to ignore the errors emitted by the
other browsers.
Quote
I also find that Windows update and Office update require IE5 or later.
Yes, but I wouldn't expect to catch some
mean desease there. :) For the rest I'd
rather use FF.
Quote
For some reason on all my machines when a page fails to load (even if
it's because the URL is wrong) Firefox fails to display it's error
dialog box, fails to clear the prior page and fails to clear the
address bar. This can be very confusing and annoying since it acts like
it successfully loaded the page.
I agree, although I don't think I have
seen this.
Schobi
--
XXXX@XXXXX.COM is never read
I'm Schobi at suespammers dot org
"The presence of those seeking the truth is infinitely
to be prefered to those thinking they've found it."
Terry Pratchett
 

Re:Undetectable Virus

Hendrik Schober wrote:
Quote
Also, while I don't know much about HTML to
make up my own mind about this, sensible
people keep telling me that the problem with
IE is that it somehow renders even perversly
wrong pages and its high usage tempts the
authors to ignore the errors emitted by the
other browsers.
I'm sure that's true. OTOH where web browsing is concerned I'm a
pragmatist and if minority browsers don't render web pages the way a
clear market leader does then it's their problem. By all means display
a warning somewhere about errors and for testers offer a switch that
will launch a clearly visible tirade of abuse against MS but for Mr.
Joe Average they should work the way the market leader does.
As it happens I've only found a couple of pages that look slightly odd
and only one site (a BBS) that Firefox simply can't handle so I'm
moderately happy about its performance.
The only thing that ticks me off is that {*word*99}py error handling but I
seem to be the only person experiencing it. It might be related to my
add/pop-up blocking software although disabling that doesn't help.
--
Andrue Cope [TeamB]
[Bicester, Uk]
info.borland.com/newsgroups/guide.html
 

Re:Undetectable Virus

A couple of weeks ago, I upgraded my wife's PC from 98 to 2000. I
reformatted the disk. I didn't get around to installing
anti-virus/anti-spam software, I figured I'd install it a day or two
later, how much damage could she do in a day or two? Hoo, boy. She
got some spyware on it that nothing I could do could get rid of it. I
ran Norton AV, Microsoft Antispyware, Webroot's Spysweeper, and
ad-aware, and nothing could get rid of what she got on it.
I had just spend a day installing the OS and her application software
and what not, and I at first thought it would be quicker to clean up
the spyware than to start over from scratch again. But after wasting
hours running all several AV and AS products, I decided to just start
all over again, reformat again, and make sure it had AV and AS before
letting my wife touch it again...
 

Re:Undetectable Virus

On Tue, 03 May 2005 12:50:13 -0500, Paul Dolen wrote:
Quote
nothing could get rid of what she got on it.
Add spybot search and destroy to your list, it catches /lots/
--
Good luck,
liz
 

Re:Undetectable Virus

Probably not entirely your wife's fault.
PCs can be infected before you have a chance to update signature files.
Rob
"Paul Dolen" < XXXX@XXXXX.COM >wrote in message
Quote
A couple of weeks ago, I upgraded my wife's PC from 98 to 2000. I
reformatted the disk. I didn't get around to installing
anti-virus/anti-spam software, I figured I'd install it a day or two
later, how much damage could she do in a day or two? Hoo, boy. She
got some spyware on it that nothing I could do could get rid of it. I
ran Norton AV, Microsoft Antispyware, Webroot's Spysweeper, and
ad-aware, and nothing could get rid of what she got on it.

I had just spend a day installing the OS and her application software
and what not, and I at first thought it would be quicker to clean up
the spyware than to start over from scratch again. But after wasting
hours running all several AV and AS products, I decided to just start
all over again, reformat again, and make sure it had AV and AS before
letting my wife touch it again...

 

Re:Undetectable Virus

Hello,
Quote
I did a search of my registry and found several entries related
to 'explorer.exe' (none of which I understood). What i need to
know is if it's possible to modify the behavior of explorer.exe
and if so, what do I need to look for.

~ JD
Check where explorer.exe is located. It should by default be only
in "c:\windows" (or your windows directory). If it is
for example in windows subfolder "system32" then
it is a virus!
Anyhow, I use following tools for removing spyware:
(forget adaware and spybot)
Hijackthis 1.99.1: www.spywareinfo.com/~merijn/downloads.html
AutoRuns 7.01: www.sysinternals.com/ntw2k/freeware/autoruns.shtml
IARSN TaskInfo 6.0.1.134: www.iarsn.com/taskinfo.html
Standalone CWShredder 2.14:
www.intermute.com/spysubtract/cwshredder_download.html
RootkitRevealer 1.4:
www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
Cleaner SpSeHjfix 109/112: www.derbilk.de/404.html
You can post output of Hijackthis utility to one (but exactly only one
of your choice - volunteers do not like duplicates) of anti-spyware forums
and someone will help you, for example:
www.spywarewarrior.com/viewtopic.php
or
www.geekstogo.com/forum/About_blankl-t19742.html
Best regards,
Roman Modic
--- end of message ---