Virus problems

Gah, I’ve been hijacked by some kind of worm. I don’t think it’s Blaster, but it’s similar. It has crashed my computer twice, and my firewall reports an ungodly amount of outgoing traffic which I can stop, but then I can’t connect to the internet.

The worst thing about it is that my antivirus software, Antivir, can’t find the virus at all despite the fact that I updated it yesterday.

On top of that my ISP sent me a message saying that due to the fact that my computer is infected and wasting bandwidth they might have to shut me off. But I have to go online to be able to fix the problem. :roll:

I have all the latest windows patches courtesy of windows update, now I guess I’ll just have to find another antivirus program and see what can be done.

I guess it could be worse, I’m not losing any data. Yet.

Look at the hijacked thread- you’re not the only one. :cry:

Try one of these online scanners: http://wilders.org/free_services.htm

I find Trendmicro’s HouseCall web-based scanner is incredibly useful for just such cases.

Said virus prevented me from accessing trendmicro’s site, so I couldn’t do that.

McAfee’s Stinger program helped me though.
http://vil.nai.com/vil/stinger

Nice tip - that found a mail based baddy that AVG missed (and odd, since I’m VERY careful with my email.)

Wow.

They’re learning.

Wow.

They’re learning.[/quote]

I know various forms of crapware hijacks ip adresses, rerouting IE’s default MSN startpage and sending visitors to their own crappy search engine/porn site/casino. I still haven’t figured out a permanent way to rid my parents computer of one of those.

With that in mind I figure it’s fairly trivial for a virus programmer to implement. I think Blaster was the first major one that did this with the MSN update page, but there might well have been other before it. From now on I think it’s safe to assume that this will be a standard part of the toolkit for the fucks who make virii. I wonder how the AV makers will respond to something that prevents their customers to get the needed updates.

Imagine a virus that has no outward effects, but redirects inquiries to sites like www.irs.gov or Bank of America to a dummy page set up by the virus author…

What sites have your parents been visiting? :roll:

Here are some sites about hijacking IE:

http://www.spywareinfo.com/articles/hijacked/prevent.php

http://www.pestpatrol.com/Support/HowTo/How_To_Clear_a_Hijack.asp

It’s probably Sasser or Sasser-B, which have been running wild this weekend. If you don’t install all of the MS security patches religiously, this one can infect your system with no intervention from you:

http://securityresponse.symantec.com/

If you have all the MS security patches installed and a firewall to block ports 5554, 9996 and 445, you won’t be infected. But otherwise, it can infect your system automatically.