Last night, I went to grab the day’s O&A show off the mininova torrent site. It’s not there, so I run off to the other site that usually has all the shock jock shows (O&A, Ron & Fez, etc) and I’m not sure if I picked up the bug here, or somewhere else; but the bloody computer sneezed…. *sigh* Time to start up the usual clean up and hack tools. Attempt to run hijackthis or MalwareBytes ; and got nothing…. this is gonna be a fun night.
In my task tray, there is a nice new icon, a red dot with an X. Any attempt to click on the bloody thing brings up an “XP antivirus pro 2009” program. This is a fake anti virus program. It hits the browsers, as searches through google, while they pull up legit links and addresses. clicking on them only redirects to some odd search pages – so nothing useful. It would also reboot. So my computer for all intents and purposes is dead in the water.
It is interesting that hijackthis and malwarebytes are not running. I pot up the task manager and watch the processes tab, and then click on hijackthis and malware again. Malwarebytes just runs, and is in limbo; while hijackthis is no where to be found. Acrord32info pops up however, since there are no adobe acrobat programs running, it looks like hijackthis is being restricted and run as acrord32info; how cute. I shut down and restart in safe mode.
Attempts to run the cleaner programs again result in nothing. I take a look in my /windows/system32 for new files created that day, and lo and behold, I find braskt.exe, karna.dat and a few other unsavory things. Deleted. A search for the two files on the machine are done and I remove all instances. Reboot, and the virus is back again. Next up, I rename the hijackthis executable and run it, it runs. Awesome, the bug actually has a redirect to restrict a list of programs from being run. With hijackthis up, I find the karna.dat problem and delete it, there isn’t the braskt executable so this is odd. Malwarebytes still refuses to run. I grab ccleaner and try ti install it. Nothing. I rename the setup file and it runs. Executing ccleaner, I find the braskt executable, but not the karna.dat. Damn, the little bug is pretty bloody savvy; I’m impressed.
It is a good thing I have a second computer as all my research and software downloads were done using the second computer. The desktop was just dead in the water. So in safe mode it stayed. After running ccleaner and hijackthis, the computer was restarted, and the red dot with the X was still there. Running hijackthis and ccleaner; braskt and karna returned. Oh goodie, there’s a rootkit too. And now it’s back to the drawing board.
Time to bring out the relief… SDfix was called up from the bullpen. Downloaded from my useable machine and then put onto the desktop, the program was run. Following the instructions from the above link, and once rebooted, the lovely red dot and X are now gone from the task tray. hijackthis and ccleaner are run, and nothing unusual or suspect is turned up. Malwarebytes is executable now, and set to scan.
All said and done, the little nasty buggers were removed and the computer is back to normal. It was a bit of a pain in the ass as the damn bugs are getting pretty impressive with a higher intellect. The battle between good and evil wages on; and balance is once again restored to the force.
I find it easier to run my torrent searches in a Virtual Machine, and reinstall Windows whenever something gets through that. I do all my important work on my Mac, and just use windows for torrents/games.
I used to do all that rooting around looking for virus files and removing them, but after 1 unspeakably long tedious weekend, I said “F**K it, I’ll just reinstall at the first sign of trouble from now on, its faster.”
I had that exact same thing a month or two ago. Normal site was down for tv shows… had to go to another… my antivirus went off and tried to abort the connection… but it still went through. My background was changed to some antivirus 2009 and it would shut down randomly. I got it fixed… but it still would do random things… I was too paranoid to do secure stuff on the comp.. said screw it, I need an upgrade anyway. So backed up everything.. and tossed the old 60 and 120 drives and put in a new 1TB drive.
I rarely get hit, so if I can stay away from reinstalling, I will. :D I usually have a bunch of cleaner tools because family members and friends are usually ask me for tech support… I need to start charging damnit..
Hey sid, didnt know you go here. Dude gamera, i know how it feels getting a virus, my laptop is driving me insane cause i cant get rid of the virus. and i downloaded something from minova as well…sigh. good thing i made a new computer >.>
I recommend getting SDFix and running it a couple of times. I had to cycle through it a couple of time just to get rid of the root kits.