Jump to content
DVDVR Message Board

Virus help


RandomAct

Recommended Posts

Ok, so I do computer work for this family.  I went over there about a month ago to remove a virus.  Everything was fine, had no problems with it.  Installed an A/V program, gave them some tips, and went home.  A couple of weeks later, she called me and said it was back.  Went over there, removed it, checked a few things and went home.  She later called me AGAIN because the same virus was back.  Removed it again, installed a couple of programs intended to save them from themselves, combed the browser history, and went home.  Well she just called me again, and the same virus is back.

 

I have never in my life had the same virus come back after I removed it.  My obvious gut feeling is that they keep going to the same site that has it, but nothing in their history looked really odd.  She uses Chrome, and was getting redirected alot, so I installed a No Redirect script.  Last time I was over there, a fake Chrome updater came up, and I assumed that was the cause of all the problems since she said she'd seen it before.  I guess it wasn't. 

 

Any ideas what's going on here, and what direction I should take?

  • Like 1
Link to comment
Share on other sites

Here's the funny part, I never actually see the symptoms of the virus they describe.  But when I go through all the steps, I'm definitely removing more than one trojan.  It was initially described to me as one of those fake FBI warning viruses, but when I go over there, I see not hide nor hair of it.  Basically, I end up with alot of bogus .exe versions of legit programs in my scan reports.  So I'm seeing vlc.exe, java.exe and so on.  I will probably need to actually take note of the name of the trojan when I go back.  I never think to do that, because I've never had the same one come back.

 

I'm almost 100% sure that there is an exploit on a site they routinely visit.

Link to comment
Share on other sites

Tell them to quit looking at so much porn

WHY DON'T YOU TELL THEM NOT TO BREATHE?!

 

That Moneypak trojan is a motherfucker to deal with and hard for anti-virus programs to detect. 

  • Like 2
Link to comment
Share on other sites

Yeah, I've had many run ins with it back when I actually worked in tech support.  My first guess was that it embedded a rootkit that keeps bringing it back, but I've scanned 4 times for rootkits with Tdsskiller, Combofix and rootrepeal and found nothing.

Link to comment
Share on other sites

Try Malwarebytes and/or the Malwarebytes Anti-Rootkit. Last year Malwarebytes wouldn't find stuff like that, but it does for me now. I've found TDSSKiller to be useless other then the second time I used it.

Link to comment
Share on other sites

Guest The Magnificent 7

Fairly surprised Combofix didn't make that virus its bitch.  Combofix has always done the deed for me, it's like what Hicks in Aliens was saying about nuking from orbit.  That's Combofix.

Link to comment
Share on other sites

Get and run RKill before running Malwarebytes.  then yeah, do it in safe mode.

 

Or just nuke the damn HDD and start over.  Unless the recovery partition is bad.  That's the new one, that nukes the recovery partition and really fucks you.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...