Page 1 of 2 12 LastLast
Results 1 to 16 of 18

Thread: Just been hit by malware. D=

  1. #1
    I R Toff Pandi! TAKTAK's Avatar
    Join Date
    Mar 2008
    Location
    Vergon6
    Posts
    7,450
    Thanks
    553
    Thanked
    1,012 times in 747 posts
    • TAKTAK's system
      • Motherboard:
      • ASUS ROG STRIX B450-F GAMING
      • CPU:
      • Ryzen 7 3700X
      • Memory:
      • 16GB Corsair Vengeance LPX 3200MHz
      • Storage:
      • 500GB Samsung 970 EVO
      • Graphics card(s):
      • 5700 XT 50th Anniversary
      • PSU:
      • Be Quiet SFX-L 600W
      • Case:
      • Lian Li PC-O11 Mini
      • Operating System:
      • Windows 10
      • Monitor(s):
      • LG Ultrawide
      • Internet:
      • 200Mb FTTP

    Just been hit by malware. D=

    as the title...

    now i've managed to get rid of most of the effects and reg entrys and such (by investigating file sources and attributes), but... i've come a bit unstuck on one thing it has changed... (mainly via what it was trying to run at startup, i'm very protective of startup items so i know exactly what i want running... and what has freshly appeared)

    as part of the program, it changed the desktop background to a fake 'infected piccy' (original )
    but.. also, as part of that it removed the option to change the desktop background from the 'personalization' menu (it's evident that it has been removed as the line spacing is out of whack...)

    so... how do i get it back?

    or will the vista repair feature work?

    also is there anything that will allow me to view reg entries by the date/time created and also all files on the system (i've tried vista searc functions but they just don't play ball in finding everything...)
    Last edited by TAKTAK; 26-08-2008 at 02:19 AM.
    Post Counts and Other Rewards, Rules, Folding@Home, Fans: Push vs Pull vs Push-Pull, Corsair PSU OEMs.

    Quote Originally Posted by razer121 View Post
    Would you like me to enter you? it would be my pleasure
    TAKTAK.co.uk

  2. #2
    Fried Chip Extremist alsenior's Avatar
    Join Date
    Nov 2005
    Location
    Stafford
    Posts
    2,949
    Thanks
    103
    Thanked
    191 times in 145 posts
    • alsenior's system
      • Motherboard:
      • DFI Lanparty Jr x58-T3H6
      • CPU:
      • Core i7 920
      • Memory:
      • 6 x 2GB ocz Gold
      • Storage:
      • 1 TB Samsung F3
      • Graphics card(s):
      • 1gb 4890 vapor-x xfire
      • PSU:
      • xfx 850W
      • Case:
      • Lian-li Pc7
      • Operating System:
      • Windows 7 X64
      • Monitor(s):
      • Dell 2208WFP
      • Internet:
      • 30mb Virgin media

    Re: Just been hit by malware. D=

    vista's repair feature should work. you could try using 'old' versions as it seams that the exe or dll has been replaced with a fake or patched version
    Quote Originally Posted by Jay View Post
    What kind of emergency would need Windows 95? I think you are already in a bad state of emergency when your backup plan is Windows 95.
    Beginners guide to raid Beginners guide to raid post edition Hexus.Social - FAQ

  3. #3
    I R Toff Pandi! TAKTAK's Avatar
    Join Date
    Mar 2008
    Location
    Vergon6
    Posts
    7,450
    Thanks
    553
    Thanked
    1,012 times in 747 posts
    • TAKTAK's system
      • Motherboard:
      • ASUS ROG STRIX B450-F GAMING
      • CPU:
      • Ryzen 7 3700X
      • Memory:
      • 16GB Corsair Vengeance LPX 3200MHz
      • Storage:
      • 500GB Samsung 970 EVO
      • Graphics card(s):
      • 5700 XT 50th Anniversary
      • PSU:
      • Be Quiet SFX-L 600W
      • Case:
      • Lian Li PC-O11 Mini
      • Operating System:
      • Windows 10
      • Monitor(s):
      • LG Ultrawide
      • Internet:
      • 200Mb FTTP

    Re: Just been hit by malware. D=

    just found a suspicious file in sys32... 'lphcthsj0e1d5.exe'... now... i think that is to do with the malware... as it was recently made... and the processes running were along the same nameline

    also google doesn't show any search results for it?

    i shall try a repair tomorrow

    i'm currently running a full system scan which is going to take yonks
    Last edited by TAKTAK; 26-08-2008 at 02:34 AM.
    Post Counts and Other Rewards, Rules, Folding@Home, Fans: Push vs Pull vs Push-Pull, Corsair PSU OEMs.

    Quote Originally Posted by razer121 View Post
    Would you like me to enter you? it would be my pleasure
    TAKTAK.co.uk

  4. #4
    cat /dev/null streetster's Avatar
    Join Date
    Jul 2003
    Location
    London
    Posts
    4,138
    Thanks
    119
    Thanked
    100 times in 82 posts
    • streetster's system
      • Motherboard:
      • Asus P7P55D-E
      • CPU:
      • Intel i5 750 2.67 @ 4.0Ghz
      • Memory:
      • 4GB Corsair XMS DDR3
      • Storage:
      • 2x1TB Drives [RAID0]
      • Graphics card(s):
      • 2xSapphire HD 4870 512MB CrossFireX
      • PSU:
      • Corsair HX520W
      • Case:
      • Coolermaster Black Widow
      • Operating System:
      • Windows 7 x64
      • Monitor(s):
      • DELL U2311
      • Internet:
      • Virgin 50Mb

    Re: Just been hit by malware. D=

    I had to sort this issue out on a guys laptop running xp, the fix for XP is:

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoActiveDesktopChanges"=hex:00,00,00,00
    "NoActiveDesktop"=dword:00000000
    "NoSaveSettings"=dword:00000000
    "ClassicShell"=dword:00000000
    "NoThemesTab"=dword:00000000
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "NoDispAppearancePage"=dword:00000000
    "NoColorChoice"=dword:00000000
    "NoSizeChoice"=dword:00000000
    "NoDispBackgroundPage"=dword:00000000
    "NoDispScrSavPage"=dword:00000000
    "NoDispCPL"=dword:00000000
    "NoVisualStyleChoice"=dword:00000000
    "NoDispSettingsPage"=dword:00000000
    "NoDispScrSavPage"=dword:00000000
    "NoVisualStyleChoice"=dword:00000000
    "NoSizeChoice"=dword:00000000
    "SetVisualStyle"=-
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
    "NoChangingWallPaper"=dword:00000000
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
    "ThemeActive"="1"
    "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
      74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,\
      00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00,75,00,6e,00,61,00,5c,00,\
      6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74,00,79,00,6c,00,65,00,73,\
      00,00,00
    pasted into notepad, save as 'whatever.reg' and then run it... you may have to tweak it a bit for vista, im not sure.

  5. Received thanks from:

    TAKTAK (26-08-2008)

  6. #5
    hexus.zombeh! format's Avatar
    Join Date
    Feb 2008
    Location
    Strath Uni, Glasgow
    Posts
    2,747
    Thanks
    510
    Thanked
    178 times in 130 posts
    • format's system
      • Motherboard:
      • Abit IP35 Pro
      • CPU:
      • Core2Duo E6750 @ 3.2ghz
      • Memory:
      • 4GB GSkill PC8000
      • Storage:
      • WD500GB+750GB F1 + 250GB external drive
      • Graphics card(s):
      • Geforce GTX260
      • PSU:
      • Corsair HX520w
      • Case:
      • Antec P182 + 3 x Nexus fans
      • Operating System:
      • Windows 7
      • Monitor(s):
      • 24" DGM
      • Internet:
      • BeThere* Pro

    Re: Just been hit by malware. D=

    Will this teach you to stop downloading all that russian midget donkey pr0n Taktak?

  7. #6
    I R Toff Pandi! TAKTAK's Avatar
    Join Date
    Mar 2008
    Location
    Vergon6
    Posts
    7,450
    Thanks
    553
    Thanked
    1,012 times in 747 posts
    • TAKTAK's system
      • Motherboard:
      • ASUS ROG STRIX B450-F GAMING
      • CPU:
      • Ryzen 7 3700X
      • Memory:
      • 16GB Corsair Vengeance LPX 3200MHz
      • Storage:
      • 500GB Samsung 970 EVO
      • Graphics card(s):
      • 5700 XT 50th Anniversary
      • PSU:
      • Be Quiet SFX-L 600W
      • Case:
      • Lian Li PC-O11 Mini
      • Operating System:
      • Windows 10
      • Monitor(s):
      • LG Ultrawide
      • Internet:
      • 200Mb FTTP

    Re: Just been hit by malware. D=

    Quote Originally Posted by format View Post
    Will this teach you to stop downloading all that russian midget donkey pr0n Taktak?
    i think it came from a UT mod that I downloaded

    well so far the system scan has managed to get to 12%, and so far has found 2 things, including fallingicons.exe
    Post Counts and Other Rewards, Rules, Folding@Home, Fans: Push vs Pull vs Push-Pull, Corsair PSU OEMs.

    Quote Originally Posted by razer121 View Post
    Would you like me to enter you? it would be my pleasure
    TAKTAK.co.uk

  8. #7
    omg haxor listy's Avatar
    Join Date
    May 2006
    Location
    Scotland
    Posts
    1,042
    Thanks
    25
    Thanked
    39 times in 35 posts
    • listy's system
      • Motherboard:
      • gigabyte one :P
      • CPU:
      • 939 FX60
      • Memory:
      • 2gig DDR 400mhz ram
      • Storage:
      • 500ish gig
      • Graphics card(s):
      • 4870x2
      • PSU:
      • 700watt jeantech storm
      • Operating System:
      • XP Pro sp2
      • Monitor(s):
      • 19" crt random
      • Internet:
      • 8meg bt

    Re: Just been hit by malware. D=

    antivirus 2008?

    is so i used Malwarebytes' Anti-Malware to get rid of it

  9. #8
    Senior Member
    Join Date
    Jul 2003
    Posts
    12,193
    Thanks
    912
    Thanked
    601 times in 421 posts

    Re: Just been hit by malware. D=

    Superantispyware seems a good free proggy to use.

  10. #9
    Senior Member
    Join Date
    Dec 2007
    Location
    Northern Ireland
    Posts
    289
    Thanks
    7
    Thanked
    19 times in 19 posts
    • colmo's system
      • Motherboard:
      • Asrock 4Core1600-P35
      • CPU:
      • Intel Q6600
      • Memory:
      • 6Gb
      • Storage:
      • 160Gb + 320Gb + 1Tb +200Gb
      • Graphics card(s):
      • Gainward 8800GS 384mb
      • PSU:
      • Antec Earthwatts 380W
      • Case:
      • Antec Sonata
      • Operating System:
      • OpenSuse 64-bit
      • Monitor(s):
      • HP LP2065
      • Internet:
      • ADSL

    Re: Just been hit by malware. D=

    Insert default smug Linux user post here > <

    Edit: I used to use a combination of Firefox, Spyware Blaster, Spybot and CCleaner to keep my XP install spick and span. Don't know if they help in a Vista environment, though.
    Last edited by colmo; 26-08-2008 at 01:02 PM. Reason: Added some useful info...

  11. #10
    I R Toff Pandi! TAKTAK's Avatar
    Join Date
    Mar 2008
    Location
    Vergon6
    Posts
    7,450
    Thanks
    553
    Thanked
    1,012 times in 747 posts
    • TAKTAK's system
      • Motherboard:
      • ASUS ROG STRIX B450-F GAMING
      • CPU:
      • Ryzen 7 3700X
      • Memory:
      • 16GB Corsair Vengeance LPX 3200MHz
      • Storage:
      • 500GB Samsung 970 EVO
      • Graphics card(s):
      • 5700 XT 50th Anniversary
      • PSU:
      • Be Quiet SFX-L 600W
      • Case:
      • Lian Li PC-O11 Mini
      • Operating System:
      • Windows 10
      • Monitor(s):
      • LG Ultrawide
      • Internet:
      • 200Mb FTTP

    Re: Just been hit by malware. D=

    Quote Originally Posted by colmo View Post
    Insert default smug Linux user post here > <
    pity i wasn't on one of my linux boxes then eh?
    Post Counts and Other Rewards, Rules, Folding@Home, Fans: Push vs Pull vs Push-Pull, Corsair PSU OEMs.

    Quote Originally Posted by razer121 View Post
    Would you like me to enter you? it would be my pleasure
    TAKTAK.co.uk

  12. #11
    Mostly Me Lucio's Avatar
    Join Date
    Mar 2007
    Location
    Tring
    Posts
    5,163
    Thanks
    443
    Thanked
    445 times in 348 posts
    • Lucio's system
      • Motherboard:
      • Gigabyte GA-970A-UD3P
      • CPU:
      • AMD FX-6350 with Cooler Master Seldon 240
      • Memory:
      • 2x4GB Corsair DDR3 Vengeance
      • Storage:
      • 128GB Toshiba, 2.5" SSD, 1TB WD Blue WD10EZEX, 500GB Seagate Baracuda 7200.11
      • Graphics card(s):
      • Sapphire R9 270X 4GB
      • PSU:
      • 600W Silverstone Strider SST-ST60F
      • Case:
      • Cooler Master HAF XB
      • Operating System:
      • Windows 8.1 64Bit
      • Monitor(s):
      • Samsung 2032BW, 1680 x 1050
      • Internet:
      • 16Mb Plusnet

    Re: Just been hit by malware. D=

    Quote Originally Posted by listy View Post
    antivirus 2008?

    is so i used Malwarebytes' Anti-Malware to get rid of it
    Can confirm this is the best course of action, given the symptoms and the exe filename

    http://www.malwarebytes.org/

    Just cleaned up two of these infections on work machines (that'll teach the MD for not letting me deploy security patches when I want....)


    Out of interest, did it get through Vista UAC, or don't you use it??

    (\___/) (\___/) (\___/) (\___/) (\___/) (\___/) (\___/)
    (='.'=) (='.'=) (='.'=) (='.'=) (='.'=) (='.'=) (='.'=)
    (")_(") (")_(") (")_(") (")_(") (")_(") (")_(") (")_(")


    This is bunny and friends. He is fed up waiting for everyone to help him out, and decided to help himself instead!

  13. #12
    I R Toff Pandi! TAKTAK's Avatar
    Join Date
    Mar 2008
    Location
    Vergon6
    Posts
    7,450
    Thanks
    553
    Thanked
    1,012 times in 747 posts
    • TAKTAK's system
      • Motherboard:
      • ASUS ROG STRIX B450-F GAMING
      • CPU:
      • Ryzen 7 3700X
      • Memory:
      • 16GB Corsair Vengeance LPX 3200MHz
      • Storage:
      • 500GB Samsung 970 EVO
      • Graphics card(s):
      • 5700 XT 50th Anniversary
      • PSU:
      • Be Quiet SFX-L 600W
      • Case:
      • Lian Li PC-O11 Mini
      • Operating System:
      • Windows 10
      • Monitor(s):
      • LG Ultrawide
      • Internet:
      • 200Mb FTTP

    Re: Just been hit by malware. D=

    Quote Originally Posted by Lucio View Post
    Out of interest, did it get through Vista UAC, or don't you use it??
    i turned it off, i just couldn't stand having to authorise things 3 times just to open a file...
    just running malwarebytes now...
    Post Counts and Other Rewards, Rules, Folding@Home, Fans: Push vs Pull vs Push-Pull, Corsair PSU OEMs.

    Quote Originally Posted by razer121 View Post
    Would you like me to enter you? it would be my pleasure
    TAKTAK.co.uk

  14. #13
    Senior Member
    Join Date
    Dec 2007
    Location
    Northern Ireland
    Posts
    289
    Thanks
    7
    Thanked
    19 times in 19 posts
    • colmo's system
      • Motherboard:
      • Asrock 4Core1600-P35
      • CPU:
      • Intel Q6600
      • Memory:
      • 6Gb
      • Storage:
      • 160Gb + 320Gb + 1Tb +200Gb
      • Graphics card(s):
      • Gainward 8800GS 384mb
      • PSU:
      • Antec Earthwatts 380W
      • Case:
      • Antec Sonata
      • Operating System:
      • OpenSuse 64-bit
      • Monitor(s):
      • HP LP2065
      • Internet:
      • ADSL

    Re: Just been hit by malware. D=

    Quote Originally Posted by TAKTAK View Post
    pity i wasn't on one of my linux boxes then eh?
    I'm presuming the mod was for UT3? There isn't really a Linux option for that version, despite the protestations of these guys.

    Original UT runs like a dream, and I believe UT2004 is Linux-friendly also. Regardless of it's excellence as an OS, gaming in Linux is an obscure form of masochism...

  15. #14
    cat /dev/null streetster's Avatar
    Join Date
    Jul 2003
    Location
    London
    Posts
    4,138
    Thanks
    119
    Thanked
    100 times in 82 posts
    • streetster's system
      • Motherboard:
      • Asus P7P55D-E
      • CPU:
      • Intel i5 750 2.67 @ 4.0Ghz
      • Memory:
      • 4GB Corsair XMS DDR3
      • Storage:
      • 2x1TB Drives [RAID0]
      • Graphics card(s):
      • 2xSapphire HD 4870 512MB CrossFireX
      • PSU:
      • Corsair HX520W
      • Case:
      • Coolermaster Black Widow
      • Operating System:
      • Windows 7 x64
      • Monitor(s):
      • DELL U2311
      • Internet:
      • Virgin 50Mb

    Re: Just been hit by malware. D=

    any joy on the reg script getting those tabs back?

  16. #15
    I R Toff Pandi! TAKTAK's Avatar
    Join Date
    Mar 2008
    Location
    Vergon6
    Posts
    7,450
    Thanks
    553
    Thanked
    1,012 times in 747 posts
    • TAKTAK's system
      • Motherboard:
      • ASUS ROG STRIX B450-F GAMING
      • CPU:
      • Ryzen 7 3700X
      • Memory:
      • 16GB Corsair Vengeance LPX 3200MHz
      • Storage:
      • 500GB Samsung 970 EVO
      • Graphics card(s):
      • 5700 XT 50th Anniversary
      • PSU:
      • Be Quiet SFX-L 600W
      • Case:
      • Lian Li PC-O11 Mini
      • Operating System:
      • Windows 10
      • Monitor(s):
      • LG Ultrawide
      • Internet:
      • 200Mb FTTP

    Re: Just been hit by malware. D=

    Quote Originally Posted by streetster View Post
    any joy on the reg script getting those tabs back?
    yeah it seems to have worked perfectly, thanks very much
    Post Counts and Other Rewards, Rules, Folding@Home, Fans: Push vs Pull vs Push-Pull, Corsair PSU OEMs.

    Quote Originally Posted by razer121 View Post
    Would you like me to enter you? it would be my pleasure
    TAKTAK.co.uk

  17. #16
    Mostly Me Lucio's Avatar
    Join Date
    Mar 2007
    Location
    Tring
    Posts
    5,163
    Thanks
    443
    Thanked
    445 times in 348 posts
    • Lucio's system
      • Motherboard:
      • Gigabyte GA-970A-UD3P
      • CPU:
      • AMD FX-6350 with Cooler Master Seldon 240
      • Memory:
      • 2x4GB Corsair DDR3 Vengeance
      • Storage:
      • 128GB Toshiba, 2.5" SSD, 1TB WD Blue WD10EZEX, 500GB Seagate Baracuda 7200.11
      • Graphics card(s):
      • Sapphire R9 270X 4GB
      • PSU:
      • 600W Silverstone Strider SST-ST60F
      • Case:
      • Cooler Master HAF XB
      • Operating System:
      • Windows 8.1 64Bit
      • Monitor(s):
      • Samsung 2032BW, 1680 x 1050
      • Internet:
      • 16Mb Plusnet

    Re: Just been hit by malware. D=

    Quote Originally Posted by TAKTAK View Post
    i turned it off, i just couldn't stand having to authorise things 3 times just to open a file...
    just running malwarebytes now...
    three times?? I only get the prompt once, just after it's downloaded and it wants to cross from "Internet" to "Local"

    I have to say that I find the Vista UAC occasionally annoying, but only when I've closed a window I hadn't finished with!


    Still, was curious to know whether or not the UAC helps prevent this kind of attack, or whether these things will happen regardless.

    (\___/) (\___/) (\___/) (\___/) (\___/) (\___/) (\___/)
    (='.'=) (='.'=) (='.'=) (='.'=) (='.'=) (='.'=) (='.'=)
    (")_(") (")_(") (")_(") (")_(") (")_(") (")_(") (")_(")


    This is bunny and friends. He is fed up waiting for everyone to help him out, and decided to help himself instead!

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Iron Man demo to hit Xbox LIVE today
    By HEXUS in forum HEXUS News
    Replies: 7
    Last Post: 20-04-2008, 06:17 PM
  2. Much performance hit going through two switches?
    By UKMuFFiN in forum Help! Quick Relief From Tech Headaches
    Replies: 4
    Last Post: 17-11-2006, 12:26 PM
  3. Replies: 5
    Last Post: 16-06-2006, 09:11 AM
  4. Hit and Myth - Gizmondo
    By Nick in forum HEXUS News
    Replies: 0
    Last Post: 22-09-2005, 11:34 AM
  5. IL2:Forgotten Battles FAQ
    By Nick in forum PC
    Replies: 9
    Last Post: 21-01-2005, 03:13 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •