Jump to content
Sign in to follow this  
Schoeler

Bad virus

Recommended Posts

Last night I DL'ed the new BAS Black Hawks and installed them. I also DL'ed and installed a Beta addon from a prominent mod team for whom I'm a beta tester. Other than that, all I did was visit this site, and their site and access the forums. I visited no other sites and did not open any e-mails.

First thing this morning, Norton found a Trojan Horse on my machine. Since then, despite being quarrantined by Norton, the Virus has ruined my system. It has compeletely killed Norton, refusing to let me update my virus defs, it won't let me reinstall Norton over my current installation, it won't let me search for any newly added files or folders, it won't allow me access to the program files on my C: drive, and it won't let me add/remove any programs. I don't know who put this little bastard out, but I suspect I got it from one of these two sites or one of those two downloads. I doubt it was intentional by either mod team, but my concern is that someone hacked in and placed the trojan horse onto one of the files. Be careful, as I am now going to have to reinstall my OS and reformat my entire hard drive.

Whoever did this, I hope you die of gas gangrene or stomach cancer you son of a bitch!

Share this post


Link to post
Share on other sites

wow_o.gif not happend here.

I´m sorry for you.

Share this post


Link to post
Share on other sites

Damn if this is really BAS Addon then mad_o.gif but its not posible because .pbo .sqs .sqm canot be virus infected but there can be a Trojan in it ( even in pictures/movies ) but still i dont have any problems but i hope its just a Hacker who did it to you and that nothing hapens but on the other side...Gees man i hope your PC is still alive and good luck on the Restore, ( i had a Hacker to and its not fun ) But if you have a hacker do this:

1: Remove the Internet cable from your PC so they cant Root To you ( Root is gaining Acces to a PC )

2: Press Control+Alt+Del

3: Shut down all the Non Win Programs

4: go to Start>Run> and type msconfig and slam the enter

5: look in evry TAB and clear some Strange looking Things (not all the things )

6: then Restart your pc

7: Go again to Start>Run but now type: regedit

8: go there and look in evry Reg Tab and get rid of strange things

9: Restart again

10: Go to Win and look for strange .exe's remove them

11: Go to your System(32) dir and do the same there

12: Restart.

Voila You have a Trojan free PC

i hope it works ( this is only if you have WINdows )

Share this post


Link to post
Share on other sites

The Blackhawks are in a .rar-archive and not in one of those damned .exe-files. Good thing.

Meaning: the virus cannot have come from the BAS .rar.

Sorry to hear about your virus infection. Hope it won't happen again sad_o.gif

Hmmm...thinking of it... I too downloaded another addon pack from a "prominent addon maker". This one is in the infernal .exe format.

Eeek...must go check.

What virus/trojan was it, btw?

Share this post


Link to post
Share on other sites

Ouch, sorry to hear about that.

Norton 7/26 didn't catch anything.

updated to 8/6, rescanned and I'm still clean.

Is your version of windows current?

Share this post


Link to post
Share on other sites

Norton is just labeling it "Trojan Horse" and it found it in C:\Windows\_Restore. I can't DL the latest virus defs or run certain utilities in Norton, so it definetely screws with Norton real well. My concern is that some dumbass hacker planted it in one of the images or banners on either of the two sites and its just random luck if you get it.

Share this post


Link to post
Share on other sites

Damn you are Fucked man sorry to say but.... once its in the Restore and a Unknown Virus well your fucked....You better Clean your whole Harddisk ASAP because soon your whole HD ( harddisk ) will be gone and you can't use it then so my advise Clean the whole thing and then put Win back on

Share this post


Link to post
Share on other sites
Ouch, sorry to hear about that.

Norton 7/26 didn't catch anything.

updated to 8/6, rescanned and I'm still clean.

Is your version of windows current?

yeah, I just updated a couple of days ago. I'm running Windows 2000.

Share this post


Link to post
Share on other sites
Damn you are Fucked man sorry to say but.... once its in the Restore and a Unknown Virus well your fucked....You better Clean your whole Harddisk ASAP because soon your whole HD ( harddisk ) will be gone and you can't use it then so my advise Clean the whole thing and then put Win back on

that's what i always do in those cases , i'm easily scared and it's a bad habit i took , but still , my PC is quite clean

Share this post


Link to post
Share on other sites

Yeah, thanks for the suggestions, I'm gonna dump the whole harddrive and reformat then reinstall Windows first thing tomorrow.

Sonofabtich! Friggen Hacker scum!

Share this post


Link to post
Share on other sites

You know crapola like this can be passed in e-mail scripts or attachments as well... sad_o.gif I don't think any PBO,sqs, sqf or other file is capable of releasing a trojan.

Share this post


Link to post
Share on other sites

You can try repairing your installation by booting from your CD... not sure if you are able to do that with Win 2000 though

Share this post


Link to post
Share on other sites

Norton AV is good with viruses but generally not so good with Trojans. You should try some dedicated anti-Trojan tool, like TDS-3 or Pest Patrol

Share this post


Link to post
Share on other sites

btw do you have your firewall down most of the time? Or do you leave it up.

I only got one virus from a site once. Havent had it happen recently.

One i do get kinda often is "JSNOCLOSE.exe" anyone seen that one before?

Share this post


Link to post
Share on other sites

Hmmm....Sorry to hear Schoeler! I'm sort of scared myself nowadays that something or someone has access to my pc. I set up (ok, so my neighbour did it) a router a week ago after buying a new pc. Two days ago the machine started to turn itself on ca 30 seconds after I turned it off. How weird is that? When I log off I receive a message that a program is running - and now comes the realy weird bit - that someone is logged on my pc and that their data may be lost if I continue with turning the pc off?

I don't get it? Could this be that the router is the "someone" logged on? Or could it be someone/a program of some sort with acces to my pc?

Share this post


Link to post
Share on other sites

You normally get those messages when you share your resources (files) with someone. Do you have file and printer sharing installed?

Sounds really fishy to me. You shouldn't be getting that message unless you share.

Share this post


Link to post
Share on other sites
You normally get those messages when you share your resources (files) with someone.  Do you have file and printer sharing installed?

Sounds really fishy to me.  You shouldn't be getting that message unless you share.

...now I'm realy scared! No - I don't share anything with my old pc on the same router. How can I check what/which programe is running?

Share this post


Link to post
Share on other sites

Well hmm, I'd say for what's running task manager does the trick usually in XP. When you do CTRL ALT DEL.

Then again there are hidden processes, look for a proggie named HideWindow.

Then you can check what connections are established with your machine with proggies such as NetMonitor. You can run FileMonitor to observer file access on you machine as well. A good trick is to install a firewall, like Nortons personal firewall whatever it's called. If it's at a high setting you will be going through each and every port request and selecting what you want to allow or disallow. rock.gif

But yeah, I would be scared if I wasn't sharing and got that message. Do you maybe login with several users (quick user switching or somehting in XP)?

Share this post


Link to post
Share on other sites
Two days ago the machine started to turn itself on ca 30 seconds after I turned it off. How weird is that?

yeah same happend to me. I was going to bed I turned off the comp.  after 5 mins, I heard a click then my comp just started  rock.gif  rock.gif wtf happend`??  is it a virus?? or??

Share this post


Link to post
Share on other sites

Well you guys should check your BIOS settings for that auto on stuff. See what's configured under Alarm options or such. Just examine BIOS settings, maybe your machines are set to auto turn on for some LAN event?

Share this post


Link to post
Share on other sites
Well you guys should check your BIOS settings for that auto on stuff.  See what's configured under Alarm options or such.  

Thanks Bn - I'll try your suggestions.

Quote[/b] ]Just examine BIOS settings, maybe your machines are set to auto turn on for some LAN event?

However, when I come to think of it - I did change something a few days ago. I selected both Norton and Windows to automatically check for updates - and install them. Could this be it?

Share this post


Link to post
Share on other sites

After a thorough check I came up clean. I downloaded the addons at about 0200 MST today.

I'd say it's soming from other sources. Looking at my firewall logs, I've been blocking a LOT of scans on port 4444 and popular and well-done as it is, I doubt all of these machines responsible for the scanning have the MH-60 pack installed.

-5hole

Share this post


Link to post
Share on other sites
Quote[/b] ]Just examine BIOS settings, maybe your machines are set to auto turn on for some LAN event?

However, when I come to think of it - I did change something a few days ago. I selected both Norton and Windows to automatically check for updates - and install them. Could this be it?

Well it could be restarting the system (that would be normal). You should do a little research if possible, because I have never heard of that turning your machine on after shutoff, but who knows. The message about someone losing files or data if you shut down is pretty strange, I would search for any Microsoft notes on that as well. . .

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×