facebook virus
Posted: Fri Dec 05, 2008 1:40 pm
OK my sister retardedly installed the so called facebook virus
She apparently got an email about a video from a friend on fakebook and when she clicked the link to the video she got redirected to geocitys website with a youtube style window that pretends to load then pops up a missing codec can't play the video kind of error with an option to download the "codec" she accepted download to install this so called codec.
Of course the codec was a virus because I just fully updated her codecs the day before and her computer should play damn near ANYTHING
Why would she fix somthing I already did well I have no idea. This should have been 100% avoidable...
Anyways I now need to try and get rid of the thing and I have stopped it from doing much but I cant get 100% rid of it and am now running out of idea's on what to do
Ok so ad-aware found some, spy-bot also found some, Leaving spybot on and she keeps being prompted about a registry attempting to be changed tho spy-bot is not allowing this.
Now ive also run nod32 for a virus scanner and it found about 7 infected files and removed them.
Pc pitstop scan comes up as clean and all the processes running are normal aside from garbage my sister put there but safe garbage lol
Every time she turns on the "wireless" she has a fake M$ windows defender style icon balloon in her start bar saying her computer is infected and is instructing her to download a verified by m$ virus scanner (FAKE SCANNER) checked it and it appears to be another virus lol
So im out of ideas. Scans are coming up clean and theres tons of signs its still there.
BRB gotta run out will add when i get back
Edit: Back
Alright so after going to try some stuff and endless hours
Ive managed to get rid of it... well i think lol
Some problem files that were picked up by virus scanners and spy-bot
qttasku.exe
qttaskm.exe
hpmun.exe
hpmom.exe
browseru.exe
And these 2 files below slipped by every scan but one scan got them and i hate to give credit to the scan that did but... The real windows defender
NOT THE FAKE ONE Actually have to click the start button and go into control panel and open it yourself!!
(Just in case someone try's to fix there own copy of this virus using this post as a guide so umm ya just making sure)
zlob.ans
zlob.bah
Now after all those had been found by scanners etc the computer was still doing suspicious behavior but only when the internet was turned on and spy-bot kept catching a registry trying to be changed regardless of wireless on or off
Ok starting IE the home page would not load and bring up yet another fake virus scanner pop up after closing the pop up it would load a load a fake windows defender as the page in IE and it looks fairly real lol
Moving on tryed to use housecall & kaspersky for online scanners since the ones i had were not finding anything new yet still getting odd behavior but both scanners failed to load
Downloaded the trial version of kaspersky and attempted to run that but it froze at 48% and refused to continue and even after restarting it was still at 48%? No not re-scanned and freeze again... Just still at 48% Very strange indeed.
So no scanners finding anything and any well known scanners not working
Appears clean except for the odd behavior mentioned but when the computer is restarted guess what.
Everything is back again LOL
Now strangely i noticed the created date on the folder C:Programfileswebmediaviewer Some of the virus .exe files were found in this folder and the folder was made the same day she got the virus (I thought the folder was supposed to be there because its not my pc) There were lots of files still in this folder. Anyways none of the files or the folder itself could be deleted as they were in use but if the scanners got everything then why would there still be files here?
Well after starting in safe mode i was able to delete the folder webmediaviewer along with all files in it and running the downloaded kaspersky was now possible and came up clean as the computer was clean before it shutdown right ^^
Restarted the pc normally and TADA Nothing... No strange behaviour, No pop ups, No redirect, Spy-bot is not warning about registry change, Scanners finding nothing, It's fixed
Now umm I'm no guru at this but the online scans still refuse to run java and it is upto date as I just did that so is it possible that the computer may still be infected at all? Alot of files in that folder slipped through the scans that I deleted manually just on a hunch because of the date. Apparently after doing some looking up on this virus it seems it logs and sends out keystrokes for login passwords and anything els also looks for credit card banking info so umm ya she uses the pc for banking and i wanna make sure its 100% cleaned before letting her use her bank on it.
It appears to be 100% back to normal but I'm just a little paranoid that it may still have something hiding on it because all scanners missed a butt load of files. And due to the whole nature of the virus using tricks as its main tactic, deleting a few files in safe mode seems to easy? Also is there anything els It might of left behind that I need to chase after such as registry entry's? Like after looking online for what registry's the virus should change I checked the paths and came up empty. Theres nothing online about this virus to help remove it so I think I did fairly well lol
Anyways Ive got few screenshots of the fake stuff and will post em later as they are saved on my sisters pc right now and I also have the links to the virus's lol
I will not post em though
Archived topic from Iceteks, old topic ID:5080, old post ID:39019
She apparently got an email about a video from a friend on fakebook and when she clicked the link to the video she got redirected to geocitys website with a youtube style window that pretends to load then pops up a missing codec can't play the video kind of error with an option to download the "codec" she accepted download to install this so called codec.
Of course the codec was a virus because I just fully updated her codecs the day before and her computer should play damn near ANYTHING
Why would she fix somthing I already did well I have no idea. This should have been 100% avoidable...Anyways I now need to try and get rid of the thing and I have stopped it from doing much but I cant get 100% rid of it and am now running out of idea's on what to do
Ok so ad-aware found some, spy-bot also found some, Leaving spybot on and she keeps being prompted about a registry attempting to be changed tho spy-bot is not allowing this.
Now ive also run nod32 for a virus scanner and it found about 7 infected files and removed them.
Pc pitstop scan comes up as clean and all the processes running are normal aside from garbage my sister put there but safe garbage lol
Every time she turns on the "wireless" she has a fake M$ windows defender style icon balloon in her start bar saying her computer is infected and is instructing her to download a verified by m$ virus scanner (FAKE SCANNER) checked it and it appears to be another virus lol
So im out of ideas. Scans are coming up clean and theres tons of signs its still there.
BRB gotta run out will add when i get back
Edit: Back
Alright so after going to try some stuff and endless hours
Ive managed to get rid of it... well i think lolSome problem files that were picked up by virus scanners and spy-bot
qttasku.exe
qttaskm.exe
hpmun.exe
hpmom.exe
browseru.exe
And these 2 files below slipped by every scan but one scan got them and i hate to give credit to the scan that did but... The real windows defender
NOT THE FAKE ONE Actually have to click the start button and go into control panel and open it yourself!! (Just in case someone try's to fix there own copy of this virus using this post as a guide so umm ya just making sure)
zlob.ans
zlob.bah
Now after all those had been found by scanners etc the computer was still doing suspicious behavior but only when the internet was turned on and spy-bot kept catching a registry trying to be changed regardless of wireless on or off
Ok starting IE the home page would not load and bring up yet another fake virus scanner pop up after closing the pop up it would load a load a fake windows defender as the page in IE and it looks fairly real lol
Moving on tryed to use housecall & kaspersky for online scanners since the ones i had were not finding anything new yet still getting odd behavior but both scanners failed to load
Downloaded the trial version of kaspersky and attempted to run that but it froze at 48% and refused to continue and even after restarting it was still at 48%? No not re-scanned and freeze again... Just still at 48% Very strange indeed. So no scanners finding anything and any well known scanners not working
Appears clean except for the odd behavior mentioned but when the computer is restarted guess what.
Everything is back again LOLNow strangely i noticed the created date on the folder C:Programfileswebmediaviewer Some of the virus .exe files were found in this folder and the folder was made the same day she got the virus (I thought the folder was supposed to be there because its not my pc) There were lots of files still in this folder. Anyways none of the files or the folder itself could be deleted as they were in use but if the scanners got everything then why would there still be files here?
Well after starting in safe mode i was able to delete the folder webmediaviewer along with all files in it and running the downloaded kaspersky was now possible and came up clean as the computer was clean before it shutdown right ^^
Restarted the pc normally and TADA Nothing... No strange behaviour, No pop ups, No redirect, Spy-bot is not warning about registry change, Scanners finding nothing, It's fixed
Now umm I'm no guru at this but the online scans still refuse to run java and it is upto date as I just did that so is it possible that the computer may still be infected at all? Alot of files in that folder slipped through the scans that I deleted manually just on a hunch because of the date. Apparently after doing some looking up on this virus it seems it logs and sends out keystrokes for login passwords and anything els also looks for credit card banking info so umm ya she uses the pc for banking and i wanna make sure its 100% cleaned before letting her use her bank on it.
It appears to be 100% back to normal but I'm just a little paranoid that it may still have something hiding on it because all scanners missed a butt load of files. And due to the whole nature of the virus using tricks as its main tactic, deleting a few files in safe mode seems to easy? Also is there anything els It might of left behind that I need to chase after such as registry entry's? Like after looking online for what registry's the virus should change I checked the paths and came up empty. Theres nothing online about this virus to help remove it so I think I did fairly well lol
Anyways Ive got few screenshots of the fake stuff and will post em later as they are saved on my sisters pc right now and I also have the links to the virus's lol
I will not post em though
Archived topic from Iceteks, old topic ID:5080, old post ID:39019
Like squirrel said if it started in 1990 then why is it still a problem? Get your car stolen once because you didn't lock a door and you WILL lock your next car and set the alarm every time but why would you not learn the same from a virus? 