So I picked up a virus somewhere

Got Problems or Advice post here. Want to show off your PC bling?
PC, Xbox 360, PS3, Wii, Electronics.
User avatar
Magus
Manager
Posts: 1005
Joined: August 12th, 2009, 9:44 pm
Ingame Name: [ATG] Mäġůş
SteamID: STEAM_0:0:17489579
Location: WI

So I picked up a virus somewhere

Post by Magus »

My AVG is reading it as Trojan horse Sheur3.**** when I try to move it to a vault, AVG says it could not be removed.

I'm wondering if anyone has any way I could get it off without having to reformat. Basically this trojan just takes many of my webpages and re-directs me to advertisement pages. This is pretty damn annoying.

Not sure where I got it, but I haven't really clicked any unsafe or phishing links.

Appreciate the help, thanks.
Image
User avatar
Magus
Manager
Posts: 1005
Joined: August 12th, 2009, 9:44 pm
Ingame Name: [ATG] Mäġůş
SteamID: STEAM_0:0:17489579
Location: WI

Re: So I picked up a virus somewhere

Post by Magus »

Image
Image
User avatar
Tahko
Admin
Posts: 898
Joined: September 30th, 2009, 11:36 pm
Ingame Name: ᴅɢz! Hartmann
SteamID: STEAM:0:1:20888205

Re: So I picked up a virus somewhere

Post by Tahko »

Have you gone to the directory "c:\windows\temp\stdk.tmp\" to delete the file "setup.exe" in safe mode?
User avatar
Magus
Manager
Posts: 1005
Joined: August 12th, 2009, 9:44 pm
Ingame Name: [ATG] Mäġůş
SteamID: STEAM_0:0:17489579
Location: WI

Re: So I picked up a virus somewhere

Post by Magus »

It's not there.
Image
User avatar
Magus
Manager
Posts: 1005
Joined: August 12th, 2009, 9:44 pm
Ingame Name: [ATG] Mäġůş
SteamID: STEAM_0:0:17489579
Location: WI

Re: So I picked up a virus somewhere

Post by Magus »

*sigh* I'm probably going to have to just reformat.

I have windows 7 home edition 64-bit and an external hard drive. I'm thinking about copying my steam-apps, my personal music and picture collection, and some videos to my external and then popping in my original installation disk, deleting the partitions, then re-installing Windows. That's all I need to do, correct?
Image
User avatar
madmattd
Admin
Posts: 780
Joined: October 9th, 2009, 7:00 pm
Ingame Name: [ATG] madmattd
SteamID: STEAM_0:0:22659932
Location: MA

Re: So I picked up a virus somewhere

Post by madmattd »

Yea basically copy anything you ever want to see again over. Steamapps is a biggie unless you want to redownload all that...music, videos, documents, etc. Make sure you have a drivers disc or your drivers in a folder somewhere, especially your ethernet. I have found that Windows 7 does not know what to do with a Realtek ethernet port which most computers from the last several years use for an ethernet connection. I keep a folder of all random programs I use, like Thunderbird, Firefox, Ccleaner, Steam, etc so that on a format I just bring that folder back and start clicking on installs until I am 95% of the way back to where I was. Popping the disc in and booting from the disc (don't do it through Windows, do a restart off the disk) will let you delete/create/format partitions during setup. Then you get to copy everything back, lol.
"Chinese Sentries - they're cheap, crappy, and have little lights on the top!" - Pretendica
User avatar
TheKeef
Admin
Posts: 565
Joined: October 7th, 2009, 10:40 am
Ingame Name: Lawyers Guns & Money
Location: Okc
Contact:

Re: So I picked up a virus somewhere

Post by TheKeef »

Wait I only have my phone with me I have some suggestions. I'll get to my pc in5.
Image
ImageImage

Stage IV T-Cell Lymphoblastic Lymphoma Survivor, Cancer Killing Ninja Motherfucker.
User avatar
TheKeef
Admin
Posts: 565
Joined: October 7th, 2009, 10:40 am
Ingame Name: Lawyers Guns & Money
Location: Okc
Contact:

Re: So I picked up a virus somewhere

Post by TheKeef »

Ok bud, first off AVG/Avast are ok for basic scanning, but you have to try other things sometimes as you can see. First try a boot time scan. It should be in the scanning options. This can sometimes help to removed deeply rooted items.

I would first install Malwarebytes. It's free, it updates program and defs for free also. It stays very recent and relevant. I have used it with great success before to help myself and others.

http://download.cnet.com/Malwarebytes-A ... 04572.html

Also since you are recieving a trojan alert, I would try Trojan Remover. I once had a nasty bug that only trojan remover found, and removed. Not a catchy name, but effective as hell. Not free, but you get a fully activated and useful 30 day trial.

http://simplysup.com/

Only after all that, and then some, would I reformat. Thats for clean installs really. You probably dont need to go that far.

Also try running Hijack This. It will show a log of all running processes and has useful tools to delete and remove harmful shit. Dont just go guessing what is bad though, you can remove useful shit with it too.

http://free.antivirus.com/hijackthis/

Hope that helps bud.
Image
ImageImage

Stage IV T-Cell Lymphoblastic Lymphoma Survivor, Cancer Killing Ninja Motherfucker.
User avatar
Magus
Manager
Posts: 1005
Joined: August 12th, 2009, 9:44 pm
Ingame Name: [ATG] Mäġůş
SteamID: STEAM_0:0:17489579
Location: WI

Re: So I picked up a virus somewhere

Post by Magus »

Thanks for the Help Keef, I actually tried MalwareBytes last night and it found a "pagerage.exe" which would explain exactly what the virus is doing to my computer, but even upon removal, the problem didn't go away.

I'm going to reformat, I have some things backed up, but I'm going to transfer some stuff from my 2nd internal drive to an external before I wipe it all. Thanks for the help, and I'll report back here if I have any problems with re-setting up.

*p.s. i have my OS and driver disks*
Image
User avatar
Dan(omite)
Donor
Posts: 168
Joined: October 3rd, 2009, 6:20 pm
Ingame Name: Dan(omite)
SteamID: STEAM_0:0:16930891
Location: Omaha, Nebraska

Re: So I picked up a virus somewhere

Post by Dan(omite) »

Did you run MBAM in safe mode? A lot of those nasty ones are actually controlled by multiple processes... if malwarebytes removes the one program, a backup process will simply re-write it. Booting in safe mode and then scanning should allow you to find both of them and remove them before they are run. If you already did it in safe mode, then I'm not sure what to tell you. I'm sure there is some way to remove it without reformatting, although I know you said you'll probably just do that anyway. Good luck with whatever route you take though
User avatar
Magus
Manager
Posts: 1005
Joined: August 12th, 2009, 9:44 pm
Ingame Name: [ATG] Mäġůş
SteamID: STEAM_0:0:17489579
Location: WI

Re: So I picked up a virus somewhere

Post by Magus »

Ugh and it just gets worse. I was using a relative's internet yesterday, and this morning I went back over to pick up some stuff, and I was greeted by this on when I launched internet explorer:

Subject Suspicious Activity detected at roadrunner
Received June 10, 2011
From Fraud Department




Suspicious Activity detected at roadrunner on June 10, 2011.
We think you might have been affected by a security breach and by the suspicious activity detected at roadrunner today, June 10, 2011. Please review your credit report immediately and report any activity that you did not authorize. Early detection is the best way to handle identity theft, so you should review your report right away.
For your convenience, your credit report has been made available at no charge until 11:59 pm June 10, 2011 . Please be aware that although your credit score is free, a credit card will be required to validate your identity.
Image
User avatar
Magus
Manager
Posts: 1005
Joined: August 12th, 2009, 9:44 pm
Ingame Name: [ATG] Mäġůş
SteamID: STEAM_0:0:17489579
Location: WI

Re: So I picked up a virus somewhere

Post by Magus »

It's from wierd website name, so we'll be calling roadrunner shortly to verify.

Will report back.
Image
User avatar
Magus
Manager
Posts: 1005
Joined: August 12th, 2009, 9:44 pm
Ingame Name: [ATG] Mäġůş
SteamID: STEAM_0:0:17489579
Location: WI

Re: So I picked up a virus somewhere

Post by Magus »

*sigh*, phishing bastards.
Image
User avatar
Magus
Manager
Posts: 1005
Joined: August 12th, 2009, 9:44 pm
Ingame Name: [ATG] Mäġůş
SteamID: STEAM_0:0:17489579
Location: WI

Re: So I picked up a virus somewhere

Post by Magus »

Fucking great. So I start re-installing.

My laptop has two hard drive by the way. Anyway, so I start re-installing windows 7, and it brings me up to a list of my partitions etc. I can delete/remove all of them except my C drive. It won't let me delete it or format it *and that's where my virus is*. Not only that, but if I try just re-installing in that drive, it just replaces my windows files, that's all.

Also, now my 2nd hard drive doesn't show up on My Computer screen.


Any help would be appreciated.
Image
User avatar
Joe
Founder
Posts: 574
Joined: June 14th, 2009, 12:58 am
Ingame Name: [ATG] Joe
SteamID: STEAM_0:0:3883133
Location: Toronto, Ontario
Contact:

Re: So I picked up a virus somewhere

Post by Joe »

Magus wrote:Fucking great. So I start re-installing.

My laptop has two hard drive by the way. Anyway, so I start re-installing windows 7, and it brings me up to a list of my partitions etc. I can delete/remove all of them except my C drive. It won't let me delete it or format it *and that's where my virus is*. Not only that, but if I try just re-installing in that drive, it just replaces my windows files, that's all.

Also, now my 2nd hard drive doesn't show up on My Computer screen.


Any help would be appreciated.
  1. Download Ubuntu
  2. Boot from Ubuntu CD/DVD
  3. System > Disk Utility
  4. Select your C drive and format it as Empty Space
This is a block of text that can be added to posts you make. There is a 500 character limit.
Post Reply