Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 04-29-2009, 04:15 PM   #1
In Runtime
 
Join Date: Feb 2009
Location: Republic of Texas
Posts: 152
Default Odd virus-type activity

So I'm working on a laptop, and I've run into a interesting problem. On the C: drive, when you try to open it, the virus has put an autorun script on it telling it to query the recycler for a long file name (randomly created, gibberish). I delete the autoexecute file, and it is regenerated. I've come to the conclusion it's c:\pagefile that is creating it (I believe it's a .sys, but can't be certain). The size of the file is 2096204 KB and accessed in the last 10 minutes. It's not only a hidden file, but a hidden system file, so I had to have Win show the hidden protected system files in order to find them. Included in the virus package seems to be C:\pagefile, c:\autorun, and the c:\recycler folder. Any ideas here?
__________________

PvilleStang is offline   Reply With Quote
Old 04-29-2009, 07:52 PM   #2
In Runtime
 
Join Date: Mar 2009
Posts: 171
Send a message via AIM to burn420 Send a message via Yahoo to burn420
Default Re: Odd virus-type activity

I would take a look at all the start up scripts if you haven't already.. I might also suggest doing a boot scan.. Or a scan like TRK... I might also take a look into autorun, see if there is anything strange in it, also the pagefile...
__________________

__________________
http://tetralogica.com
burn420 is offline   Reply With Quote
Old 04-30-2009, 12:03 PM   #3
In Runtime
 
Join Date: Feb 2009
Location: Republic of Texas
Posts: 152
Default Re: Odd virus-type activity

Well, I ran symantec, came up clean. I ran Hijack this, and came up with little more than a few rerouted DNS addresses and some spyware, nothing outside the ordinary. The startup scripts were clean, but when I looked in c:\recycler, I found what I assume to be the culprit, which was a program that was hidden as a protected system file, and deleted it. The autorun file stopped regenerating, and haven't had as many issues. Oddly enough, though, the client said the computer froze when he sent a doc to the network printer, so there might be an issue with the print spooler now. Not sure if it's related, but it's worth noting.
PvilleStang is offline   Reply With Quote
Old 04-30-2009, 12:46 PM   #4
Fully Optimized
 
Spec's Avatar
 
Join Date: Aug 2005
Posts: 1,641
Default Re: Odd virus-type activity

Hirens boot disk...check it.
__________________
Thermaltake ARMOR/ mATX intelG33 Motherboard/4gb G.SKILL High Gaming Performance ddr2-1200/Radeon 3870 1gb edition/850w Thermaltake superduty psu

PokerDegenerate: Don't listen to these guys, I like the IDE makes it look vintage like a 68 Camaro SS...
Spec is offline   Reply With Quote
Old 04-30-2009, 08:51 PM   #5
In Runtime
 
Join Date: Mar 2009
Posts: 171
Send a message via AIM to burn420 Send a message via Yahoo to burn420
Default Re: Odd virus-type activity

Personally, I hate symantec products... I have never been satisfied with anything by them... I would suggest trying AVG, or Avast...
As for HiJackThis, it is a very outdated program, and only useful for windows 2k and below... Else wise, anything the reports show, is more then easy to find... Plus it is not continually updated... For something that shows better summaries and provides a much better protection level I suggest trying Spyware Terminator..
As for the printing issue, if it is not a PICNIC error, then I doubt it is connected to the previous problem, though of course I could be wrong..
__________________
http://tetralogica.com
burn420 is offline   Reply With Quote
Old 04-30-2009, 09:01 PM   #6
Baseband Member
 
Join Date: Mar 2009
Posts: 30
Default Re: Odd virus-type activity

Start the computer in safe mode and then run virus checkers and antispyware. Some good ones are Avira Antivirus and Spybot Search and Destroy which you can download on my site www.mhare.com.au. Also run a repair using your windows disc.
markhare is offline   Reply With Quote
Old 04-30-2009, 09:09 PM   #7
In Runtime
 
Join Date: Mar 2009
Posts: 171
Send a message via AIM to burn420 Send a message via Yahoo to burn420
Default Re: Odd virus-type activity

Spec - I took a look at the Hirens boot disk... I am not satisfied enough to give it a try... I could do more with Knoppix then I could with that...
There was only two things I liked about it, the fact that it has support for partitioning (though in my opinion, if you can't use Fdisk, you really shouldn't be messing around with partitions), and Adaware SE (though outdated).
Any ext3 imaged disk could provide better support for the rest of the stuff..
__________________
http://tetralogica.com
burn420 is offline   Reply With Quote
Old 04-30-2009, 09:50 PM   #8
Daemon Poster
 
nevermind1534's Avatar
 
Join Date: Oct 2008
Posts: 754
Default Re: Odd virus-type activity

Upgrading my parents' computer to xp pro from home (about three or four years ago) fixed the print spooler that had been made nonexistant.
__________________

__________________
Your PC Forums - yourpcforums.org
nevermind1534 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 07:39 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0