Help me with a virus problem please.

Our "pub" where you can post about things completely Off Topic or about non-silent PC issues.

Moderators: NeilBlanchard, Ralf Hutter, sthayashi, Lawrence Lee

Post Reply
RaptorZX3
Posts: 867
Joined: Sat Feb 11, 2006 11:57 pm
Location: Montreal, Quebec (Canada)

Help me with a virus problem please.

Post by RaptorZX3 » Thu Jun 21, 2007 10:28 pm

ok i have Antivir installed, as well as Ad-Aware, Spybot and SpywareBlaster.

lately i get detection of a "crack.exe", in "C:\Documents and Settings\Francis\Local Settings\Temp\AAWTMP\C858593\31441C\crack.exe"

and again in the folder "C:\Documents and Settings\Francis\Local Settings\Temp\AAWTMP\C931843\25805C\crack.exe"

i quarantined both of them (Antivir idle self-scan found them) but it seem like them keep on coming. How can i stop them from coming again?

plus, i noticed the folder "AAWTMP" doesn't exist in my "Local Settings\Temp" folder
Case: Antec Three Hundred (w/ Corsair TX650W) | Main Board: Asus P7P55D-E LX | Video: eVGA Geforce GTX 560 Ti SuperClocked 1gb | HDD: Western Digital WD10EALS | CPU: Intel Core i5 750 (w/ Prolimatech Megahalems rev. B + Nexus B/W 120mm @ 12V). | Memory: 4 x 2gb G.Skill DDR3-1600 | Exhaust fans: Noctua NF-S12B FLX @ 12V. & Noctua NF-P14 FLX @ 12V. | Monitor: Asus VE228H.

peteamer
*Lifetime Patron*
Posts: 1740
Joined: Sun Dec 21, 2003 11:24 am
Location: 'Sunny' Cornwall U.K.

Post by peteamer » Thu Jun 21, 2007 11:01 pm

Try this on Google.

And let us know how it's going.

Good Luck
Pete

seemingly.random
Posts: 176
Joined: Mon Oct 16, 2006 11:51 am
Location: Southeast, USA

Re: Help me with a virus problem please.

Post by seemingly.random » Thu Jun 21, 2007 11:30 pm

RaptorZX3 wrote:plus, i noticed the folder "AAWTMP" doesn't exist in my "Local Settings\Temp" folder
It could be that "Show Hidden files and folders" is not enabled in Explorer:Tools:Folder Options:View

For a quick check, from the Cmd Prompt, use "dir /a /s \crack*".

You should probably quarantine this machine while eradicating this virus.

Damn forking viruses.

RaptorZX3
Posts: 867
Joined: Sat Feb 11, 2006 11:57 pm
Location: Montreal, Quebec (Canada)

Post by RaptorZX3 » Fri Jun 22, 2007 1:05 am

forking virus?

well, Antivir detected "TR/Crypt.FSPM.Gen" in the Crack.exe file (3 times in 3 different places) and 1 time in a ZIP file.

a similar virus called "TR/Crypt.XPACK.Gen" was found in another ZIP file
Case: Antec Three Hundred (w/ Corsair TX650W) | Main Board: Asus P7P55D-E LX | Video: eVGA Geforce GTX 560 Ti SuperClocked 1gb | HDD: Western Digital WD10EALS | CPU: Intel Core i5 750 (w/ Prolimatech Megahalems rev. B + Nexus B/W 120mm @ 12V). | Memory: 4 x 2gb G.Skill DDR3-1600 | Exhaust fans: Noctua NF-S12B FLX @ 12V. & Noctua NF-P14 FLX @ 12V. | Monitor: Asus VE228H.

seemingly.random
Posts: 176
Joined: Mon Oct 16, 2006 11:51 am
Location: Southeast, USA

Post by seemingly.random » Fri Jun 22, 2007 1:27 am

RaptorZX3 wrote:forking virus?
A pun. fork() is how a unix process replicates itself. Also, a couple of letters could be changed to describe what we really think of viruses and virus writers. I've always wondered why big companies don't go after them with the same zeal that they do others: bootleggers, music downloaders, etc.

Anyway, how are you going to get rid of it? I haven't had one for years. I was able to get rid of one light weight one programmatically. A couple of others required a reformat and reload. I'm sure we're all backed-up...

RaptorZX3
Posts: 867
Joined: Sat Feb 11, 2006 11:57 pm
Location: Montreal, Quebec (Canada)

Post by RaptorZX3 » Fri Jun 22, 2007 1:40 am

well HouseCall seem like it can find them.

didn't had problem like crashes, freezes or self-rebooting, it's just a bit annoying to have Antivir to make a sound (PC-Speaker hi-pitched 4-notes sound) when it find a virus, then i just choose "quarantine"

it's annoying when you play a MMORPG or when you watch TV in the living room, and then you hear that sound... :evil:
Case: Antec Three Hundred (w/ Corsair TX650W) | Main Board: Asus P7P55D-E LX | Video: eVGA Geforce GTX 560 Ti SuperClocked 1gb | HDD: Western Digital WD10EALS | CPU: Intel Core i5 750 (w/ Prolimatech Megahalems rev. B + Nexus B/W 120mm @ 12V). | Memory: 4 x 2gb G.Skill DDR3-1600 | Exhaust fans: Noctua NF-S12B FLX @ 12V. & Noctua NF-P14 FLX @ 12V. | Monitor: Asus VE228H.

jaganath
Posts: 5085
Joined: Tue Sep 20, 2005 6:55 am
Location: UK

Post by jaganath » Fri Jun 22, 2007 2:47 am

viruses and virus writers. I've always wondered why big companies don't go after them with the same zeal that they do others: bootleggers, music downloaders, etc.
assuming you weren't being sarcastic, the answer is because there's a lot of money to be made in selling antivirus software.

seemingly.random
Posts: 176
Joined: Mon Oct 16, 2006 11:51 am
Location: Southeast, USA

Post by seemingly.random » Fri Jun 22, 2007 8:24 am

jaganath wrote:assuming you weren't being sarcastic
Absolutely no sarcasm but maybe a little cynicism since I was thinking the same as you. I think they should be dealt with severely - no less than a vandal, mugger or thief that breaks into your house.

RaptorZX3
Posts: 867
Joined: Sat Feb 11, 2006 11:57 pm
Location: Montreal, Quebec (Canada)

Post by RaptorZX3 » Fri Jun 22, 2007 12:07 pm

i'm scanning again today with HouseCall

edit: HouseCall find nothing since the previous time i scanned my computer.

hoping this damn thing is gone forever now...
Case: Antec Three Hundred (w/ Corsair TX650W) | Main Board: Asus P7P55D-E LX | Video: eVGA Geforce GTX 560 Ti SuperClocked 1gb | HDD: Western Digital WD10EALS | CPU: Intel Core i5 750 (w/ Prolimatech Megahalems rev. B + Nexus B/W 120mm @ 12V). | Memory: 4 x 2gb G.Skill DDR3-1600 | Exhaust fans: Noctua NF-S12B FLX @ 12V. & Noctua NF-P14 FLX @ 12V. | Monitor: Asus VE228H.

NeilBlanchard
Moderator
Posts: 7680
Joined: Mon Dec 09, 2002 7:11 pm
Location: Maynard, MA, Eaarth
Contact:

Post by NeilBlanchard » Fri Jun 22, 2007 7:17 pm

Hello,

Did you try the Panda online scan? Another alternative is to use the trial version of Bit Defender -- this program has impressed me with catching all sorts of stuff that NOD32 didn't. But having said that, they all miss some things, though use all of them (in series, not all at once) seems to do a pretty good job...don't ask me how I know... :shock:
Sincerely, Neil
http://neilblanchard.blogspot.com/

RaptorZX3
Posts: 867
Joined: Sat Feb 11, 2006 11:57 pm
Location: Montreal, Quebec (Canada)

Post by RaptorZX3 » Fri Jun 22, 2007 8:48 pm

i didn't got a virus warning from Antivir yet.

last HouseCall scan detected nothing.

hoping i won't get this damn message anymore from this virus
Case: Antec Three Hundred (w/ Corsair TX650W) | Main Board: Asus P7P55D-E LX | Video: eVGA Geforce GTX 560 Ti SuperClocked 1gb | HDD: Western Digital WD10EALS | CPU: Intel Core i5 750 (w/ Prolimatech Megahalems rev. B + Nexus B/W 120mm @ 12V). | Memory: 4 x 2gb G.Skill DDR3-1600 | Exhaust fans: Noctua NF-S12B FLX @ 12V. & Noctua NF-P14 FLX @ 12V. | Monitor: Asus VE228H.

RaptorZX3
Posts: 867
Joined: Sat Feb 11, 2006 11:57 pm
Location: Montreal, Quebec (Canada)

Post by RaptorZX3 » Fri Jun 22, 2007 11:08 pm

i just got a virus warning from Antivir right now

Antivir detected "TR/Crypt.FSPM.Gen" again

in that folder:

C:\System Volume Information\_restore{9AB42FE9-5659-4481-95E8-4F6AF518DB91}\RP112\A0021752.exe

in another, previous detection, it says "Is the Trojan Horse TR/Crypt.FSPM.Gen"
Case: Antec Three Hundred (w/ Corsair TX650W) | Main Board: Asus P7P55D-E LX | Video: eVGA Geforce GTX 560 Ti SuperClocked 1gb | HDD: Western Digital WD10EALS | CPU: Intel Core i5 750 (w/ Prolimatech Megahalems rev. B + Nexus B/W 120mm @ 12V). | Memory: 4 x 2gb G.Skill DDR3-1600 | Exhaust fans: Noctua NF-S12B FLX @ 12V. & Noctua NF-P14 FLX @ 12V. | Monitor: Asus VE228H.

|Romeo|
Posts: 191
Joined: Tue Jan 18, 2005 6:36 pm
Location: UK

Post by |Romeo| » Sat Jun 23, 2007 1:09 am

Have you tried a scan from a bootable CD? e.g. The F-Secure rescue CD

RaptorZX3
Posts: 867
Joined: Sat Feb 11, 2006 11:57 pm
Location: Montreal, Quebec (Canada)

Post by RaptorZX3 » Sat Jun 23, 2007 1:27 am

i didn't got a virus warning for almost 24hours (not counting the time the computer is turned off while i sleep...)

i played a few different games today (FatalFake and Live for Speed)...and then i wanted to play a game that i used a NoCD crack on it (from Gamecopyworld.com, which they say their cracks doesn't contain virus or trojan), called Xpand Rally, well i played that game for a while, then i quit, and while i was watching TV, i heard Antivir's chime.

is that possible that, upon quitting a game that i used a NoCD patch on it, that "patch" would create a file/trojan somewhere on my hard disk that get detected by an antivirus?

because they say on the website, when you click on the game you wish to get a crack for, that Antiviruses might detect a trojan from the game crack/patch, but in fact it's harmless and is a false alarm
Case: Antec Three Hundred (w/ Corsair TX650W) | Main Board: Asus P7P55D-E LX | Video: eVGA Geforce GTX 560 Ti SuperClocked 1gb | HDD: Western Digital WD10EALS | CPU: Intel Core i5 750 (w/ Prolimatech Megahalems rev. B + Nexus B/W 120mm @ 12V). | Memory: 4 x 2gb G.Skill DDR3-1600 | Exhaust fans: Noctua NF-S12B FLX @ 12V. & Noctua NF-P14 FLX @ 12V. | Monitor: Asus VE228H.

peteamer
*Lifetime Patron*
Posts: 1740
Joined: Sun Dec 21, 2003 11:24 am
Location: 'Sunny' Cornwall U.K.

Post by peteamer » Sat Jun 23, 2007 1:40 am

RaptorZX3 wrote:Antivir detected "TR/Crypt.FSPM.Gen" again

in that folder:

C:\System Volume Information\_restore{9AB42FE9-5659-4481-95E8-4F6AF518DB91}\RP112\A0021752.exe
That is a system restore file.
You cannot remove a virus from it, hence why you keep getting told about a virus. All you can do is create a new system restore point and then delete all the old system restore points.

The virus is 'safe' whilst it's in the system restore file... but if you ever use that file you'll have your virus back.

RaptorZX3
Posts: 867
Joined: Sat Feb 11, 2006 11:57 pm
Location: Montreal, Quebec (Canada)

Post by RaptorZX3 » Sat Jun 23, 2007 2:04 am

ok, here's a dumb question: how can i do a proper system restore file? and how do i delete the older ones?
Case: Antec Three Hundred (w/ Corsair TX650W) | Main Board: Asus P7P55D-E LX | Video: eVGA Geforce GTX 560 Ti SuperClocked 1gb | HDD: Western Digital WD10EALS | CPU: Intel Core i5 750 (w/ Prolimatech Megahalems rev. B + Nexus B/W 120mm @ 12V). | Memory: 4 x 2gb G.Skill DDR3-1600 | Exhaust fans: Noctua NF-S12B FLX @ 12V. & Noctua NF-P14 FLX @ 12V. | Monitor: Asus VE228H.

NeilBlanchard
Moderator
Posts: 7680
Joined: Mon Dec 09, 2002 7:11 pm
Location: Maynard, MA, Eaarth
Contact:

Post by NeilBlanchard » Sat Jun 23, 2007 4:55 am

Hello,

Start/Programs/Accessories/System Tools/Restore/Create Restore Point -- to make a new one. I don't know about deleting the old one(s).
Sincerely, Neil
http://neilblanchard.blogspot.com/

peteamer
*Lifetime Patron*
Posts: 1740
Joined: Sun Dec 21, 2003 11:24 am
Location: 'Sunny' Cornwall U.K.

Post by peteamer » Sat Jun 23, 2007 6:52 am

To delete old system restore files:
Go to 'My Computer', right click a drive and select 'Properties'.
Left click 'Disk Cleanup'... and wait.....
Select 'More Options' tab when window opens, then click the System Restore 'Clean up' button.
Then click Ok OK OK OK etc etc.

This needs to be done on each drive.

RaptorZX3
Posts: 867
Joined: Sat Feb 11, 2006 11:57 pm
Location: Montreal, Quebec (Canada)

Post by RaptorZX3 » Sat Jun 23, 2007 12:28 pm

where is "Disk Cleanup"? i don't see it

edit: oh ok, i've read it wrong, i have to right click on a drive

ok done, and i made a new system restore file.
Case: Antec Three Hundred (w/ Corsair TX650W) | Main Board: Asus P7P55D-E LX | Video: eVGA Geforce GTX 560 Ti SuperClocked 1gb | HDD: Western Digital WD10EALS | CPU: Intel Core i5 750 (w/ Prolimatech Megahalems rev. B + Nexus B/W 120mm @ 12V). | Memory: 4 x 2gb G.Skill DDR3-1600 | Exhaust fans: Noctua NF-S12B FLX @ 12V. & Noctua NF-P14 FLX @ 12V. | Monitor: Asus VE228H.

peteamer
*Lifetime Patron*
Posts: 1740
Joined: Sun Dec 21, 2003 11:24 am
Location: 'Sunny' Cornwall U.K.

Post by peteamer » Sun Jun 24, 2007 12:11 am

You're Welcome.....

RaptorZX3
Posts: 867
Joined: Sat Feb 11, 2006 11:57 pm
Location: Montreal, Quebec (Canada)

Post by RaptorZX3 » Sun Jun 24, 2007 1:40 am

ok i scanned with AVG Anti-Spyware, it found 4 trojans that i cleaned.

i didn't got any virus warning since then, and i suspected my cracked game (that i own the original disc by the way!) to install some virus/trojan when quitting it. so i deleted it, i got a better game replacing it anyway.
Case: Antec Three Hundred (w/ Corsair TX650W) | Main Board: Asus P7P55D-E LX | Video: eVGA Geforce GTX 560 Ti SuperClocked 1gb | HDD: Western Digital WD10EALS | CPU: Intel Core i5 750 (w/ Prolimatech Megahalems rev. B + Nexus B/W 120mm @ 12V). | Memory: 4 x 2gb G.Skill DDR3-1600 | Exhaust fans: Noctua NF-S12B FLX @ 12V. & Noctua NF-P14 FLX @ 12V. | Monitor: Asus VE228H.

tonny39
Posts: 1
Joined: Mon May 31, 2010 11:00 am
Location: los angeles

Post by tonny39 » Tue Jun 01, 2010 12:06 am

By the way: don't install version 10 althout they say it's better; I tried it and I wasn't pleased. Tray Kaspersky Internet Security 7

RaptorZX3
Posts: 867
Joined: Sat Feb 11, 2006 11:57 pm
Location: Montreal, Quebec (Canada)

Post by RaptorZX3 » Tue Jun 01, 2010 1:35 am

Good grief, a reborn phoenix! :shock:
Case: Antec Three Hundred (w/ Corsair TX650W) | Main Board: Asus P7P55D-E LX | Video: eVGA Geforce GTX 560 Ti SuperClocked 1gb | HDD: Western Digital WD10EALS | CPU: Intel Core i5 750 (w/ Prolimatech Megahalems rev. B + Nexus B/W 120mm @ 12V). | Memory: 4 x 2gb G.Skill DDR3-1600 | Exhaust fans: Noctua NF-S12B FLX @ 12V. & Noctua NF-P14 FLX @ 12V. | Monitor: Asus VE228H.

jackvinsly
Posts: 4
Joined: Wed Jun 02, 2010 9:08 pm
Location: chicago

Post by jackvinsly » Wed Jun 02, 2010 9:37 pm

Its very easy to kill the virus from tour having a PC . You can just have to install some anti virus in your PC. then every time do uptime do upgrade this software. I think you will never find after any virus in your PC.

Post Reply