I just got this spyware around 9 hours ago, because I took my Zone Alarm firewall down and threw the Windows one up, for a lower ping/less lag on both GW and Vent. After 2 games or so, this little bastard came up. It seems to be stuck in my system32\Rsvtub.dll [UPX]
I've tried everything, like running AVG/Spybot/Windows Defender/Ad-Ware SE in safemode, and a few boot scans with AVG, and nothing could seem to get the thing off my computer. It just manages to remain after EVERY time AVG or I manually delete it in normal mode. If I delete it in safe mode, it will recreate itself once I'm in normal mode again.
It's not causing any serious problems though, but if I take down the avast warning window, it will just repop up and that smartass voice wil go: causion, a virus has been detected, and it's hella annoying.
Anyone else getting this problem or have a fix, or have any sites they would reconnmend for this kinda thing, please shed some knowledge, thank you.
Win32:Agent-CBL [TRJ] :mad:
Poison Ivy
EF2NYD
1. Boot into safe mode.
2. Browse into your local temp files directory:
e.g. C:\Documents and Settings\User\Local Settings\Temp
(you must be showing hidden files : control panel > folder options > show hidden folders and files)
3. Delete everything in there.
4. Run Disk Cleanup if possible and check everything except Compress Files.
5. Run msconfig from the Start Menu and look to see if the program is in the startup. If so, delete. Alternatively, use HiJackThis.
6. Reboot.
2. Browse into your local temp files directory:
e.g. C:\Documents and Settings\User\Local Settings\Temp
(you must be showing hidden files : control panel > folder options > show hidden folders and files)
3. Delete everything in there.
4. Run Disk Cleanup if possible and check everything except Compress Files.
5. Run msconfig from the Start Menu and look to see if the program is in the startup. If so, delete. Alternatively, use HiJackThis.
6. Reboot.
Poison Ivy
Nope. Did every single step accordingly, that damn thing is still poping up.
The truth itself
spybot s&d.
ad-aware.
dr. delete.
ad-aware.
dr. delete.
Pupu
spy-bot in safe mode is ur best bet
altho, try do a system restore to a day before...thats is always a saviour
altho, try do a system restore to a day before...thats is always a saviour
Poison Ivy
Yeah, I've done all those listed above...as for system restore, will I loose some of my files?
EF2NYD
Don't do System Restore. It tends to make things like this worse.
Poison Ivy
Well any other ideas? This damn virus just won't stop bothering me. It's not doing any harm that I'm aware of, just triggering AVG's virus detection system, but I'd rather have it removed...so...any ideas left?
Mushroom
I would suggest something that may seem more drastic, but is probably the best full solution.
Backup your data, and do a full wipe and reload. For a lot of virus and trojans, that is really the only way to really get rid of them. It sounds like you have multiple "dropper trojans" running in the background.
The problem with most of them is that they come out almost daily. It takes 3-14 days for the AV companies to discover them and write a removal. The problem is that by the time they find one, you have 2-5 newer versions already in your system that it can't detect yet.
It sounds like this is the circle you are in. You find some, and remove them. But since you are still infected with newer versions, it happens all over again.
Probably 75% of the computers that come into my shop are infected with virus and other malware. And it truely is an epidemic. And so far, every system that came in with P2P software (including Torrent, Kazaa, Limewire, etc) has had multiple infections. And the same goes for people that use the gambling sites. PartyPoker inserts multiple trojans and spyware when you use it, and other gambling sites are even worse.
Backup your data, then do a complete wipe and reload of your OS. Install all the updates, and a good antivirus (Norton, AVG, or Avast). And install multiple spyware programs and run them regularly. I install AdAware, SpyBot, and Microsoft Defender on every system I build or reload.
And stay away from what I call the "Dark Alleys of the Internet". That includes peer-to-peer file trading, gambling, hacker sites, and porn sites (other then the more "legitimate" ones like Playboy). This is where most trojans and malware tends to come from.
Backup your data, and do a full wipe and reload. For a lot of virus and trojans, that is really the only way to really get rid of them. It sounds like you have multiple "dropper trojans" running in the background.
The problem with most of them is that they come out almost daily. It takes 3-14 days for the AV companies to discover them and write a removal. The problem is that by the time they find one, you have 2-5 newer versions already in your system that it can't detect yet.
It sounds like this is the circle you are in. You find some, and remove them. But since you are still infected with newer versions, it happens all over again.
Probably 75% of the computers that come into my shop are infected with virus and other malware. And it truely is an epidemic. And so far, every system that came in with P2P software (including Torrent, Kazaa, Limewire, etc) has had multiple infections. And the same goes for people that use the gambling sites. PartyPoker inserts multiple trojans and spyware when you use it, and other gambling sites are even worse.
Backup your data, then do a complete wipe and reload of your OS. Install all the updates, and a good antivirus (Norton, AVG, or Avast). And install multiple spyware programs and run them regularly. I install AdAware, SpyBot, and Microsoft Defender on every system I build or reload.
And stay away from what I call the "Dark Alleys of the Internet". That includes peer-to-peer file trading, gambling, hacker sites, and porn sites (other then the more "legitimate" ones like Playboy). This is where most trojans and malware tends to come from.
lord_shar
^agreed with the above^
Asside from disabling your firewall (big no-no!), you can also get infected by connecting to a Vent or TS server if that system is either compromised or set up by its owner to deliver a trojan payload.
Skype is a safer alternative since it is centrally controlled, but you need a fast system (usually a newer PC with 2+ cores) to avoid taking a GW performance hit.
Asside from disabling your firewall (big no-no!), you can also get infected by connecting to a Vent or TS server if that system is either compromised or set up by its owner to deliver a trojan payload.
Skype is a safer alternative since it is centrally controlled, but you need a fast system (usually a newer PC with 2+ cores) to avoid taking a GW performance hit.
Poison Ivy
Hmm...problem is, I don't have any place to backup my files to, and most of which are pretty important. I still have no clue how I got that virus, the only thing I did was log into our guild vent server, and after a while, avast goes crazy...
I'll try your solution Mushroom, when I find someplace to back up my stuff, thanks
I'll try your solution Mushroom, when I find someplace to back up my stuff, thanks
aeroclown
Tarun
Install Avast and let it do a boot-time scan.
If you have questions, just ask. I deal with this stuff constantly.
If you have questions, just ask. I deal with this stuff constantly.
Malice Black
I had something similar (couple pages back) I finally managed to get rid of it when I found the source of the problem IE the file that is reloading the Trojan after you have deleted it.
I_N_S_T_A_L_L_A_F_T_E_R_R_E_B_O_O_T <~~the file should look similar to that, delete that file and it should solve your problem.
The program that found it was ADware 4.0 the scan is free but you have to buy the program for it to remove the problems. Its amazing what that program finds that all the "so called" best programs completely miss.
I_N_S_T_A_L_L_A_F_T_E_R_R_E_B_O_O_T <~~the file should look similar to that, delete that file and it should solve your problem.
The program that found it was ADware 4.0 the scan is free but you have to buy the program for it to remove the problems. Its amazing what that program finds that all the "so called" best programs completely miss.
Poison Ivy
Quote:
|
Originally Posted by The Admins Bane
I_N_S_T_A_L_L_A_F_T_E_R_R_E_B_O_O_T <~~the file should look similar to that, delete that file and it should solve your problem.
|
Malice Black
Hiding in the system32 files somewhere.
Pupu
Quote:
|
Originally Posted by EF2NYD
Don't do System Restore. It tends to make things like this worse.
|
and not it dosent delete files...it reverts recently installed progs tho
Omega X
Quote:
|
Originally Posted by lord_shar
^agreed with the above^
Asside from disabling your firewall (big no-no!), you can also get infected by connecting to a Vent or TS server if that system is either compromised or set up by its owner to deliver a trojan payload. Skype is a safer alternative since it is centrally controlled, but you need a fast system (usually a newer PC with 2+ cores) to avoid taking a GW performance hit. |
Private TS/Vent servers are less likely to cause any infection than the public ones. More than likely you know the person who runs it and they most likely know how to secure it.
Laughing Man
Hmm..Skype is useful though for calling people who don't play games. I use it to talk to my friend in Sweeden (she moved there after we graduated).
I've never had a good experience with System Restore. Tried to use it to fix Oblivion and it just wound up causing more problems then it solved.
I've never had a good experience with System Restore. Tried to use it to fix Oblivion and it just wound up causing more problems then it solved.
Poison Ivy
Ok, so my only option now is to fine a file called I_N_S_T_A_L_L_A_F_T_E_R_R_E_B_O_O_T as suggested by Admin's Bane...
Gosh man you sure you have the right name? It looks pretty whack...and I can't find it.
Also avast is detecting the virus and showing a window that it did it...every 5 seconds. If I close the window, it pops up. If I shutdown and restard avast, it doesn't detect it.
Gosh man you sure you have the right name? It looks pretty whack...and I can't find it.
Also avast is detecting the virus and showing a window that it did it...every 5 seconds. If I close the window, it pops up. If I shutdown and restard avast, it doesn't detect it.
D.E.V.i.A.N.C.E
Mcafee hasnt reported it in thier threat list yet, another guy has been infected with this, he was on a french forums, yet no solution in sight, guess what they listed;
spybot s&d
ad-aware and avast.. this was back on the 14th. hmmm...
I hate zone alarm with a passion, I hear these stories of i deactivated (norton or zone alarm) and got infected, basicly they STOP it from activating but dont remove it. so once u de-activate it it gets its chance to run amuck.
I would agree with backing up data and just do a fresh install, once you've tried everything else.
I would lookup every process on google and see if you come across anything or nothing atall. I remeber when I got infected with a trojan that just wouldnt quit, had 3 processes to keep it alive...
task manager [processes]
If you find any processess that dont have any info on the web, see what happens when u end task it. also if you do find any processes that dont have info make a note where they are located.
skype and gizmo are great voip services, skype can be a resource hog, just cause it records at such a high quality always... with gizmo u can atleast set limits.
spybot s&d
ad-aware and avast.. this was back on the 14th. hmmm...
I hate zone alarm with a passion, I hear these stories of i deactivated (norton or zone alarm) and got infected, basicly they STOP it from activating but dont remove it. so once u de-activate it it gets its chance to run amuck.
I would agree with backing up data and just do a fresh install, once you've tried everything else.
I would lookup every process on google and see if you come across anything or nothing atall. I remeber when I got infected with a trojan that just wouldnt quit, had 3 processes to keep it alive...
task manager [processes]
If you find any processess that dont have any info on the web, see what happens when u end task it. also if you do find any processes that dont have info make a note where they are located.
skype and gizmo are great voip services, skype can be a resource hog, just cause it records at such a high quality always... with gizmo u can atleast set limits.
ducktape
Have you turned off System Restore? I have found that many viruses/spyware manage to trick System Restore into thinking that their files are windows-related, so yes, every time you delete them they come back, even in safe mode, because System Restore puts them back. I would turn off System Restore, then boot into Safe Mode, then clear out your temp files and junk using Disk Cleanup again. After that, run AVG/Spybot/Ad-Aware/Windows Defender and let them delete everything.
If you want to manually hunt down the viral processes that are running so that you can manually delete them and their pals in the registry when you go into Safe Mode, I suggest you download Process Explorer from Sysinternals. You can launch that program and it will show every process running on your computer, you can click each and it will show you every file and registry key that a process is accessing, which really helps when manually removing spyware and viruses. If you're not sure what a process is for, you can right-click it and choose Google and it will bring up a google search result for you to dig around and find out more.
You could also create a new user account while in Safe Mode and sign on with that new account and see if all of the virus stuff comes back, sometimes if you're really luck all that is installed under HKEY_CURRENT_USER and under your user profile, so using a different account helps get the virus off of your back.
Most of this will only work if you are really lucky, unfortunately many viruses are hard to get rid of, and even after they're gone, your computer never works quite right again. You can do all this to try and get your stuff going long enough to back everything up, but either way I recommend you end up writing zeroes to your HD and then reinstall windows from scratch, just to make sure your system is totally clean before you resume normal use.
If you want to manually hunt down the viral processes that are running so that you can manually delete them and their pals in the registry when you go into Safe Mode, I suggest you download Process Explorer from Sysinternals. You can launch that program and it will show every process running on your computer, you can click each and it will show you every file and registry key that a process is accessing, which really helps when manually removing spyware and viruses. If you're not sure what a process is for, you can right-click it and choose Google and it will bring up a google search result for you to dig around and find out more.
You could also create a new user account while in Safe Mode and sign on with that new account and see if all of the virus stuff comes back, sometimes if you're really luck all that is installed under HKEY_CURRENT_USER and under your user profile, so using a different account helps get the virus off of your back.
Most of this will only work if you are really lucky, unfortunately many viruses are hard to get rid of, and even after they're gone, your computer never works quite right again. You can do all this to try and get your stuff going long enough to back everything up, but either way I recommend you end up writing zeroes to your HD and then reinstall windows from scratch, just to make sure your system is totally clean before you resume normal use.