Tribes 1 Legendz

Just got rid of another nasty bug:

a "Zero Access trojan" that was hiding out in my C:\Documents and Settings\Stu\Local Settings\Application Data\Google\Desktop folder. (I've never had Google Desktop)
My antivirus was detecting and removing it, but it kept popping back a few seconds later.
The file names used weird characters (including a skull and crossbones!) which violate NTFS naming rules, so I couldn't delete the files or folders because Windows couldn't recognize them:

I AM CERTAIN I GOT THIS DAMN THING FROM A "GOOGLE UPDATE" BUTTON ON YOUTUBE
(I wish they would be more choosy about who puts ads on their site. Most of the crap there is just bullshit telling you that you need to update this and that, but they're really just links to install adware or malware)

ANYWAY.........
I did some research on how to remove this shit, and all I found was a bunch of idiots trying to shotgun this problem by installing and running every anti-malware program I've ever heard of.
One "expert" even recommended a re-format.
Fuck that.

It turns out a rootkit was re-installing the trojan just as fast as my antivirus was removing it, so I downloaded and ran "Malwarebytes Anti-Rootkit Utility" and it cleaned it right up.
It also detected related malware located in C:\Program Files\Google\Desktop.
After removing the malicious files and the rootkit, I replaced both "Desktop" folders with read-only dummy folders to prevent reinfection.
____________________________________________

Another pesky one is the fucking "GreenDot MoneyPak" virus which locks up your browser and then tells you you have to pay the "FBI" $300 to unlock it.
(it used to be $200, but I guess these guys are getting greedy)
It looks like this: http://img17.imageshack.us/img17/5791/cm5m.png
It also disables your regedit and task manager and prevents you from entering safe-mode by rebooting your computer whenever you attempt it.

I've been able to defeat this one simply by replacing it's exe file with a 0-byte, read-only dummy file.
When I run across it again (and I have) I still see the screen, but since it can't over-write my dummy file, it can't execute, so it can't lock my browser, regedit or task manager or alter my registry to run itself on startup.
I just laugh, give it the finger and close the page.

Yeah the ole fbi virus. Easy fix ,unplug internet isp wire. boot up and go to control panel ,system restore. choose a earlier restore point.

Beavis wrote:Yeah the ole fbi virus. Easy fix ,unplug internet isp wire. boot up and go to control panel ,system restore. choose a earlier restore point.

Not anymore.
The newer versions of this disable system restore (on XP anyway) by making your computer reboot after you select safe mode.
No safe mode, no system restore.

Well just don't go to http://www.projecttv.com or you might just get it. Well I just ran my windows disk a few times and it finally fixed that also.

I have to laugh at the text in that screenshot:
"...Your PC may be infected by malware, thus you are violating the law on Neglectful Use of Personal Computer"

I've never heard of that law before, but apparently you can get 4 to 9 years for that!

If you delete the user profile (hopefully it wasn't an administrator account) and create a new user, Viola!

Why are you not using this S']['U?



And if it is a rootkit, why do you not use TDSSkiller or GMER?

You could also try a live Linux-based antivirus cd, such as Kaspersky Rescue Disk or Avira Rescue System.

DaRk wrote:Why are you not using this S']['U?


And if it is a rootkit, why do you not use TDSSkiller or GMER?

You could also try a live Linux-based antivirus cd, such as Kaspersky Rescue Disk or Avira Rescue System.

Adblockplus?
Doesn't that primarily target adware?

...as for the rootkit, the "Malwarebytes Anti-Rootkit Utility" (beta) did a superb job on removing it, and had the added bonus of not having to be an "installed" program. (it's downloaded as a folder in a zip file and run from wherever you put it)
When you're done with it, you can either just delete the folder or save it somewhere for future use.

My neighbor also tried it on his computer and it found and "fixed" 21 other malicious programs (mostly backdoor trojans and downloaders) that his "AVG Anti-virus" had missed.

I've tried many different anti-malware programs over the years, and I have to say that I'm really impressed with this one....that's why I started this thread.

If anyone else wants to try it, here it is:

(Anyone can have a rootkit and not know it. That's what they're designed to do... hide in your computer in a place where they can remain undetected) http://en.wikipedia.org/wiki/Rootkit (Unzip to any location and run MBAR.EXE in the folder.)
or get it here: http://www.malwarebytes.org/products/mbar/
May Crow ban me FOREVER from everything Tribes if this download contains any malicious files or anything other than the program I say it does.

Well S']['U,

I have thought long and hard to figure out what caused your issue. I have decided to use my artist MS Paint skills to display your problem.

I would suggest avoiding the above habit.

Cheers,

+]-[+DaRk

LOL! You spent way too much time on that.

BTW, it was "Jeff Probst %&^! bigfoot"
...nice drawing of Bob Saget though.