Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

Difficult Computer Virus
Me | 6/27/10 | Mere Survival

Posted on 06/27/2010 6:12:20 AM PDT by Mere Survival

I thought I had killed a virus. It was a Chuck Norris Trojan that infected the router and directed me to a site that infected me with the AV Suite ransom virus. No anti-virus and anti-spyware programs got the virus so I had to 1) set a password on my router (to keep it from being reinfected) 2) Reset and then turn off my router to kill it's RAM with the redirect 3) remove the partition to reformat my drive 4) reload everything.

I thought that killed it and it seemed to. Then yesterday I went into my NVIDIA graphics processor to put it in sync with my LCD TV.

Well . . . I get a popup saying X program is trying to connect. Thought it was NVIDIA and BAM I've got the AV Suite virus again. Worried it lodged in the NVIDIA hardware somehow? Anyone hear anything about that?

I ran Malewarebytes and killed the AV Suite virus, but after it was dead I got an error screen (the site unavailable one) on internet explorer. Now I can only connect thru Firefox or Netscape.

Anyone have any ideas?


TOPICS: Computers/Internet
KEYWORDS: microsofttax; virus
Navigation: use the links below to view more comments.
first previous 1-2021-4041-56 last
To: ShadowAce

Thanks for the ping!

I copy all the tools and suggestions and send them to a web-based e-mail that I can reference whenever I get to a pc that looks like toast...

keeps me up to date! some good webtools available..

I still find USB flashed superantispyware and windows defender/windows security essentials manage to remove the activity until you can hit it with everything you have...like malwarebytes, etc....


41 posted on 06/27/2010 8:31:07 AM PDT by bitt ( "Obama - He’s last year’s boy band." (steyn))
[ Post Reply | Private Reply | To 28 | View Replies]

To: Mere Survival

tagged


42 posted on 06/27/2010 9:05:58 AM PDT by LouAvul
[ Post Reply | Private Reply | To 1 | View Replies]

To: PugetSoundSoldier; for-q-clinton
*PING* -- you guys seem to have more expertise than I.

Cheers!

43 posted on 06/27/2010 9:06:21 AM PDT by grey_whiskers (The opinions are solely those of the author and are subject to change without notice.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: grey_whiskers

Thanks!

If it’s your router that’s been compromised and had its DNS servers redirected so you’re constantly browsing to the hacker’s chosen site, then we need to reset the router to factory original, then update the device. Hard reset, will be a small button somewhere on the router (depending upon your make/model).

If it’s your PC that is actually infected, first download AVG Free (I like it) and Microsoft Security Essentials (also free).

Then, BEFORE you install, disconnect from the Internet (unplug or turn off your WiFi), and shut down the computer. Then restart, run AVG Free, then run and install MSE.

THEN, and only then, reconnect to your router.

Then download new firmware for your router and install it. Reboot everything again, and you should be in the clear.

As another poster above mentioned, your router is most likely NOT infected, it’s probably just been reconfigured, so the reset - and updating the firmware - will fix that issue.


44 posted on 06/27/2010 9:25:19 AM PDT by PugetSoundSoldier (Indignation over the Sting of Truth is the defense of the indefensible)
[ Post Reply | Private Reply | To 43 | View Replies]

To: Mere Survival

Maybe I missed it but what OS (including service Pack) are you running and which version of IE? What type of router do you have? Model and firmware?


45 posted on 06/27/2010 11:46:22 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JAKraig

Never heard of that one but got a copy. Thanks!


46 posted on 06/27/2010 1:27:09 PM PDT by wally_bert (It's sheer elegance in its simplicity! - The Middleman)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Mere Survival

The Chuck Norris Computer virus doesn’t infect computers....

Computers just stop working in fear of getting it....


47 posted on 06/27/2010 3:19:49 PM PDT by nevergore ("It could be that the purpose of my life is simply to serve as a warning to others.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: ßuddaßudd; swamprebel

The malware changes the proxy setting in the browser to redirect all traffic for control. Eliminating the malware alone does not restore the browser to its original config.

Glad it helped you.


48 posted on 06/27/2010 3:47:19 PM PDT by uptoolate ("Unemployed? Depressed? Angry? Don't Beat Your Wife... Beat A Democrat..." VOTE)
[ Post Reply | Private Reply | To 39 | View Replies]

To: swamprebel

In my case the nuisance messages were popping up frequently, every minute in some cases. If I closed the pop-up, it would route my browser to porno sites. MalwareBytes did clean the rogue program and fix the registry (yes, the rogue program does a number on the registries, and also blocks out Windows Explorer, and will not allow you to go to the DOS prompt unless you are in the Safe Mode). It also corrupts Panda to the point it becomes inoperable, so a full uninstall, reinstall, and update of Panda or whatever internet security package you are using may be necessary.


49 posted on 06/27/2010 6:58:46 PM PDT by Fred Hayek (FUBO! I salute you with the soles of my shoes!)
[ Post Reply | Private Reply | To 35 | View Replies]

To: usconservative

This would be a first. Never seen a virus that infected a router.
____________________________________________________________

No I don’t think it’s a first, and it infects the router from my experience. If I just wiped the hard drive the virus was still there. I had to wipe the hard drive and reset/turn off the router. I think it lodges in the RAM of the router. The redirect stays in the router unless you power down the router and kill the RAM. If you don’t do that you are just redirected to a server that reinfects you even if you kill the virus on the computer.


50 posted on 06/28/2010 3:02:18 AM PDT by Mere Survival (Mere Survival: The new American Dream)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Uri’el-2012

Is “Root!” a tradename? What is “Root!”?


51 posted on 06/28/2010 3:04:05 AM PDT by Mere Survival (Mere Survival: The new American Dream)
[ Post Reply | Private Reply | To 40 | View Replies]

To: for-q-clinton

Maybe I missed it but what OS (including service Pack) are you running and which version of IE? What type of router do you have? Model and firmware?
______________________________________________________________

Why does that matter to you or your advice?


52 posted on 06/28/2010 3:07:01 AM PDT by Mere Survival (Mere Survival: The new American Dream)
[ Post Reply | Private Reply | To 45 | View Replies]

To: JAKraig
Gor rid of "Vondu" sort of in this fashion which is nasty.

However, I am not sure Combofix did anything. What I did do is download Malawarebytes in

In saftey mode to the desktop

Do not execute right a way, when you do, do not download the latest updates or add to menu etc. Go back and execute the most recent downloads, then run it. That Got Vondu.

53 posted on 06/28/2010 3:07:10 AM PDT by taildragger ((Palin / Mulally 2012 ))
[ Post Reply | Private Reply | To 13 | View Replies]

To: uptoolate

Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab.
Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.
____________________________________________________________

Nod. I did that on setup with Firefox, same gets me back on track with explorer. So do you think this 5 step process will kill the virus:

1) Reset router password from factory origninal to avoid getting redirect in router’s RAM
2) Reset turn off router
3) Disconnect PC from router and internet.
4) Run Malwarebytes to kill the malware
5) Uncheck “proxy server


54 posted on 06/28/2010 3:12:30 AM PDT by Mere Survival (Mere Survival: The new American Dream)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Mere Survival
Why does that matter to you or your advice?

It matters hugely on how to prevent it from coming back. He may be doing something wrong or very inproper in terms of security so like turning of UAC.

55 posted on 06/28/2010 6:11:20 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 52 | View Replies]

To: for-q-clinton

I have up to date service packs on my XP OS and set a password on the Nextgear router. Anything else I can do to prevent reinfection?


56 posted on 06/28/2010 6:18:54 AM PDT by Mere Survival (Mere Survival: The new American Dream)
[ Post Reply | Private Reply | To 45 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-56 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson