Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

Difficult Computer Virus
Me | 6/27/10 | Mere Survival

Posted on 06/27/2010 6:12:20 AM PDT by Mere Survival

I thought I had killed a virus. It was a Chuck Norris Trojan that infected the router and directed me to a site that infected me with the AV Suite ransom virus. No anti-virus and anti-spyware programs got the virus so I had to 1) set a password on my router (to keep it from being reinfected) 2) Reset and then turn off my router to kill it's RAM with the redirect 3) remove the partition to reformat my drive 4) reload everything.

I thought that killed it and it seemed to. Then yesterday I went into my NVIDIA graphics processor to put it in sync with my LCD TV.

Well . . . I get a popup saying X program is trying to connect. Thought it was NVIDIA and BAM I've got the AV Suite virus again. Worried it lodged in the NVIDIA hardware somehow? Anyone hear anything about that?

I ran Malewarebytes and killed the AV Suite virus, but after it was dead I got an error screen (the site unavailable one) on internet explorer. Now I can only connect thru Firefox or Netscape.

Anyone have any ideas?


TOPICS: Computers/Internet
KEYWORDS: microsofttax; virus
Navigation: use the links below to view more comments.
first 1-5051-56 next last
Any ideas or avenues appreciated.
1 posted on 06/27/2010 6:12:22 AM PDT by Mere Survival
[ Post Reply | Private Reply | View Replies]

To: Mere Survival

back up you files, including operation system, wipe your machine, reinstall everything.


2 posted on 06/27/2010 6:13:59 AM PDT by Perdogg (Nancy Pelosi did more damage to America on 03/21 than Al Qaeda did on 09/11)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mere Survival

this worked for me....

download.com
get free trial NOD32 then run scan

this should find and isolate your virus
good luck!


3 posted on 06/27/2010 6:14:52 AM PDT by OL Hickory (Jesus and the American soldier-1 died for your soul/1 died for your freedom)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mere Survival

this worked for me....

download.com
get free trial NOD32 then run scan

this should find and isolate your virus
good luck!


4 posted on 06/27/2010 6:15:15 AM PDT by OL Hickory (Jesus and the American soldier-1 died for your soul/1 died for your freedom)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Perdogg

done 3 times, not it.


5 posted on 06/27/2010 6:16:08 AM PDT by Mere Survival (Mere Survival: The new American Dream)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Mere Survival

This might help...

http://www.freerepublic.com/focus/f-chat/2453696/posts


6 posted on 06/27/2010 6:19:01 AM PDT by Vigilantcitizen
[ Post Reply | Private Reply | To 5 | View Replies]

To: Mere Survival
I would suggest booting off a Windows 98 CD (or google for a Windows 98 boot disk and make one) and then invoke the command "fdisk /mbr" after you have deleted any existing partitions on the hard disk.

Also, avoid IE like the plague. I refuse to use even the most up to date version of IE for anything other than work stuff because no matter how secure you think it is, something like this always happens.

7 posted on 06/27/2010 6:19:12 AM PDT by pnh102 (Regarding liberalism, always attribute to malice what you think can be explained by stupidity. - Me)
[ Post Reply | Private Reply | To 5 | View Replies]

To: OL Hickory

Sounds like a rootkit I would low level format the drive and start over


8 posted on 06/27/2010 6:19:34 AM PDT by lancium
[ Post Reply | Private Reply | To 4 | View Replies]

To: OL Hickory

My neighbor got that virus and called on my expertise for aid. I have none of that so I got it taken care of by another neighbor’s teenager who moused and keyboarded for 40 minutes and it was all fixed. I don’t know what he did because I couldn’t follow his moves and he doesn’t explain things very well at all. One characteristic of this AV infection is that it prevented the executing of any setup file that I tried to download or run from the DOWNLOAD folder on the hard drive.
From the graphics and the “AV” I think it was trying to disguise itself as the AVG antivirus program, which it disabled. It also disabled Spybot and the firewall. Those were the only programs that had to be uninstalled and reloaded.


9 posted on 06/27/2010 6:22:07 AM PDT by arthurus ("If you don't believe in shooting abortionists, don't shoot an abortionist." -Ann C.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Mere Survival

Go to www.majorgeek.com and follow their instructions. You’ll end up running “hijackthis” and hack your registry. Go slow and follow the directions exactly or you’ll kill your computer. If you do, though, you will kill the viruses.


10 posted on 06/27/2010 6:23:32 AM PDT by piytar (Obama keeps going to golf courses instead of the Gulf. Maybe he's too stupid to know the difference?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mere Survival

mark


11 posted on 06/27/2010 6:28:13 AM PDT by mmanager (I'm not racist, I don't like the white half of him either.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mere Survival
Looks like it's a virus in the router/modem. See if this helps at all.

(Bleeping Computer)

12 posted on 06/27/2010 6:28:22 AM PDT by tsmith130
[ Post Reply | Private Reply | To 1 | View Replies]

To: tsmith130
Go to Combofix.com and download their free combofix software. It will kill the rootkit. After Combofix gets finished run malwarebytes to make sure you are clean and you should be fine.
13 posted on 06/27/2010 6:33:01 AM PDT by JAKraig (Surely my religion is at least as good as yours)
[ Post Reply | Private Reply | To 12 | View Replies]

To: pnh102

“fdisk /mbr” after you have deleted any existing partitions on the hard disk.
______________________________________________________________

So that will take it out if it’s in the master boot record? Ok, will give that a try.


14 posted on 06/27/2010 6:33:28 AM PDT by Mere Survival (Mere Survival: The new American Dream)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Mere Survival

BTTT

I have no suggestions but wish you luck - how terrible these cyber terrorists are. They should be shot~


15 posted on 06/27/2010 6:34:58 AM PDT by DollyCali (Don't tell God how big your storm is...Tell the storm how big your God is!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mere Survival

Are you Serious?

It’s Chuck Norris, you can’t beat him


16 posted on 06/27/2010 6:38:01 AM PDT by Vendome (Don't take life so seriously... You'll never live through it.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mere Survival
Download.com has lots of free software and may have an article on how to get rid of it. I run Avira free anti virus and have AVG free loaded that I run manually once a week. Microsoft has MRT (Microsoft malicious software removable tool) I run once a month and it works when the others do not. Norton was just as bad as a virus and they did not pay the rebate. You might try a search for the specific virus and get some instructions.
17 posted on 06/27/2010 6:48:57 AM PDT by mountainlion (concerned conservative.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Vendome

Did someone forget to mark this Post - Satire?


18 posted on 06/27/2010 6:50:05 AM PDT by TNoldman (Call 1911 not 911!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Mere Survival

To get rid of a virus in Windows it’s better to be OUTSIDE the windows environment.

Google “Kaspersky Rescue Disk”. When you find it, download the ISO image file and burn it to a CD. This will create a bootable CD that has the Kaspersky Anti Virus program running in Linux.

Make sure before you boot, that the computer is connected to the internet by a WIRED connection. The rescue disk will not set up wireless.

Now update the virus signature files. After that your ready to scan. Set the scan for “take action after scan finishes”. This thing has worked for me several times. Scan before you go to bed. It can be real slow.

V live long and prosper.


19 posted on 06/27/2010 6:51:11 AM PDT by NeverForgetBataan (Sure, you can forgive your enemies.......... But get even first)
[ Post Reply | Private Reply | To 1 | View Replies]

To: DollyCali; bamahead
how terrible these cyber terrorists are. They should be shot~

Before or after they are thrown into a pit of live Rats?

20 posted on 06/27/2010 6:51:17 AM PDT by rabscuttle385 (Live Free or Die)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Mere Survival

It’s Chuck Norris!
Your machine is lost, the only thing you can do now is run!
Next thing you know, there’ll be an infestation of roosting Ninjas in your kitchen.
/ just kidding.

There’s some good advice on this thread.
Also grab some spyware killer like Lavasoft’s Ad Aware and Spybot Search & Destroy.
PC World also has articles about good bug killers.


21 posted on 06/27/2010 6:54:37 AM PDT by Darksheare (Proudly buzzkilling the illusion of confidence in the progress of humanity for 35 years.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mere Survival

Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab.
Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.


22 posted on 06/27/2010 6:55:40 AM PDT by uptoolate ("Unemployed? Depressed? Angry? Don't Beat Your Wife... Beat A Democrat..." VOTE)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mere Survival
So that will take it out if it’s in the master boot record? Ok, will give that a try.

If that fails... I would give the DBAN utility a try. That should ensure that every literal bit of the disk is wiped out.

23 posted on 06/27/2010 6:56:22 AM PDT by pnh102 (Regarding liberalism, always attribute to malice what you think can be explained by stupidity. - Me)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Mere Survival

My wife just got this infection on our main pc. She got it via a ‘twilight’ link
NOD32 did not catch it.


24 posted on 06/27/2010 6:58:29 AM PDT by ▀udda▀udd (7 days - 7 ways Guero >>> with a floating, shifting, ever changing persona.....)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Vendome

My thoughts exactly. All that kick boxing and martial arts would make a pretty tough virus. Sorry, I couldn’t help myself.
barbra ann


25 posted on 06/27/2010 6:59:05 AM PDT by barb-tex (REMEMBER NOVEMBER!!! Slim as it may be, it is our last hope.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Mere Survival

Try searching for and downloading a program called ‘Fixwareout’.

I’ve used it quite a few times on ‘stubborn’ viruses and seems to work real well.

You have to run it in ‘Safe mode’ in Windows.

Fixwareout opens a ‘command’ window and runs from there.

Once you are done, it will reboot and the virus should be gone.


26 posted on 06/27/2010 7:00:22 AM PDT by Bigh4u2 (Denial is the first requirement to be a liberal)
[ Post Reply | Private Reply | To 1 | View Replies]

To: mountainlion
Norton was just as bad as a virus and they did not pay the rebate.

Totally agree. Norton messed ours up so bad that it was nearly sent to curb. And, no, despite me having proof I sent in the correct info they never would send the rebate.

27 posted on 06/27/2010 7:00:34 AM PDT by bgill (how could a young man born here in Kenya, who is not even a native American, become the POTUS)
[ Post Reply | Private Reply | To 17 | View Replies]

To: Mere Survival; rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

28 posted on 06/27/2010 7:01:04 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Perdogg
I was going to suggest the same thing.

My mother got the dreaded "Microsoft Antivirus" virus. I told her to shut down her machine, get the backup out of the closet and use it, and wait until I come down there next to reprogram her machine.

29 posted on 06/27/2010 7:08:15 AM PDT by ducttape45
[ Post Reply | Private Reply | To 2 | View Replies]

To: ShadowAce

I use McAfee Stinger and it helps as well.

http://vil.nai.com/vil/stinger/


30 posted on 06/27/2010 7:13:46 AM PDT by Dacula (Every good father has a plan for his family.)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Mere Survival

My husband’s computer got the AV bug Saturday. He took it to a friend who got him back on line. However, we haven’t turned his computer back on yet. This thread may will help us figure out what to do next.


31 posted on 06/27/2010 7:20:03 AM PDT by Bronzy
[ Post Reply | Private Reply | To 1 | View Replies]

To: Perdogg

Backup, backup, backup - great advice.

Thanks.


32 posted on 06/27/2010 7:21:36 AM PDT by GladesGuru (In a society predicated upon freedom, it is essential to examine principles,)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Mere Survival

If it is similar to PC Antispyware, it’s nasty. If you have an uninfected computer, go find a trial copy of MalwareBytes. Transfer it to the infected computer with a flash drive. Install and run MalwareBytes in the Safe Mode, and do the full scan. It may take 2 to 3 hours.
In my case the PC Antispyware damaged my internet protection software (Panda Internet Security 2009), to the point where a “repair re-install” did not work. I had to do a complete uninstall and reinstall, download updates.


33 posted on 06/27/2010 7:31:01 AM PDT by Fred Hayek (FUBO! I salute you with the soles of my shoes!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rabscuttle385

it depends if the rats are Rats or RATS...

if RATS.. after.. that way a LOT OF RATS can go with them

Yikes... running late for church (with that nice Christian thought the last I key in..LOL)


34 posted on 06/27/2010 7:43:09 AM PDT by DollyCali (Don't tell God how big your storm is...Tell the storm how big your God is!)
[ Post Reply | Private Reply | To 20 | View Replies]

To: uptoolate
Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.

Those directions worked for me a few weeks back when I caught the bug. Also you will get alot of fake security messages, read them but don't follow them, upon close scrutiny you will discover the broken english used, it was my first clue that I had a virus. Malwarebytes seems to have removed it

35 posted on 06/27/2010 7:45:21 AM PDT by swamprebel ("gather your armies.")
[ Post Reply | Private Reply | To 22 | View Replies]

To: Mere Survival
I thought I had killed a virus. It was a Chuck Norris Trojan that infected the router

This would be a first. Never seen a virus that infected a router. Changed hosts. file settings and browser settings yes, but not a router. That's just not possible because the router's iOs runs in Firmware. It can't be re-written with a virus.

Same with a video card by the way...

36 posted on 06/27/2010 7:48:32 AM PDT by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Thanks for the ping.


37 posted on 06/27/2010 7:51:47 AM PDT by GOPJ (http://www.portpublishing.com/Computer%20Based/retaildetailgmsea.htm)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Mere Survival
Print And Follow These Instructions To The Letter to remove the "Anti-Virus" virus.
38 posted on 06/27/2010 7:52:50 AM PDT by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 1 | View Replies]

To: uptoolate

Tried this and it has worked so far. . .
thanx


39 posted on 06/27/2010 8:00:32 AM PDT by ▀udda▀udd (7 days - 7 ways Guero >>> with a floating, shifting, ever changing persona.....)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Mere Survival
Get Root !

40 posted on 06/27/2010 8:01:37 AM PDT by Uriĺel-2012 (Psalm 119:174 I long for Your salvation, YHvH, Your law is my delight.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Thanks for the ping!

I copy all the tools and suggestions and send them to a web-based e-mail that I can reference whenever I get to a pc that looks like toast...

keeps me up to date! some good webtools available..

I still find USB flashed superantispyware and windows defender/windows security essentials manage to remove the activity until you can hit it with everything you have...like malwarebytes, etc....


41 posted on 06/27/2010 8:31:07 AM PDT by bitt ( "Obama - He┬ĺs last year┬ĺs boy band." (steyn))
[ Post Reply | Private Reply | To 28 | View Replies]

To: Mere Survival

tagged


42 posted on 06/27/2010 9:05:58 AM PDT by LouAvul
[ Post Reply | Private Reply | To 1 | View Replies]

To: PugetSoundSoldier; for-q-clinton
*PING* -- you guys seem to have more expertise than I.

Cheers!

43 posted on 06/27/2010 9:06:21 AM PDT by grey_whiskers (The opinions are solely those of the author and are subject to change without notice.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: grey_whiskers

Thanks!

If it’s your router that’s been compromised and had its DNS servers redirected so you’re constantly browsing to the hacker’s chosen site, then we need to reset the router to factory original, then update the device. Hard reset, will be a small button somewhere on the router (depending upon your make/model).

If it’s your PC that is actually infected, first download AVG Free (I like it) and Microsoft Security Essentials (also free).

Then, BEFORE you install, disconnect from the Internet (unplug or turn off your WiFi), and shut down the computer. Then restart, run AVG Free, then run and install MSE.

THEN, and only then, reconnect to your router.

Then download new firmware for your router and install it. Reboot everything again, and you should be in the clear.

As another poster above mentioned, your router is most likely NOT infected, it’s probably just been reconfigured, so the reset - and updating the firmware - will fix that issue.


44 posted on 06/27/2010 9:25:19 AM PDT by PugetSoundSoldier (Indignation over the Sting of Truth is the defense of the indefensible)
[ Post Reply | Private Reply | To 43 | View Replies]

To: Mere Survival

Maybe I missed it but what OS (including service Pack) are you running and which version of IE? What type of router do you have? Model and firmware?


45 posted on 06/27/2010 11:46:22 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JAKraig

Never heard of that one but got a copy. Thanks!


46 posted on 06/27/2010 1:27:09 PM PDT by wally_bert (It's sheer elegance in its simplicity! - The Middleman)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Mere Survival

The Chuck Norris Computer virus doesn’t infect computers....

Computers just stop working in fear of getting it....


47 posted on 06/27/2010 3:19:49 PM PDT by nevergore ("It could be that the purpose of my life is simply to serve as a warning to others.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: ├čudda├čudd; swamprebel

The malware changes the proxy setting in the browser to redirect all traffic for control. Eliminating the malware alone does not restore the browser to its original config.

Glad it helped you.


48 posted on 06/27/2010 3:47:19 PM PDT by uptoolate ("Unemployed? Depressed? Angry? Don't Beat Your Wife... Beat A Democrat..." VOTE)
[ Post Reply | Private Reply | To 39 | View Replies]

To: swamprebel

In my case the nuisance messages were popping up frequently, every minute in some cases. If I closed the pop-up, it would route my browser to porno sites. MalwareBytes did clean the rogue program and fix the registry (yes, the rogue program does a number on the registries, and also blocks out Windows Explorer, and will not allow you to go to the DOS prompt unless you are in the Safe Mode). It also corrupts Panda to the point it becomes inoperable, so a full uninstall, reinstall, and update of Panda or whatever internet security package you are using may be necessary.


49 posted on 06/27/2010 6:58:46 PM PDT by Fred Hayek (FUBO! I salute you with the soles of my shoes!)
[ Post Reply | Private Reply | To 35 | View Replies]

To: usconservative

This would be a first. Never seen a virus that infected a router.
____________________________________________________________

No I don’t think it’s a first, and it infects the router from my experience. If I just wiped the hard drive the virus was still there. I had to wipe the hard drive and reset/turn off the router. I think it lodges in the RAM of the router. The redirect stays in the router unless you power down the router and kill the RAM. If you don’t do that you are just redirected to a server that reinfects you even if you kill the virus on the computer.


50 posted on 06/28/2010 3:02:18 AM PDT by Mere Survival (Mere Survival: The new American Dream)
[ Post Reply | Private Reply | To 36 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-56 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson