You know how DRTY had that virus? Well I was talking with him about it, and he had this virus called Alureon. Anyways, he ended up getting rid of it, however, two/three days later, I hop on my computer and I've got a fake anti-virus installed called Security Tool. It was pretty nasty, couldn't open up task manager or any system application besides Explorer.exe without it closing instantly. I managed to get rid of it, but two days later, I get on my netbook, and I've got BOTH Alureon and Security Tool, so they must be related. Seems kind of suspicious that three separate computers who were all used to browse DSF were infected by the same malware. I sent Dubway an email two days ago about it, because I figured it COULD be a coincidence and I could be wrong, but now Chrome's giving me warnings on every page on DSF, so it looks like it's happened again
Anyways, this malware is pretty nasty. But it is relatively easily removed with the proper tools. I've put together a .rar with all the tools that I used to get rid of this malware three times (DRTY, and myself twice). If you don't trust me, and would rather collect the tools yourself, then what you want is:
Malware Bytes Anti Malware
Super Anti Spyware
Combofix
rkill.com
TDSSKiller
Hostsperm.bat (NOT hot sperm)
Task Manager renamed to Explorer.exe
http://phiik.com/Virus%20Kit.rar
DRTY's infection was dealt with using TDSSKiller in conjunction with MalwareBytes and Combofix.
My first computer's infection didn't allow me to open any applications besides Explorer.exe, and it wouldn't let me close the process of the virus so you'll need to go to C:/Windows/system32 and find taskmgr.exe. Put a copy on your Desktop, and rename it Explorer.exe. Now hover over the Security Tool icon in your taskbar, and a short string of numbers will appear. I assume it's randomly generated, but mine was 60821822. Now open Explorer.exe on your Desktop, and go to the Processes tab, and find that string of number appended with .exe. Kill it. Now run rkill.com and TDSSKiller. After they've completed, launch Combofix. It'll most likely reboot your computer, allow it to do that. When your computer reboots, log in to Windows, and let Combofix continue. It'll scan and then go through 50 stages of cleaning. It'll most likely reboot again. When it reboots, it should be finished and will create a log file. Then install and launch Malware Bytes Anti Malware and SuperAntiSpyware, and perform a full scan. Make sure you scan your memory with SuperAntiSpyware. Now run hostsperm.bat to fix your HOSTS file. If your internet doesn't seem to work, open command prompt (run dialog box > cmd), and type in ping google.com. If you get a response with XX ms, etc, but none of your browsers work, then go to Control Panel, find Add or Remove Programs or Programs and Features. Look for some Norton Software that you probably never installed and uninstall it. If pinging google doesn't work, then try reinstalling your ethernet/wireless drivers.
My second computer's infection made my computer reboot as soon as I logged in, so I had to boot into Safe Mode by pressing F8 during start up. I managed to kill the infection using only this:
"Now run rkill.com and TDSSKiller. After they've completed, launch Combofix. It'll most likely reboot your computer, allow it to do that. When your computer reboots, log in to Windows, and let Combofix continue. It'll scan and then go through 50 stages of cleaning. It'll most likely reboot again. When it reboots, it should be finished and will create a log file. Then install and launch Malware Bytes Anti Malware and SuperAntiSpyware, and perform a full scan. Make sure you scan your memory with SuperAntiSpyware. Now run hostsperm.bat to fix your HOSTS file. If your internet doesn't seem to work, open command prompt (run dialog box > cmd), and type in ping google.com. If you get a response with XX ms, etc, but none of your browsers work, then go to Control Panel, find Add or Remove Programs or Programs and Features. Look for some Norton Software that you probably never installed and uninstall it. If pinging google doesn't work, then try reinstalling your ethernet/wireless drivers."
Even if you're not infected, or think you're not infected, I recommend you download the .rar and keep it on your Desktop because you could have the infection hiding in your system without even knowing it (EGADS!). It pretty much crippled both of my computers. Neither were able to connect to the internet, so I had to use an SFTP client to connect to my jailbroken phone with which I downloaded the antivirus tools and copy over the tools...
