**** EVERYONE READ **** DSF malware

[dj seizure]

Phigure is definitely not getting enough big upness he deserves for this!

But I'm a computer noob and I'm not sure about a few things. I logged on here when it all started and got the "do you want to continue anyway" bull, saying it was a scary website etc. I tried my luck and did.

I do scan once a week and it picked 400 "infections" this week. Everyweek for the last year I'd be lucky to get one.
I use Chrome, but sometimes use Mozilla, now my mozilla won't work at all. My java won't work either and says I need an update but when I go to do so, I download the plugin to update it and a bunch of error screens appear and say I can't which means no more Java.

I have no idea what to do, shall I just run through the whole Rar you put together and see if that cleans up stuff?

[Phigure]

I have no idea what to do, shall I just run through the whole Rar you put together and see if that cleans up stuff?

good place to start

if you want, you could try downloading and installing hijackthis, and sending me the log. it might help me find a solution more specific to your infection(s)

[prism]

i have these symptoms on my main system , am following the guide you provided ,via laptop but the thing wont even boot up safe mode now.

pretty skrewed up yo

[Phigure]

i have these symptoms on my main system , am following the guide you provided ,via laptop but the thing wont even boot up safe mode now.

pretty skrewed up yo

OUCH

burn yourself a linux recovery disk or do a repair installation of windows

[prism]

thanks for the tips man . i manage to get in 1/10 reboot attempts and virus pack content isn't working , so hope install will fix this shit

[badger]

ugh sorry to hear that prism. can't be any more help but hope you get it sorted

I logged on here when it all started and got the "do you want to continue anyway" bull, saying it was a scary website etc. I tried my luck and did.

don't want to come across as a dick but that wasn't very clever. half the battle in keeping your computer safe from viruses etc is common sense rather than having the latest anti virus software or firewalls etc. i agree with xarcane that it's the responsibility of the forum to do it's best to keep you all safe where possible but users need to be vigilant here and everywhere else on the internet to try and avoid problems because ultimately it's you that's going to have to go through all the ballache of fixing problems and not us

[Phigure]

There's an idea in computer security called "dancing pigs". It basically says that if a user is given the choice between security, and dancing pigs, nearly all users will choose the dancing pigs. In this case, DSF happened to be dancing pigs...

If a random websurfer clicks on a button that promises dancing pigs on his computer monitor, and instead gets a hortatory message describing the potential dangers of the applet — he's going to choose dancing pigs over computer security any day. If the computer prompts him with a warning screen like: "The applet DANCING PIGS could contain malicious code that might do permanent damage to your computer, steal your life's savings, and impair your ability to have children," he'll click OK without even reading it. Thirty seconds later he won't even remember that the warning screen even existed.[2]

[badger]

lol so true

no one can resist the lure of ham. even potentially malware ridden ham



go on, you know you want to touch it

[parson]

dancing pigs i fuckin love that

[faust.dtc]

Ive used a shit load of different things to scan my machine and cant find any virus' anymore but if i use Google it still redirects the results to other search engines such as Ask. Strange...

[Phigure]

Ive used a shit load of different things to scan my machine and cant find any virus' anymore but if i use Google it still redirects the results to other search engines such as Ask. Strange...

check your hosts file in C:/Windows/System32/drivers/etc and open it in notepad. check for any redirects at the bottom

[faust.dtc]

Ive used a shit load of different things to scan my machine and cant find any virus' anymore but if i use Google it still redirects the results to other search engines such as Ask. Strange...

check your hosts file in C:/Windows/System32/drivers/etc and open it in notepad. check for any redirects at the bottom

How do I identify the hosts file in this location? Ive just had a look on my work pc and it wasnt obvious. And if I do find redirects can they just be deleted by editing the text in notepad or something?

A few add-ons for firefox were mentioned for extra protection but I cant remember what they were. Ive installed adblock, any idea what the other 2 were?

Thanks again for your support, im sure everybody has found it just as valuable as I have. Respect...

[Phigure]

Ive used a shit load of different things to scan my machine and cant find any virus' anymore but if i use Google it still redirects the results to other search engines such as Ask. Strange...

check your hosts file in C:/Windows/System32/drivers/etc and open it in notepad. check for any redirects at the bottom

How do I identify the hosts file in this location? Ive just had a look on my work pc and it wasnt obvious. And if I do find redirects can they just be deleted by editing the text in notepad or something?

A few add-ons for firefox were mentioned for extra protection but I cant remember what they were. Ive installed adblock, any idea what the other 2 were?

Thanks again for your support, im sure everybody has found it just as valuable as I have. Respect...

happy to be of help! the first ip or domain will be the one you're trying to access (google, for example), and the second will be the redirect (ask.com). that is, if the redirect is being done through the hosts file. if it is, all you've got to do is delete it. If you know you've never used the hosts file before and don't have anything in there you care about, just go ahead and get the default hosts file:

http://support.microsoft.com/kb/972034

and paste it in.

Also, the other FireFox addon would be noscript. there might be more that would potentially help, but i think adblock and noscript should do it

[faust.dtc]

It all makes sense now. Ill give it a go when I get home and hope it resolves the problem.

Much appreciated...

[Phigure]

It all makes sense now. Ill give it a go when I get home and hope it resolves the problem.

Much appreciated...

once again, I'm happy to help. malware is a bitch.

[Basstronomer]

once again, I'm happy to help. malware is a bitch.

Hey Phigure, do you usually follow these steps for all infections or do you have a different approach for each one ?
I'm asking because the only protections I've got on my PC are Spybot and AVG (I'm switching to Avast after everything I read on AVG here). So my question is : Which software (apart from the one in your RAR) should I install on my laptop ?

[Phigure]

once again, I'm happy to help. malware is a bitch.

Hey Phigure, do you usually follow these steps for all infections or do you have a different approach for each one ?
I'm asking because the only protections I've got on my PC are Spybot and AVG (I'm switching to Avast after everything I read on AVG here). So my question is : Which software (apart from the one in your RAR) should I install on my laptop ?

Most of it depends on the infection. I've put together this kit since most infections will be relatively similar. Aside from Combofix, SuperAntiSpyware, and Malware Bytes, the tools were all specifically aimed at Alureon and Security Tool infections.

Personally, I hate using antivirus that runs around the clock, but it's a good idea for the large majority of users. I've had Avast for the past two months or so, and even though all the security features were enabled, it did nothing to stop the stuff from DSF. It wouldn't even detect it when I scanned for it, so I can't personally recommend it. Uninstalled it yesterday.

I'm not a big fan of antimalware software with active protection anyways, for the most part they just cover foolish mistakes like opening obviously malicious executable files...

However, I do highly recommend ESET Nod32. Very high detection rates, not too bad of a memory hog, and IMO the best "active" antivirus out there.

For me though, active antivirus really just acts as somewhat of an early warning tool (they can give hints of virus activity before they even really start showing the obvious symptoms). For the actual removal, I use Malware Bytes, SUPERAntiSpyware, and Combofix, as well as any tools out there tailored specifically for the virus. I'll check the infection names that come up in scans (like TDSS or Alureon) and google around for removal tools.

[Basstronomer]

Thanks for the tips

[aspect-dubz]

hey phigure, im basically having the opposite problem from the original virus you posted about and cannot get onto the internet from my original user account. i also tried dragging the task.mgr file to the desktop but got a pop-up stating i don't have authorisation. i tried on both the guest and main account. Do you have any idea of what to do?

[DRTY]

hey phigure, im basically having the opposite problem from the original virus you posted about and cannot get onto the internet from my original user account. i also tried dragging the task.mgr file to the desktop but got a pop-up stating i don't have authorisation. i tried on both the guest and main account. Do you have any idea of what to do?

Does your connection appear at all? Try wired.... also, open internet explorer, go to tools, internet options, connections, lan settings, and make sure it hasnt put a proxy on. (boxes should all be unchecked).

No idea if that's the advice you need.... but it could be worth a go.