Dubstepforum.com

I'm afraid it's happened again

You know how DRTY had that virus? Well I was talking with him about it, and he had this virus called Alureon. Anyways, he ended up getting rid of it, however, two/three days later, I hop on my computer and I've got a fake anti-virus installed called Security Tool. It was pretty nasty, couldn't open up task manager or any system application besides Explorer.exe without it closing instantly. I managed to get rid of it, but two days later, I get on my netbook, and I've got BOTH Alureon and Security Tool, so they must be related. Seems kind of suspicious that three separate computers who were all used to browse DSF were infected by the same malware. I sent Dubway an email two days ago about it, because I figured it COULD be a coincidence and I could be wrong, but now Chrome's giving me warnings on every page on DSF, so it looks like it's happened again


Anyways, this malware is pretty nasty. But it is relatively easily removed with the proper tools. I've put together a .rar with all the tools that I used to get rid of this malware three times (DRTY, and myself twice). If you don't trust me, and would rather collect the tools yourself, then what you want is:

Malware Bytes Anti Malware
Super Anti Spyware
Combofix
rkill.com
TDSSKiller
Hostsperm.bat (NOT hot sperm)
Task Manager renamed to Explorer.exe

http://phiik.com/Virus%20Kit.rar

DRTY's infection was dealt with using TDSSKiller in conjunction with MalwareBytes and Combofix.

My first computer's infection didn't allow me to open any applications besides Explorer.exe, and it wouldn't let me close the process of the virus so you'll need to go to C:/Windows/system32 and find taskmgr.exe. Put a copy on your Desktop, and rename it Explorer.exe. Now hover over the Security Tool icon in your taskbar, and a short string of numbers will appear. I assume it's randomly generated, but mine was 60821822. Now open Explorer.exe on your Desktop, and go to the Processes tab, and find that string of number appended with .exe. Kill it. Now run rkill.com and TDSSKiller. After they've completed, launch Combofix. It'll most likely reboot your computer, allow it to do that. When your computer reboots, log in to Windows, and let Combofix continue. It'll scan and then go through 50 stages of cleaning. It'll most likely reboot again. When it reboots, it should be finished and will create a log file. Then install and launch Malware Bytes Anti Malware and SuperAntiSpyware, and perform a full scan. Make sure you scan your memory with SuperAntiSpyware. Now run hostsperm.bat to fix your HOSTS file. If your internet doesn't seem to work, open command prompt (run dialog box > cmd), and type in ping google.com. If you get a response with XX ms, etc, but none of your browsers work, then go to Control Panel, find Add or Remove Programs or Programs and Features. Look for some Norton Software that you probably never installed and uninstall it. If pinging google doesn't work, then try reinstalling your ethernet/wireless drivers.

My second computer's infection made my computer reboot as soon as I logged in, so I had to boot into Safe Mode by pressing F8 during start up. I managed to kill the infection using only this:

"Now run rkill.com and TDSSKiller. After they've completed, launch Combofix. It'll most likely reboot your computer, allow it to do that. When your computer reboots, log in to Windows, and let Combofix continue. It'll scan and then go through 50 stages of cleaning. It'll most likely reboot again. When it reboots, it should be finished and will create a log file. Then install and launch Malware Bytes Anti Malware and SuperAntiSpyware, and perform a full scan. Make sure you scan your memory with SuperAntiSpyware. Now run hostsperm.bat to fix your HOSTS file. If your internet doesn't seem to work, open command prompt (run dialog box > cmd), and type in ping google.com. If you get a response with XX ms, etc, but none of your browsers work, then go to Control Panel, find Add or Remove Programs or Programs and Features. Look for some Norton Software that you probably never installed and uninstall it. If pinging google doesn't work, then try reinstalling your ethernet/wireless drivers."



Even if you're not infected, or think you're not infected, I recommend you download the .rar and keep it on your Desktop because you could have the infection hiding in your system without even knowing it (EGADS!). It pretty much crippled both of my computers. Neither were able to connect to the internet, so I had to use an SFTP client to connect to my jailbroken phone with which I downloaded the antivirus tools and copy over the tools...

awareness bump

shit goes 'ard

Nice work. Downloading now. Thanks man!

Nice one, man. Cheers for this.

THANK YOU BRO

Spoke to DRTY on facebook about a virus I had and he mentioned that you had helped him to remove one.
I followed the instructions he gave me and the problem seems to have been solved however my browsers or antivirus are still blocking this site as a threat.
Thanks for your knowledge...

merged all the threads on this so all info is in one place

problem should be fixed now but will still need to do the fixes if you've been infected, and unfortunately chances are you probably have so i suggest you all do a virus scan and follow the steps phigure posted if necessary

Phigure wrote:I'm afraid it's happened again

You know how DRTY had that virus? Well I was talking with him about it, and he had this virus called Alureon. Anyways, he ended up getting rid of it, however, two/three days later, I hop on my computer and I've got a fake anti-virus installed called Security Tool. It was pretty nasty, couldn't open up task manager or any system application besides Explorer.exe without it closing instantly. I managed to get rid of it, but two days later, I get on my netbook, and I've got BOTH Alureon and Security Tool, so they must be related. Seems kind of suspicious that three separate computers who were all used to browse DSF were infected by the same malware. I sent Dubway an email two days ago about it, because I figured it COULD be a coincidence and I could be wrong, but now Chrome's giving me warnings on every page on DSF, so it looks like it's happened again


Anyways, this malware is pretty nasty. But it is relatively easily removed with the proper tools. I've put together a .rar with all the tools that I used to get rid of this malware three times (DRTY, and myself twice). If you don't trust me, and would rather collect the tools yourself, then what you want is:

Malware Bytes Anti Malware
Super Anti Spyware
Combofix
rkill.com
TDSSKiller
Hostsperm.bat (NOT hot sperm)
Task Manager renamed to Explorer.exe

http://phiik.com/Virus%20Kit.rar

DRTY's infection was dealt with using TDSSKiller in conjunction with MalwareBytes and Combofix.

My first computer's infection didn't allow me to open any applications besides Explorer.exe, and it wouldn't let me close the process of the virus so you'll need to go to C:/Windows/system32 and find taskmgr.exe. Put a copy on your Desktop, and rename it Explorer.exe. Now hover over the Security Tool icon in your taskbar, and a short string of numbers will appear. I assume it's randomly generated, but mine was 60821822. Now open Explorer.exe on your Desktop, and go to the Processes tab, and find that string of number appended with .exe. Kill it. Now run rkill.com and TDSSKiller. After they've completed, launch Combofix. It'll most likely reboot your computer, allow it to do that. When your computer reboots, log in to Windows, and let Combofix continue. It'll scan and then go through 50 stages of cleaning. It'll most likely reboot again. When it reboots, it should be finished and will create a log file. Then install and launch Malware Bytes Anti Malware and SuperAntiSpyware, and perform a full scan. Make sure you scan your memory with SuperAntiSpyware. Now run hostsperm.bat to fix your HOSTS file. If your internet doesn't seem to work, open command prompt (run dialog box > cmd), and type in ping google.com. If you get a response with XX ms, etc, but none of your browsers work, then go to Control Panel, find Add or Remove Programs or Programs and Features. Look for some Norton Software that you probably never installed and uninstall it. If pinging google doesn't work, then try reinstalling your ethernet/wireless drivers.

My second computer's infection made my computer reboot as soon as I logged in, so I had to boot into Safe Mode by pressing F8 during start up. I managed to kill the infection using only this:

"Now run rkill.com and TDSSKiller. After they've completed, launch Combofix. It'll most likely reboot your computer, allow it to do that. When your computer reboots, log in to Windows, and let Combofix continue. It'll scan and then go through 50 stages of cleaning. It'll most likely reboot again. When it reboots, it should be finished and will create a log file. Then install and launch Malware Bytes Anti Malware and SuperAntiSpyware, and perform a full scan. Make sure you scan your memory with SuperAntiSpyware. Now run hostsperm.bat to fix your HOSTS file. If your internet doesn't seem to work, open command prompt (run dialog box > cmd), and type in ping google.com. If you get a response with XX ms, etc, but none of your browsers work, then go to Control Panel, find Add or Remove Programs or Programs and Features. Look for some Norton Software that you probably never installed and uninstall it. If pinging google doesn't work, then try reinstalling your ethernet/wireless drivers."



Even if you're not infected, or think you're not infected, I recommend you download the .rar and keep it on your Desktop because you could have the infection hiding in your system without even knowing it (EGADS!). It pretty much crippled both of my computers. Neither were able to connect to the internet, so I had to use an SFTP client to connect to my jailbroken phone with which I downloaded the antivirus tools and copy over the tools...

Phigure = Legend!

This should probably be stickied in every subforum

How likley do you reckon it is that I've got the virus if nothings going wrong and Norton said it blocked it every time I tried to sign on the other day?

Just asking as I'm RUBBISH at anything computer related and those instructions look like a foreign language haha

No problems with Windows 7 and Opera at the moment.

Will do a scan and report back with any problems.

Eek...had a couple issues with Firefox so uninstalled, reinstalled and did a virus can. It found 2 infected files so I got AVG to chest them away.

Will do the .rar thing later.

Cheers fellows.

I thought I had deleted any infection and my AVs show no sign of malicious software or virus however after my post above Google was automatically being redirected to random sites and I was getting a request for a username and password for a router. I then lost internet access for a while. Dont know if that was a result of my previous infection but the redirecting is a definite sign of something dodgy happening...

Bun dsf after this shit. I can't be fucked to be constantly dealing with these viruses. I've got shit I need to be doing right now, but can't because the computer all my stuff's on is locked on that combofix ish.

that's your decision but any big site like this is going to be a target for malware and other hacks. just another downside we have to deal with of dsf getting popular

Dsf is generally good, but you need to fix your security exploit problems. I've never gotten a virus off any other forum, but dsf seems to be getting infected every couple months. I've got stuff I need to send off today, and the first three times I booted up it wouldn't even get past the login screen.

im in the same boat as faust, i got the virus a couple of weeks ago and can't be fucked to get rid of it. mostly cause i don't have a clue how to so i've been using the guest account

rescue/live cd people i've posted it in other threads relating this
avira rescue disk is updated daily so if you can't get net access when live cd booting that's the route
otherwise kaspersky
dl either on a clean/safe machine burn and boot from it and clean yo shit
hopefully should fix all issues

to all the mac hoes that responded: LINUX