And my anti-virus and ad aware programs are unable to pick them up. I mistakenly downloaded what was supposed to be a plugin for a video I was trying to watch off some website (which was one of the top results in Google). Peerguardian kept mentioning something saying "ZLKon Exploits" and "Malware Exploits" without even my browser being open. When I turn off my wireless internet connection, Peerguardian would stop logging those two connections. I ran McAfee's full scan and it detected 3 supposed infections and deleted them. Run Ad Aware and and removed all the stuff it detected. For a while there, the supposed virus or malware actually blocked off my internet connection in that I could not load any webpages. After the running the McAfee scan the internet connection started working again (it was no the whole time, it just did not load any websites). The problem now is that I am absolutely POSITIVE that the malware is still there lurking in the background. How do I know this? Well when I try to search for something through my browsers (tried both Firefox and IE) like Spybot it would show me the correct results, but then I click on "download.com" (for ex.) and I get redirected to something completely unrelated and I can't do anything about it. Any idea how I can try to address this issue? I am afraid it is that bug that "60 Minutes" covered at the top of their show last night, which is apparently designed to just lurk there and hijack all your key logs and steal all your information. Terrifying stuff really. As a further note, I tried to download Spybot but the installation keeps failing and I get an error message about not being able to connect to a "server" of some sorts. I have a feeling this might be tied to the virus/malware attack. It also keeps disabling my Windows Defender and Firewall whenever I restart the system, and I keep having to turn them back on myself. Anyone have a similar experience here? I am really lost here guys, any tips you can offer would be really helpful here.
A hijackthis log and/or a simple process list may both help considerably. If you can get Spybot installed, I would also check your BHO & ActiveX menus in Spybot (Spybot must be set to "advanced mode") to see if there's anything suspicious... or just post screens of both of those menus. They shouldn't be big. EDIT: Also try running Aimfix real quick. It literally takes about 5 seconds to run. It occasionally can get rid of some nasty stuff quickly that's preventing a Spybot installation.
Here is an excerpt of the AIMFix scan, I can't post the whole thing because it is too long, but it is full of "failed during service" lines, not sure what that means
That's pretty weird. Probably has to do with some new feature or something. Trying jumping over to oldversion.com and grabbing version 1.4. Maybe you'll be able to install that.
This actually happened to me a few months ago. Best thing to do is just reformat to factory settings.
Oh wow. Your virus even neutered AIMfix. Nifty. Try installing Spybot 1.4 and seeing what's in BHOs, ActiveX, and your Startup List (all in the advanced menus). The scan itself is mostly useless, I wouldn't bother. If nothing jumps out there or you can't install Spybot, try ComboFix (just google it). Beyond those, like I said... if I can see a HijackThis log (google it) or a couple screens of your complete process list from task manager, I might be able to give you some idea of what to do. Can't guarantee anything, though. Harder to check everything if I can't actually check everything out in person...
Vexing computer worm to evolve on April Fool's Day 1 day ago SAN FRANCISCO (AFP) — A tenacious computer worm which has wriggled its way onto machines worldwide is set to evolve on April Fool's Day, becoming harder to exterminate but not expected to wreak havoc. A task force assembled by Microsoft has been working to stamp out the worm, referred to as Conficker or DownAdUP, and the US software colossus has placed a bounty of 250,000 dollars on the heads of those responsible for the threat. The worm is programmed to modify itself on Wednesday to become harder to stop, according to Trend Micro threat researcher Paul Ferguson, who is part of the Conficker task force. "There is no evidence of it going into attack mode or dropping any particular payload on April 1st," Ferguson said in an interview. "What people controlling the botnet are doing is building in survivability because of efforts by the good guys to lessen the harm of this thing." The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with security patches for Windows RPC Server Service. It can infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another. Once in a computer it digs deep, setting up defenses that make it hard to extract. Malware could be triggered to steal data or turn control of infected computers over to hackers amassing "zombie" machines into "botnet" armies. A troubling aspect of Conficker is that it harnesses computing power of a botnet to crack passwords. Microsoft has modified its free Malicious Software Removal Tool to detect and get rid of Conficker. "As this threat continues to evolve, Microsoft and other collaborative companies will continue to identify new ways to disrupt the Conficker threat to give customers more time to update their systems," said Christopher Budd, security response communication lead for Microsoft. Computer users are advised to stay current on anti-virus tools and Windows updates, and to protect computers and files with strong passwords. Conficker is programmed to reach out to 250 websites daily to download commands from its masters. On Wednesday, the worm will begin connecting with 50,000 websites daily to better hide where orders originate, according to Mikko Hypponen of F-Secure computer security firm. "They basically upped the ante; trying to make our lives more difficult," Ferguson said. "They realized the good guys were starting to intercept their communications." The infection rate has slowed from a fierce pace earlier this year, but computers that are not updated with a software patch released by Microsoft remain vulnerable, according to security specialists. Hypponen wrote in a message at F-Secure's website that Conficker is in one to two million computers and that most of those machines are believed to have an early version of the malicious software lacking the April 1 trigger. Conficker was first detected in November 2008. Among the ways one can tell if their machine is infected is that the worm will block efforts to connect with websites of security firms such as Trend Micro or Symantec where there are online tools for removing the virus. "Once a machine is infected, it becomes very hard to clean up," Ferguson said. "There is no indication anywhere of (Conficker) doing anything but just sitting there. We don't know whether another shoe is going to drop, or if there is another shoe at all." Hackers have taken advantage of Conficker hype by using promises of information or cures to lure Internet users to websites booby trapped with malicious software, according to security specialists. "It seems that every other day you see some story about the Internet being hobbled together with bubble gum and paper clips," Ferguson said. "Conficker could be the biggest non-story of the year; at least that's what I hope it is." http://www.google.com/hostednews/afp/article/ALeqM5jxa_X19yWLn722h_GKtTiaEHTuaA Sound Familiar? Looks like your computer will be toast on april fools.
Reformatting truly is the easiest and safest option in this instance... but I definitely understand if someone has a million programs they don't want to reinstall and/or find again, etc...
That is it! That is the one they talked about on "60 Minutes" at the top segment of the show last night as well. F*** I may end up suing Google for not warning me about that site. It was like 3rd on their list of results. I guess McAfee and all these programs are useless then. It is disabling every version of Spybot. This is beyond horrible, I have Vista and I did not get a restore CD.
my goodness... u click on some stupid video search result and installed a plug in that u shouldnt have..and then u still want to blame someone else? guess i should blame toyota for going over a curb?
