Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus Troubleshoot! Help please :[


  • Please log in to reply

#1
leviathan120

leviathan120

    New Member

  • Member
  • Pip
  • 2 posts
Hi, i'm usually pretty good about handling virus's and about what sites to go to and what not, for a while, i've used lavasoft ad-aware and AvG free edition. About a week ago, while I was reading manga on a website called mangavolume, I noticed clicking, that wasn't cued by my mouse seeing as I didn't have my hand on the mouse, the clicking would continue, so I ran a scan via ad-aware, found some spyware, removed, clicking continued, ran a scan with AVG, at the time was still 7.0, it found nothing, upgraded to 8.0 a day later, also from another virus viewboard, installed malwarebytes malware removal, it found some virus's, a couple trojan clickers, mostly agents, and a couple downloaders. I had tracked down the file to windows\system32\config\cookies -> index.dat, which would be 32 kb, instead of the usualy 16kb, and would create text documents, there are alot of different names for these documents, such as [email protected] etc, eventually I deleted the index.dat through safe mode, and that specific one never bothered me again and remains inactive and at 16 kb since. Recently though, in C\documents and settings\ localservice\cookies this happens again. I'd like to add that when I went to sleep the first night and it continued to make files, when i woke up it was playing sound advertisements, really poor quality speech, i didnt have my headset on so i dont know what they were about. I havent had the problem since i deleted the txt documents. In relation to my problem now, going into safe mode, deleting index.dat, doesn't really work, the virus or w/e it is, either A) Starts up again with the cued clicking and txt document making right away, or remains at 16 kb for several hours, upon switching to 32 kb and doing the same thing. When it is idle, scans with ad aware dont come up with much, malware bytes find one file and doesnt find it again until the virus problem starts again, that file is C:\\Windows\System32\comsa32, when the file starts up again, I can find 13 virus's, always the same 13, ad aware always find 2 registry values, the same ones, but they are removed and they cant be found again since they've been deleted, until the virus restores them. The thing that recently started happening, when I deleted text documents before, they would remain there, I could go into the folder before and always see them, when it makes them now, if now deleted within about 5-7 seconds they become invisible, I have view hidden files and folders checked, and always unchecked hide system files etc. The creates new copies of the hidden ones so the new ones have brackets, [1], [2] etc, i havent seen it higher than two, where they are hiding i dont know, ive checked other cookie folders, ive found one in networkservice, my own specific thing... correction i just checked.. here before this folder was EMPTY! C:\Documents and Settings\Petteri Bennett\Cookies has 32 kb index.dat, and 4 txt documents NO CLICKING SOUND at all today from start up from safe mode, ive been keeping it in safe mode running scans while I sleep so it doesn't gain progress or w/e while im unable to monitor it. Please I think i've listed all the problems ive faced, help me find out how to combat this virus!!! :) Also! about the 4 txt documents in C:\Documents and Settings\Petteri Bennett\Cookies I don't know whether they are bad or not, language
english
steampowered.com/
1536
3476996480
30024370
1444455280
29950945
*
is what is found inside [email protected][3] &[2].txt and also in the other txt documents... are these also bad I scanned them and they didnt find anything... I was talking to my brother just a bit ago as well, he said it might be a worm, instead of a virus, he doesn't know though he hasn't had an experience like this before either, but yeah... ; ; hopefully someone can tell me what I need to do for this.

Edited by leviathan120, 21 August 2008 - 06:28 PM.

  • 0

Advertisements


#2
leviathan120

leviathan120

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Although I never got a response from the forums on here, I figured if somebody else encounters the problem I have, I would give an update to my situation on here that might help others later. To Summarize, I noticed distinct clicking sounds, i.e opening a folder, the standard sound you hear. It would vary from mass clicking, to single clicks. Running Lavasoft Ad-Aware, would only find data miners. Removing these did not cease the clicking, AVG wasn't updated to 8.0, and didn't find anything. Install Malwarebytes, found trojan clickers, downloaders, and agents. The Source, if left unchecked, would generate .txt documents, if these were left unchecked, advertisements, would play through my headphones, things about check cards and mayo and pumas... Stupid yes but true. I decided while I was sleeping to keep it from doing things to be in safe mode and run scans over night. This caused the Source, which started in windows/system32/config/cookies -> index.dat, to be idle for several hours before activating again, or at start up would activate, if I went back to safe mode, deleted the index.dat and etc, it would do one of the two again, mostly the idleness. I noticed the Source liked to activate at 2400 - >0:01. I still haven't confirmed if I am fully safe but I have gotten to a point where I don't need to be in safe mode at night. Eventually AVG 8.0 had an update, due to this update I would find immiediate threats, backdoor trojans. One in particular, when the threat was detected, would also be at the same time the index.dat would be "modifed" the date would show 001 but still 16 KB instead of 32. when its active. The Problem resides in my documents and settings, local service and cookies, it used polymorph tactics, and seemed to evolve, made me question and still is debatable whether a 3rd party was involved. It would relocate itself to other cookie folders, and hide the .txt documents in places I couldnt find, I eventually got it back to local service though by a trial deletion of index.dats in the folders it was having a bash at. I updated Malwarebytes Antimalware today, after Multiple threat detects of backdoortrojan. turkojans and others, and found 4 backdoor.bots. It's possible these are the source of the problem. It may go deeper, a 3rd party may present itself too. That is yet to be seen, my best way to handle this atm, is to constantly keep all my stuff up to date every day, to make sure I can always have the best chance to find different virus's or malware. Hope if anyone else has this problem, that this helps. IF anyone else has had this problem, and has any advice to me, or knows there is more to it than what i've described so far, please respond to this. Thank you.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP