The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
Stubborn computer virus...
IanatorA predator cannot differentiatebetween prey and accompliceRegistered Userregular
Somehow after replacing my computer's RAM it contracted what AVG says is a Trojan. When it scans it picks up the virus in "system32/csrss.exe(588)" and "explorer.exe(3552)", plus sometimes a Firefox file. Side effects are malicious popups, occasional loss of the taskbar and the corruption of my sound drivers.
Worse yet, it also finds the viruses in (I think) memory modules as well, all relating to the above files: "system32/csrss.exe(588):\memory_00270000" and "explorer.exe(3552):\memory_001a0000". AVG is refused access to these objects, thus rendering me unable to do anything about it. MalwareBytes doesn't even find it, so that's out.
I don't think I've been to any sites I haven't been to before. Any ideas on how I can excise this thing once and for all? (I've since replaced my old memory, but no such luck getting rid of this.)
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg) Backlog Challenge List
I haven't seen any conventional virus/malware/spyware that actually invades memory in a long time. Usually a safemode reboot + mbam will clean regular malware in windows but you may actually have a boot sector infected. I use avast, but scanning with all knownonlinescannerswon'thurt. If it comes down to it, nuke it from orbit and reformat/reinstall.
I haven't seen any conventional virus/malware/spyware that actually invades memory in a long time. Usually a safemode reboot + mbam will clean regular malware in windows but you may actually have a boot sector infected. I use avast, but scanning with all knownonlinescannerswon'thurt. If it comes down to it, nuke it from orbit and reformat/reinstall.
Echoing these thoughts here, and throwing in a fewother scanning options as well. The fact that the infection is being seen in csrss.exe and explorer.exe (from the trusted paths) is somewhat unsettling, and may indicate a bootkit type virus. The malicious popups seem to indicate a genuine infection, rather than a memory corruption issue.
I'd also highly recommend burning a rescue CD or a Linux LiveCD, and using the available tools there to check your system from outside of your operating system. The fact that you're not seeing anything with scanners, but are observing suspicious behavior, further suggests a bootkit/rootkit infection of some kind - those are damned hard to pin down or identify from within the compromised OS. Here's a quick list of CDs you can try, if you wish. The 'Rescue CD' options are typically ones that will boot and run a specified program. The Live CDs will usually boot you into an operating system environment and let you do what you need to:
If you find an infection with one of these scanners, I too would suggest using one of the LiveCDs to backup your important files, and then completely reformatting your hard drive, and reinstalling your operating system on the clean drive.
TetraNitroCubane on
0
IanatorA predator cannot differentiatebetween prey and accompliceRegistered Userregular
The way those errors read. Have you tried pulling the new ARM you installed out and trying again? Perhaps you got bad RAM.
Yep. I actually didn't do anything that required the sound drivers until after I put my old memory back in.
Anyways, I've got a lot of stuff to back up. Shoulda got that 2TB drive from Costco when it was still $30 off, I won't be able to afford a good external for another week.
Ianator on
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg) Backlog Challenge List
0
IanatorA predator cannot differentiatebetween prey and accompliceRegistered Userregular
edited March 2011
It's official: my desktop has been virus'd something fierce; thus, I must work from the backup laptop.
Things start to freeze after startup - AVG locks up if I try to scan, while avast! loses steam during a scan (think the speed of a BitTorrent winding down to zero when you finish it). I tried Safe Mode and it sorta works, but I can't internet with it and AVG will only let me do a "Command Line Scan" that ultimately didn't help much (I didn't try avast! yet). System Restore didn't do anything either, seeing as I "didn't make any changes" since the date I picked up the memory.
Speaking of memory sticks, I picked these up second-hand. Though I'm sure RAM doesn't work like this, is there any chance I could've gotten infected by them? The symptoms started showing up about two days after I installed them.
Ianator on
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg) Backlog Challenge List
You can't load data onto RAM and have it stay there after it losses power, so unless this was some dastardly mastermind thing where someone added flash memory to the sticks and wired up some amazing construction to try and infect you, it would be impossible to get infected that way.
In other words it seems extremely unlikely, an infinitely more likely thing would be you installing something around that time or even just picking it up from netbrowsing.
NATIK on
0
IanatorA predator cannot differentiatebetween prey and accompliceRegistered Userregular
edited March 2011
I kinda figured. Anything else I could try in Safe Mode? Or is it time to start pricing parts on Newegg?
...Well, yeah, it's always time to price parts on Newegg.
Ianator on
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg) Backlog Challenge List
0
TetraNitroCubaneNot Angry...Just VERY Disappointed...Registered Userregular
edited March 2011
At this point, it sounds like using a LiveCD is going to be a better option than safe mode, if you're really intent on cleaning the system. If you are really looking at a last ditch, Hail Mary type cleaning (i.e. About to reformat anyway), you can always try Combofix.
Why price parts on NewEgg, though? This issue should be entirely software, if you're thinking it is malware related. I'd recommend you completely reformat the hard drive, and reinstall windows. Then install security software, and only after that restore critical files from backups.
Edit: You mentioned using AVG and avast. Are you talking about the online scanners? Or did you install both full antivirus programs at the same time? Having more than one resident antivirus installed simultaneously is usually asking for trouble (like system lockups).
TetraNitroCubane on
0
IanatorA predator cannot differentiatebetween prey and accompliceRegistered Userregular
edited March 2011
Pricing parts because I was already looking to build a new compy even before this happened.
Also yeah AVG and avast! were both installed at the same time though not actively scanning. They were playing nice for a little while.
Ianator on
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg) Backlog Challenge List
0
TetraNitroCubaneNot Angry...Just VERY Disappointed...Registered Userregular
Pricing parts because I was already looking to build a new compy even before this happened.
Also yeah AVG and avast! were both installed at the same time though not actively scanning. They were playing nice for a little while.
If you were pricing out parts before hand, then go for it.
But, uh, if you had Avast! and AVG installed together, and both were running resident, you could pretty much cause every single problem that you've just described. They don't need to be "actively scanning" at the same time in the sense of 'I started a virus scan with both' - If both antivirus suites were installed resident they'd be scanning everything on-access, not on-demand. Most antivirus suites will scan every single file that you write, read, or open as you do it, regardless of whether or not you requested a scan.
Having more than one antivirus running on-access can lead to lockups, and tons of false positives as one can AV see the other AV as a threat. I know some people have good luck with it, but I've never seen it work. Hell, most of the time, when switching from one AV to a different one, if you don't uninstall completely you'll run into problems.
I'd uninstall one of them, then scan the entire system with MalwareBytes. If it comes up clean with MalwareBytes after that, I'd operate it carefully for a while and see if the problems persist.
TetraNitroCubane on
0
IanatorA predator cannot differentiatebetween prey and accompliceRegistered Userregular
edited March 2011
Tried MalwareBytes already, didn't pick it up. AVG's the only one that seemed to find the bad things in system32.
I've taken my box down and put it in the corner to think about what it's done, but I'll put it up again in a few days and uninstall avast.
Ianator on
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg) Backlog Challenge List
Posts
Movie Collection
Foody Things
Holy shit! Sony's new techno toy!
Wii Friend code: 1445 3205 3057 5295
Bad RAM can cause sound corruption due to slowing down the computer in general, so his talk of sound driver corruption does support this idea.
If you continue being unable to find anything, try pulling the RAM, it could very well be the culprit.
Echoing these thoughts here, and throwing in a few other scanning options as well. The fact that the infection is being seen in csrss.exe and explorer.exe (from the trusted paths) is somewhat unsettling, and may indicate a bootkit type virus. The malicious popups seem to indicate a genuine infection, rather than a memory corruption issue.
I'd also highly recommend burning a rescue CD or a Linux LiveCD, and using the available tools there to check your system from outside of your operating system. The fact that you're not seeing anything with scanners, but are observing suspicious behavior, further suggests a bootkit/rootkit infection of some kind - those are damned hard to pin down or identify from within the compromised OS. Here's a quick list of CDs you can try, if you wish. The 'Rescue CD' options are typically ones that will boot and run a specified program. The Live CDs will usually boot you into an operating system environment and let you do what you need to:
If you find an infection with one of these scanners, I too would suggest using one of the LiveCDs to backup your important files, and then completely reformatting your hard drive, and reinstalling your operating system on the clean drive.
Yep. I actually didn't do anything that required the sound drivers until after I put my old memory back in.
Anyways, I've got a lot of stuff to back up. Shoulda got that 2TB drive from Costco when it was still $30 off, I won't be able to afford a good external for another week.
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg)
Backlog Challenge List
Things start to freeze after startup - AVG locks up if I try to scan, while avast! loses steam during a scan (think the speed of a BitTorrent winding down to zero when you finish it). I tried Safe Mode and it sorta works, but I can't internet with it and AVG will only let me do a "Command Line Scan" that ultimately didn't help much (I didn't try avast! yet). System Restore didn't do anything either, seeing as I "didn't make any changes" since the date I picked up the memory.
Speaking of memory sticks, I picked these up second-hand. Though I'm sure RAM doesn't work like this, is there any chance I could've gotten infected by them? The symptoms started showing up about two days after I installed them.
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg)
Backlog Challenge List
In other words it seems extremely unlikely, an infinitely more likely thing would be you installing something around that time or even just picking it up from netbrowsing.
...Well, yeah, it's always time to price parts on Newegg.
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg)
Backlog Challenge List
Why price parts on NewEgg, though? This issue should be entirely software, if you're thinking it is malware related. I'd recommend you completely reformat the hard drive, and reinstall windows. Then install security software, and only after that restore critical files from backups.
Edit: You mentioned using AVG and avast. Are you talking about the online scanners? Or did you install both full antivirus programs at the same time? Having more than one resident antivirus installed simultaneously is usually asking for trouble (like system lockups).
Also yeah AVG and avast! were both installed at the same time though not actively scanning. They were playing nice for a little while.
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg)
Backlog Challenge List
If you were pricing out parts before hand, then go for it.
But, uh, if you had Avast! and AVG installed together, and both were running resident, you could pretty much cause every single problem that you've just described. They don't need to be "actively scanning" at the same time in the sense of 'I started a virus scan with both' - If both antivirus suites were installed resident they'd be scanning everything on-access, not on-demand. Most antivirus suites will scan every single file that you write, read, or open as you do it, regardless of whether or not you requested a scan.
Having more than one antivirus running on-access can lead to lockups, and tons of false positives as one can AV see the other AV as a threat. I know some people have good luck with it, but I've never seen it work. Hell, most of the time, when switching from one AV to a different one, if you don't uninstall completely you'll run into problems.
I'd uninstall one of them, then scan the entire system with MalwareBytes. If it comes up clean with MalwareBytes after that, I'd operate it carefully for a while and see if the problems persist.
I've taken my box down and put it in the corner to think about what it's done, but I'll put it up again in a few days and uninstall avast.
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg)
Backlog Challenge List