Horse virus ?

R

Robbie Roberson

Joined
Dec 27, 2003
Messages
1,983
Trojan horse computer virus that is..........I got one last week, just now fully recovering from it (mostly mental issues) :rolleyes: .

Here is what I think happened, I did a search somewhere, don't remember exactly what or where I was and I saw a flash of a icon, the type that you see when you are down loading files, it only lasted a second and was gone.

I did not even realize what it was until I noticed I could no longer search for ANYTHING unless it got redirected to other unrelated web pages.

Example: do a search on google for camping gear, click on one of the web pages found that says "camping gear", and you might get a web page showing many links for home loans.

This is not all, you can not search any where at all and click on returned search results without being redirected to.........you name it, the sky is the limit, who knows.

This is the easy part of the virus, the bad part is when I finally realized it was some type of "cool search or spy ware" on my machine, I went to install/uninstall programs and found some sort of Spy program had installed on my machine, I uninstalled it and my machine shut down, would not let me log on, I had to sneak in using my wifes name, and it shortly became aware of this I guess because it shut it down again.

I worked for 4 or 5 days trying to get into my machine, finally I found that I could unplug my machine from the wall and kill everything for a few seconds, then plug in and overload the virus with several clicks or commands, this would allow me to get in long enough to do more work in my registry keys or do a search for more help. Emails shut down, several warnings were popping up such as email scanner defect and firewall malfunctions etc.

It finally got so bad I had to push contrl/alt/delete just to bring up the program mngr to over ride the machine and turn it off and on this way. I had installed 5 different spy ware programs and managed to scan all of them, none worked and none found anything at all, this was done only by overloading my computer with several commands when loading and then downloading these programs.

I have had a few virus bugs in the past, they were playing around compared to this one. I then reached my limit, I deleted a whole page of registry keys that one of the spy ware things had found and said I was cured, not hardly.


I then talked to a buddy, he said try safe mode and scan, get this............I tried safe mode, it would not let me go into safe mode, it would only let me go to windows normal xp mode, I tried the unplugging from the wall trick and after about 10 times it let me go into safe mode, I scanned using CW Shredder and it found 1 thing in files and folders and said I should delete it, I did and my machine was INSTANTLY cured of all problems, even my email and firewall sent messages that they were back online.

I was later able to identify this virus, it was a Trojan horse that was installed on my machine by some web site search engine, not sure exactly who but I think it may be related to cool search in some way. Not sure how the Spy ware program got into the picture but it did because it installed on my machine without my permission, they could have been together.

I just wanted to let you know that this is a MONSTER and if you get it you must go directly to safe mode and run CW Shredder to get rid of it, it took me about 5 days to learn this. Hope this helps in some way.

I almost reached the point where my computer went out my window......I would love to meet the person who designs these monsters, I promise I would give him a monster he would never get rid of.............and just let me ask one question, what do these people gain from these types of virus that wreaks havoc on our machines and could possibly shut many machines off line forever, to never be able to go to their web sites ever again, I just don't understand the reasoning behind this ?

Robbie Roberson;)
 
then plug in and overload the virus with several clicks or commands,
Click to expand...
Can you give more detail on that? It sounds like it might be a handy thing to know.

I tried safe mode, it would not let me go into safe mode, it would only let me go to windows normal xp mode,
Click to expand...
Was the option not there, or were you not able to log in after selecting it?

what do these people gain from these types of virus that wreaks havoc on our machines and could possibly shut many machines off line forever, to never be able to go to their web sites ever again, I just don't understand the reasoning behind this ?
Click to expand...
It depends on the virus.

I think some of them actually want you to start using their real search page if that's where it sends you. A lot of them hijack your auto search function (ie, typing "wild goat sex" directly into the address bar instead of going to google or wherever first), which of course is MSN by default. But of course their software they use to hijack you blows and can really mess things up. Heck, Microsoft can barely make software that works, so what do you expect when a couple of criminals try to throw something together?

Others are just in it for advertising clicks. They don't care if you are able to use the Internet practically at all, as long as they can hack your computer and trick you into generating a few clicks on some paid porn or mortgage ads. There are different levels of this, some worse than others. This is probably what you had.
 
Robbie,

All you had to do was call me and all would have been right with the world. ;)
 
Carl64, it all happened so erratic, first there was the download of U-something spy ware program, then it started redirecting all searches.

I found out by accident and after umpteen tries to get logged on that if I hurried and clicked on IE VERY fast, and I mean don't wast a second while computer was loading this virus each time (which I later learned would reload each time computer started EVEN if a spy ware program found it) that I could click 3 times on IE and then maybe even once on one of my newly installed spy ware programs, and then wait an eternity until all 3 IEs were loaded, and one spy ware program was on line, then I had successfully beat it for the time being and could do a search on google without being messed with, but if you made the mistake of shutting down or clicking all these off, it would catch your movements and lock the machine up tight, I know this sounds silly but I swear I did this and it worked.

When I finally got into safe mode, it would lock onto Windowows Xp and would not move up or down by arrow keys, no matter what you did, then it would lock up and you were stuck here, I would then get program mngr and click upper bar and restart machine, and start all over, this was done at least fifty times in a 4 day period.

This trojan has to be programmed to do everything to stop you from deleting it's bug.

I had a firewall, and AVG, it did warn me and even told me I had a Trojan, even told me what it was, but it could not find it after the first warning.

Had I known to go to safe mode from the very first load, and had I known about CW shreddar, I could have ejected this pain in the first 5 minutes. I learned a lot, I hope.

I have had a few minor virus bugs, nothing ever messed with me like this. What really makes me mad is I was doing a normal search whaen I first saw a quick flash showing a file folder loading, then I found the Spy ware program installed, this is when my problems began.

My machine is back to perfect now, after 5 days it was really very easy after I was able to run CW......without the Trojan knowing it was scanning, it snuck up behind it and ate it's lunch !
 
Hope all is well now.......................KV, I actually started to call you, but I wanted to try to get this monster myself, thanks for the offer though, it means a lot.

Robbie Roberson ;)
 
Those things can be pretty clever. I have had a couple, over the years, and for all my great care and experience I still manage to end up with one every few years.

They can "infect" an existing file in your hard drive, and a registry key change (a registry key is just a small simple set of data that stores setting selections and other small stuff, as simple as a web address or even a simple 1 or 0 to set something as on or off) and other modifications can load up the spyware/virus or whatever it is so your spyware fighting program finds the running program and registry key change, but may not find the infected file that spawns it on startup.

Annoyingly, Windows seems to run some unnecessary stuff before you actually log in (like checking your e-mail). That might explain the login issues. I recently found out that if you type in a password on the login screen then change your mind and tell it to hibernate instead of clicking the login button, your password is saved in the hibernate memory and filled in automatically when it boots up. Yikes.

Did you install that recent wmz rendering patch? That's the one that fixed the issue where graphic files can run viruses.
 
Good info., no I did not download that, I found it and something happened, can't remember exactly why now because it was during this trojan that I tried to find a fix and saw this updated download fix/patch. :confused:

Oh well, maybe it will stay away, at least I have some better idea how to deal with it now. Thanks for you advice.

Robbie Roberson ;)
 
I often wonder; would it be possible to track down the culprits responsible for these viruses, and BEAT THE HOLY CRAP OUTTA THEM? :mad:
 
Go to Microsoft Windows Update and get that patch NOW! Same for anyone else who hasn't yet! :eek:

20.jpg
 
Cool Web Search is a NASTY trojan! I had a buddy at work install a bikini screensaver on my computer on day when I wasn't there... (i'd been admiring the pics on his) I started getting the pop ups and re-directs. Luckily I found out it was CWS, and googled that. Downloaded CWShredder and made things right again... Then had to do it for my buddy.
 
Danbo, I would gladly cover your back on that little trip......I have dreamed of doing things like that for a while to these low life pukes......and I consider myself very easy going and mild mannered.

But there are a few things that has happened lately that has made me wish we could form an "Internet puke cleaner" club.

With the technology we have available to us it looks like someone could make millions if they figured out a way to stop this kind of stuff.

Couger Allen, I am on my way ! Gosh what an ugly trojan, is he yours ? :D

Grim/Don, that is apparently what I got, or a form of it, you can bet it was the worst I ever had.

Robbie Roberson ;)
 
You must log in or register to reply here.
Back
Top