What's new

How to tell if you're infected + how to remove the virus or threat

  • Thread starter Capito
  • Start date
  • Views 16,438

Should this be pinned?


  • Total voters
    25
C

Capito

Banned
Messages
1,384
Reaction score
140
Points
165
Sin$
0
Term's before we get going:

Virus:
A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.

Malware:
Malware, short for malicious software, (sometimes referred to as pestware[1]) is a software designed to secretly access a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

False Positive:
The erroneous identification of a threat or dangerous condition that turns out to be harmless. False positives often occur in intrusion detection systems.

Antivirus:
software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware.

Crypt(Cryptology):
When code in a specific program is obfuscated to make the file undetected by antivirus.

Bind/Binded/Binding:
Binded is when 2 file's are put together and when its executed, both of the files are executed.

HJT(HiJackThis):
Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

SandBoxie:
Sandboxie is a proprietary sandbox-based isolation program developed by Ronen Tzur, for 32- and 64-bit Windows NT-based operating systems. It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive.An isolated virtual environment allows controlled testing of untrusted programs and web surfing

Malware Bytes:
Malwarebytes' Anti-Malware (MBAM) is a computer application that finds and removes malware




Download's:
SandBox
HJT
Malware Bytes


Okay, now that we know our terms and our download link's we can get started.

Sign's of being infected:​
  • Random Pop-Up's (CMD starting at random times )
  • Web Cam randomly starting
  • Password's not working
  • Fire Wall being disabled
  • Suspicious Email's sent from your account
  • Akward File's on your USB drive
Have those signs? Continue reading and I will go over how to remove them.

Way's you can get infected:​
YouTube: I recommend not downloading from YouTube. 9/10 of the time it will be an infected file. Especially: Crack's , Mod Tool's, Host Booter's With Bots , etc.

Torrent's:
Torrent's, in my opinion are the 2nd most way of getting infected.
Example: Say your downloading an AVG crack. The file may run and install correctly but it may be binded and infect your PC with out you knowing.


Sign's to look for when downloading a file from Youtube:​
  • If the video has comments disabled.: This should raise a BIG FLAG that its unsafe.
  • If the video has more dislike's than like's.
  • If in the video, it only has text and not the program its self.
  • If your trying to download a "HostBooter with bots", its not possible to get bots from downloading a file, the bots connect to a DNS which forwards to an IP.

Even if the video looks real, even if you can tell that they put time in it does not mean its clean. If you do fell like you need to download, run in Sandboxie.

I think I am infected! What should I do?​
Do a full system scan with your antivirus. Remove the treats it give's you. Problems still not solved?
Download HJT and do a full scan. Then Download and run Malware Bytes.Save both logs and post them in this section. I will be able to help you. I am an expert in analyzing HJT log's and Malware bytes logs.



Find a file you want, but you think it may contain a virus?
What you can do is download the file WITH OUT RUNNING IT and then upload it to Virus Total What is Virus Total? Virus total is a free site that allows you to upload a file, and have it scanned by over 40 Antivirus software in a matter of minutes. Or you can upload to NoVirusThanks
Or you can contact me on aim, and I will run in in a virtual machine.

Example: A file may seem harmless, but after I scan it we get the result's:

My Result's

NoVirusThanks:
File Info

Report date: 2011-02-17 21:35:20 (GMT 1)
File name: bot-exe
File size: 24576 bytes
MD5 Hash: 6d6a72ad3f76b117a52b0662775821d8
SHA1 Hash: ff24dc77bd9b0d674f48e40d6de94c91357c1787
Detection rate: 14 on 16 (88%)
Status: INFECTED

Detections

a-squared - Worm.Win32.Bybz!IK
Avast - Win32:Malware-gen
AVG - Generic19.CCCP
Avira AntiVir - TR/Hijacker.Gen
BitDefender - Generic.Malware.SBdld.C02564DC
ClamAV -
Comodo - Heur.Packed.Unknown
Dr.Web - Trojan.Siggen2.7481
F-PROT6 - W32/SelfStarterInternetTrojan!Maximus
Ikarus T3 - Worm.Win32.Bybz
Kaspersky - Worm.Win32.Bybz.ddw
NOD32 - Win32/Dewnad.AK
Panda - W32/Autorun.KNT
TrendMicro - PAK_Generic.001
VBA32 -
VirusBuster - Worm.Bybz!gWO3hagoXgo

Scan report generated by
NoVirusThanks.org



False Positive's:
Some programs by come up as a false positive. Meaning the AV detects text/code that is harmless and flag's it as a virus.
Example:
I made a program to prove this.
Picture
484cc68d328c7bee865587c2762aee9e.png

b1a70b3f77bc2e186b783cb56dbed5c7.png
The result of just the text on the button's and label's causes this:

Report



FAQ:

Q1. I have antivirus, I cant get infected right?
A1. No, just because you have antivirus does not mean you can't get infected.

Q2. Can a virus only be in an executable format?
A2. No, they can be binded to a image and have a .jpeg extension.

Q3. Which is better; Virus total or NVT?
A3. In my opinion, If your posting the results on a site, NVT. But if your scanning a file for personal use, I highly recommend virus total.

Q4. Which anti-virus do you recommend to use?
A4. I recommend using AVG. If your like me and are always on your computer, its a great investment.

Any other question's, post below!

If you know your infected, most people give the respone " Do a system restore or run malwarebytes. System restore is the LAST resort. I can remove ANY virus/threat/trojan/malware off of your computer. Just add me on aim [email protected]
 
S

speedycuban

#ellsforadmin
Messages
650
Reaction score
85
Points
95
Sin$
0
Very nice white hat post :smile: should be a sticky in my opinion. :biggrin:
 
C

Capito

Banned
Messages
1,384
Reaction score
140
Points
165
Sin$
0
Thank you. This is a very High quality that took me around 4 hours to type the info then an hour to add the size and things.
 
Shiny

Shiny

Trips
Forum Addict
Messages
2,571
Reaction score
744
Points
325
Sin$
7
Wow I think it's great that people like you who are really familiar with all that virus stuff help people who are not.
If I ever get a Virus, I know where to look for help :biggrin:
 
IDimeBag1

IDimeBag1

HOLY SCHNIKES
Messages
542
Reaction score
86
Points
95
Sin$
7
Term's before we get going:

Virus:
A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.

Malware:
Malware, short for malicious software, (sometimes referred to as pestware[1]) is a software designed to secretly access a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

False Positive:
The erroneous identification of a threat or dangerous condition that turns out to be harmless. False positives often occur in intrusion detection systems.

Antivirus:
software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware.

Crypt(Cryptology):
When code in a specific program is obfuscated to make the file undetected by antivirus.

Bind/Binded/Binding:
Binded is when 2 file's are put together and when its executed, both of the files are executed.

HJT(HiJackThis):
Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

SandBoxie:
Sandboxie is a proprietary sandbox-based isolation program developed by Ronen Tzur, for 32- and 64-bit Windows NT-based operating systems. It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive.An isolated virtual environment allows controlled testing of untrusted programs and web surfing

Malware Bytes:
Malwarebytes' Anti-Malware (MBAM) is a computer application that finds and removes malware




Download's:
SandBox
HJT
Malware Bytes


Okay, now that we know our terms and our download link's we can get started.

Sign's of being infected:​
  • Random Pop-Up's
  • Web Cam randomly starting
  • Password's not working
  • Fire Wall being disabled
  • Suspicious Email's sent from your account
  • Akward File's on your USB drive
Have those signs? Continue reading and I will go over how to remove them.

Way's you can get infected:​
YouTube: I recommend not downloading from YouTube. 9/10 of the time it will be an infected file. Especially: Crack's , Mod Tool's, Host Booter's With Bots , etc.

Torrent's:
Torrent's, in my opinion are the 2nd most way of getting infected.
Example: Say your downloading an AVG crack. The file may run and install correctly but it may be binded and infect your PC with out you knowing.


Sign's to look for when downloading a file from Youtube:​
  • If the video has comments disabled.: This should raise a BIG FLAG that its unsafe.
  • If the video has more dislike's than like's.
  • If in the video, it only has text and not the program its self.

Even if the video looks real, even if you can tell that they put time in it does not mean its clean. If you do fell like you need to download, run in Sandboxie.

I think I am infected! What should I do?​
Do a full system scan with your antivirus. Remove the treats it give's you. Problems still not solved?
Download HJT and do a full scan. Then Download and run Malware Bytes.Save both logs and post them in this section. I will be able to help you. I am an expert in analyzing HJT log's and Malware bytes logs.



Find a file you want, but you think it may contain a virus?
What you can do is download the file WITH OUT RUNNING IT and then upload it to Virus Total What is Virus Total? Virus total is a free site that allows you to upload a file, and have it scanned by over 40 Antivirus software in a matter of minutes. Or you can upload to NoVirusThanks

Example: A file may seem harmless, but after I scan it we get the result's:

My Result's

NoVirusThanks:
File Info

Report date: 2011-02-17 21:35:20 (GMT 1)
File name: bot-exe
File size: 24576 bytes
MD5 Hash: 6d6a72ad3f76b117a52b0662775821d8
SHA1 Hash: ff24dc77bd9b0d674f48e40d6de94c91357c1787
Detection rate: 14 on 16 (88%)
Status: INFECTED

Detections

a-squared - Worm.Win32.Bybz!IK
Avast - Win32:Malware-gen
AVG - Generic19.CCCP
Avira AntiVir - TR/Hijacker.Gen
BitDefender - Generic.Malware.SBdld.C02564DC
ClamAV -
Comodo - Heur.Packed.Unknown
Dr.Web - Trojan.Siggen2.7481
F-PROT6 - W32/SelfStarterInternetTrojan!Maximus
Ikarus T3 - Worm.Win32.Bybz
Kaspersky - Worm.Win32.Bybz.ddw
NOD32 - Win32/Dewnad.AK
Panda - W32/Autorun.KNT
TrendMicro - PAK_Generic.001
VBA32 -
VirusBuster - Worm.Bybz!gWO3hagoXgo

Scan report generated by
NoVirusThanks.org



False Positive's:
Some programs by come up as a false positive. Meaning the AV detects text/code that is harmless and flag's it as a virus.
Example:
I made a program to prove this.
Picture
484cc68d328c7bee865587c2762aee9e.png

b1a70b3f77bc2e186b783cb56dbed5c7.png
The result of just the text on the button's and label's causes this:

Report



FAQ:

Q1. I have antivirus, I cant get infected right?
A1. No, just because you have antivirus does not mean you can't get infected.

Q2. Can a virus only be in an executable format?
A2. No, they can be binded to a image and have a .jpeg extension.

Q3. Which is better; Virus total or NVT?
A3. In my opinion, If your posting the results on a site, NVT. But if your scanning a file for personal use, I highly recommend virus total.

Q4. Which anti-virus do you recommend to use?
A4. I recommend using AVG. If your like me and are always on your computer, its a great investment.


Any other question's, post below!
nice man thanx +rep
 
Desire

Desire

VIP
VIP
Retired
MotM Legendary Veteran End of the Year 2011
Messages
9,217
Reaction score
4,329
Points
2,070
Sin$
0
Wow, it looks as if you put time and effort into the making of this. Plus rep for you good sir. :wink:
 
Ripper

Ripper

Seasoned Member
Messages
6,919
Reaction score
2,367
Points
535
Sin$
7
System Restore doesn't always remove a virus. It can actually cause more harm than good if you decide to do so.
 
C

Capito

Banned
Messages
1,384
Reaction score
140
Points
165
Sin$
0
System Restore doesn't always remove a virus. It can actually cause more harm than good if you decide to do so.
Yep! I never do system restore when removing viruses. Nor do I stop till I remove it.
 
7s id boss 329

7s id boss 329

Getting There
Messages
1,666
Reaction score
204
Points
190
Sin$
0
Wow this is great info I like it, good job on the sticky!!!!! :smile:
 
D

dablazer916

Newbie
Messages
19
Reaction score
0
Points
35
Sin$
0
ok im not sure if im supposed to reply here or make a new thread, but here goes. I am pretty sure i have a virus. what it does is every time i google or yahoo or anything search it goes through like normal. then when i click on what i want to look at it redirects me to some random website that probably implants a virus into my computer. it does this for EVERY link i click. i even googled se7ensins and it redirected me to something else. the website is made to look like another search engine, but i immedately turn off my browser after that. i run Malwarbytes and 6/10 times it finds and removes something, but after it does remove whatever was on my computer, i try to do a search and it still redirects me to another site. this is annoying because i cant do research on school work. i have McAfee site advisor on my browser and i do safe search with that and it still redirects me away to another very suspicious site. Can you please help me?
 
Sn1per 117

Sn1per 117

Getting There
Messages
1,544
Reaction score
141
Points
190
Sin$
0
This is a great thread. Hopefully I never have to use it though :tongue:
 
C

Capito

Banned
Messages
1,384
Reaction score
140
Points
165
Sin$
0
ok im not sure if im supposed to reply here or make a new thread, but here goes. I am pretty sure i have a virus. what it does is every time i google or yahoo or anything search it goes through like normal. then when i click on what i want to look at it redirects me to some random website that probably implants a virus into my computer. it does this for EVERY link i click. i even googled se7ensins and it redirected me to something else. the website is made to look like another search engine, but i immedately turn off my browser after that. i run Malwarbytes and 6/10 times it finds and removes something, but after it does remove whatever was on my computer, i try to do a search and it still redirects me to another site. this is annoying because i cant do research on school work. i have McAfee site advisor on my browser and i do safe search with that and it still redirects me away to another very suspicious site. Can you please help me?
Add me on aim,(capito7s) and I will help you later today.
 
Top Bottom
Login
Register