Sign in to follow this  
Followers 0
Demonic_angel

Infected files

10 posts in this topic

Hey all. I have finally found some infected files which I desperately hope are the cause of my computer trouble.

These files:

010112010146118114.dat

010112010146118114.lso

0101120101465452.dat

0101120101465452.lso

9g2234wesdf3dfgjf23

are apparently from a computer worm called Koobface. (sorry if this is old news, I have had my head in my chem and physics books for ahile)

I was wondering if anyone knew some good tools to remove them with. I have trend micro and spysweaper but for some reason they are not finding it. Or if I should just delete them manually from command prompt and forget about them.

Thanks.

0

Share this post


Link to post
Share on other sites

Deleting them manually may not do anything. If the malware is running, it'll just write them to disk again. Though, you didn't find any infected exe files? The malware is being launched somehow, these .dat files aren't acting alone.

0

Share this post


Link to post
Share on other sites

Well, first you have to remove Koobface. Google around for instructions.

If you only try deleting the files, Koobface will only write new files. What security software do you have?

0

Share this post


Link to post
Share on other sites

I would boot up using a live version of Linux and delete the files from there. Here's a list of files:

http://www.2-spyware.com/remove-koobface.html

Then I would boot up into Windows and get rid of the registry entries mentioned on the site above.

Edited by Seal
0

Share this post


Link to post
Share on other sites

I didn't find any infected .exe files but I didn't really look hard. I was looking for something else entirely when I saw these files and didn't know what they were.

I have Tren-Micro Anti-virus+antispyware and spysweaper. I think Trend micro found freddy46.exe a while ago and is supposedly in quarantine.

I have been reading some of the symptoms of Koobface, and unless I am missing some, my computer doesn't have these systems. The real problem with my computer is it will randomly freeze and cntrl+shift+delete does nothing and cntrl+alt+delete makes the screen go black for about 2 minutes before an error box pops up saying

Logon Process failed to create computer options dialog and then I have to hard shutdown. Any clues what may be causing this? Sounds like a security conflict to me but not really sure.

Thanks, for replies. Koobface still needs to be gone so that's priority one for now.

0

Share this post


Link to post
Share on other sites

Haha I was going to say... try and unpack them. Then run your virus removal tool. That way it can possibly clean them. But that's what I do. I don't usually have virus problems that I can't solve. I just know virus removal software can't really clean files that are compressed. The dat file it should be able to clean though... so go with what they said and delete them from linux.

Edited by Kool-Aide
0

Share this post


Link to post
Share on other sites

Antivirus software can clean files that are compressed using known compression formats. Every compression format (zip, rar, gzip streams, etc) have headers, which can be seen by the antivirus and it will decompress and check the files within. I know it's found things in my zip files before. They wouldn't be very useful if all it took to hide your malware was sticking it in a compressed archive.

0

Share this post


Link to post
Share on other sites

Antivirus software can clean files that are compressed using known compression formats. Every compression format (zip, rar, gzip streams, etc) have headers, which can be seen by the antivirus and it will decompress and check the files within. I know it's found things in my zip files before. They wouldn't be very useful if all it took to hide your malware was sticking it in a compressed archive.

No no no it finds them fine in compressed files. I have never gotten it to successfully clean something in a compressed file. But then again I don't download too many suspicious files and if they do have malware in them. Virus software finds them and if it doesn't remove them which it never does I delete it. Normally I don't find too many files that can be cleaned by Virus software most of the time I just have to delete whatever it finds.

0

Share this post


Link to post
Share on other sites

I havent found too many spyware and virus removal tools that run better than malwarebytes antimalware. Im not trying to endorse it or anything, but it has found some things for me that i really didnt expect it to find.

0

Share this post


Link to post
Share on other sites

I would boot up using a live version of Linux and delete the files from there. Here's a list of files:

http://www.2-spyware...e-koobface.html

Then I would boot up into Windows and get rid of the registry entries mentioned on the site above.

This solution works. I was hit with koobface on an XP box a couple months ago, and I used basically this solution. Only differences were...

1. I used BartPE Windows XP LiveCD

2. In addition to deleting the infected files and googling every last EXE in in my windows files that I didn't remeber by name (only took a bit over an hour), I deleted the current registry files and manually replaced them with some registries from two weeks before out of system volume information.

I still have no idea how the hell I got koobface, I think it was a compromised banner ad or something. But I'm posting on that computer right now, on the same install.

If command prompt and other stuff is disabled, putting the old registries in will fix that too.

Funny thing is I used no AV software for the whole thing, I just ran a rootkit scanner afterwards to be sure, and then ran a full scan with avast and found nothing. Been trouble free since.

And linux doesn't have these problems laugh.gif

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0