Seeya Guys, I give up, Im outta here!

Discussion in 'The Lounge' started by EXOX3, Aug 24, 2006.

  1. EXOX3

    EXOX3 Staff Sergeant

    Well guys, I`ve had it! I am that furious, upset & just aggitated right now, I have decided I am killing my internet connection, and probably sell my PC also! I am sick to death of it all!

    Last week I sat in this chair for a good 24 Hours sorting it out, trying to fix everything after getting trojans and viruses! and now the Win32.ciadoor.024 is back and has messed my PC up! and I`ve had a gut full, I haven't gone anywhere to get it, I have Avast on HIGH at all times, and also a firewall program, and both couldn't protect me, and unless its my ISP sending it to me! then I haven't a single clue how it got on my machine once again!

    Now I cannot be bothered formatting again, and getting my system back up, I`ve cleaned the virus via avast, but now if I click CTRL ALT DEL, it says 'task manager has been disabled by your administrator', I am the ADMIN! also other weird things have happened and changed becuase of this virus, and I dont know how to fix it. so in about 1 hours time im ripping everything out the wall, closing the computer down, and saying siyonara!

    Farewell geeksters :)

    Kindest Regards,

    David Giles
     
  2. Burning_Monkey

    Burning_Monkey MajorGeek

    24 hours isn't that much really. I spent a week trying to fix one machine once.

    Did you ask for help in the Support forums? Those guys are pros as far as this addled tattooed freak is concerned.
     
  3. padams

    padams First Sergeant

    Sorry to hear you're having all those problems. Hope you come back soon.
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Whoa back, big boy (welcome to the world of Mr. Gates!) ....it's always darkest before the dawn (and other such platitudes).

    Do a repair install to get everything back to normal ....though I think you haven't rid yourself of all the nasties ....so once you are back run an online scan (either panda or kaspershy (SP?) .....(they are listed in the read and run first section of the malware ....which I'm sure you are familiar with, sigh) ...

    Then let's take it up again .....to make sure this doesn't keep happening ....K?:) :)
     
  5. EXOX3

    EXOX3 Staff Sergeant

    Hi Tim,

    When I reformatted last time, I did a full online scan which came back all clear, I haven't downloaded a single thing, so I cannot work out how I got it this time, its making my PC crawl to the floor, absolutely crazy. frustrating and crazy.

    I cannot reformat, I will loose all the data and I cannot do a repair install, that means another few days of getting it back to its normal state again, which I just completed since last week for this current install.

    I dunno, I feel so numb right now it isnt funny, I want to know how and where exactly it came from, I didn't have it 2 hours ago, I`ve retraced my steps and all I did was surf around. I`ve retraced, checking everything but to no avail, so this to me seems suss...

    Can someone send me a virus? via my modem, like someone at my ISP?

    David
     
  6. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Dude, make an image. I keep 2 hard drives, backing up my data to my second drive. I create an image with everything setup, email, etc and use Nero for an image.

    If your repeatedly getting infected, you have an issue to consider. Crappy outdated firewall or anti-virus, for example. Theres a chance your visiting a rogue website, unaware.
     
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Unlikely, unless there was a backdoor hiding in your system ...why can't you do a repair install (it won't lose anything...not files or programs, etc....only your updates)
    Wordy xp repair install:
    http://www.informationweek.com/windows/showArticle.jhtml?articleID=189400897

    To follow up on MA's post (which he slipped in while I was replying ...the little devil) ...you can add a tool on your browser to verify the sites you visit as real or bogus.
     
  8. EXOX3

    EXOX3 Staff Sergeant

    Hi Guys,

    My problem is I don't have the cash for a 2nd HDD, Will check that link out in a sec TimW.

    I did a google search on ciadoor.024 for information on what this virus is capable off and what it does, to see if I can fix it without formatting, but I can't find any info on it other than basic naming....

    Most of my options in my CP don't work either I just noticed, saying a component is not loaded.. or alike for others....
     
  9. EXOX3

    EXOX3 Staff Sergeant

    I just though, when I restarted last just before Avast said I had a virus in svhost, svhost requested rights via lavasoft firewall...
     

    Attached Files:

  10. padams

    padams First Sergeant

    Have you gone in to task manager and sorted it by memory to see if there is anything bogus running?
     
  11. EXOX3

    EXOX3 Staff Sergeant

    I cant open my task manager since last reboot, since the virus was detected, it keeps coming up saying it was disabled by my administrator, I am the admin and I dont know how to enable or disable it, the trojan/virus has done it, however I don't know what else the Win32:ciadoor.024 has done and if I can repair it..

    I cant find anything on it via the internet...
     
  12. padams

    padams First Sergeant

    this virus hella sucks man. maybe you should try a repair install like TimW suggested. remember the f word of computers.....frustration. i know it sucks right now trying to figure all the issues out, but you'll be glad when it's all done and working again. have faith.
     
  13. nitecrawler

    nitecrawler Guest

    A large bottle of Jack Daniels, a good nights sleep, a repair install and a request for clearance in the malware forum should do the trick!

    In that order.

    Regards...
     
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Got one BIG question ......where did you get the install cd from? The reason I ask is that if it is not a legit xp disk, then you very well may be re-infection yourself every time you re-install (the viruses are embedded in the cd).
     
  15. Cochese

    Cochese Specialist

  16. G.T.

    G.T. R.I.P February 4, 2007. You will be missed.

    Luthius, love seeing and chatting with you here in the Lounge, but you really need to start a thread in the Malware forum if you haven't already. Those guys are the BEST at ferretting out malware. These days, you frequently don't get hit by a lone gunman, you get hit by a complete commando squad, including an offshore sub that brings in more commandos as needed. Getting it straignt can be very detail intensive, and they know the details.

    As Tim mentioned, don't install ANYTHING except an official Windows disk, except for what the malware gurus say to install or run, and a repair install won't damage your personal data or programs. There are three possibilities: Either you're reinstalling the bad stuff yourself, you haven't gotten rid of it all, and a trojan or similar is re-downloading the malware after you remove it, or you're revisiting a bad site that's hitting and downloading again once you're done.

    First, get it clean with the malware forum. Second, visit Windows Update and patch EVERYTHING you can. If you use Outlook, go to Outlook's update site and update everything from there. Check all your other programs you use for patches and updates; many secondary software packages have security vulnerabilities too. Qukck-Time, Real Player, lots of proggies you use on the net have been vulnerable. And to minimize the drive-by downloads from malicious sites, surf with something other than Internet Explorer. Most of the drive-by attacks focus on IE because it's the main one out there and has been a fairly easy target, and won't work with Firefox or Opera. I use and love Firefox, but get away from Internet Explorer. Even patched, it's riskier, and unpatched, it's an open door to the bad guys.
     
  17. bigbazza

    bigbazza R.I.P. 14/12/2011 - Good Onya Geek

    Don't like to see a fellow Aussie so despondent.

    Try, (it can't do any harm and may actually help):)

    RemoveIT Pro XT SE (16.5.2006) http://www.majorgeeks.com/RemoveIT_Pro_d4878.html
    Remove many viruses that other popular antivirus software cannot discover.

    [Bazza] The only one I have found that will detect AND remove Win32 Trojans.:cool:

    ===

     
  18. EXOX3

    EXOX3 Staff Sergeant

    Hey Guys,

    TimW, MA, GT, Bazza And All,

    I have calmed down a fair bit, sorry to sound rather pedantic, I`m just sick to death of it all, like MA said, I have likely picked it up via http un aware, it's getting to the point where you need a full on corp style security system just to surf the blimmin net! Can't we do anything about it? before it gets to the point where you're having to pay an admission fee + tip per site you visit, just to protect your security and safe keep!

    I will follow all your directions, this will be my final attempt though, I don't think I could take it happening again. Also I just found out that my Modem/Router also has a built in firewall.. Its an Open 624, maybe someone else has this type of modem and can suggest if it's firewall is worth while using and how to use it.

    Will post how I get on as I go along.... I`m taking the modem line out the PC while I do this though... just incase.

    Thanks guys
     
  19. EXOX3

    EXOX3 Staff Sergeant

    What do I do bazza? If I 'FIX'... Will it make my system go down, these are critical windows files I think?

    [​IMG]
     

    Attached Files:

  20. EXOX3

    EXOX3 Staff Sergeant

    Bazza,

    I could KISS YOU! :)

    Seems to have fixed the system tremendously! Their is NO pausing in my system now either! :) At startup, it would pause on the WELCOME screen for quiet some time, also on the desktop, it would take forever to popup the taskbar, now its all back to normal and instant! :)

    Now, just one little problem, I still cannot get my TASK manager working, CTRL + ALT + DEL says the service has been disabled by Admin, obviously its the ciadoor virus that done it, gawd knows what else I`ll find out later thats been done, however, how do I turn the TASK Manager service on? Do I do it via admin tools under services? if so which one....

    Thanks guys! :)
     
  21. EXOX3

    EXOX3 Staff Sergeant

    Nevermind guys, Did a google search and found this, http://windowsxp.mvps.org/Taskmanager_error.htm

    I couldn't regedit either, fixed that also, looks like it disabled a fair bit of winodws Admin style privledges from the user and takes them for itself.
     
  22. padams

    padams First Sergeant

    congratulations on getting this far, see it was worth it to try wasn't it!

    did nitecrawlers idea work?lol
     
  23. Maxwell

    Maxwell Folgers

  24. EXOX3

    EXOX3 Staff Sergeant

    Well I settled for a stiff glass of Jameison :)
     
  25. bigbazza

    bigbazza R.I.P. 14/12/2011 - Good Onya Geek

    Glad Remove-it worked for you. :cool: A great simple, fast program to run.:)
    Sorry I didn't reply to you yesterday, but I had a 7am start at a grocery wholesaler to carry out a stocktake so was only only on MG for a short time yesterday.

    As for Jamieson, have you tried the 12 year old stuff. Also a friend of mine GAVE me a bottle of Jamieson GOLD that he bought in South Africa. AUD$90 a bottle, never seen it in OZ but what a beautiful drop. Love any Jamieson but it is a very rare treat for me, at any cost.

    As for kissing me, forget it. I'd rather have a beer, or two.;)
    PS: I lived in Gove (Nhulunbuy) for 15 years from 1972-1988. Beautiful spot. Bazza

    ===

     
  26. padams

    padams First Sergeant

    dude bazza, i was born in 1988!
     
  27. bigbazza

    bigbazza R.I.P. 14/12/2011 - Good Onya Geek

    Just goes to show we have old f*rts here, at MG, as well young whippersnappers. :D ;) :) Bazza

    ===

     
  28. padams

    padams First Sergeant

    at least us young whippersnappers get to learn from the best!
    I.E. all the "old f*rts"!
     
  29. G.T.

    G.T. R.I.P February 4, 2007. You will be missed.

    Of course, if you REALLY want to learn about f*rting, contact Kodo. :D
     
  30. EXOX3

    EXOX3 Staff Sergeant

    Hey Bazza & All,

    Brilliant program, although I don't understand why other virus checkers cannot pickup what RemoveIT does, and it's completely free, a total life saver!

    Well at the moment I just finished sorting out my directories/files into sizeable dvd ready sections, and now I`m burning them off one by one!

    Also I think I pinpointed where the virus is coming from on my PC, I found a file on my HDD called patch.exe, a microsoft cabinet self extracting, it was in my google earth directory, I double clicked it and wham, ciadoor virus everywhere, noticed here and their with Avast, and the guy telling me I`ve been infected, etc...

    So when I fixed it again with avast, then deep traces with RemoveIT, I went back into my program files\google earth\ dir, and the patch.exe was their again, I right clicked it and scanned it with avast, came back clean, double clicked it... WHAM! Virus came back...

    Weird, I ran DEEP scans of all MJ spyware removal programs, online deep scan of my drive, and that file in particular, nothing will pick it up as a virus, until it's double clicked, is this explainable?
     
  31. EXOX3

    EXOX3 Staff Sergeant

    Bazza,

    You are not that far from me at all, I haven't been to gove myself, but know a few people that go back and forth here/there for work related reasons :)

    I haven't tried the 12 year old jameison, I would love to though, will have to source it out, it's a nice drop, when I was going out partying and what not, back when I had no responsibilities other than myself, well sometimes myself, I would try many a drinks, but out of them all, I always liked the taste of Jameison, and as I found out last night, it's a good relaxant, settled my temper and mood down, never had a drink to settle myself down before, but I got to admit, it worked, this pc would be riddled with nike footprints, or bullet holes by now otherwise! :D
     
  32. ItsWendy

    ItsWendy MajorGeek

    Just curious, do you have a router installed?
     
  33. EXOX3

    EXOX3 Staff Sergeant

  34. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    I would be very careful what you delete using RemoveIT. Not every file it identifies is bad, the False Positive rate of this program has been high in the past. There are several viruses that masquerade a legit MS files. RemoveIT does not know the difference between the legit file and the bad one.
     
  35. ItsWendy

    ItsWendy MajorGeek

    Actually a lot of DSL/Cable modems do NOT have a router built in. Never make the assumtion. My experience when I connected my brand new DSL modem to my house network was similar to yours, so I added a router after the modem and all my problems went away. I can still get viruses and spyware, but I have to go and fetch them. Without a router they can basically self install over the network, no help needed.
     
  36. EXOX3

    EXOX3 Staff Sergeant

    Hey Guys,

    Well I just formatted, installed the essentials, nVidia 81.98 Drivers, DX9c (August ed), Realtek AC97 (Just downloading the new 391 release to update), etc etc

    Now all I got to do is get a firewall installed, guys, what do you recommend as a great, easy to use and understand firewall, I am not a pro when it comes to a firewall, I`m really a newbie of sorts, What 'Free' firewall do you recommend?

    Also, I will be going to the Malware section shortly to perform each protection task!

    Also, to the guys that helped me find my solution to fixing my hard drive problem, where XP couldn't see more than 127GB, well the Slipstreamed version worked great! I now have my WHOLE hard drive! in one tight nice C:\, with no unpartitioned space left! sincearly thankyou guys, you helped cure a nagging headache! I`m chuffed :)

    Any other suggestions on what to do to my system since its a complete fresh new install would be greatly appreciated :)
     
  37. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    This is a good read and covers everyting we recommend to protect your system: How to Protect yourself from malware!

    Many users are comfortable using ZoneAlarm Free. However ZoneAlarm has been known to conflict with some protection apps.
     
  38. EXOX3

    EXOX3 Staff Sergeant

    Hey Shadow,

    Thats the topic I just finished reading and following, just a tiny bit ahead of ya. :)

    I didn't know that about ZoneAlarm, it's difficult choosing a firewall, I just need one that is going to do it's job, without poping up everytime my PC twitches even a mm! Also something that is rather easy to understand and helps the user learn what is what as it goes along...

    I just don't want to install each one, testing them out one by one, I used Lavasoft firewall, that was alright, but it really is lack luster in explaining things, and when the ciadoor virus got activated, lavasoft popped up asking me to authorise permission to get connected to my DSL modeml
     
  39. infoseeker

    infoseeker Master Sergeant

    But ill bet you, ZA is very nice and easy to use but "rockz" on jobz:eek:

    :) >>infoseeker / jhempelayo<< :)
     
  40. rogvalcox

    rogvalcox MajorGeek

    I've been using zonealarm on both my systems, and for peoples comps that I fix, for probably 3 or 4 years now, and everybody seems to like it!!!! Not to say you won't, because you might have different task than me, but I've yet to see any app conflicts, personally.

    Roger
     
  41. G.T.

    G.T. R.I.P February 4, 2007. You will be missed.

    I use ZoneAlarm free and love it. I turn off the incoming alerts, as incoming innocent pings are common, and stopping the incoming crap is just doing it's job. You don't normally need to know every time something pings your puter. The outgoing permission requests are NORMAL for any good firewall. ZA tells you by name what's trying to dial out, and you can choose to always block, allow for that instance only, or always allow. When you first set it up, you'll spend some time approving all your normal apps that want to connect, and be surprised by how many TRY to connect that don't need to (set to always block and forget them), then you'll be properly suspicious if something surprising and unknown tries to dial out.

    Only "problem" I've had with it is a few games that want to connect, ZA pops up a permission request that you don't see because the game won't allow it to show, stops the game from loading, or registering, or whatever, and you may not realize why. Normally I just minize the game with the Windows/Start button, allow access, then pop the game window back up. Or exit the game program, find it in ZA's list of programs that have tried to connect, and manually enable it there, then re-do it. Not a big deal if you realize what's going on.
     
  42. bigbazza

    bigbazza R.I.P. 14/12/2011 - Good Onya Geek

    Thanks for the warning, S_P_D. :cool:
    RemoveIt are very regular with their updates and I always install the latest, when I find them on the MG frontpage www.majorgeeks.com that I religously check every day (for new stuff and updates).
    It has always worked for me over the past few months. :)
    Cannot comment on its performance, earlier than that. Bazza
    PS: Obviously Luthius found it very useful. Baz

    ===

     
  43. bigbazza

    bigbazza R.I.P. 14/12/2011 - Good Onya Geek

    Another thought. It might be worth uninstalling Google Earth.
    Run CCleaner and other PC housekeeping programs.
    And then download a fresh version of Google Earth (from MG, of course, http://www.majorgeeks.com/download4659.html ).

    Install it, do a search in its folder for patch.exe to see if it there and maybe double click on it if you want to tempt fate.

    MG downloads are checked out thoroughly by the MG guys, before they even consider listing them for downloads. They are very safe to use, IMHO. Bazza
     
  44. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    It's been a feww months since I tested RemoveIT to gage the FP rate. It may be better than in the past, but I would still exercise caution when removing files. Especially if they are in the Windows and System32 folders.
     
  45. malware killer

    malware killer Private First Class

    "Patch.exe" is actually the server installer component for Netbus, an old but POWERFUL "remote administration" hacker-tool. I first encountered it in late '97 / early '98, though I used it for LEGAL purposes; I don't think I've used it since late 1999. IIRC, I used version 1.70, to control part of my home network, which was NOT connected to the I'net.

    Read these (short) pages for more information:

    http://www.hackfix.org/netbusfix/capability.shtml

    http://www.hackfix.org/netbusfix/

    Netbus is similar to BackOrifice, which was released by Cult of the Dead Cow sometime after Netbus hit the streets. BackOrifice is another "remote admin" tool that also allows a hacker to take control of your system. Just as with Netbus, BO opens a port on your system; a hacker scans for the open port, and can then take COMPLETE control of your computer. They can see EVERYTHING you type, they can open and close windows, they can even open and close your optical drive trays...

    Anyway, just thought I should pass this along so you can remove Netbus, and try to find out how "patch.exe" got installed on your system in the first place; you might need to scan your CD-Rs and other removeable media to find the source.

    Good luck; keep us posted on your progress...
     
  46. bigbazza

    bigbazza R.I.P. 14/12/2011 - Good Onya Geek

    New version on today's front page at www.majorgeeks.com Bazza

    ===

     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds