Dubstepforum.com

dav.id wrote:I hope so I just got it 5 minutes ago

dubway wrote:

dav.id wrote:I hope so I just got it 5 minutes ago

we were filled with malware again,
so i cleaned it again.

it is safe now, but we have to prevent this happening again...

Phigure wrote:I'm afraid it's happened again

You know how DRTY had that virus? Well I was talking with him about it, and he had this virus called Alureon. Anyways, he ended up getting rid of it, however, two/three days later, I hop on my computer and I've got a fake anti-virus installed called Security Tool. It was pretty nasty, couldn't open up task manager or any system application besides Explorer.exe without it closing instantly. I managed to get rid of it, but two days later, I get on my netbook, and I've got BOTH Alureon and Security Tool, so they must be related. Seems kind of suspicious that three separate computers who were all used to browse DSF were infected by the same malware. I sent Dubway an email two days ago about it, because I figured it COULD be a coincidence and I could be wrong, but now Chrome's giving me warnings on every page on DSF, so it looks like it's happened again


Anyways, this malware is pretty nasty. But it is relatively easily removed with the proper tools. I've put together a .rar with all the tools that I used to get rid of this malware three times (DRTY, and myself twice). If you don't trust me, and would rather collect the tools yourself, then what you want is:

Malware Bytes Anti Malware
Super Anti Spyware
Combofix
rkill.com
TDSSKiller
Hostsperm.bat (NOT hot sperm)
Task Manager renamed to Explorer.exe

http://phiik.com/Virus%20Kit.rar

DRTY's infection was dealt with using TDSSKiller in conjunction with MalwareBytes and Combofix.

My first computer's infection didn't allow me to open any applications besides Explorer.exe, and it wouldn't let me close the process of the virus so you'll need to go to C:/Windows/system32 and find taskmgr.exe. Put a copy on your Desktop, and rename it Explorer.exe. Now hover over the Security Tool icon in your taskbar, and a short string of numbers will appear. I assume it's randomly generated, but mine was 60821822. Now open Explorer.exe on your Desktop, and go to the Processes tab, and find that string of number appended with .exe. Kill it. Now run rkill.com and TDSSKiller. After they've completed, launch Combofix. It'll most likely reboot your computer, allow it to do that. When your computer reboots, log in to Windows, and let Combofix continue. It'll scan and then go through 50 stages of cleaning. It'll most likely reboot again. When it reboots, it should be finished and will create a log file. Then install and launch Malware Bytes Anti Malware and SuperAntiSpyware, and perform a full scan. Make sure you scan your memory with SuperAntiSpyware. Now run hostsperm.bat to fix your HOSTS file. If your internet doesn't seem to work, open command prompt (run dialog box > cmd), and type in ping google.com. If you get a response with XX ms, etc, but none of your browsers work, then go to Control Panel, find Add or Remove Programs or Programs and Features. Look for some Norton Software that you probably never installed and uninstall it. If pinging google doesn't work, then try reinstalling your ethernet/wireless drivers.

My second computer's infection made my computer reboot as soon as I logged in, so I had to boot into Safe Mode by pressing F8 during start up. I managed to kill the infection using only this:

"Now run rkill.com and TDSSKiller. After they've completed, launch Combofix. It'll most likely reboot your computer, allow it to do that. When your computer reboots, log in to Windows, and let Combofix continue. It'll scan and then go through 50 stages of cleaning. It'll most likely reboot again. When it reboots, it should be finished and will create a log file. Then install and launch Malware Bytes Anti Malware and SuperAntiSpyware, and perform a full scan. Make sure you scan your memory with SuperAntiSpyware. Now run hostsperm.bat to fix your HOSTS file. If your internet doesn't seem to work, open command prompt (run dialog box > cmd), and type in ping google.com. If you get a response with XX ms, etc, but none of your browsers work, then go to Control Panel, find Add or Remove Programs or Programs and Features. Look for some Norton Software that you probably never installed and uninstall it. If pinging google doesn't work, then try reinstalling your ethernet/wireless drivers."



Even if you're not infected, or think you're not infected, I recommend you download the .rar and keep it on your Desktop because you could have the infection hiding in your system without even knowing it (EGADS!). It pretty much crippled both of my computers. Neither were able to connect to the internet, so I had to use an SFTP client to connect to my jailbroken phone with which I downloaded the antivirus tools and copy over the tools...

deadly habit wrote:my combo that does me right
avira, spybot, peerguardian 2
extensions for firefox: adblock plus, noscript

i would use chrome, but not keen on it's imprint on hard drive fragmentation

at OP: burn a AV rescue or live cd like kaspersky rescue disk or avira rescue system to hopefully take care of what you caught, then armor up your browser

deadly habit wrote:tools>options>security
block attack sites

just make sure you have the needed addons in case the shit happens again

deadly habit wrote:

faust.dtc wrote:Thanks, ill give that a try when I get home.

Does this block/unblock all attack sites or can you select or specify which particular sites you would like to block or unblock?

I want to surf this site as I have been told it is now safe however I dont want to turn it off only to become vulnerable by exposing my self to other possible attack sites.

it turns it off for all sites, but if you have the combo of:
noscript
noflash
adblock plus

along with decent av/spyware/malware programs, you should be fine

logic pro wrote:its the ROBOSTEP virus.
(chant it!

djfoster wrote:

dubway wrote:

dav.id wrote:I hope so I just got it 5 minutes ago

we were filled with malware again,
so i cleaned it again.

it is safe now, but we have to prevent this happening again...

sorry but from my Safari is not fixed cause I still get that msg every time.

Phigure wrote:anyone infected might want to take a look at this:
http://www.dubstepforum.com/dsf-malware-t158608.html

dubway wrote:

dav.id wrote:but we have to prevent this happening again...

bunzer0 wrote:

dubway wrote:

dav.id wrote:but we have to prevent this happening again...

this