Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Rootkit.KInject is a sexy new virus. Let's talk about notable viruses we have recently encountered
 
  • Locked thread
mischief
Jun 3, 2003

 Just chipping in to say I failed miserably trying to save my wifes desktop from Virut. I've never been unable to resolve a computer issue quite so spectacularly. That is a seriously tenacious little fucker, even trying multiple command line AV's from safe mode and all the other standard approaches was fruitless. One exe somewhere always snuck by or couldn't be cleaned, and then it all started over again. I ended up mounting the drive in knoppix and pulling our pictures off of it and then completely reinstalling XP.

The computer was running a fully patched XP and NOD32 4.0.314.0

My faith in NOD32 is seriously jilted, and I am seriously impressed/pissed off with the creator(s) of that bastard.

* # ¿ Apr 20, 2009 05:33
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 16, 2024 12:50
  • Quote
mischief
Jun 3, 2003

Cedra posted:

So uh, how do you guys know that Virut is on your machine? I'm reading a couple of write ups from AV vendors like Symantec (useless) to McAfee (slightly more informative, but barely) and there appears to be little information about obvious symptoms. Are your .exes failing to execute? Are you using something like IceSword to see what TCP connections are open?

I noticed it on hers because Ad Muncher failed its CRC check and shut itself off after getting infected. From that point on it was like trying to walk off of a floor covered in something sticky. Everything you did just made the mess worse.

Stanley Pain posted:

Did you have NOD32's heuristics set to max and the option of "unwanted programs" checked off?

I did not, but I do now! I think I just got complacent, honestly. I hadn't had a virus since Michelangelo so I was probably a little lax.

* # ¿ Apr 20, 2009 15:33
  • Quote
mischief
Jun 3, 2003

 Aaaaand pretty sure my gaming box has it now as well. That's where I dumped the pictures from the first computer infected. I was really, really cautious about what I transferred and thought it was all pretty sanitized. I first noticed the system clock resetting to 2003 and got worried, and then the random connections to .pl sites started and Ad Muncher failed the CRC check. Please note that this was with NOD32 "set to 11" so to speak, and it still hasn't actually alarmed for having the virus... It's kind of frustrating when the user can detect the virus before the anti-virus. :sweatdrop:

It's powered down in the corner waiting for the Knoppix treatment. Good times!

drat shame for Time Warner here in Greensboro, though, that'll be about 24 gigs of Steam games downloaded tomorrow putting that computer back together. Thank goodness they fixed that pricing idea. :haw:

* # ¿ Apr 21, 2009 03:36
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Rootkit.KInject is a sexy new virus. Let's talk about notable viruses we have recently encountered