Jump to content
Guidelines - Read before posting!

Strange Virus

endofreak

By endofreak
in Chit Chat

 Share

Recommended Posts

endofreak Trials King

endofreak

Posted
Posted

My mum is having a bit of trouble with her computer at home at the minute.

I have tryed to run the Virus scanner ( AVG 7 ), but it closes instantly.

Task manager also closes as quick as you open it. If you try to visit grisoft or any anti virus type websites it takes you to the BBC website or just closes IE for some reason.

Has anyone heard of a virus that does similiar things as mentioned above? If so, do you know a way of removing it?

Link to comment
Share on other sites
Interested Trials King

Interested

Posted
Posted (edited)

I had it last week on this laptop everything kept shutting down on me ,no hotmail or messanger either ,any site with antivirus on it shut down,it took over norton and disabled it ,even a thread with help in the title it shuts down IE ,i ran adware and it fixed it for me ,norton started working and i ran that to..Its fine now :o

I tried AVG it shut down i got the ad adware from here tell her to try it .

http://www.tech-forums.net/downloads.php

run this to

http://www.microsoft.com/security/malwarer...efault.mspx#run

since I had that last week,I've checked everything.

Edited by Interested
Link to comment
Share on other sites
Interested Trials King

Interested

Posted
Posted

Its bloody clever what ever it is, it stops you going on any sites that can help you,that link for the ad adware above was the only link i could click on without IE SHUTTING DOWN.I used one comp for going on computer forums asking for help,then had go on the infected laptop to try stuff out.

I tried read a thread on here when i had it ,the thread was titled 'mobile help' ,soon as i clicked on it ,IE shut down :P

Sooooooooooo glad its gone :o

( I also think i got it over MSN ,Couldn't use MSN or hotmail at all).

Link to comment
Share on other sites
monkey_pork Trials Monkey

monkey_pork

Posted
Posted

The reason you can't get into any of the website you mention is because the virus writes an entry in your PC's hosts file.

The hosts file is a plain text file that is used by your PC as it's kinda first place to look to resolve any DNS stuff. The virus adds an entry like this:

127.0.0.1 symantec.com

127.0.0.1 kaspersky.com

- and so on working it's way down the list of have sites ...

127.0.0.1 is the machines 'loopback' address. I'll skip the details, but it's the machines own 'internal' address, so anything that looks at 127.0.0.1 won't find anything (unless you are running DNS and HTTPd services on your own machine, that allow access via 127.0.0.1, in which case you'll know all this stuff anyway ...).

It works like this (this is a bit overly-simplified, but the principles are sound):

1. You type www.google.com into your browser address bar.

2. Your machine looks at it's host file to see if it can resolve the name into the ip address (which in this case is 66.102.11.104 - you can put that into your address bar and see for yourselves - don't put www.66.102 etc, just use the number).

3. Unless you have listed '66.102.11.104 google.com' in your hosts file your PC then looks to your ISP to resolve the address (via a process called DNS 'Domain Name Server' - like a kinda #yellow pages' I guess).

4. If the address you typed in is on the hosts file at '127.0.0.1' your machine tries to fetch the page from itself - which it can't do of course as it doesn't exist there. (With the unlikely exception above of course).

5. If it's not listed on the hosts file, your ISP will route you off to the page, and away you go.

Now, you could use the hosts file to list all the sites you go to, but it's not worth it - that's why DNS servers exist.

You'll be right in thinking that if you delete the 127.0.0.1 avsite.com from your hosts file, you'd be able to access the page - but there are additional steps to take too, such as killing the viruses running processes (in case it rewites the hosts file), and making sure that if you need to reboot, as opposed to restarting the browser that the virus doesn't trigger a new instance and undo what you have done.

The IE closing is not a hosts file issue - that'll be one of the machine services being killed by the virus - MSSasser & MSBlaster were 'good' examples of how killing a service could bring unpatched machines down.

Best bet - Run Windows update automatically to patch the holes to start with, learn about how to avoid infections on line, and get decent have and decent anti-spyware packages.

Stay safe out there ! :o

Link to comment
Share on other sites
monkey_pork Trials Monkey

monkey_pork

Posted
Posted
:P

(Geek :P :P )

Emoticon-O-Rama  :o

Err, yeah, sorry, I kinda got carried away trying to be helpful :P"

I deal with this stuff on a daily basis, and as knowledge is power, I thought I share the love...

"Some day this war's gonna end".

This is one of the ways.

Link to comment
Share on other sites
endofreak Trials King

endofreak

Posted
  • Author
Posted

Thankyou for the help everybody, it is very much appreciated.

I haven't had a chance to go to my mum's to try anything yet, but I did find out from her that when she starts up the computer, the very first thing to load up is a text file titled " Larissa you muppet ".

I searched for the above in Google and found out that the Virus is called W32/Sumom-C.

Should hopefully be able to get rid of this thing pretty soon. (Y)

Thanks again.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...