Virus

Anything and Everything about Uplink

Moderators: bert_the_turtle, jelco, Chris, Icepick, Rkiver

Me300
level4
level4
Posts: 860
Joined: Tue Jan 27, 2004 7:10 am
Location: A cardboard box

Virus

Postby Me300 » Mon May 31, 2004 4:19 am

I was recently infected with a virus resembling Sasser.
My father got Sasser on his computer, so I know what the message that pops up on your screen says.
This is the same message I got on my screen.
But I've also noticed that my autocomplete is completely disabled and can't be reactivated, my saved passwords are gone, several icons on my desktop are missing, and about 20 minutes ago, the Shutdown button on my Start Menu magically vanished.
I would really appreciate it if you all could give me information on this virus and how to get rid of it. Thanks.
Image
User avatar
dudeman
level2
level2
Posts: 160
Joined: Sat Jul 06, 2002 1:41 am
Location: Indiana, USA
Contact:

Postby dudeman » Mon May 31, 2004 5:05 am

Have you tried a virus scan yet? If you can't do one on your PC try this one. It's the Norton one, so its pretty good. Sorry to hear about your computer.
Me300
level4
level4
Posts: 860
Joined: Tue Jan 27, 2004 7:10 am
Location: A cardboard box

Postby Me300 » Mon May 31, 2004 6:06 am

I've already tried a virus scan, else I wouldn't post here.
And PB suggested to me that it could be adware, so I ran Ad-Aware.
Image
User avatar
Hektik sniper
level5
level5
Posts: 3642
Joined: Tue May 07, 2002 4:58 pm
Location: A Field with my fellow Clows.... MOOOOOOO!!!!!
Contact:

Postby Hektik sniper » Mon May 31, 2004 9:17 am

try spybot search and destroy too.
British Army The Number 1 UK Soldat Clan
Winners of Storm and Destory CTF
User avatar
sweaty bob
level5
level5
Posts: 1852
Joined: Fri Aug 23, 2002 7:30 pm
Location: England , Devon
Contact:

Postby sweaty bob » Mon May 31, 2004 10:41 am

go through task manager looking through all the processes and typing the ones that you think are sucpicous in to google and it should tell what their about.
Image
Swift99
level1
level1
Posts: 35
Joined: Mon Mar 08, 2004 5:39 pm
Location: Channel Islands

Postby Swift99 » Tue Jun 01, 2004 2:14 pm

sweaty bob wrote:go through task manager looking through all the processes and typing the ones that you think are sucpicous in to google and it should tell what their about.


I have vb code. Open excel, press Alt+F11, click on the drop-down to the right of the button with xcel logo on it. Click 'Module' Paste this code:

Code: Select all


Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, _
                                                  ByVal bInheritHandle As Long, ByVal dwProcessID As Long) As Long
Public Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Public Declare Function GetCurrentProcess Lib "kernel32" () As Long

Public Const TH32CS_SNAPPROCESS As Long = 2&
Public Const MAX_PATH As Integer = 260
Public Type PROCESSENTRY32
    dwSize As Long
    cntUsage As Long
    th32ProcessID As Long
    th32DefaultHeapID As Long
    th32ModuleID As Long
    cntThreads As Long
    th32ParentProcessID As Long
    pcPriClassBase As Long
    dwFlags As Long
    szExeFile As String * MAX_PATH
End Type

Public Declare Function CreateToolhelpSnapshot Lib "kernel32" _
Alias "CreateToolhelp32Snapshot" _
(ByVal lFlags As Long, ByVal lProcessID As Long) As Long

Public Declare Function ProcessFirst Lib "kernel32" _
Alias "Process32First" _
(ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long

Public Declare Function ProcessNext Lib "kernel32" _
Alias "Process32Next" _
(ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long

Public Declare Sub CloseHandle Lib "kernel32" _
(ByVal hPass As Long)

Sub gdygsd()
Dim hSnapShot As Long
Dim uProcess As PROCESSENTRY32
Dim r As Long

hSnapShot = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0&)
    If hSnapShot = 0 Then
        Exit Sub
    End If
    uProcess.dwSize = Len(uProcess)
    r = ProcessFirst(hSnapShot, uProcess)
    Do While r
        MsgBox uProcess.szExeFile & vbCrLf
        r = ProcessNext(hSnapShot, uProcess)
    Loop
    Call CloseHandle(hSnapShot)
End Sub


Now press the 'play' button to run it

This lists the paths of all running programs, so instead of ending task, you find a suspicous path, and goto it and delete it.

Sorry about the length of this.
Uplink's amazin'
Angry Armadillo
level3
level3
Posts: 331
Joined: Sat Apr 27, 2002 4:33 pm
Location: England
Contact:

Postby Angry Armadillo » Wed Jun 02, 2004 1:03 pm

that code helps me too!!

that just lists the .exe name

but searching for a file isnt hard, lol

Return to “General”

Who is online

Users browsing this forum: No registered users and 2 guests