Malicious Malware

[Timbuk2]

I've become infected somehow. Seriously infected.

Despite having AVG antivirus running.

Links in Chrome take me to random places.

Google search when clicking on links takes me to ad spam search sites or gives me redirects or broken links. Typing directly into address bar works, though only sometimes.

Exact same problems occur in both IE and Chrome.

The worst part of the infection is that I cannot update any definition files for any spyware program I'm attempting to install and run to disinfect. I'm blocked from all update servers it seems.

Thusfar I've attempted Ad Aware, Spybot Search and Destroy, Malbytes Anti-Malware and Housecaller. All fail to update with latest definition file; effectively rendering them useless.

Attempting to access tech forums on this problem throws up a broken link so that I cannot even get fucking tech help.

~

AVG is up to date, but full scan picks up nothing.

Comodo registry cleaner is up to date and picked up a few odds and sods but not this problem.

~

Am at a loss.

Reformat is a huuuuuuuuuuuge hassle and I really do not have the time.

[littlelolligagged]

Not that I'm the person to go to for techy help, but can ya tell what it is called?

[Timbuk2]

Can you tell me if this is a valid link for you?

It's the download for the definition file for Ad Aware ...

http://download.lavasoft.com/public/core.zip

[Steely Glint]

1) Fix tautology in thread title.
2) Download Hijack This
3) Run scan
4) Post log
5) Await assistance.

[Timbuk2]

Done.

Smartarse.

[Steely Glint]

O23 - Service: XPF - Unknown owner - C:\Users\Tim\AppData\Local\Temp\XPF.exe (file missing)

*crrrk*

Contact confirmed. We have free parasites. *crrrk* Sector is not secure. Commence surface sweep. *crrrk* Sterilization team, advance to contact and expunge.

[ar81]

Symantec Endpoint Protection is a good payware for such a thing, I can tell...

[EmperorNorton]

Had a similar problem at work. Only way to fix this problem was to use Combofix. Most AV software, including AVG, are useless against this 'virus'.

http://www.combofix.org/

[Dreadnaught]

So every link you clicked on went to random places or just things like search result links?

[Timbuk2]

*crrrk*

Contact confirmed. We have fee parasites. *crrrk* Sector is not secure. Commence surface sweep. *crrrk* Sterilization team, advance to contact and expunge.

Hm thought I'd cleared out my local>temp folder but perhaps not.

Had a similar problem at work. Only way to fix this problem was to use Combofix. Most AV software, including AVG, are useless against this 'virus'.

http://www.combofix.org/

Cheers.

I'll give that a try on monday when I'm back home.

If the malware I have allows me to download it and the latest definition file for it that is.

So every link you clicked on went to random places or just things like search result links?

It's weird. Not every link I click on redirects me.

It mostly redirects me from links in a google search, but not exclusively. Sometimes a link would randomly open Facebook.

[Ziggy Stardust]

You could also use it as an excuse to format, clean up the clutter and start with a crispy fresh virgin computer.

[Timbuk2]

I may have to. I have a feeling this thing has killed my comp.

I'll have one more go at killing at on monday, then it's reformat time.

~

Trouble is, my poxy dell PC has a 'known' problem with the 750w PSU, with the voltage overload trigger. When you switch the PC off, you cannot switch it back on again until the trigger resets, and this can take anything from an hour to several days.

Meaning I have left my power switched permanently on for a couple of months now.

Reformatting therefore will be a nigh-on impossible task until I replace my PSU.

And replacing the PSU is a nightmare because only Dell makes them, and they are permanently out of stock. And expensive.

SIIIIIIIIIIIIIIIGGGHHHH

[Ziggy Stardust]

Trouble is, my poxy dell PC has a 'known' problem with the 750w PSU, with the voltage overload trigger. When you switch the PC off, you cannot switch it back on again until the trigger resets, and this can take anything from an hour to several days.

Crap! That is effed up.

[Timbuk2]

Yup. And reading the tech boards there are many, many out there with an identical problem on the XPS Dell models.

Though this is my 3rd Dell, I've been happy with them to date and this is my first ever hardware problem, with any PC, I won't be buying from Dell again.

Just the fact that you can only buy replacement parts from them is enough of a put-off really. Even harddrives have a unique Dell connector.

[littlelolligagged]

How old is your Dell?

Maybe it is time for a new toy.

[Timbuk2]

A little over 2 years old.

It was top-of-the-range and expensive, and can still handle all I throw at it with everything turned up to 11.

So won't be looking to replace it for about a further 2 years.

~

I'll just need to get my act together, replace the PSU, and I think a reformat probably is in order.

I just have so little time. And transferring my gigabytes of porn onto backup and secondary drives will take an age.

[Wraith]

Have you tried booting into safe mode to destroy the file Steely mentioned? Also, doing a system restore from safe mode to a time when you weren't infected if that doesn't work?

If you do feel you need to format, you can almost always get away with just reinstalling the OS instead, so you don't have to deal with backing up all your other software and data.

[littlelolligagged]

Poor Bukaroo

At least you're spending the weekend out having fun!

[Timbuk2]

Have you tried booting into safe mode to destroy the file Steely mentioned? Also, doing a system restore from safe mode to a time when you weren't infected if that doesn't work?

Not tried either Wraith. More things for me to try.

If you do feel you need to format, you can almost always get away with just reinstalling the OS instead, so you don't have to deal with backing up all your other software and data.

Aye indeed. I have a secondary disk anyway so would just copy all essential data onto that and do a clean format if I still can't kill the malware.

Always feel like a full format is a better route than just an OS reinstall. Completely virgin drive and start again without any cluttering crap.

[EyeKhan]

Malicious Malware.

Alliteration amply appreciated.

Benevolent Malware. Can this ever be?

[littlelolligagged]

Benevolent Malware. Can this ever be?

Well, it could be - it could, for example, keep unwanted stupid people off the interwebs.

[Timbuk2]

Yay.

In which case my title may not necessarily be a tautology.

Fanx guys.

[Steely Glint]

Hm thought I'd cleared out my local>temp folder but perhaps not.

You may have. If fact, the scan says you did ("file missing") but alot (probably most) malware infections run in memory, and they just reinstall themselves if you try and delete them. You need to either terminate the process in the task manager, then delete the file or delete in safe mode as Wraith explained.

Benevolent Malware. Can this ever be?

Hint: the mal in malware stands for malicious.

[littlelolligagged]

Hint: the mal in malware stands for malicious.

And if alphabetsouprobot81 had malware that kept him from posting?

[EyeKhan]

Hint: the mal in malware stands for malicious.

Benevolent Malicious Software. Hmmm..... What about a virus that crashes your work PC whenever you try to go to a porn site? Yes, it crashed your PC, but maybe it's saving your job.

[Timbuk2]

You may have. If fact, the scan says you did ("file missing") but alot (probably most) malware infections run in memory, and they just reinstall themselves if you try and delete them. You need to either terminate the process in the task manager, then delete the file or delete in safe mode as Wraith explained.

Hmmm ok. I have checked through the processes in task manager and didn't see anything out of place but I'm certainly no expert on what and what shouldn't be there.

I'll keep my eyes open for any hint of xpf.exe and stamp on it with a large boot if I find anything.

Hint: the mal in malware stands for malicious.

Eh? I thought the Mal in Malware was from the French word for bad: mal. As in malformed

But that was just an assumption.

[Ominous Gamer]

Safe mode is the way to go, also might help to boot into safe mode, run msconfig to disable all startup programs, see if AVG will run, delete your host file, then restart into regular mode to see if you can update anything.
Don't understand how or why, ask. Not going to waste time typing if you already get it.

Are you sure your Dell is hardware locked down? I thought Dell was getting away from that. I haven't worked on a Dell that required special parts in years. I'm especially interested in these Dell only harddrives.
Then again, maybe they have to locked down the XPS line to stop it from cannibalizing Alienware sales.

[Timbuk2]

Cheers for advice OG.

Yep - the XPS is locked down - believe me I've looked everywhere for PSUs. There's even a supplier in Austin Texas that can supply Dell parts cheaply - but then paying to ship it to UK makes it up to full price again.

Only alternative apert from waiting for Dell to regain stock is eBay.

[Steely Glint]

Hmmm ok. I have checked through the processes in task manager and didn't see anything out of place but I'm certainly no expert on what and what shouldn't be there.

I'll keep my eyes open for any hint of xpf.exe and stamp on it with a large boot if I find anything.

See here for further information, and known aliases.

[Timbuk2]

Had a similar problem at work. Only way to fix this problem was to use Combofix. Most AV software, including AVG, are useless against this 'virus'.

http://www.combofix.org/

Woohoo!

This seems to have squashed the little fucker.

Safemode, Combofix, splat.

Can access Ad Aware and Malbyte updates now and no weird redirects so far, so certainly seems to have been deaded.

Combofix's log files don't seem to tell you what it actually removed or disinfected, so I have no idea what nasty malware this was. But anyway.

Nice one!