It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
something bad on my pc
page: 1share:
Hi guys...
I've done some researches on my problem and with the info I got it seems I am victim of a rootkit.
At first I thought of TDSS Alureon (I have all the same symptoms)
But all the hints and advices I found on the net (with my 2nd computer, really old) are innefective.
I've tried Sophos, Spybot, malawarebytes anti malware, malawarebytes anti rootkit, avast anti rootkit and the famous Tdsskiller from kapersky.
Nothing worked.
Now I think its maybe a TDL4 (fourth generation rootkit)
If someone have any advice I'll take it please, I'm really stuck.
Here's some of my symptoms:
I use googlechrome
On all the internet, only facebook is working perfectly (strange)
I have acces to my gmail, and in gmail you have a google search bar, I can research there, I see the results, but I can't click on any cause the page will never load. It's says: err_connection_reset
I cannot go to the real google its not working (only via gmail).
Also in my windows update, I get the error code80072EFE.
Its when I saw this error that I thought of Tdss alureon.
Now I really don't know what to do, all the programs and utilities I tried tell me I have nothing suspicious on my pc.
This thread is my last resort
I've done some researches on my problem and with the info I got it seems I am victim of a rootkit.
At first I thought of TDSS Alureon (I have all the same symptoms)
But all the hints and advices I found on the net (with my 2nd computer, really old) are innefective.
I've tried Sophos, Spybot, malawarebytes anti malware, malawarebytes anti rootkit, avast anti rootkit and the famous Tdsskiller from kapersky.
Nothing worked.
Now I think its maybe a TDL4 (fourth generation rootkit)
If someone have any advice I'll take it please, I'm really stuck.
Here's some of my symptoms:
I use googlechrome
On all the internet, only facebook is working perfectly (strange)
I have acces to my gmail, and in gmail you have a google search bar, I can research there, I see the results, but I can't click on any cause the page will never load. It's says: err_connection_reset
I cannot go to the real google its not working (only via gmail).
Also in my windows update, I get the error code80072EFE.
Its when I saw this error that I thought of Tdss alureon.
Now I really don't know what to do, all the programs and utilities I tried tell me I have nothing suspicious on my pc.
This thread is my last resort
reply to post by sweeper84
The most complete fix is to wipe your hard drive and start over. If most of the other fixes didn't work, this may be what you are left with doing. Anyway, it may not be a virus or rootkit. With a really old PC, and especially an old laptop, it could easily be a failing hard drive.
The most complete fix is to wipe your hard drive and start over. If most of the other fixes didn't work, this may be what you are left with doing. Anyway, it may not be a virus or rootkit. With a really old PC, and especially an old laptop, it could easily be a failing hard drive.
I'm assuming you can't open Task Manager either? If you did, I'm also assuming you tried closing every single unnecessary program? I'm hesitant that
TM worked though considering the description.
Considering
I doubt it
BayesLike
reply to post by sweeper84
The most complete fix is to wipe your hard drive and start over. If most of the other fixes didn't work, this may be what you are left with doing. Anyway, it may not be a virus or rootkit. With a really old PC, and especially an old laptop, it could easily be a failing hard drive.
Considering
On all the internet, only facebook is working perfectly (strange)
I have acces to my gmail, and in gmail you have a google search bar, I can research there, I see the results, but I can't click on any cause the page will never load. It's says: err_connection_reset
I cannot go to the real google its not working (only via gmail).
I doubt it
edit on 27-10-2013 by mr10k because: (no reason given)
reply to post by BayesLike
no its not on a old pc, its on my main pc, Icame on ats with my old one, and yes I can open the task manager, I also tried all the software in safemode, and in safemode with internet, the same problems happen
no its not on a old pc, its on my main pc, Icame on ats with my old one, and yes I can open the task manager, I also tried all the software in safemode, and in safemode with internet, the same problems happen
reply to post by sweeper84
I had a rootkit called Babylon Search Bar and tried like you to no avail. i thought for sure malwarebytes would work. But finally, I tried a program called SpyHunter and it worked. It was not free however. You can run its check for free and see if it finds your rootkit, though.
I had a rootkit called Babylon Search Bar and tried like you to no avail. i thought for sure malwarebytes would work. But finally, I tried a program called SpyHunter and it worked. It was not free however. You can run its check for free and see if it finds your rootkit, though.
OP if you can open TM fine and use SM do open software I don't think a rootkit would be your problem. And you're completely sure your network is
fine? Have you at least run a check with ping/tracert?
I'm assuming these scans that you have done was in safe mode? Also, you should pull the hard drive and run the scans externally on another computer,
you didn't specify that.
Wiping and re-installing O.S. is the easiest option though, some of these are so time consuming and in locked folders that it is just easiest to start clean. These corporations should be held accountable for paying people to create this crap! They should all be shot. Good luck.
Wiping and re-installing O.S. is the easiest option though, some of these are so time consuming and in locked folders that it is just easiest to start clean. These corporations should be held accountable for paying people to create this crap! They should all be shot. Good luck.
reply to post by sweeper84
TDSSKiller should be able to handle Alureon. IIRC, Alureon infects the MBR so if you suspect you've got a newer variant, you may want to boot from your Windows install disc, go into the repair console and run bootrec with the /fixmbr option as a first step and then boot into safe mode and scan again from there.
You could run AV scans from a bootable thumb drive or pop the hdd into your older computer and scan the FS from there. Depending on your network setup/hardware, you might be able to do some packet capture and sniffing the traffic to/from that machine would be pretty definitive.
I wouldn't be quick to jump straight to believing it was a rootkit though. I know that the older version of Alureon caused a particular update to fail, but updates fail for a multitude of reasons. My first thought was a network issue, but you have a second PC that's functional and I'm assuming that both computers are on the same network, pointing to the same gateway and using the same DNS servers. I'm sure you've disabled any software firewalls that might be present? It might still be some sort of corruption (from a physical drive error, mangled updated, etc).
It sounds noobish, but did do a restore yet? Roll back to before the last updates. I like to poke fun at my Windows administrator friends because well.. I'm a snob, but one of the jabs I favor is that most Windows administrator comes down to the 3 R's-- Reboot, Restore, or Reinstall.
Good luck to you, let us know how you make out.
TDSSKiller should be able to handle Alureon. IIRC, Alureon infects the MBR so if you suspect you've got a newer variant, you may want to boot from your Windows install disc, go into the repair console and run bootrec with the /fixmbr option as a first step and then boot into safe mode and scan again from there.
You could run AV scans from a bootable thumb drive or pop the hdd into your older computer and scan the FS from there. Depending on your network setup/hardware, you might be able to do some packet capture and sniffing the traffic to/from that machine would be pretty definitive.
I wouldn't be quick to jump straight to believing it was a rootkit though. I know that the older version of Alureon caused a particular update to fail, but updates fail for a multitude of reasons. My first thought was a network issue, but you have a second PC that's functional and I'm assuming that both computers are on the same network, pointing to the same gateway and using the same DNS servers. I'm sure you've disabled any software firewalls that might be present? It might still be some sort of corruption (from a physical drive error, mangled updated, etc).
It sounds noobish, but did do a restore yet? Roll back to before the last updates. I like to poke fun at my Windows administrator friends because well.. I'm a snob, but one of the jabs I favor is that most Windows administrator comes down to the 3 R's-- Reboot, Restore, or Reinstall.
Good luck to you, let us know how you make out.
edit on 27-10-2013 by theantediluvian because: (no reason given)
yeah I did a restore, but problem was still there.
My main pc access to internet is wired, the older one is wi-fi.(no comment)
So they can't connect to each other.
Yeah I runned my tests in safemode.
Just found something new, Sophos found a mal/depslear-B, aka Trojan-Spy.JS.Agent.d
I think I found it, now I'll try to delete it.
I'll give some news later, thanks to all who took the time to answer my thread.
Hope I don't have anything worse than this virus
My main pc access to internet is wired, the older one is wi-fi.(no comment)
So they can't connect to each other.
Yeah I runned my tests in safemode.
Just found something new, Sophos found a mal/depslear-B, aka Trojan-Spy.JS.Agent.d
I think I found it, now I'll try to delete it.
I'll give some news later, thanks to all who took the time to answer my thread.
Hope I don't have anything worse than this virus
Edit8 just seen you ran them in safemode:
With all them things installed it might be one of the reasons why you can't use windows update. maybe some of them are blocking a serivce?
in safemode can you use windows update?
also you should if you ain't done so, run all them scans in safemode without network. just make sure they are up to date.
last straw is the format, but it really is the last straw..
Windows Update error 80072efd
If you receive Windows Update error 80072efd while checking for updates, the cause might be a high number of update requests on the Windows Update servers. Close Windows Update, wait 10 to 15 minutes, and then run Windows Update again. You can also wait for Windows Update to run at its next scheduled time.
If you continue to receive this error, it might mean that a program running on your computer is preventing Windows Update Services (SVCHOST) from accessing the Internet. Programs that might do this include firewalls, anti-spyware software, web accelerators, Internet security or antivirus programs, and proxy servers.
To correct the problem, you might need to add the Windows Update website addresses to the blocking program's exceptions or "allow" list or allow Windows Update Service to connect to the Internet through port 80 and port 443.
With all them things installed it might be one of the reasons why you can't use windows update. maybe some of them are blocking a serivce?
in safemode can you use windows update?
also you should if you ain't done so, run all them scans in safemode without network. just make sure they are up to date.
last straw is the format, but it really is the last straw..
Windows Update error 80072efd
If you receive Windows Update error 80072efd while checking for updates, the cause might be a high number of update requests on the Windows Update servers. Close Windows Update, wait 10 to 15 minutes, and then run Windows Update again. You can also wait for Windows Update to run at its next scheduled time.
If you continue to receive this error, it might mean that a program running on your computer is preventing Windows Update Services (SVCHOST) from accessing the Internet. Programs that might do this include firewalls, anti-spyware software, web accelerators, Internet security or antivirus programs, and proxy servers.
To correct the problem, you might need to add the Windows Update website addresses to the blocking program's exceptions or "allow" list or allow Windows Update Service to connect to the Internet through port 80 and port 443.
edit on 27-10-2013 by Fisherr because: (no reason
given)
If you are comfortable with moving outside Windows for an evening, you can find a variety of solutions which install a 100% self contained and
bootable Linux environment on a Flash drive. That boots entirely outside the Windows file system and windows problems. You can then, very often, do a
full scan of the entire system with NOTHING the virus is attached to being 'triggered' or run in the process.
It's a very easy and quick thing, if you have done it before. It'll be a couple hours of learning, most likely, if you have never done it before ...but you'll only have to spend that time 1 time.
In my opinion Linux Live USB Creator is the best thing going and what I've used when I need something. Hiren's BootCD is also golden but *BIG* and so, difficult to find for easy download. What that is, is a bootable collection of basically everything a comp tech would want or ever need for emergency diagnosis and recovery on an outside media.
Stick to the Linux Live creator if it's a first time thing tho. They make it as idiot proof as someone with no previous experience could ask for on this.
That's my suggestion.
It's a very easy and quick thing, if you have done it before. It'll be a couple hours of learning, most likely, if you have never done it before ...but you'll only have to spend that time 1 time.
In my opinion Linux Live USB Creator is the best thing going and what I've used when I need something. Hiren's BootCD is also golden but *BIG* and so, difficult to find for easy download. What that is, is a bootable collection of basically everything a comp tech would want or ever need for emergency diagnosis and recovery on an outside media.
Stick to the Linux Live creator if it's a first time thing tho. They make it as idiot proof as someone with no previous experience could ask for on this.
That's my suggestion.
reply to post by Fisherr
ok thanks for the info.
All my virus removal tools were installed after the problem had occured, and they are updated with the last update i can download them with my other pc, I cannot update them once they are installed in my infected pc.
Also the windows error code was 80072EFE, and if you google it, most of the time you will see TDL3, TDL4 and TDSS alureon. Thats why I searched for rootkit removal utilities.
Also a rootkit can install other viruses on you computer.
I'm very suspicious cause its the first time I find this mal/depslear-B.
Maybe rootkit just installed it.
I'M still running tests, the time it tooks to write me message here, my computer reseted all by itself so I wasn't able to delete the virus with Sophos
ok thanks for the info.
All my virus removal tools were installed after the problem had occured, and they are updated with the last update i can download them with my other pc, I cannot update them once they are installed in my infected pc.
Also the windows error code was 80072EFE, and if you google it, most of the time you will see TDL3, TDL4 and TDSS alureon. Thats why I searched for rootkit removal utilities.
Also a rootkit can install other viruses on you computer.
I'm very suspicious cause its the first time I find this mal/depslear-B.
Maybe rootkit just installed it.
I'M still running tests, the time it tooks to write me message here, my computer reseted all by itself so I wasn't able to delete the virus with Sophos
1 thing I read on rootkits, is that they are not deleted with a format, so since I'm not sure if its a rootkit or not I don't want to format. And I
don't have a windows cd anymore.
For those who may ask, I'm running windows seven 64bit
For those who may ask, I'm running windows seven 64bit
reply to post by Wrabbit2000
ok thanks I have to admit thats a good solution.
if I don't resolve my problem tonight I will try that usb linux
ok thanks I have to admit thats a good solution.
if I don't resolve my problem tonight I will try that usb linux
bootable flash drives for the win, always keep a collection of OS installs and a few bootable for repair work.
Sometimes the easiest fix is to bypass the infected HD entirely, let something else boot up and repair the drive that way.
eta: nvm see wrabbit covered it.
Sometimes the easiest fix is to bypass the infected HD entirely, let something else boot up and repair the drive that way.
eta: nvm see wrabbit covered it.
edit on 27-10-2013 by benrl because: (no reason given)
I'm curious exactly what traffic is being affected. You say you are able to connect to facebook and gmail and I'm assuming you're logged into both
and it's an https (port 443) connection vs http (port 80). Try connecting to Google using https
(www.google.com...), does that work?
Windows Update error 80072efd is a pretty general error that occurs when Windows Update can't connect and Windows update also uses ports 80 and 443.
Windows Update error 80072efd is a pretty general error that occurs when Windows Update can't connect and Windows update also uses ports 80 and 443.
I would try this Power Eraser first, before doing anything else....
If this does not work, then proceed with more heavy handed measures.
support.norton.com...
If this does not work, then proceed with more heavy handed measures.
support.norton.com...
Couple of ways to help you tell if it is a rootkit. When you do a google search for something and then click on the result to go to the page, does it
take you somewhere else? Do you hear anything running in the background, video, voice or anything else? Also, 1 thing to check is open your task
manager and go to the "processes" tab. Then close all your browsers. After you close your browsers, keep watching the process tab (5-10minutes) and
see if the browser process ends up popping back up there as if it is running even though it's not open. If you are having trouble running or
installing anti malware and antivirus programs in normal not safe mode, that could be a sign as well.
1st thing I would do is download CCleaner and Malwarebytes. (I think you said you had that already) Run CCleaner, then reboot. Run Malwarebytes then reboot. Then run your antivirus, make sure to remove everything that is found and then reboot. I would do all of this in safe mode and in the order stated. If that doesn't work, create an account on www.bleepingcomputer.com... I am a member and previous contributer there and the people there are great. Find the forum that best fits your issue and post a summary of what is going on. A tech support person will answer your post, probably have you download and run "hijackthis" and will assess what they see. They will then guide you through every step that needs to be done to get rid of whatever is found. Yes, it's free
As someone who has had to rely on them before I knew things I know now, I think it's one of the most valuable sites ever created. Be patient though, the whole process could take a few days or so. You always have the option of doing a fresh install of your OS but you are better off getting rid of a rootkit 1st. Trust me, before you go crazy, give BC a shot. Good luck and let us know what happens as you try things.
1st thing I would do is download CCleaner and Malwarebytes. (I think you said you had that already) Run CCleaner, then reboot. Run Malwarebytes then reboot. Then run your antivirus, make sure to remove everything that is found and then reboot. I would do all of this in safe mode and in the order stated. If that doesn't work, create an account on www.bleepingcomputer.com... I am a member and previous contributer there and the people there are great. Find the forum that best fits your issue and post a summary of what is going on. A tech support person will answer your post, probably have you download and run "hijackthis" and will assess what they see. They will then guide you through every step that needs to be done to get rid of whatever is found. Yes, it's free
As someone who has had to rely on them before I knew things I know now, I think it's one of the most valuable sites ever created. Be patient though, the whole process could take a few days or so. You always have the option of doing a fresh install of your OS but you are better off getting rid of a rootkit 1st. Trust me, before you go crazy, give BC a shot. Good luck and let us know what happens as you try things.
edit on 27-10-2013 by
awhispersecho because: (no reason given)
edit on 27-10-2013 by awhispersecho because: (no reason given)
I just want to add that you may want to check the add-ons or extensions installed or running in your browser. I recently had to remove a stubborn
"virus" from someone's computer. It kept coming back and redirecting from search results in addition to constantly changing the home page. Turned
out that it was constantly reinstalling a browser extension which was then semi hijacking the computer. Had to uninstall the extension and then find
the related programs in the add/remove programs section of control panel. Uninstalled them and then ran CCleaner. After that, ran the registry cleaner
part of CCleaner, (you need to do this to remove all entries of whatever it is) save a backup just to be sure and then remove the registry entries.
Was good to go after that.
You mentioned virus tools...you only require one and should only have one. They conflict with each other and are useless. I use AVG and have never
had an issue with my laptops, full version key can be found for free on Internet. As an example, AVG shuts off installed windows antivirus once you
install it, because..they conflict and do not work together. Get one and delete the rest, then run scan...
One further thing ..NEVER play around with the registry or with registry cleaners, fixers
Thanks
One further thing ..NEVER play around with the registry or with registry cleaners, fixers
Thanks
edit on 28-10-2013 by tayton because: Afterthought , lol
new topics
-
George Stephanopoulos and ABC agree to pay $15 million to settle Trump defamation suit
Mainstream News: 3 hours ago -
More Bad News for Labour and Rachel Reeves Stole Christmas from Working Families
Regional Politics: 9 hours ago -
Light from Space Might Be Travelling Instantaneously
Space Exploration: 10 hours ago -
The MSM has the United Healthcare assassin all wrong.
General Conspiracies: 11 hours ago -
2025 Bingo Card
The Gray Area: 11 hours ago
top topics
-
The Mystery Drones and Government Lies
Political Conspiracies: 13 hours ago, 14 flags -
George Stephanopoulos and ABC agree to pay $15 million to settle Trump defamation suit
Mainstream News: 3 hours ago, 12 flags -
Light from Space Might Be Travelling Instantaneously
Space Exploration: 10 hours ago, 8 flags -
2025 Bingo Card
The Gray Area: 11 hours ago, 7 flags -
The MSM has the United Healthcare assassin all wrong.
General Conspiracies: 11 hours ago, 7 flags -
More Bad News for Labour and Rachel Reeves Stole Christmas from Working Families
Regional Politics: 9 hours ago, 7 flags
active topics
-
George Stephanopoulos and ABC agree to pay $15 million to settle Trump defamation suit
Mainstream News • 8 • : xuenchen -
Pelosi injured in Luxembourg
Other Current Events • 33 • : WeMustCare -
Drones everywhere in New Jersey
Aliens and UFOs • 132 • : FlatBatt -
Light from Space Might Be Travelling Instantaneously
Space Exploration • 22 • : Freeborn -
The Mystery Drones and Government Lies
Political Conspiracies • 66 • : nugget1 -
They Know
Aliens and UFOs • 85 • : ARM19688 -
Nov 2024 - Former President Barack Hussein Obama Has Lost His Aura.
US Political Madness • 14 • : xuenchen -
2025 Bingo Card
The Gray Area • 15 • : onestonemonkey -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 3681 • : Thoughtful3 -
Something better
Dissecting Disinformation • 25 • : Astrocometus