TEH RAGE!

Post by **Joose** » September 13th, 2005, 16:15

Virus writers should have their heads crammed up their bottoms far enough that they digest thier own brains, whilst simultaneously being suspended via their tiny little balls.

The bastards.

Anway, in case you hadnt gathered, i seem to have picked up computer-cooties from somewhere. It not managed any serious damage (yet) but its refusing to FUCKING DIE!

ahem.

Its manifesting itself by occasionally displaying a blank dos window, which seems to be loading something called update.pif. This then tries to do something undoubtably nefarious on the interweb. Occasionally something called ms-dos.pif is involved, but im not sure how.

BitDefender seems to be detecting it (occasionally) and blocking it from accessing the net (as far as i know) but wont remove it. Or rather, it removes it only for it to come back again.

The same can be said for Spybot S&D, adaware, avast!, ewido, that funny Stinger program (which doesnt seem to see it at all), and the microsoft home bred spyware removal tool. Ive run these, all whilst in safe mode. Some of them detect bits and bobs and remove them, but this damn thing invariably re-animates itself somehow.

Ive googled update.pif and ms-dos.pif, they seem to be associated with a couple of different virii, but nothing ive found has been particularly usefull.

Short of flattening windows and re-installing everything, anyone got any ideas I havent already tried? Its really beginning to annoy.

mrbobbins · Post by **mrbobbins** » September 13th, 2005, 16:20

Find out where the virus is located (if the virus checker has picked it up it should tell you where it is)

Load windows in safe mode and manually delete it, then run all the checkers again, then reboot to normal mode, run all checkers again, then hit it with a big stick

Edit: Check registry and delete update.pif and ms-dos.pif entries??

Post by **Joose** » September 13th, 2005, 16:53

nope, done all of that, they keep coming back. Something is ressurecting them from somewhere.

Stuk · Post by **Stuk** » September 13th, 2005, 17:16

A quick search: http://www.bleepingcomputer.com/startup ... 12242.html

Maybe you could ask in their more specialised forums. And aparently its in the system folder.

Post by **Dr. kitteny berk** » September 13th, 2005, 17:30

there's probably an installer or trigger for it somewhere, check your startup folder?

cashy · Post by **cashy** » September 13th, 2005, 17:36

dont know what the hell bit defender is, but get the newest version yada yada and if its as crap as the name try somthing else.

the berk and bobbins seem to have a good plan though, so if non of it works smash your hdd with a hammer and buy a new one

Post by **Dr. kitteny berk** » September 13th, 2005, 17:37

http://www.sophos.com/virusinfo/analyse ... otamr.html

Woo Elephant Yeah

Try this out, as long as you can get to the net, it's helped me out of a few sticky situations at work when even McAffee has had problems deleting files/viruses and so on

http://housecall.trendmicro.com/

Post by **deject** » September 13th, 2005, 19:44

I've found that http://www.sarc.com is a great place to find out info on, and how to destroy a lot of worms/trojans/etc. You can usually find a dedicated removal tool as well as detailed instructions for maximum vengance.

Post by **deject** » September 13th, 2005, 19:46

http://securityresponse.symantec.com/av ... lamar.html

Turn off System Restore, and run in Safe Mode for best results, apparantly.

Post by **Joose** » September 13th, 2005, 19:54

I think i may have finally squished it.
I had forgotten that hitting "show hidden files" doesnt actually show all the hidden files. You have to hit the "and the other files" and the "no, really" options as well*

*May actualy be labeled something else

Post by **FatherJack** » September 13th, 2005, 19:59

There are lots of free utils here: http://www.freebyte.com/antivirus/

Might be worth going through the list until something works. I had a better list, of which this page was only part, but I think it's at work, and I'll try to dig it out tomorrow.

Edit: oh, okay then

Post by **Grimmie** » September 13th, 2005, 21:43

[5punk]Grimmie: ciijasiie?
[5punk] Joose: thats what im doing now
[5punk]Grimmie: What flavour jam?
[5punk] Joose: plum
[5punk]Grimmie: Classy!

Post by **Joose** » September 13th, 2005, 21:56

UPDATE: Ive found it lurking in other areas of my computer, and squished it there too. Now i just have to sit back and wait to see if it comes back again.

*prays*

UPDATE TO THE UPDATE: NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!

Post by **Joose** » September 14th, 2005, 19:59

Ive unleashed the atomic bomb of computer fixes; a complete format and re-install of windows.

If it comes back now im going Amish.

caveman900 · Post by **caveman900** » September 16th, 2005, 19:36

itll get your pc running a lil quicker which is good anyway.