Just suffered a virus attack.

[Belaslav]

Kids... NEVER download keygens for any games, cause I learned that the hard way. Whatever I downloaded, I checked with McAfee Virus Scan (Stupid piece of... *grumbles*), and then ran it. Thats when all hell broke loose...

That thing in a flash installed something called "Smart AntiVirus 2009", which then started to spam me with hack and virus alerts, and started running some weird commands in my command console. My CPU jumped to 100% and on my network meter I see this HUGE amount of incoming data.

Obviously, I thought "Oh shi...". My constant attempts to delete the setup file weren't very successful, so then it hit me! It was pretty bold, but considering the situation, it was worth a shot. I... pressed "Disable wireless LAN" button conveniently located next to my keypad (Thank you Acer). That shut off the network connection, and the data transfer stopped. Phew...

Then I successfully managed to delete the setup file (Yay), found all of the shortcuts to this "Smartass 2009", and deleted them along with the folder in "My programs" folder. I then force-shutoff my laptop.

Next step: Analyze the damage done. I started Vista in safe mode, and tried to see WTH was wrong with my security system. What I saw made me wanna swear non-stop, cause that thing disabled not only the windows security system, but also my McAfee Security Center and ALL OF MY FIREWALLS (Dammit, I had 3 of those!), and modified some file in my System 32 folder.

Next 2 hours I spent scanning my entire system, followed by a restart. Surprisingly, it found nothing. And so here I am, telling you this story and hoping nothing else goes crazy. Yet something tells me that I got off easy.

Is there something else I should do, or I can breathe freely now?

[Destrus]

my friend download a keygen for i think CoD. it deleted stuff from her control panel and disabled her internet

[Drake1]

keygen = fail

[Andromeda]

I only had to google Keygen and look at all the nasty things that popped up

[Hraesvelg]

First off, get a decent antivirus program. I prefer avast!. Then, get a backup/secondary program to monitor system changes like Spybot's TeaTimer and/or ThreatFire. I run both. Granted, when I do come across an infected file, it seems like they've just dropped a bomb with all of the alerts and sirens...but I don't get infected.

One thing about Threatfire, it'll come up with some false-positives with legitimate files from time to time, so don't panic if it pops up.

[Luna]

Pfft..Yea I got a huge virus today by trying to download Shaiya... ;(

So many pop-ups..I couldn't even do anything. It disabled my task manager, and I couldn't get into it ;(

So Fiesta..LaTale..and Cabal (Which took FOREVER to download) are now gone ;(

[Hessah]

Originally Posted by Hraesvelg

First off, get a decent antivirus program. I prefer avast!. Then, get a backup/secondary program to monitor system changes like Spybot's TeaTimer and/or ThreatFire. I run both. Granted, when I do come across an infected file, it seems like they've just dropped a bomb with all of the alerts and sirens...but I don't get infected. One thing about Threatfire, it'll come up with some false-positives with legitimate files from time to time, so don't panic if it pops up.

Ah, I use Avast! too, the other day i was d/ling a song, and my windows firewall disabled on its own... i didnt think much of it.. then my Avast's siren started going off~ lucky for that...

@Bela -

Originally Posted by Bela

Kids... NEVER download keygens for any games,

what makes you think its ok for non-kids to randomly d/l keygen? XD

[Belaslav]

Update: Lol, I looked up "Smart AntiVirus 2009", and found this:

http://www.wiki-security.com/wiki/Pa...tAntivirus2009

I installed the spyhunter from the link the wiki, and ran a check, and it found 34 spyware stuffs, half of them located in my registries (), along with that "Smartass 2009". So I happily click the "Remove" button, and it tells me that I have to register in order to remove spyware (That's pretty dumb...). So I had to go in my cookies and my registry, and manually delete everything. But now I know that I've got a clean comp.

THE END.

@ Hessah: Well, I thought otherwise 5 hours ago.

[Blaaaaaaaah]

Whew you can finally breathee!!

[lamchopz]

Originally Posted by Belaslav

Obviously, I thought "Oh shi...". My constant attempts to delete the setup file weren't very successful, so then it hit me! It was pretty bold, but considering the situation, it was worth a shot. I... pressed "Disable wireless LAN" button conveniently located next to my keypad (Thank you Acer). That shut off the network connection, and the data transfer stopped. Phew...

It wasn't a bold move. It was, in fact, the first thing you should do when an infection is detected! xD

Then you hop on an uninfected computer to look up measures to deal with it.

Quote:

Update: Lol, I looked up "Smart AntiVirus 2009", and found this: http://www.wiki-security.com/wiki/Pa...tAntivirus2009 I installed the spyhunter from the link the wiki, and ran a check, and it found 34 spyware stuffs, half of them located in my registries (), along with that "Smartass 2009". So I happily click the "Remove" button, and it tells me that I have to register in order to remove spyware (That's pretty dumb...). So I had to go in my cookies and my registry, and manually delete everything. But now I know that I've got a clean comp.

Never mess with the registry unless you're expert in it. You may end up breaking some programs or Windows features, or in this case, you may have missed certain traces of that program.

http://www.bleepingcomputer.com/malw...antivirus-2009 is a good link to refer to for this program. Bleeping Computer is one of the most trusted venues for malware information and removal methods which utilise only free tools. However, because the tools used are usually highly advanced, you have to follow the instructions word-for-word.

Quote:

First off, get a decent antivirus program. I prefer avast!. Then, get a backup/secondary program to monitor system changes like Spybot's TeaTimer and/or ThreatFire. I run both. Granted, when I do come across an infected file, it seems like they've just dropped a bomb with all of the alerts and sirens...but I don't get infected. One thing about Threatfire, it'll come up with some false-positives with legitimate files from time to time, so don't panic if it pops up.

I am using Avast myself. However, its detection is average and has some false positives which you need to watch out for. Avast also detects ALL keygens as threats, even the ones you know are harmless (I checked by scanning the files with multiple engines). TeaTimer is mediocre but does a reasonable job. ThreatFire is an excellent HIPS program, however it also has its "moments".

Should I post a thread about malware prevention and removal instructions? many people seem to have it now and then. o.o