Trojan from clan page with screenshots
Just thought I may be able to provide some help to the technical support staff by posting this here (assuming someone higher up sees it). I tried submitting a ticket with this, but of course the web support is down so that didn't work.
This is almost the exact problem I'm having, go to this thread to see:
http://forum.avast.com/index.php?topic=82254.0
I'm not doing the solution there because my situation is slightly different, and I could mess up my computer if I try it and it was wrong.
I got a trojan from the clan page. You can see that from this screenshot:
Originally I couldn't open up my antivirus (Microsoft Security Essentials) because the trojan/virus disabled it and kept it closed. I did scans with the updated version of malwarebytes, microsoft safety scan and nod32 online scanner:
http://www.eset.com/us/online-scanner/
http://www.malwarebytes.org/
http://www.microsoft.com/security/sc...s/default.aspx
After deleting viruses then redeleting them (they just kept coming back), I restored my computer to 3 days ago, and microsoft security essentials started running again.
I did a scan with it, and it picked up a bunch of viruses and 1 trojan. The viruses were named:
virus:win32/Ramnit.AF
and the trojan was named:
Trojan:winNT/Ramnit.gen!A
I kept deleting the viruses and their locations seemed random, however the trojan was located at:
"C:\Users\basement\AppData\Local\Temp\<randomLette rsHere>.sys"
I know the letters were random based off the thread I quoted above:
http://forum.avast.com/index.php?topic=82254.0
I removed my scan history and then I tried running the scan again. Before this point the "action taken" in microsoft security essentials against the viruses was "allowed", and I couldn't change it to quarantined or deleted. I'm not sure when, but at some point it changed to quarantined, but that was after I couldn't find the trojan anymore, just the viruses (the trojan wasn't popping up in the history anymore).
This is the trojan:
http://www.microsoft.com/security/po...2FRamnit.gen!A
I tried navigating to it in CMD, however when I got to the Temp folder in "C:\Users\basement\AppData\Local\Temp\<randomLette rsHere>.sys" and did a listing of the files, it didn't show up. I also tried navigating to it using the user interface, but I the furthest I get is "C:\Users\basement". AppData isn't in there in the user interface, but it is in CMD, which leads me to believe it's hidden, and I'm unsure how to unhide it in windows, plus even if I did I'm not sure if I would find the trojan.
Here's the screenshot of the history in microsoft security essentials:
It should also be noted that I'm using version 5.0 of firefox (9.0 is the newest), because my brother wants to use an addon that doesn't work in the newer versions. I'll update it after this, and that may be the reason that I got the virus from the clan page.
Near the beginning of this mess, I tried running firefox and then it would crash after about 5 seconds of being open. To correct this issue I had to run firefox in safemode, and then I could use it. I'm currently using firefox not on safemode and still have version 5.0.
I want this fixed, and I've done all that I can, short of formatting the harddrive.
If more information is required, just ask.
This is almost the exact problem I'm having, go to this thread to see:
http://forum.avast.com/index.php?topic=82254.0
I'm not doing the solution there because my situation is slightly different, and I could mess up my computer if I try it and it was wrong.
I got a trojan from the clan page. You can see that from this screenshot:
Originally I couldn't open up my antivirus (Microsoft Security Essentials) because the trojan/virus disabled it and kept it closed. I did scans with the updated version of malwarebytes, microsoft safety scan and nod32 online scanner:
http://www.eset.com/us/online-scanner/
http://www.malwarebytes.org/
http://www.microsoft.com/security/sc...s/default.aspx
After deleting viruses then redeleting them (they just kept coming back), I restored my computer to 3 days ago, and microsoft security essentials started running again.
I did a scan with it, and it picked up a bunch of viruses and 1 trojan. The viruses were named:
virus:win32/Ramnit.AF
and the trojan was named:
Trojan:winNT/Ramnit.gen!A
I kept deleting the viruses and their locations seemed random, however the trojan was located at:
"C:\Users\basement\AppData\Local\Temp\<randomLette rsHere>.sys"
I know the letters were random based off the thread I quoted above:
http://forum.avast.com/index.php?topic=82254.0
I removed my scan history and then I tried running the scan again. Before this point the "action taken" in microsoft security essentials against the viruses was "allowed", and I couldn't change it to quarantined or deleted. I'm not sure when, but at some point it changed to quarantined, but that was after I couldn't find the trojan anymore, just the viruses (the trojan wasn't popping up in the history anymore).
This is the trojan:
http://www.microsoft.com/security/po...2FRamnit.gen!A
I tried navigating to it in CMD, however when I got to the Temp folder in "C:\Users\basement\AppData\Local\Temp\<randomLette rsHere>.sys" and did a listing of the files, it didn't show up. I also tried navigating to it using the user interface, but I the furthest I get is "C:\Users\basement". AppData isn't in there in the user interface, but it is in CMD, which leads me to believe it's hidden, and I'm unsure how to unhide it in windows, plus even if I did I'm not sure if I would find the trojan.
Here's the screenshot of the history in microsoft security essentials:
It should also be noted that I'm using version 5.0 of firefox (9.0 is the newest), because my brother wants to use an addon that doesn't work in the newer versions. I'll update it after this, and that may be the reason that I got the virus from the clan page.
Near the beginning of this mess, I tried running firefox and then it would crash after about 5 seconds of being open. To correct this issue I had to run firefox in safemode, and then I could use it. I'm currently using firefox not on safemode and still have version 5.0.
I want this fixed, and I've done all that I can, short of formatting the harddrive.
If more information is required, just ask.
Comments
-
-
Giggletron wrote: »Blimey... you went all out on this didnt you...
Surely I didnt need to tell you to search
http://forum.z8games.com/showthread.php?t=188644&highlight=clan+page+virus
Saw that thread and already posted in it. Dot closed it btw.
I haven't seen any other information about this and was just hoping someone'd know how to fix my issue and if not at least let the higher-ups know what virus it is, not sure if that'd help them help others get rid of it or something, or if they even care, but they should considering it's their fault. -
GodsGunman wrote: »Saw that thread and already posted in it. Dot closed it btw.
I haven't seen any other information about this and was just hoping someone'd know how to fix my issue and if not at least let the higher-ups know what virus it is, not sure if that'd help them help others get rid of it or something, or if they even care, but they should considering it's their fault.
They know whats going on. the ads are hosted be an external party so its getting in contact with them to remove the ad. This couldnt have cropped up at a worse time.
It isnt Z8Games' fault. -
Giggletron wrote: »They know whats going on. the ads are hosted be an external party so its getting in contact with them to remove the ad. This couldnt have cropped up at a worse time.
It isnt Z8Games' fault.
But it's z8game's customers that are suffering and we got it from their website, so they should be trying to help at least. -
GodsGunman wrote: »But it's z8game's customers that are suffering and we got it from their website, so they should be trying to help at least.
Technically its being shown via an advert from another company. Its THEIR responsibility for what adverts show up.. Z8 have no control over it. This was way beyond what they can do.
They are... theyre trying to get rid of it and Talon has told you what to do if you got the virus. -
Giggletron wrote: »They are... theyre trying to get rid of it and Talon has told you what to do if you got the virus.
What are you talking about?
He just gave 2 tips for not getting the virus (stay away from the clan page and download an adblocker), he didn't say how to get rid of it... -
GodsGunman wrote: »What are you talking about?
He just gave 2 tips for not getting the virus (stay away from the clan page and download an adblocker), he didn't say how to get rid of it...
Then I will
http://www.malwarebytes.org/ -
Giggletron wrote: »
*facepalm*
Maybe try reading what I posted first...GodsGunman wrote: »Originally I couldn't open up my antivirus (Microsoft Security Essentials) because the trojan/virus disabled it and kept it closed. I did scans with the updated version of malwarebytes, microsoft safety scan and nod32 online scanner:
http://www.eset.com/us/online-scanner/
http://www.malwarebytes.org/
http://www.microsoft.com/security/sc...s/default.aspx -
GodsGunman wrote: »*facepalm*
Maybe try reading what I posted first...
I did. But since you said noone helped. I did. If someone sees that post then, yay. Its by far the best solution short of ComboFix.. which is risky.
Im just saying... Z8 know. Z8 are sorting it out. What more do you want from me?
-
tempzzzzaay wrote: »This problem should of been fixed in a matter of minutes, just needs a code scan on the piece of JavaScript..
Typical Z8Games take there time on everything..
It needs to be removed from the ad hosting. Z8 dont have the advert on their servers... -
This discussion has been closed.
Categories
- All Categories
- Z8Games
- Off-Topic - Go To Game OT Forums
- 1 Z8 Forum Discussion & Suggestions
- 16 Z8Games Announcements
- Rules & Conduct
- 5.2K CrossFire
- 959 CrossFire Announcements
- 950 Previous Announcements
- 2 Previous Patch Notes
- 1.4K Community
- 122 Modes
- 602 Suggestions
- 85 Clan Discussion and Recruitment
- 274 CF Competitive Forum
- 19 CFCL
- 26 Looking for a Team?
- 705 CrossFire Support
- 52 Suggestion
- 116 Bugs
- 29 CrossFire Guides
- 166 Technical Issues
- 47 CrossFire Off Topic