IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> help weird bug on my pc, any virus specialist here ?
FinouCat
post Oct 29 2007, 09:58 PM
Post #1


Member
**

Group: Members
Posts: 94
Joined: 03.08.2007
From: Perpignan, France
Member No.: 2,441



Hi everybody,
I've had a weird bug on my pc for a few weeks now. It doesn't seem to be very serious, but two friends have told me it could be a trojan horse diablo.gif so I'm getting worried.
The bug is that regularly, one of the icons on the desktop of the pc is renamed "o". Often it's IE, but it can also be any icon, a file, a shortcut, anything. But it's always "o" and it's always on the desktop, not elsewhere on the pc (well, I think, I've checked and I haven't found any other "o"s).
unknw.gif The thing is, I don't see the point of a virus or a trojan doing that. It doesn't seem to affect anything and it's not even annoying, as it's always one file at a time that is renamed, and I can easily recognize it thanks to its icon. If it's a trojan, it's hard to tell with my dinosaur laptop, since it often bugs (it freezes at least once a day and I have to restart it,but it's done that for years) and it's always very slow (it has very limited power, poor dino). I've searched for viruses and trojans search.gif and the anti-virus didn't find any ; neither did the anti-spyware, which sometimes finds and eliminates trojans.
So what do you think ? Should I worry or is it just a harmless bug ? And if it really is a virus or something, how can I know for sure and get rid of the bug ? moil.gif
Thanks !

This post has been edited by FinouCat: Oct 29 2007, 10:00 PM


--------------------
Go to the top of the page
Add Name in post
+Quote Post
Just Cuz
post Oct 29 2007, 10:49 PM
Post #2


Advanced Member
Group Icon

Group: Artist
Posts: 1,164
Joined: 26.02.2006
From: United States
Member No.: 195



Sometimes trojans are only slightly mischievous and do no real harm.
However, what you are seeing could be a symptom of more sinister, hidden activity.

When was the last time you updated the virus definitions of your AV program?
It likely won't do you any good to scan for something if the program isn't up-to-date.


--------------------
Aiwan is my hero.
Go to the top of the page
Add Name in post
+Quote Post
FinouCat
post Oct 30 2007, 01:47 AM
Post #3


Member
**

Group: Members
Posts: 94
Joined: 03.08.2007
From: Perpignan, France
Member No.: 2,441



Hi JC,
I updated my anti-virus yesterday. I use the free version of AVG, which updates regularly, and so does Ad Aware which I use for spyware. They're both usually quite efficient, they find and eliminate "intruders" easily.
Now that I think of it, I think my pc is slower these days, I didn't think it was possible. lol.gif For example this forum took longer than usual to appear, and the smileys on the left took even longer.
sad.gif I think I'm getting worried...


--------------------
Go to the top of the page
Add Name in post
+Quote Post
Just Cuz
post Oct 30 2007, 02:09 AM
Post #4


Advanced Member
Group Icon

Group: Artist
Posts: 1,164
Joined: 26.02.2006
From: United States
Member No.: 195



The board is a bit sluggish today - it's not your PC. wink.gif

I've never used it myself, but I've heard good things about "HijackThis" - try Googling for it.


--------------------
Aiwan is my hero.
Go to the top of the page
Add Name in post
+Quote Post
FinouCat
post Oct 30 2007, 02:37 AM
Post #5


Member
**

Group: Members
Posts: 94
Joined: 03.08.2007
From: Perpignan, France
Member No.: 2,441



QUOTE (Just Cuz @ Oct 30 2007, 03:09 AM) *
The board is a bit sluggish today - it's not your PC. wink.gif

I've never used it myself, but I've heard good things about "HijackThis" - try Googling for it.


Ok, that's a little reassuring.
Thanks, I'll look for it and try to do another scan, maybe a different program will find something, and hopefully "kill" it.


--------------------
Go to the top of the page
Add Name in post
+Quote Post
Spellbound
post Oct 30 2007, 06:47 AM
Post #6


Member
*

Group: Members
Posts: 27
Joined: 08.05.2006
Member No.: 279



You should install SpyBot; and it's so easy to use.
Go to the top of the page
Add Name in post
+Quote Post
connie
post Oct 30 2007, 10:32 AM
Post #7


Member
Group Icon

Group: Artist
Posts: 449
Joined: 22.05.2006
Member No.: 301



Also spywareblaster.

I run a forum that has some technical boards to it and a few guys who really know there stuff when it comes to viruses, trojans, and how to get rid of most anything out there. Ive left them a note asking them which direction to lead you.

I use Avast Anti Virus myself. It is also FREE.. Very good virus scanner. They have an excellent support forum as well. Im not positive but does AVG have a support forum and have you tried going there and seeing if someone there could help you out? One of the regulars there could most likely check your Hijackthis log file for you and help you out with that (it can be confusing if you arent familiar with some things)

I did abit of Googling around myself and havent found anything similiar to your problem but Ill keep seeing what I can find out here for you.

edit: next time it happens right mouse on the file, check propertys and see if it is changing it to o.bat IF so do NOT click on it.. Will get back with you soon. In the meantime go to Trend Micro Housecall and run a scan on your computer:
http://housecall.trendmicro.com/ It will check your system for viruses, malware, spyware.




Im back again.. adding to this. Ive done more research and found some answers for you. It is sounding like it is the QHosts-1.dr Trojan. It is not horribly harmful but you do need to get rid of it (if you do have this one) Microsoft released a patch for it a very long time ago however. Have you kept your updates for WIndows up to date??? If not you need to go to Windows Updates and do so (even if this isnt the bug you have)

Besides the o.bat file its making these are some of the things it will do/change on the system. If you can check your system and see if it has done any of this let me know and I can lead you to removal instructions:

A file named HOSTS is created in the %WinDir%\Help directory redirecting popular search URLs (such as google.com, altavista.com, etc) to the IP address 207.44.220.30 [note: this is not the default path to the HOSTS file, the following registry key is created to change the HOSTS path]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
Tcpip\Parameters "DataBasePath" = %SystemRoot%\help Configuring DNS servers to use different IP addresses, such as:
69.57.146.14 69.57.147.175 The creation of the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters\Interfaces\windows "r0x" = your s0x A marker file is created in the Windows directory named winlog A temp directory is created and left behind by the trojan:
c:\bdtmp\tmp Several Internet Explorer registry entries are changed/created:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Search Bar" = http://www.google.com/ie HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use Search Asst" = no HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl "(Default)" = http://www.google.com/keyword/%s HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Search Page" = http://www.google.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl "provider" = gogl HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search "SearchAssistant" = http://www.google.com/ie

This post has been edited by connie: Oct 30 2007, 09:55 AM
Go to the top of the page
Add Name in post
+Quote Post
connie
post Oct 31 2007, 12:28 AM
Post #8


Member
Group Icon

Group: Artist
Posts: 449
Joined: 22.05.2006
Member No.: 301



Since I can never figure out how to make a NEW post here without it adding to my last one this may wind up being a very long message (sorry)

Im copying/pasting what one of my friends said to tell you:


QUOTE
AVG Forum is not much use. They'll just tell you that if AVG doesn't catch it, it's probably spyware, so run some spyware scanners.

Of course, that's not actually a bad idea to start with.

I'd recommend AVG Anti-Spyware, Spybot Search & Destroy and SUPERAntiSpyware.

Another useful scanner is DrWeb CureIT!

Some good online scanners are the F-Secure scanner, Panda scanner and the BitDefender scanner.

If problems persist after all that, it's a HijackThis! log that's needed.
Go to the top of the page
Add Name in post
+Quote Post
FinouCat
post Oct 31 2007, 01:08 AM
Post #9


Member
**

Group: Members
Posts: 94
Joined: 03.08.2007
From: Perpignan, France
Member No.: 2,441



Wow, Connie, that's all very helpful.

No "o" today but the shortcurt for "my received files" is called "p" tonight. I tried to look at its properties but there's nothing about a .bat extension. There was a funny thing 10 minutes ago, when I clicked on the shortcuts for MSN and for Spider Solitaire, it didn't open the programs but their properties. It's all back to normal now.

I really hate computers sometimes ! We couldn't live without them, but they can make us soooooo crazy.gif

Thanks a lot Connie, I'll try to do a few more scans tomorrow and I'll let you know.
give_rose.gif


--------------------
Go to the top of the page
Add Name in post
+Quote Post
FinouCat
post Nov 1 2007, 01:37 AM
Post #10


Member
**

Group: Members
Posts: 94
Joined: 03.08.2007
From: Perpignan, France
Member No.: 2,441



nea.gif I've been horse-hunting all evening yesterday, but I've found nothing. I've done two different online scans, they only found cookies and spywares. And I didn't find any of the directories you told me about, Connie. So it must be a good sign, although the pc still has weird reactions sometimes. Maybe they're just bugs because the pc's really old...
Well, thanks for your help anyway.
give_rose.gif


--------------------
Go to the top of the page
Add Name in post
+Quote Post
connie
post Nov 1 2007, 07:56 AM
Post #11


Member
Group Icon

Group: Artist
Posts: 449
Joined: 22.05.2006
Member No.: 301



Humm.. Something is going on. It should not be doing that.

If you would like to grab Hijack This, run it and send me the log thru a pm Ild be happy to have it checked for you.

http://www.spywareinfo.com/~merijn/programs.php#hijackthis
Go to the top of the page
Add Name in post
+Quote Post
FinouCat
post Nov 2 2007, 03:42 AM
Post #12


Member
**

Group: Members
Posts: 94
Joined: 03.08.2007
From: Perpignan, France
Member No.: 2,441



declare.gif Yes sir ! Scan ready to be launched ! pilot.gif Horse-ennemy targeted ! Full report to be deposited on your desk tomorrow at 0800 sir !

biggrin.gif Sorry, it's 1.37 in the morning, I'm starting to talk crazy. pardon.gif Don't pay attention.

Right, I'm going to bed lazy.gif and let the scan start. More news tomorrow !
Good night !
air_kiss.gif


--------------------
Go to the top of the page
Add Name in post
+Quote Post
connie
post Nov 3 2007, 02:31 PM
Post #13


Member
Group Icon

Group: Artist
Posts: 449
Joined: 22.05.2006
Member No.: 301



QUOTE (FinouCat @ Nov 1 2007, 05:42 PM) *
declare.gif Yes sir ! Scan ready to be launched ! pilot.gif Horse-ennemy targeted ! Full report to be deposited on your desk tomorrow at 0800 sir !

biggrin.gif Sorry, it's 1.37 in the morning, I'm starting to talk crazy. pardon.gif Don't pay attention.

Right, I'm going to bed lazy.gif and let the scan start. More news tomorrow !
Good night !
air_kiss.gif


first off I am not a sir ! LOL LOL

I sent you a couple of pms with results from your Hijack This log that you sent me and advice on how to handle it.
Let me know how all of this goes.
Go to the top of the page
Add Name in post
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



Lo-Fi Version Time is now: 18th February 2019 - 04:06 PM