Welcome to my blog ! :)

Last night's virus adventure

, posted: 31-Aug-2013 10:30

EDIT: just further clarified what damage it left behind. It was a classic hi jack where the hosts file was infected. Containing about 15453 entries in which it would attempt to ping/send data to. Also I watched a helpful video on youtube regarding safe mode and check windows files for viruses (and obviously deleting those suspicious files), lastly hitman was used to supplement malwarebytes, and after that scan all viruses found I then googled, and removed the registry entries. 

First of all a big shout out and thanks to "teneightypea" and "honem" on geekzone chat who helped guide me along the right path to diagnosing network issues and potential threats.

What went wrong?
The internet simply wouldn't work at times. No google, no steam, no online gaming, even speedtest.net wouldn't connect to the server. Dropbox failing, youtube not loading etc.

So i decided to check my router activity. Strangely enough with no programs running, this is what I found.

Ok, I recognise those ports as steam, Nope no programs running... When i did start up steam, nothing changed. 
Again, with all programs closed (even my browser) this is what was outgoing from my PC. (boxed out ip address just cause)


looks a bit small, link here just incase someone somewhere needs to check..

So it's a lot of internet activity through the modem when I am the only PC connected (at this time) and running no programs (yes i see steam, but that was due to diagnosing problem in first pic) Also steam doesn't smash the internet like you see above. 

Ok, It's a virus. 

Let's make it quick...

My flatmates download heaps and most likely do quick installs, meaning, accepting random additional softwares, toolbars, etc. instead of unchecking boxes via custom installs. Secondly, it didn't help that for some weird reason, all anti viruses were disabled on my girlfriends pc. (cant blame her though ;)   ) 

How did we solve it?
Firstly, Command prompt was used to check all process ID numbers, against those in my task manager. Some real strange babylon stuff showed up, so I removed and exterminated it. Furthermore malwarebytes was unable to be downloaded so using Iphone's 3g hotspot we managed to download it. 

Malwarebytes had a party all night long. Malware had 2 counts on my computer, 14 on my girlfriends and 21 on my flat mates. To me it seems that 1 or more of these malware's were actually doing some damage, and being distributed via our router (explaining large traffic usage and randomly open+used ports)

All passwords etc were changed just to be safe. Online banking etc.

So i decided to reset the modem and clean all the users' from malware and other types of viruses. On my PC, google chrome got infected and had to be reinstalled, and microsoft security essentials also died, started showing fake threats and as soon as i clicked clean, it disappeared from processes (under task manager). So reinstalled that...

The name was Virtool: MSIL/Injector.ED
and a few other Virtool "something" i forgot. Obfuscator XZ or something.

These are dangerous and after a full rootkit check, malwarebytes FULL scan, MSE FULL scan and spybot (if you have annoying things popping up) have fixed this problem. Modem usage is back to normal and im able to play games again with a lovely 30ms. Netgraph on steam showed over 1,000 ping at the time this virus was intruding our computers and network. 

This post is mostly to say thanks to fellow Geekzone users for helping me out, 1080p and honem, also if anyone notices any similar problems, or has questions, please feel free to ask in the comments below.

Feels great to be safe again, I'm always up to date and virus aware, but man this thing was BAD news.

Other related posts:
A Hectic week in Japan! -Complete version
Guide to making your Computer UV reactive

Comment by Athlonite, on 3-Sep-2013 22:52

Please get rid of MSE it's a piece of junk now I'd use Avast free edition if I were you and click the quiet gaming mode to on

Author's note by b0untypure1, on 4-Sep-2013 16:17

MSE used to be great, but yea i have noticed it does not do anything anymore

b0untypure1's profile

Leslie Alldridge
new plymouth
New Zealand