[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y / ] [Home]
4chanarchives logo

I need help removing a virus

  1. Home
  2. Board: /g/ - Technology
  3. Reading: I need help removing a virus
Thread replies: 13
Thread images: 3

Anonymous
I need help removing a virus 2016-06-04 03:37:10Post No. 54900449
[Report] Image search: [Google] [Yandex] [Bing]
File: wtf is this.jpg (353KB, 1655x545px) Image search: [Google] [Yandex] [Bing]
wtf is this.jpg
353KB, 1655x545px
I need help removing a virus Anonymous 2016-06-04 03:37:10 Post No. 54900449 [Report]
So I noticed strange activity on my bandwidth monitor and decided to investigate. Here whats I discovered:

-After 65 seconds of inactivity, the files in the pic are created in a new temp folder
-It keeps connecting to "contentiously.com" through vds.exe
-upload and download rates are at 1.2 K
-It will not do any of this if TaskManager is open
-It will delete all the files it created if I touch the mouse or keyboard
-When TaskManager is opened, 2 instances of "COM Surrogate" suddenly closes (not sure if this is normal behavior)

Avast doesn't detect anything, but this is highly unusual and I suspect its a virus. From the "blake256" file alone, I assume its mining bitcoins. I googled the symptoms, but only one other person mentioned it and they never got a solution - so I suspect its something new.

Does anyone know what this is? Suggestions? Is there a tool to let you see what service/file is creating these files?
>>
Anonymous 2016-06-04 03:40:32 Post No.54900482
[Report]
Anonymous 2016-06-04 03:40:32 Post No.54900482 [Report]
>>54900449
install gentoo
>>
Anonymous 2016-06-04 03:41:48 Post No.54900495
[Report]
Anonymous 2016-06-04 03:41:48 Post No.54900495 [Report] 
nslookup contentiously.com
Server:        192.168.1.1
Address:    192.168.1.1#53

** server can't find contentiously.com: NXDOMAIN


It doesn't real
>>
Anonymous 2016-06-04 03:42:51 Post No.54900515
[Report]
Anonymous 2016-06-04 03:42:51 Post No.54900515 [Report]
>>51971506
>/g/ is NOT your personal tech support team
>For tech support/issues with computers, use /wsr/ - Worksafe Requests or one of the following:
>>
Anonymous 2016-06-04 03:44:10 Post No.54900527
[Report]
Anonymous 2016-06-04 03:44:10 Post No.54900527 [Report]
backup and reinstall
>>
Anonymous 2016-06-04 03:47:32 Post No.54900561
[Report] Image search: [Google] [Yandex] [Bing]
Anonymous 2016-06-04 03:47:32 Post No.54900561 [Report]
File: Untitled.png (1KB, 1213x15px) Image search: [Google] [Yandex] [Bing]
Untitled.png
1KB, 1213x15px
>>54900495
whois.net says it is. Also, it's changed what it connects to now. See pic.
>>
Anonymous 2016-06-04 03:52:27 Post No.54900622
[Report] Image search: [Google] [Yandex] [Bing]
Anonymous 2016-06-04 03:52:27 Post No.54900622 [Report]
File: 1462076050243.jpg (367KB, 640x1190px) Image search: [Google] [Yandex] [Bing]
1462076050243.jpg
367KB, 640x1190px
Is there a tool to let you see what service is creating files in a folder?
>>
Anonymous 2016-06-04 03:53:56 Post No.54900640
[Report]
Anonymous 2016-06-04 03:53:56 Post No.54900640 [Report]
Just reinstall.
>>
Anonymous 2016-06-04 03:57:04 Post No.54900677
[Report]
Anonymous 2016-06-04 03:57:04 Post No.54900677 [Report]
>>54900622
sysinternals probably has something you could use.
>>
Anonymous 2016-06-04 03:57:20 Post No.54900682
[Report]
Anonymous 2016-06-04 03:57:20 Post No.54900682 [Report]
MBAM or make a bootable USB with some free antivirus SW that allows it
>>
Anonymous 2016-06-04 04:03:52 Post No.54900747
[Report]
Anonymous 2016-06-04 04:03:52 Post No.54900747 [Report]
https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx?f=255&MSPPError=-2147217396
Use this to find what program or service is creating those files and nuke it.
>>
Anonymous 2016-06-04 04:11:44 Post No.54900856
[Report]
Anonymous 2016-06-04 04:11:44 Post No.54900856 [Report]
I think I may have found the problem, but I don't have a solution

http://www.pcworld.com/article/2461120/stealthy-malware-poweliks-resides-only-in-system-registry.html
>>
Anonymous 2016-06-04 05:40:21 Post No.54901812
[Report]
Anonymous 2016-06-04 05:40:21 Post No.54901812 [Report]
Just FYI to future readers, I used system restore and rolled back to a week earlier (when the problem wasn't present). That worked.
Thread replies: 13
Thread images: 3
[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y / ] [Home]
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
If a post contains personal/copyrighted/illegal content you can contact me at [email protected] with that post and thread number and it will be removed as soon as possible.
If a post contains illegal content, please click on its [Report] button and follow the instructions.
This is a 4chan archive - all of the content originated from them. If you need information for a Poster - you need to contact them.
This website shows only archived content and is not affiliated with 4chan in any way.
If you like this website please support us by donating with Bitcoin at 1XVgDnu36zCj97gLdeSwHMdiJaBkqhtMK