Cheat Engine

Drkgodz · Posted: Mon Jul 20, 2009 1:09 pm Post subject: Nasty Virus

Will I removed a virus about a month ago and everything was fine until yesterday. It said IE8 crashed and then those virus pop ups come from the tray saying your computer is infected and everything. I checked my processes and deleted all the ones that were viruses. I eventually got the virus to stop. However when I rebooted it was back. I am using ZoneAlarm right now to make sure it doesn't download anything, but I really want to get rid of them.
This is what I have observed of the virus:
It creates many executables, many of which I suspect are the same and do the same thing. All these executables end up in the temp folder:
setup.exe
system.exe
login.exe
services.exe
debug.exe
csrss.exe
2724140706.exe
spoolsv.exe
taskmgr.exe
win.exe
They are all 20 KB.
And at random times, it creates an exe with a random 3 digit number. ie: 304.exe, 089.exe, etc. It also creates many hidden files in the temp folder and sets my view hidden files option to false.

I also have reader_s.exe. I removed all traces I could find of this, and I removed it from the registry. Hopefully this has fixed it. I will reboot now.
EDIT:
Nope. It came back and put more crap in my temp folder.
327.exe
789.exe
3915612364.exe
winlogon.exe
svchost.exe
notepad.exe

I have also notice that there is always KENEL.DLL in my temp folder. I have 2 files I cannot delete.
WPDNSE(folder)
and
~DFDBD9.tmp
The .tmp name just changed. I think it creates a different one on startup.

Karakawe · Posted: Mon Jul 20, 2009 2:47 pm Post subject:

Safe mode > Virus Scan would be the most practical first step.

SF · Posted: Mon Jul 20, 2009 3:09 pm Post subject:

Run hijackthis and post the log.

In the popups, what antivirus is it claiming to be?

Mania Guy · Posted: Mon Jul 20, 2009 3:45 pm Post subject: Re: Nasty Virus

Luigi · Posted: Mon Jul 20, 2009 7:01 pm Post subject:

hcavolsdsadgadsg · Posted: Mon Jul 20, 2009 7:24 pm Post subject:

reformat.

no point in fucking around once you're infected, back whatever up and go.

Luigi · Posted: Mon Jul 20, 2009 7:30 pm Post subject:

Drkgodz · Posted: Mon Jul 20, 2009 9:02 pm Post subject:

Don't worry guys. I used AVG and it failed, but then after a quick scan with Malwarebytes Anti-Malware the virus was removed. Very Happy

Luigi · Posted: Mon Jul 20, 2009 9:20 pm Post subject:

Fap2Admin · Posted: Tue Jul 21, 2009 4:18 am Post subject:

Aw man, reader_s.exe
A Virut Variant.
Got that before, and It infect all exe of mine.
If you got that VRR.tmp stuff in your Temp/Windows folder, do not delete it.
Dc18 will hide in your recycle bin.

I suggest downloading Avira or SpyBot S&D.

Desolati0n · Posted: Tue Jul 21, 2009 5:48 am Post subject:

That is a pretty nasty virus, what the hell were you doing when you obtained it?

Only advice I can think of is system restore.