Deus Ex Alpha

Just back from fixing my computer from several kinds of viruses, all downloaded and executed through some exploit in my firefox (don't see any other way)

I was visiting some forums which never gave any problems in the past, Firefox says I need a plugin to view the content correctly. Then, without even clicking on it, winamp starts up and tries to play a file called "plugin". Next thing I know, my explorer.exe gets hijacked, a couple of viruses get downloaded on my computer and I'm unable to open any .exe files. My registry protector just got killed in the same moment, so the viruses managed to nestle themselves in the registry without any trouble. Rebooting gave an instant BSoD each time, so i went to safemode and managed to fix it from there after messing around a lot.

My sis had an equal problem on internet explorer less than a month ago, where her java just got overflowed buffer, which allowed everything like changed registry values and hijacked everything without any questions or notices. Same thing for a neighbour.

Has this happened to anyone else lately?
Are browsers really defenseless against whatever exploit got used in these cases?
Could the kgb (kaspersky) protect me against this any better than a regular free virusscan and a registry protector would?

Something similar happened with me but Windows Firewall detected a "GetMirar.exe" in safe mode.

Well, if you're saying that everything opens from a certain programs, even executeables.. I had this virus or something, basically.. registries were edited. It all opened from 'Windows Media Center' on my Windows 7.

What I did was.. firstly.. restore 'EXE' through a registry I found online..

http://www.dougknox.com/xp/file_assoc.htm

This might help you, follow the 'EXE' stuff. And then when 'EXE's could open, I simply got into Window's 7 Control Panel > Programs > Default Programs.

I'm not sure that XP has this.. I simply restored everything through that, it wouldn't open before.. because of 'EXE'

Then I installed Avast.. Well, it wasn't a virus attack at all, and once done.. no antivirus can fix it I think. I THINK that you have the same problem.. And.. yeah, last thing my brother was doing was browsing on the internet. And.. if you don't has this problem.. SORRY.

Well I already managed to fix it luckily. Thing about the executables though, I think they did load for like a split second, but then I got this fake warning which went like: "This file is infected, click yes to do a virusscan!"

So it probably wasn't just removed through file association, but just rendered useless through something that killed the programs as they were executed. Even went so far, that when I wanted to shut down my computer it told me that logoff.exe was infected and killed that very process.

then that's a big virus.. it might be on processes but can you open the task manager?

all is fine on my mac

do you have UAC enabled, Clix?

Dj, nah taskmanager was broken as well.

Dae, windows XP, but I do have measures that should protect me from it, yet it all got neutralized in a matter of seconds :s

Can you elaborate fully on how you got it fixed?

I can't really suggest any antivirus or stuff, my suggestions sux anyway.

All I've got with me is Avast.

Sure can. Regular windows was just unusable so I went to safemode by spamming F8 when booting up computer. (it's quite a hassle as you'll need a PS/2 keyboard to select safemode, luckily I had one of them usb 2 PS/2 plug thingies, or the other way around, always confuse em :s)

Anyway, after I finally got in safemode, I just looked at the services that were being booted up at start (start>run>msconfig) Disabled the several obvious malicious files, they had names like "fjkdghnsndfkjgsdgd". After that I did a scan with malwarebytes antimalware, which picked up like 40 infections of all kinds: trojans, worms, etc. (I had just done a scan half a week ago with no results, so it all must've been from that. Removed all of those threats without any issues.

Then I just rebooted my comp and everything seemed to be working again. Just now found out that my IE8 is unable to do anything, the virus probably messed some part up badly. I'll just reinstall it to fix it. Everything else works though, and there's no weird processes running in the background.

Maybe not related to the problem but shit's been fucking up with me and a lot of my friends around the area. The symptoms are all the same - adware forcing you to do a scan, no internet connection, no use of system controls. I went into Safe mode, did a virus check, found some cookies but that's it. Later went into msconfig and restricted a couple programs from starting up. The programs complied with the weird naming Clix said - the fgjakfaggjag or whatever.

Later everything works but most peculiarly, Firefox/IE is set up with a proxy, something it didn't have before. Some 5 of my friends been reporting this very same thing when I fixed their computers, and subsequently mine. Shit's getting weird.

Yeah, I ultimately found out that my IE was using 127.0.0.1 as proxy for some reason. Changing that back in settings and with hijackthis did not fix it though. I just told IE to revert back to default settings which fixed whatever else was being bugged.

Afterwards rescanned with malwarebytes antimalware, with the latest update and it picked up even more trojans and worms :s Cleaning out your temp folder is a good idea if you hadn't already.

Must be the same shit I had. Some new virus or something?

Probably is, or more likely a new variant of it, seeing as my sis had an equal virus a month ago which did get picked up from the start.

Did you get it the same way by merely browsing on a website and getting it installed without even clicking on anything?

Yeah, I haven't installed shit myself since I got this. Some exploit in IE maybe.

Did you end up opening some file with your standard media player automatically?

Windows Media Player did open at random with the message "WMP could not play this file"

Must be part of the exploit then, it probably managed to run a .exe file or something likewise, despite it not being recognized as a working filetype. This exploit is just creepy really :$