VIRUS ALERT!

[Soul Sojourner]

To everyone using MSN Messenger, or any other Messenger program. If anyone sends you a file, do NOT download it, if anything virus scan it first and take every precaution. Your friends, family, and anybody you know, whether on your contact list or not, may send you a virus, whether intentionally, or not. Any E-Mails or IM's sent to you, whether by a friend or not, that say anything similiar to:

Hey, check this out:
<Link or file posted here>

There is a high chance that it is a virus. Not only because of the suspicious wording, but also because someone who recently received a virus, may have their MSN or any Messenger account taken over, and they will attempt to spread the virus to you. In addition, a "hacker" recently was released from jail, because of his young age, and will most likely be back at it. He was responsible for creating several worm viruses. Gamers are being targeted as well, and hackers know this to be a way to get control and access to more computers. Be wary.

IF I SEND YOU ANY IM'S TO DOWNLOAD ANY FILE IT IS NOT ME. DO NOT CONTINUE THE CONVERSATION AND DO NOT TOUCH THE FILE OR LINK!

This is my fair warning to everyone. Don't trust your virus protection to stop viruses, that is the first thing they target, and disable.

[Soul Sojourner]

There is a virus fucking with my computer right now. I see all the weird shit happening. Whatever, nothing I can do about it until tomorrow, or until it pisses me off enough to grab my boot disk and run wipe....

Oh look some window just popped up flashed twice and disappeared... I think it's a worm... I check my system folders and I see various files in different places missing... *sigh* better grab that Jump Drive and take my shizz off.

Ya this second post was to say that I have one, since I forgot to mention that. Yeah someone from GodSpire I know *cough* Cobra *cough* sent me something through messenger... unlike normal, since I had just woken up and was in a bad mood... I skipped the scanning... damn I pick all the best times NOT to scan eh? my comp when coocoo immediately afterwards closed all MSN msger things... destroyed anti-virus and closed most programs. Of course I tried reinstalling anti-virus over and over.. but... youknow... it didnt work, the virus wouldnt let me scan. it also said on msn I signed into another computer... so dont be surprised it "I" am sending u viruses. It isnt me. In addition my virus scanner told me an unauthorized program was changing it's settings. So yeah I am fucked, but no biggy I'll be back... soon. (I enjoy having friends that are technicians) Only one thing could make me truly happy right now... the virus creator/users name... and location...

damn windows popping up... oh btw. I also recieved some spyware with it... luckily I have my spyware begone *hugs*

There is one bright side though... and that is... it wasnt a magistr...

[CABAZON]

Viruses through messengers have been around as long as the messenger themselves.

Try going starting up in "Safe mode with networking", going to www.trendmicro.com,  and clicking "free online scan".

[Soul Sojourner]

Viruses through messengers have been around as long as the messenger themselves.

[snapback]26994[/snapback]

Of course, but I remember seeing some article lately that it's become increasingly popular, then it happened to me, putting two and two together, I had to create a warning thread. So... anyone wanna help me hunt down these people... ah i'll prolly get charged with homicide but **** it.. lol

[420]

To everyone using MSN Messenger, or any other Messenger program.

[snapback]26984[/snapback]

And people are still surprised to hear that Throbble and I have never used any instant messenger programs!

-420

[Mo]

And people are still surprised to hear that Throbble and I have never used any instant messenger programs!

-420

[snapback]27000[/snapback]

oh please....

Example convo:

Friend w/Virus says:

Heya!
Check this link out!!!![/span]

Cochy says:
[span style=\'color:purple\']uh what it this??

no response....no response....
So they didn't tell me, so thats probably a virus.  Simple as that.

[Tyrael]

yeah like 30 mins ago i got that message from cobra thanks i was talkin with nemo like 10 mins b4 that and he told me jimbo got a virus from cobra too so i just closed the msn screen when poped with the link, if not for nemo i surely would have checked thar damn link lol

[nathan]

oh please....

Example convo:

Friend w/Virus says:

Heya!
Check this link out!!!![/span]

Cochy says:
[span style=\'color:purple\']uh what it this??

no response....no response....
So they didn't tell me, so thats probably a virus.  Simple as that.

[snapback]27001[/snapback]

mo.. that was me yesterday...
remember, you asked for that porno site, that was the link to it..

[T]-[eSh0rTy]

someone sends you a link or file dont click it or accecpt it simple as that

[Cobra]

eh mines gone now im all good

[CABAZON]

I was a virus once, but then I got lost and scared so I quit.

[Soul Sojourner]

You said yesterday it wasnt gone, just that you were getting another comp anyway...

This virus is a pain in the ass to dispose of...
Anyone with information on files/directories known as:
Zrekprfp
Dark.exe
and csrss.ini csrss.exe <-- An important XP system file, at least, I believe it is.

Both Dark.exe and Csrss.ini are running system processes that are located in directory:
C:\WINDOWS\system32\zrekprfp\

Please notify me.

So far the find tool has not been able to find that directory nor, crss, nor dark.exe
I havent been able to manually find it or them either, even show all folders and files enabled and hide all important system folders and files disabled... time for command prompt.

On the net I looked up on Zrekprfp and found nothing, on Dark.exe I found a bunch of different programs named that... probably not the ones I am looking for.

I still haven't been able to figure out the name of this virus and/or its files names. If anybody has any idea please inform me. With those I can manually destroy it. (I love Dos prompt and boot disks.)

This seems like a combination of the following viruses:
http://www.symantec.com/techsupp/virusremo...o_tutorial.html

And it has preventions for the prevention methods, and preventions for the cures for it. It immediately closes any thing threatening to it, such as Hijackthis, or any antivirus (after destroying the anti-virus that is) and also the registry editor.

I have been able to determine some things by renaming the hijackthis logfile I was able to quickly create before it closed out. It automatically closes out of anything named hijackthis, but I renamed the logfile and can now read it. The same worked for the folder it was in, but did not work for the program itself.

In addition, only yesterday night did it actually delete many, many system files in WINDOWS, it didnt delete the most important things needed to run however.

Anyone with any information that can possibly help me in any way, please inform me, I'd greatly appreciate it. So far I've been workin on this alone, other than Jimbo telling me about Hijackthis, and Cab mentioning the online scanner, which didnt find it. Thanx =D Back to virus huntin'!

[CABAZON]

Do you have a lot of files on the computer that you can't replace easily or something preventing you from just reinstalling windows?

[Soul Sojourner]

Do you have a lot of files on the computer that you can't replace easily or something preventing you from just reinstalling windows?

[snapback]27013[/snapback]

Well it's XP, and there is the problem of Activation... I could wipe it I suppose, alot of crap I need to redownload. But that's about all. All of my writing, stories, and poetry are all on my jump drive. And I have almost all the songs I want written down, the rest i can find later. Unfortunately I need to make a new goddamn boot disk, this piece of trash either isnt working or my floppy drive is fucked up.

[420]

Well, unfortunatly the only advice I have if preventative maintenence for the future. Always keep an extra copy of anything you download on a second hard drive (or at least in an extra "backup" directoy). To be really thorough you can burn downloaded stuff onto CDs too.

Make sure you get a copy of your Internet Service Providers software and a browser, that way you can at least get access to the internet as soon as you reinstall your OS.

Unless one of the major virus detectors like McAfee or Norton can fix it then your best bet is to whipe your drive and reinstall everything.

I've never had a virus myself, though I collect old viruses like Michaelangelo (sp?) and I have cleaned many a computer, but always with a boot disk and either McAfee or Norton.

Hmm, can you call an old virus a "retro" virus?

-420

[Cobra]

acutly it went away from Disk Deframents and Nortan and deleting all files i dont need

[Mo]

Easy solution to spyware removal:  Spyware are of course little programs that do annoying things, as such they are running processes on your system.  The best way to kill a spyware is not allow it to start in the first place.  All startup programs are defined in the registery.  But editing the registery is definitely a pain so it is possible and easy to edit the startup program selection.  Tools like Spybot Search and Destroy (if you don't have this program plz go download it now) have a System Startup Config tool.  All you gotta do if uncheck all those sketchy looking EXEs and you'll be all good.

Viruses are different from spyware as most don't run processes.  Once you execute a virus it makes system changes that tend to really mess up your comp.  You'll need to change the system config back to normal to get rid of the virus.  Virus removal tools from Norton make these changes automatically.  I once got a virus that changed the way .exe files are handled thus making it pretty hard to run any removal tool.  Lucky for me it wasn't hard to change that setting back to normal.  However it was annoying

[ViperDE2004]

OMFG I HAVE THAT. IM GOING TO KILL MY BROTHERS! Hmmm i wonder if system restore would do the trick...

[CABAZON]

System restore will not work.  it only changes settings.  If anything, system restore will cause more problems, as several viruses can get in and lay 'dormant' in it.   I disable system restore.  It's not worth it.

[Soul Sojourner]

That's the problem guys.... I have spyware begone and use multiple online scanners i've found... they destroy the spyware that I got along with it. The virus deleted half my WINDOWS directory. In addition I have norton antivirus... the virus destroyed it the second I got it... every attempt at reinstall is messed with, and any attempt to activate auto-protect or scan is sabotaged. Any attempts at editing the registry are automatically aborted. Any attempts to visit a site that may be potentially threatening to it, is also aborted. (It has stopped me from many, but hasnt stopped me from the symantec site or others like it, which havent helped anyway.)

It often slows my comp, and causes folders to be opened in three's or two's and sometimes doesnt allow them to load and forces end process. My boot disk isnt working, and my guess is that my boot disk is fine... I think the floppy drive is fucked up... I dont think it's ever worked, I havent used it yet... I'll try some others from my giant stack of comp parts (Unfortunately I havent ordered a Windows 98 SE installation disk(s) yet. and I have a lack of working HDD's) If you know what Wipe and Zap are, I was planning on running wipe on the HDD, which means, nothing left, operating system, nothing. Then installing Windows XP again, unfortunately, there is Microsofts bullshit prevent piracy activation key crap, and I've already activated. ugh.

I do intend on sending Symantec all information I recieve/learn about this virus. My guess is it is new. No online scanners or anything have made any progress in finding it. I also can't change my configuration settings, since it enjoys changing them back. Unless you're speaking of the settings before startup, which I see no reason to change. And there are instructions to get rid of a certain virus similiar to this, (there are others similiar too, but this is the only one of the list I gave in the link above, that deletes so many system files) the strange part about that, is the files it tells me to delete and later restore, happen to already be deleted by the virus, and apparantly they are "important" system files. This thing also deactivated my firewall, of course I reactivated it and it hasnt messed with it after, also when I did that it stopped sending messages to ppl with the virus, although I was also doing other things preventing that, it just stopped trying. I turn on show all hidden files and system files etc. but it enjoys shutting that back off.

Just a simple virus? It will be when I'm through with it. Obviously someone put alot of thought and work into this to make it temporarily "unstoppable." Anyone who can help me in my slow progress, please do. (I'm glad Spyware Begone takes the spyware shit out of registry for me.)

EDIT: Apparantly it has some use for WinAce. Awhile ago it took it and installed it by itself, i blew it off as strange activity. Now I made an attempt to uninstall it... "Winace could not be removed properly. Are some of it's files still in use?"

[CABAZON]

You are allowed to reinstall windows 3 times before microsoft starts the bullshit parade.

[ViperDE2004]

O boy, Hell, your scaring the shit outa me 0.0 A well il just back up everything, it didnt delete anything yet, and il format my pc. back to 0. All i need is my nwn chars and my software.  The shitty thing is, i have over 15000$ worth in programs.  If i bring it in a shop, they will bust my ass.

[Cobra]

WTF WTF WTF TF OMFG  i only have 1 ****** drive OMG OMG OMG OMG OMG OMG OMG

[Soul Sojourner]

O boy, Hell, your scaring the shit outa me 0.0 A well il just back up everything, it didnt delete anything yet, and il format my pc. back to 0. All i need is my nwn chars and my software.  The shitty thing is, i have over 15000$ worth in programs.  If i bring it in a shop, they will bust my ass.

[snapback]27044[/snapback]

Ouch, you don't know anyone good with comps? Like a Technician or something?

Three times you say? Well, I guess that cures my problem, since I've never tried before, being they are dickheads and I would'nt put a one timer past them. (I have 2 Installer CD's, bought seperately, but both have been activated once, so this means I get 4 more then eh?)

I am pondering whether to let it die, before I even attempt to wipe and reinstall, or just to do it soon, I wanna learn a bit more about it and write up a report and send that to Symantec at least first. Also I've written a lot more of my book so I guess I gotta get new shit off here lol. At least in my book there are no comps, oh wait.. I guess technically there are... well at least people are too busy killing eachother to notice.

WTF WTF WTF TF OMFG i only have 1 ****** drive OMG OMG OMG OMG OMG OMG OMG

What are you talking about? I thought you said the virus was gone, and that you were getting a new comp anyway? ... ... ...

[Cobra]

i am lol i think its gone at least i not getting of that msn but i only have omg nvm i have them back

[Soul Sojourner]

i am lol i think its gone at least i not getting of that msn but i only have omg nvm i have them back

[snapback]27084[/snapback]

It's possible that its just idle, at least mine is. It hasn't been sending anything to others anymore either, well it may have last night. I woke up this morning and was logged out, so its possible it sent some. For now on when I crash, I'm unplugging the net. I have it at a standstill I've ended Dark.exe process, and leave my comp on, no restarting nothing, and if it ever logs me out anymore I just relog msn, and it cant send anything. But that hasn't happened for like 2 days now. I dont dare defragment, my files in WINDOWS may be moved, and in case I plan on taking a screenie of the missing files or having someone look at it themselves, it doesn't seem wise, there's some other reasons too, it also helps me keep track if it has deleted anything else.

[Cobra]

ah well im sure i dont hav eit anymore everything is back to normal to my com

[Soul Sojourner]

Ho ho ho... Take a look at this...
[attachmentid=644]
Seems to me the tide of war has changed...
With Dark.exe processing disabled, take a look at the bottom of the screen and notice how the Registry Editor is open. When Dark.exe process is ended, it appears there is nothing stopping me from finding, changing configs without them changing back, opening files, running programs or visiting certain web pages that are threatening to it, now I only need to make a final blow. This will help greatly in my report to Symantec. I was digging around again, seems I found what it didnt want me to find. Hee Hee Hee... the standstill is over.

[attachmentid=645]
Makes sense, was almost 10:00 P.M. Friday night when I got the fucker. I knew I had one instantly when shit went coocoo on me. Otherwise I look, or notice other signs. Such as hearing my HDD make some noises, or if your CD rom drive (if you have one, or maybe more if you have multiple) opens and possibly closes itself as well, and other such signs.

[attachment deleted by admin]

[CABAZON]

You have diablo installed on that computer?   Does anyone even play that anymore?

[Soul Sojourner]

You have diablo installed on that computer?   Does anyone even play that anymore?

[snapback]27096[/snapback]

LMFAO, yeah, surprisingly they do, lol. I have a friend who loves to fight, get laid, and party. He is a hell of a lot smarter than he acts, and not many people realize that, but he doesn't have much liking for games with big stories and all that other good shit like RPing, he likes sitting down, killing shit for awhile, and then going back to whatever else he was doing. Very hiperactive guy (has ADHD, OCD, and some other crap. lol). So I installed Diablo on my comp for him since he loves the game, and got him some "hacks" that are like 4 yrs. old, since he wanted them. lol.

Anyway, I better back up my shit right now, and do what I am going to do... in case I **** some shit up in the process. (This csrss thing worries me a bit, I could swear I seen it running before I got the virus, but it was created the day and time I got it, and it is in a folder I've never known to exist. But the process says it can't be ended for it is an important system process.) Looks like I never had to call a technician or anything after all. When I am through with this crap, I am getting Trend Micro, Mcafee, and the newest version of Norton. =D

I may not end up having to wipe... but I know myself well enough to realize that I am going to do it anyway, when I'm ready. ; )