Author Topic: What a bad day with comp  (Read 15133 times)

0 Members and 1 Guest are viewing this topic.

Offline Datagg

  • Sr. Member
  • ****
  • Posts: 219
  • Perceive things that you cant see
    • Girlfriends Lingerie
What a bad day with comp
« on: June 30, 2004, 11:51:11 PM »
Oh man, yesterday sucked  so bad.  Ill try to make this as short as possible here.  Yesterday,  Avast went off,   Virus,  Haxdoor virus, I deleted, again not one second later, went off again with,  same hting, a total of at least 9 times, one after the other it went off.  Then,  I immedietly started to get Browser pop ups. Avast was shut off, so was my firewall.  Both programs were shut down.  I disconnected my modem, asap, for outbound connections were happening and no protection.   Restarted up avast manually, to find that the Resident scanner was off, and the program was glitchy. Same with outpost,  it was completely disabled in all settings.  What ever this thing was, has wreaked havoc.  At this point, there is a huge background screen on desktop that is black.  Outpost wont turn on, avast is reporting memory resident viruses.  So, I chose to run on boot up the memory scanner.  Took a long time,  but it reported thru this course, a Haxadoor.trj plus another 12 instances of trj and viruses hitting everthing from Windows 32, to mstask, it was just crazy.  Deleting each entry as it was found,  it was painfully obvious to me that the comp was going to be shot.  Ironicaly, it booted back up. Yet outbound connections were active, clicks and background desktop corruption. Avast at this point wont load up, firewall also. Not even manualy, woudl they start up.  Ran my spyware programs, showed a few, deleted them .  Stil with cables pulled form modem, I decided to go to safe mode and run these tests.
Took 3 tries to get into safe mode,  the rest of the time it wouldnt even boot.  

Well,  things only got worse, and at that point I just wound up reformating entire drive and now im here.

This computer was fort knox, well at least I thought so till yesterday.  Thru some kind of virus,  and I wish I could tell you more, I had no logs showing, becasue the programs were wiped out, it was like they were targeted, and new how to disable all protections.  

Those few names, of haxadoor, or haxdoor, and so  many .trj files of various names, I couldnt begin to tell you all of them. But this all happened in a course of 2 minutes. Avast went nuts,  then was shut down, same with firewall.    

This was a clean system up tothat point. Lie said im very security conscious, run scans everyday including virus, and spyware checks.

This was just so completely unbelievable

Well sorry this is so long, and for the ones who read it all, thanks for your time.   Just wanted to share with yall, something that I have never seen before. I was shocked to say the least.

Dont know whats out there now, or if it will happen again. I am still using the same security protocols I have used for years now.

So becarefull you guys.

X64
GA-K8N-SLI
AMD 64 3500+
Nvidia Nforce4
e-Geforce 6800GT - PCI-E 256M
Gig of PC3200 DDR2

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re:What a bad day with comp
« Reply #1 on: July 01, 2004, 12:14:36 AM »
Datagg, I feel sorry about that  :'(
Did you protect the ashServ.exe by Process Guard 1.1?

Seems that the virus 'disabled' avast...
With the Professional version, I suggest to use a password...
The best things in life are free.

Offline Datagg

  • Sr. Member
  • ****
  • Posts: 219
  • Perceive things that you cant see
    • Girlfriends Lingerie
Re:What a bad day with comp
« Reply #2 on: July 01, 2004, 05:29:21 AM »
No I used to have proccess guard on here, but got rid of it.  And im running home version.  

All is well now, but I need to find out what in the heck cuased this to prevent it again.  
X64
GA-K8N-SLI
AMD 64 3500+
Nvidia Nforce4
e-Geforce 6800GT - PCI-E 256M
Gig of PC3200 DDR2

Offline .: Mac :.

  • Avast √úberevangelist
  • Ultra Poster
  • *****
  • Posts: 5088
Re:What a bad day with comp
« Reply #3 on: July 01, 2004, 05:35:55 AM »
Quote
All is well now, but I need to find out what in the heck cuased this to prevent it again.
Oh I will tell you how to prevent it... Switch to Mac OS X!!


Ok now being serious, Like technical said try the process guard. protect the avast services and the firewall services. (Mabye even get a hardware firewall?)
"People who are really serious about software should make their own hardware." - Alan Kay

Offline Datagg

  • Sr. Member
  • ****
  • Posts: 219
  • Perceive things that you cant see
    • Girlfriends Lingerie
Re:What a bad day with comp
« Reply #4 on: July 01, 2004, 05:42:03 AM »
I do have a hardware firewall, luckily that is...

I just reinstaled protect guard also
X64
GA-K8N-SLI
AMD 64 3500+
Nvidia Nforce4
e-Geforce 6800GT - PCI-E 256M
Gig of PC3200 DDR2

Offline Amerk_5

  • Jr. Member
  • **
  • Posts: 91
Re:What a bad day with comp
« Reply #5 on: July 01, 2004, 08:09:48 AM »
Also try running Stinger by McAfee. It's an on-demand AV that targets the viruses that disable firewalls & anti-viruses.

Offline Datagg

  • Sr. Member
  • ****
  • Posts: 219
  • Perceive things that you cant see
    • Girlfriends Lingerie
Re:What a bad day with comp
« Reply #6 on: July 01, 2004, 08:23:19 AM »
Why do you believe stinger is important at this point.  Fresh instal of os, full avast up and running, outpost, and full version protect guard.

Im not saying you arent correct.Just trying to understand your thoughts.  Avast + (gulp mcafee) is a scary endeavor...

X64
GA-K8N-SLI
AMD 64 3500+
Nvidia Nforce4
e-Geforce 6800GT - PCI-E 256M
Gig of PC3200 DDR2

Offline Datagg

  • Sr. Member
  • ****
  • Posts: 219
  • Perceive things that you cant see
    • Girlfriends Lingerie
Re:What a bad day with comp
« Reply #7 on: July 01, 2004, 09:14:28 AM »
As anyone used protect proccess here.  Im using all option thus far to protect, all otehr programs such as outpost etc gave gloabal rights to download updates. But avast will not download, keeps saying not enough rights...All exe in avast folder given permission for hooks and download drivers in procccess guard. Does anyone have any idea how to fix this.....???
X64
GA-K8N-SLI
AMD 64 3500+
Nvidia Nforce4
e-Geforce 6800GT - PCI-E 256M
Gig of PC3200 DDR2

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:What a bad day with comp
« Reply #8 on: July 01, 2004, 09:50:02 AM »
Are you sure HaxDoor was the name of the virus reported? Which file was reported as infected?
Did the alert from avast come suddenly (with no particular timing) or were you browsing e.g. some not-really-safe websites at the moment?


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Datagg

  • Sr. Member
  • ****
  • Posts: 219
  • Perceive things that you cant see
    • Girlfriends Lingerie
Re:What a bad day with comp
« Reply #9 on: July 01, 2004, 09:57:54 AM »
Vik I so much wish I could give you more.  Avast lit up, alarm after alarm.  Once i was allowed to run a boot memory scan, it showed a virus called haxadoor and then many many trj....  When avast went off, it was like litterally 10-12 times.  I was browsing, then a pop up, then all went to hell.  

I just got the full version pf protect guard tonight to prevent this from happenign again, yet when i have the program on full protection, im unable to download av updates, says not enough user rights.

I do have every exe in the folder, telling it to allow downloads and drivers, yet still no luck.  Only way it will work is if I drop the protection " Block drivers and services protection "  

Perhaps one of you guys know why that is hopefully.

As said vik, I wish I had more, there were no logs in any programs I had, outpost or avast.  Whatever I got hit by completely wiped out all my protection programs.  It even turned off the avast scanner once I was able to manually boot it up...it was unreal, and I dont want it to ever happen again I tell ya.

I looked up haxadoor, didnt see anything on it, so im really lost here...

Thanks vik and all who can assist here on this
oh and vik, from wha tI recal, the files done at boot scan showing were mstask.exe,windows32.exe,documents,tempfiles, so many, im trying to remember them all, there were at least 20 or so in total
« Last Edit: July 01, 2004, 09:59:59 AM by Datagg »
X64
GA-K8N-SLI
AMD 64 3500+
Nvidia Nforce4
e-Geforce 6800GT - PCI-E 256M
Gig of PC3200 DDR2

Offline Datagg

  • Sr. Member
  • ****
  • Posts: 219
  • Perceive things that you cant see
    • Girlfriends Lingerie
Re:What a bad day with comp
« Reply #10 on: July 01, 2004, 11:13:02 AM »
Well i found the culprit..Reading up on it, brings back things that I forgot...

http://www.sophos.com/virusinfo/analyses/trojhaxdooru.html

Does anyone kow why I cant get updates with full process guard protection all point. All esle will work, yet avast will not even when told to allow download/etc still wont..says not even access to do this...

im sure its a setting im missing..all eexe in avast folder was given permission to hook up, yet doesnt matter unless the protection is disabled
X64
GA-K8N-SLI
AMD 64 3500+
Nvidia Nforce4
e-Geforce 6800GT - PCI-E 256M
Gig of PC3200 DDR2

Offline Le Doc

  • Sr. Member
  • ****
  • Posts: 230
  • Computer obey to orders, not to intentions.
    • La Halle online
Re:What a bad day with comp
« Reply #11 on: July 01, 2004, 11:57:49 AM »
Really unlucky !! You have many advanced protection software and hardware, but do you have the basic protection ? that is : don't use Internet Explorer and don't use Outlook.

Sometimes the best protection is basic protection. I recommand Mozilla or Firefox and Foxmail. All freeware.

Avast HE 4.1.418 (french)
Windows 2000 PRO (french) - SP4 + patches
nforce 2 motherboard (IGP)
AMD 1800+, 512 MB, 160 GB + 40 GB

Offline Datagg

  • Sr. Member
  • ****
  • Posts: 219
  • Perceive things that you cant see
    • Girlfriends Lingerie
Re:What a bad day with comp
« Reply #12 on: July 01, 2004, 12:52:15 PM »
I have many browsers, i design websites so i have to have them all.  Email is mozilla.
X64
GA-K8N-SLI
AMD 64 3500+
Nvidia Nforce4
e-Geforce 6800GT - PCI-E 256M
Gig of PC3200 DDR2

Offline Cloussau

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 897
  • AVAST! antivirus with balls
Re:What a bad day with comp
« Reply #13 on: July 01, 2004, 01:13:13 PM »
i sypathise with you and wish i could help with process guard i also run it but i only have the trial/free version which allows one process so i have it on zone alarm . my question would be have you got any resident shields running as the likes of SSD and SWBlaster are great and free and use little or no resources . i also run a program called MRU blaster but i dont know wether that does any good or not.
sys- p4  3.0D ,  1024mb ddram ;arsenal :Avast IS 5.0 pro / Firefox / adblock /noscript : win xp/pro/sp3 32 bit

Offline Datagg

  • Sr. Member
  • ****
  • Posts: 219
  • Perceive things that you cant see
    • Girlfriends Lingerie
Re:What a bad day with comp
« Reply #14 on: July 01, 2004, 01:30:39 PM »
My complete seet of security is Avast,outpost,spyhunter,aluria (protects against spyware installations ) spyware blaster,and now process guard.

Ive been real lucky for years now, pretty much fort knox on my end, and with my harwired firewall also I was pretty confident i was secure. Till yesterday,    never witnessed before all my security programs being eradictaed 1 by 1....Hence now I just bough process guard....

Pretty sad when your protection programs needs protection themselves......
X64
GA-K8N-SLI
AMD 64 3500+
Nvidia Nforce4
e-Geforce 6800GT - PCI-E 256M
Gig of PC3200 DDR2