Have I Just Been Hit By A Virus?

[Sionnach Glic]

I was browsing the web this morning when something odd happened. A "security scan" window popped up all of a sudden and stated listing a bunch of viruses that were apparently on my computer. I initially thought that it was just a particularly annoying pop-up, but no ammount of hitting the red X would get rid of it. I then went to open Task Manager to get rid of it, but I was greeted with the message "tskmngr.exe is infected and cannot be opened". At this point I panicked and yanked the plug out of the wall to shut the computer down.

After restarting the computer everything seemed fine. Task Manager opened with no problems at all, and Malwarebytes is now running a full scan of the computer, with nothing reported yet. However, when I went to resume browsing the internet, Firefox refused to connect and told me "the proxy server you are attempting to connect to is refusing connections" (or something to that effect). I've never in my life seen this message before, and I don't think I've ever set up a proxy server at all. IE also failed to open, but was far less informative as to why. I went into Firefox's toolbar and wandered around the different options until I found where the proxy settings were located. It was set at "use system proxy settings". I changed it to "auto-detect proxy settings for this network" and it started working again. I also changed the proxy settings in IE to a similar setting, and it too now works.

So, what the fuck was all that about?

[Tyyr]

Yeah, that's a virus. I'm sure the people who operate the company that uses it refers to it as a service but its essentially designed to infect your computer and then you pay them to remove them. I'd run Malwarebytes and any other anti-virus you might have. Make sure to try and update them and run them again just to be sure.

The fact that you can actually run Malewarebytes means you probably avoided the worst of it. Most of those viruses are designed to shut down Malewarebytes and any other anti-virus program you might have.

[Nickswitz]

Although that is true it may be a tricky one that you have to run Malwarebytes in safe mode in order for the file not to interrupt it and hide itself.

[Sionnach Glic]

For what it's worth, Malwarebytes completed the scan successfully and turned up one trojan.

Any way to tell if it's still lurking on my system?

[Nickswitz]

Not really, if you get some funky things going on then just set it up to scan while your computer is in safe mode, and that will get rid of it fully. Hopefully

[Sionnach Glic]

I've just been hit by the exact same fucking thing not five minutes ago. This time I was able to close it by clicking on the X when it popped up, but I also noticed that it threw up an icon down at the bottom of my screen. I was also able to open Task Manager without any problems, and promptly went about killing anything in the "processes" section that didn't look legitimate. Malwarebytes is currently running a quick scan on my system as well. I'll let you guys know if it turns up anything.

If I spot this virus again, I'm going to see if I can get a screen-shot of it.

[Nickswitz]

Make sure you go into safe mode on your computer, otherwise the virus will override the virus scans.

[Tsukiyumi]

Hey, Roc... I mean SG, what's the name of the program that keeps running "scans"?

I pulled (see: dug that SOB out of its hiding spots) a similar one out of my system just a month ago; the process might also be similar.

[Captain Picard's Hair]

I was browsing the web this morning when something odd happened. A "security scan" window popped up all of a sudden and stated listing a bunch of viruses that were apparently on my computer. I initially thought that it was just a particularly annoying pop-up, but no ammount of hitting the red X would get rid of it. I then went to open Task Manager to get rid of it, but I was greeted with the message "tskmngr.exe is infected and cannot be opened". At this point I panicked and yanked the plug out of the wall to shut the computer down.

After restarting the computer everything seemed fine. Task Manager opened with no problems at all, and Malwarebytes is now running a full scan of the computer, with nothing reported yet. However, when I went to resume browsing the internet, Firefox refused to connect and told me "the proxy server you are attempting to connect to is refusing connections" (or something to that effect). I've never in my life seen this message before, and I don't think I've ever set up a proxy server at all. IE also failed to open, but was far less informative as to why. I went into Firefox's toolbar and wandered around the different options until I found where the proxy settings were located. It was set at "use system proxy settings". I changed it to "auto-detect proxy settings for this network" and it started working again. I also changed the proxy settings in IE to a similar setting, and it too now works.

So, what the f**k was all that about?

The proxy server business could refer to a hidden server the malware set up on your system which tried to take over your browsers. The old jokes about Rochey/SG "spamming" could be true in such a case -- malware-infected "bot" PCs are responsible for most of the spam email sent over teh interwebz. Most of the perps responsible for creating the malware are out of our legal jurisdiction in the US or the more advanced European nations or UK, being in Russia or some other such poor, corrupt, and lawless place. Be careful about getting it all out, because these things hide so well in the system it's nearly impossible to find them manually. Definitely, going into Safe Mode in Windows gives any scans the best chance of success...

If this doesn't work, the last resort would be a system recovery; if it's a brand-name PC there should be some way to get to the automated reformat-and-reinstallation routine through a key combination at bootup (F11 for many HP's, CTRL-F10 for some Dells, etc)

[Tyyr]

Best thing I can tell you for viruses, partition your hard drive. Give yourself about a 50 gig partition for Windows and install it only there. If you get hit by a virus you can just format that partition and reinstall the OS. Most of the time doing that, especially if you can back up all the updates to a disk and keep it handy, will take less time than trying to root them out.