Full Games List
Featured Games
Reviews
Images
Blogs
Game Updates
Engines
Tutorials
Articles
Scripts
Utilities / Plugins
Resources
Engine Bulletins
Links
What is Makerscore?
Store
RMN Music Pack
Event History
Achievements
Forums
Post History
Status History
The Latest
RMN TV
#rpgmaker.net IRC
New to RMN?
RMN v4.5 (and beyond) Feature Idea List
Review
Subscribe
Nominate
Submit Media
RSS
Virus threat....
Milos- 07/19/2012 05:25 PM
Posts 
Pages:
1
kumada
1741
CloseVirus type is FileInfector A Heur.
Please read my posts in the main thread for (slightly) more information. If I was wrong about anything, or you have more information about this particular virus, please tell me.
Deleting the game file on its own will not be enough to remove the infection.
edit: and wait. Due to the recent hacker attack? Were you just hacked, Milos?
Please read my posts in the main thread for (slightly) more information. If I was wrong about anything, or you have more information about this particular virus, please tell me.
Deleting the game file on its own will not be enough to remove the infection.
edit: and wait. Due to the recent hacker attack? Were you just hacked, Milos?
It depends on the severity of what the virus can do.
If I'm not mistaken, this particular virus infects all executable files (includes .exe, .scr, .rar, .zip, .htm, .html). It will corrupt the file, making it nearly impossible to run (a sad thing, it may infect system files... and that is catastrophic.
For now, you can try to disconnect your external media devices (external HDD, etc), disconnect from the internet, boot in safe mode, and run your antivirus there (hope it isn't broken yet, or can find it).
Last resort is, as always, clean format.
I'll try to research on this more later. I'm about to go to work. :D
If I'm not mistaken, this particular virus infects all executable files (includes .exe, .scr, .rar, .zip, .htm, .html). It will corrupt the file, making it nearly impossible to run (a sad thing, it may infect system files... and that is catastrophic.
For now, you can try to disconnect your external media devices (external HDD, etc), disconnect from the internet, boot in safe mode, and run your antivirus there (hope it isn't broken yet, or can find it).
Last resort is, as always, clean format.
I'll try to research on this more later. I'm about to go to work. :D
kumada
1741
author=shiningriver
It depends on the severity of what the virus can do.
If I'm not mistaken, this particular virus infects all executable files (includes .exe, .scr, .rar, .zip, .htm, .html). It will corrupt the file, making it nearly impossible to run (a sad thing, it may infect system files... and that is catastrophic.
This is something of a huge relief for me. It means the virus almost definitely did not make the jump between my computers. I haven't been encountering any corrupted files.
edit: any suggestions on how to scan for it? I haven't had any luck with off-site scanning. I've been running freeware malwarebytes and avg, though, and they haven't come up with anything.
I do manual tracking first while I scan the system in periods. For example, I take note of what occurs unusually for every 2 hours and scan the system twice a day. I regularly check (like, every 15 minutes or so) if there's something on the taskmanager that's running (under my username) that I did not initialize.
Sometimes, you'll see an 'autorun.inf' on either or both of your drives (sometimes, it could also be on the registry). You need to delete the one on the registry first.
Also, you can check if the program is being run when window starts. I believe what you need to type in on "Run" is "msconfig", and check on the "Startup" tab. If there's a program there that's run by something I did not initiate, then I remove that and take note of the file name. Then I do a search on the registry for related actions and files. If the antivirus does not detect it as a threat, then I delete it myself.
Just a precaution, do this on safe mode.
Sorry for the wall of text. I just got out of work, and I'm basing this off from a single type of virus that corrupted my folders (turning them to executables). Can you tell me more on what you notice the virus seem to do on your system (or anything that is out of ordinary), and then I'll see what we can do.
Sometimes, you'll see an 'autorun.inf' on either or both of your drives (sometimes, it could also be on the registry). You need to delete the one on the registry first.
Also, you can check if the program is being run when window starts. I believe what you need to type in on "Run" is "msconfig", and check on the "Startup" tab. If there's a program there that's run by something I did not initiate, then I remove that and take note of the file name. Then I do a search on the registry for related actions and files. If the antivirus does not detect it as a threat, then I delete it myself.
Just a precaution, do this on safe mode.
Sorry for the wall of text. I just got out of work, and I'm basing this off from a single type of virus that corrupted my folders (turning them to executables). Can you tell me more on what you notice the virus seem to do on your system (or anything that is out of ordinary), and then I'll see what we can do.
kumada
1741
I'm actually not noticing anything out of the ordinary. Here's my situation in a nutshell.
I switched from my old laptop to my new desktop around the same time I downloaded and tested Coldcrest. I may have tested it on my laptop after moving my files, or I may have tested it before. I may have moved Coldcrest to my desktop, or I may not have. I don't really remember. What I do know is that I had a copy of avast running on my new desktop when I moved the files over, and it didn't find anything.
I also know that at some point after playing Coldcrest, things on my laptop went entirely to crap. I stopped being able to call up my task manager, my system started chugging, etc. I immediately disconnected it from the internet, and I haven't powered up the laptop since then.
My desktop has been behaving nicely. I have rotated antiviruses a few times since getting it (Avast=>AVG=>Avast, with a copy of Malwarebytes brought in briefly. The Malwarebytes seems to be glitching now, and won't let me uninstall it, but I suspect this is due to an internal issue and not a virus. It claims it can't import a .dll every time I try the uninstall process. It also refuses to run. The other antivirus programs have worked fine.) One boot scan did find a few rootkits, but I removed them with little trouble and haven't encountered them since.
I don't know that I quite trust my competency level with computers enough to start messing around with msconfig, but I haven't noticed any indications of virus activity.
I switched from my old laptop to my new desktop around the same time I downloaded and tested Coldcrest. I may have tested it on my laptop after moving my files, or I may have tested it before. I may have moved Coldcrest to my desktop, or I may not have. I don't really remember. What I do know is that I had a copy of avast running on my new desktop when I moved the files over, and it didn't find anything.
I also know that at some point after playing Coldcrest, things on my laptop went entirely to crap. I stopped being able to call up my task manager, my system started chugging, etc. I immediately disconnected it from the internet, and I haven't powered up the laptop since then.
My desktop has been behaving nicely. I have rotated antiviruses a few times since getting it (Avast=>AVG=>Avast, with a copy of Malwarebytes brought in briefly. The Malwarebytes seems to be glitching now, and won't let me uninstall it, but I suspect this is due to an internal issue and not a virus. It claims it can't import a .dll every time I try the uninstall process. It also refuses to run. The other antivirus programs have worked fine.) One boot scan did find a few rootkits, but I removed them with little trouble and haven't encountered them since.
I don't know that I quite trust my competency level with computers enough to start messing around with msconfig, but I haven't noticed any indications of virus activity.
spoiler: I'm speaking this out of what I think is happening
Your desktop seems to be fine at the moment, if not only at the first stages. For now, I think we'd want to focus on what happened on your laptop.
Are you able to boot on safe mode (with command prompt)? If you're able to, I'd like you to try these commands out:
>> tasklist
This should display all running programs. Take note of what you think is suspicious.
Now, try on "MSCONFIG" and click on "Startup". Look for the files that looks very suspicious (Like the one I have on my screenshot. It's the ones in red.).
The other one is not listed as a valid program, but is initiated during startup. The other one, it is initiated during startup, but from a questionable location "Application Data" (Which supposed to contain, let's say, save files from games from this website and some other configuration files and data of your installed programs. It should not run any program from that location.). What you need to do is to just untick the checkbox and click on "apply". It may prompt you to restart your computer for it to take effect, so let's do that. Then, let's check msconfig again if there were really changes that were made.
Don't worry about messing around with this section of the MSConfig since this just configures which programs to run as soon as windows start up. If you'd like, have someone you trust to do this out for you.
This should prevent further actions for now. I do not know the extent of the damage the virus has done, since I think I needed to see it personally, but let's see what we can do to restore them. Do you have a list of things that you believe are not working on your laptop?
Your desktop seems to be fine at the moment, if not only at the first stages. For now, I think we'd want to focus on what happened on your laptop.
Are you able to boot on safe mode (with command prompt)? If you're able to, I'd like you to try these commands out:
>> tasklist
This should display all running programs. Take note of what you think is suspicious.
Now, try on "MSCONFIG" and click on "Startup". Look for the files that looks very suspicious (Like the one I have on my screenshot. It's the ones in red.).
The other one is not listed as a valid program, but is initiated during startup. The other one, it is initiated during startup, but from a questionable location "Application Data" (Which supposed to contain, let's say, save files from games from this website and some other configuration files and data of your installed programs. It should not run any program from that location.). What you need to do is to just untick the checkbox and click on "apply". It may prompt you to restart your computer for it to take effect, so let's do that. Then, let's check msconfig again if there were really changes that were made.
Don't worry about messing around with this section of the MSConfig since this just configures which programs to run as soon as windows start up. If you'd like, have someone you trust to do this out for you.
This should prevent further actions for now. I do not know the extent of the damage the virus has done, since I think I needed to see it personally, but let's see what we can do to restore them. Do you have a list of things that you believe are not working on your laptop?
kumada
1741
As far as the laptop goes, it has some other critical issues that aren't going away soon (windows vista searchindexer.exe malfunction,) and so I'm just going to reformat and reinstall the OS. There isn't any critical data on it that isn't backed up on my desktop.
I'll keep monitoring my desktop for unusual behavior, and I'll disconnect from the internet/boot in safe mode/run antivirus/check out the tasklist as soon as it does something aberrant.
I'm sorry I didn't mention earlier that I was just going to wipe the laptop, but I definitely feel like I have a better handle on how to use msconfig now. Thank you for all your help with this.
I'll keep monitoring my desktop for unusual behavior, and I'll disconnect from the internet/boot in safe mode/run antivirus/check out the tasklist as soon as it does something aberrant.
I'm sorry I didn't mention earlier that I was just going to wipe the laptop, but I definitely feel like I have a better handle on how to use msconfig now. Thank you for all your help with this.
@kumada I meant recent as in several days before the game was released. I really have no idea how to help you nor do I have time to answer the questions, because I don't have permanent internet access here, and that is killing me. I'll just have to hold my rage in for some time... but I will find the bastard that did this to us...
Pages:
1
