Ship Simulator
English forum => Small talk => Topic started by: IRI5HJ4CK on February 15, 2009, 09:59:03
-
Hi guys,
Yesterday, I was on the official website of the British Steam Tug "Challange", that has been preserved.
There was a section which said that many people were intested in Challange, as regards to possably building a remote control model of her (Like Hibernia).
The website provided a PDF file which allowed you to look at the plans to give you a better idea of the structure of the vessel. I saved the PDF File, opened it up, and it seemed fine. I printed it out and realised it was a little small, so, I copied the image and pasted it into paint and all of a sudden, my computer started to run very slowly. I eventually managed to sort it out and just thought that its possable that there may have been "lots going on" in my computer that time.
However, I switched my computer on this morning, and all of a sudden, BullGaurd (My Antivirus software) came up saying it had blocked a trojan. So I scanned my system and it picked up a virus within two minutes of the scanning, I thought this would be unusual, since it only finds the cookies later on, and sure enough, it was a Virus.
I used Bullgaurd to clean it off, this is the message that came up:
http://i44.tinypic.com/21k9ttt.jpg
What I wanted to know was, is everything OK now? What was that virus's purpose? And do I need to worry about anything else? or watch out for anything else?
Thanks,
Jack
p.s. I only downloaded the PDF because I considered it as safe, since the website was about the tug "Challange".
-
If it was me, i'd do another scan just to make sure everythings been cleaned up :)
As to what it's purpose is, well there may be a guide on the web but I suppose be careful looking for anything with the word virus in it on Google.
I'm sure people know lots more than me :)
-
Hi again guys,
A little worried...Another message came up later again saying Bullgaurd hard blocked something else, what is going on? :'(
Jack.
-
Hi again guys,
A little worried...Another message came up later again saying Bullgaurd hard blocked something else, what is going on? :'(
Jack.
wuauclt.exe is part of the process which allows your Windows operating system to receive automatic updates from Microsoft, including security updates, so it's not surprising that malware might try to interfere with this :evil:
Can I suggest that, if you haven't already, you try running something like this:
http://www.sophos.com/products/free-tools/sophos-threat-detection-test.html
on your machine? It will at least validate that Bullguard is doing its job. And you could try contacting Bullguard support, they claim to offer free 24/7 support...
-
Thanks for the help Kuusuru, I will try that now! :)
It came up again, that Bullgaurd has stopped it.
http://i40.tinypic.com/71qqnp.jpg
Jack.
-
Thanks for the help Kuusuru, I will try that now! :)
It came up again, that Bullgaurd has stopped it.
http://i40.tinypic.com/71qqnp.jpg
Jack.
It could also be legitimate, and Bullguard is getting it wrong. It happens. Put it this way, Sophos is enterprise grade software, if it doesn't flag wuauclt.exe as suspicious, then it's probably OK.
-
It could also be legitimate, and Bullguard is getting it wrong. It happens. Put it this way, Sophos is enterprise grade software, if it doesn't flag wuauclt.exe as suspicious, then it's probably OK.
I hope that Bullgaurd is getting it wrong alright! Its a little odd I think, thinking about it, I think there was an update for Adobe Reader earlier, maybe Bullgaurd reacted to that or something.
Also, another odd thing is that, I Always Scan files after downloading from the internet, and when I scanned the PDF file after the slowness, it said it was OK. Weird.
But anyway, I may be in luck, Bullgaurd hasn't detected anything since I posted that last picture, If I get it again, I shall download Sophos.
Thanks VERY much for your help, it is greatly appreciated!
Jack :)
-
But anyway, I may be in luck, Bullgaurd hasn't detected anything since I posted that last picture, If I get it again, I shall download Sophos.
Thanks VERY much for your help, it is greatly appreciated!
Jack :)
Just keep in mind that because wuauclt.exe is the update client, it may be running on a schedule, so if you get another Bullguard warning, that could be because the scheduler has tried to run the client and the client has tried to connect to the update source not necessarily because the client is infected with malware. Unfortunately it seems that this would not be the only time that Bullguard got it wrong recently >:(. From http://www.bullguard.com/support/system-status.aspx, the bulletin for 13th Feb 2009:
We would like to notify you of the fact that, this morning, our Antivirus engines started flagging the Windows file "winlogon.exe" (the English version, for SP3) as infected.with "Trojan.Generic.1423603".
Detection was removed shortly after that, so any inquiries regarding this issue should be solved by updating the engines, no other action on your part regarding this issue being necessary.
Hmm... ::)
-
So does that mean I don't have virus afterall? :o
Thanks!
Jack.
-
So does that mean I don't have virus afterall? :o
Thanks!
Jack.
It has happened to me too. My anti-virus software (AVG) one day saw one of the vital parts of Windows as a Trojan. But after the daily update everything was all right again. Just a mistake of one of the programmers I guess...
-
So does that mean I don't have virus afterall? :o
Thanks!
Jack.
You don't have enough evidence to support that conclusion, because the bulletin talks about a false positive for winlogon.exe, not wuauclt.exe.
The fact that Bullguard issued a signature which flagged winlogon.exe would tend to suggest that their release QA isn't up to scratch ::) ??? >:(, so it's definitely possible that they've issued a signature which flags certain versions of wuauclt.exe. It's also possible that you've got a trojan :evil:
This is why it is important for you to scan your system with a different product. I often use Avast when I'm testing stuff which wants to know that there's an antivirus client present, and it seems to work, but the test environments are isolated, there's no malware present, so I can't vouch for how good it actually is. It is free, however, and so is AVG if you want yet another option :), but again I don't use it in anger, only in simulation 8)
-
Hi Jack.
It is likely that you have a virus on your PC. Probaby W32.Rispif. It lives in the temp folder (or sometimes in other places) and infects the windows updater program each time you reboot. When the updater program is launched, it then does the real nasty work. Bullguard is catching it after its been re-infected each time.
Removal instructions here:
http://www.symantec.com/security_response/writeup.jsp?docid=2008-081915-2311-99&tabid=2
-
Hi Terry, following the instructions now, do I need to worry? Is Bullgaurd keeping it at bay?
Jack.
-
I think so.
You still have the infection, it seems. And that will keep inserting the trojan into wuauclt. But each time it runs, Bullguard will catch it, apparently.
In the meanwhile, you can't update Windows and install security patches etc. So you need to get this fixed as quickly as you can. There is also the chance that it might slip through when Bullguard is sniffing it's own tail or something...
-
God. I hate Trojans. I got one and had to cleanse my hard drive! >:(
-
God. I hate Trojans. I got one and had to cleanse my hard drive! >:(
You can ALWAYS beat them. I have a test machine that I use to check out my own antiviral/antieverythingnasty programs. I deliberately infect it and see what is needed to destroy the viruses. Sometimes they struggle, but they always loose.
Often, just going to the Symantec site and typing the name of the virus, trojan, whatever into their search engine will reveal exactly what you need to do. Often they have a tool for your use.
So, chin up, Jack! :thumbs:
-
You can ALWAYS beat them. I have a test machine that I use to check out my own antiviral/antieverythingnasty programs. I deliberately infect it and see what is needed to destroy the viruses. Sometimes they struggle, but they always loose.
Often, just going to the Symantec site and typing the name of the virus, trojan, whatever into their search engine will reveal exactly what you need to do. Often they have a tool for your use.
So, chin up, Jack! :thumbs:
Do you just do trojans or all types of viruses?
-
my own antiviral/antieverythingnasty programs
Everything.
-
Everything.
I bet installing viruses on purpose is fun. But how do you know how to find them?
-
You can ALWAYS beat them.
Thats the spirit! :)
-
Thanks for telling me Terry! Just been out, left Bullgaurd scanning and it picked up two viruses, deleted them, THE WAR IS ON! :lol:
Alright, Now I'm going to look at these instructions, hopefully I'll understand them!
Thanks a million for the help Terry, I can always give you the link to that nasty PDF file if you'd like to play with it in your test Machine! :D
Jack.
-
Alright, Now I'm going to look at these instructions, hopefully I'll understand them!
Thanks a million for the help Terry, I can always give you the link to that nasty PDF file if you'd like to play with it in your test Machine! :D
Just take the instructions slowly, one step at a time. Read it all, then read it again. Then do it again. ;D
I think I already have that virus in my "losers" collection.
I think there was an update to Adobe Acrobat that stops it happening again. When you've fixed the problem, traipse over to Adobe and update your pdf reader.
-
Just take the instructions slowly, one step at a time. Read it all, then read it again. Then do it again. ;D
I think I already have that virus in my "losers" collection.
I think there was an update to Adobe Acrobat that stops it happening again. When you've fixed the problem, traipse over to Adobe and update your pdf reader.
Yes, I am doing now, just reading them carefully, Bullgaurd is running in the background at the moment, just to see if anything is trying to sneak past without detection ;D
Ah right, just out of interest, has any virus actually ever/almost beaten you? Whats the worst one(s)?
Jack :)
-
Nope. I always win.
The worst one was where it made a large number of copies of itself. (13, I think). If you went into Task Manager and stopped any of them, one of the others simply recreated it.
For that I tried two approaches.
A few years ago I created a program called processkiller. It is a very fast Machine Code program. I originally wrote it for some of my servers that run Word in Mailmerge when certain web pages are called up. If the Mailmerge fails for any reason, Word is left locked in the background and no more Word documents can be called up. Every minute, the servers launch processkiller and close down any instances of Word that have taken more than their allotted time.
I simply told processkiller to look for the PID (Process ID) for the virus and kill it. Then I reprogrammed another copy to look for another instance of the virus. And so on, 14 times (in case one got missed).
That took three minutes to catch and kill them all.
I also reverse engineered the virus, to work out how it would name the next instance that it created. That way, I have processkiller ready and waiting. :evil:
The other way was to see how it launched itself at startup and prevent that. That was quite simple. It just hijacked a windows program (rather like your infection) and started it on reboot. I simply made a program that removed the registry key before Windows go far enough to lauch it. That method is now included in some of the anti virus software you may be using.
-
Interesting stuff Terry!
Still don't understand the mentality of people making viruses, what do they get out of it? ???
One thing Terry, I think I may need to PM you about these instructions, I'm a little confused to be honest with you, I don't want to mess anything up on the computer, I really could do with learning about the techy side of computing, couldn't I :D :-[ *rolls eyes*
Thanks a lot for the help!
Jack
P.S. I just scanned my computer again (Its constantly scanning-just to keep on top of it while I'm reading the instructions), and it came up with the file attached below, does it make things any clearer to you, as to what exactly is going on, Terry?
-
Well, I THINK I've gotten rid of the Virus using Bullgaurd!
I'm hoping that it does not return, because, I scanned it about three times in total all the way through and on the first time, It tried to delete it, scanned again, it was still there, so I set it to "Disinfect", now, I've scanned again and its revealed nothing!
I won't party JUST YET, incase it comes back, but I'm hopeful it has gone, here is a screeny of the scan I just did about 2 minutes ago giving the all clear (See attachment).
Do you think it has gone, Terry/anyone else?
Jack :)
p.s. running another scan now, just to check another hasn't come while I've been scanning....
-
Hi Jack.
Best thing is to turn off the Windows System Restore, then reboot into SAFE MODE. Immediately run Bullguard again.
Then reboot again and run Bullguard once more.
If all is clear, you're probably OK. :thumbs:
If you're not sure how to turn off the system restore, see here:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
-
Hi Jack.
Best thing is to turn off the Windows System Restore, then reboot into SAFE MODE. Immediately run Bullguard again.
Then reboot again and run Bullguard once more.
If all is clear, you're probably OK. :thumbs:
If you're not sure how to turn off the system restore, see here:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
What exactly does Reboot mean Terry?
Thanks a lot for the help :)
Jack.
-
REBOOT = Close it down and restart it.
-
Hi Terry!
Thanks for your help! My system seems to be ok now, now I can go sailing again hehe ;D
Thanks EVER so much, your a very kind person, thanks a lot :)
Jack
p.s. Switching off computer now, cross your fingers that its ok in the morning :lol: :evil:
-
kjblkjggb
luyp8ypuiy34hkv ljglgu#
uggup;
u;oh; ;y8ygaoi7t0w bnqp89y4rl pq83w4yr po3yh4r
Had to stop typing with my fingers crossed. ;D
-
Ahhh well, Virus by the looks of it has come back for more ::) Switched the computer on and it said Bullgaurd had stopped Malware (Like the ones above).
What I did last night was, I Scanned right till the end on Bullgaurd, and it didn't seem to pick up anything, so I thought it was clear.
What I'll do now is,
"Best thing is to turn off the Windows System Restore, then reboot into SAFE MODE. Immediately run Bullguard again.
Then reboot again and run Bullguard once more.
If all is clear, you're probably OK."
Is that all I need to do, Terry?
Jack
p.s. Sorry to be a pain :lol:
-
Ahhh well, Virus by the looks of it has come back for more ::) Switched the computer on and it said Bullgaurd had stopped Malware (Like the ones above).
What I did last night was, I Scanned right till the end on Bullgaurd, and it didn't seem to pick up anything, so I thought it was clear.
What I'll do now is,
"Best thing is to turn off the Windows System Restore, then reboot into SAFE MODE. Immediately run Bullguard again.
Then reboot again and run Bullguard once more.
If all is clear, you're probably OK."
Is that all I need to do, Terry?
Jack
p.s. Sorry to be a pain :lol:
Is it wuauclt.exe again? ???
If you click on the Start button, then in the open box type in:
wuauclt /detectnow
then click OK, does that cause Bullguard to pop up a warning?
-
I'll try that in a moment! Thanks! :)
Hmmm.....this is very unusual, like last night, Bullgaurd hasn't picked up anything, but its obvious something is going on since this morning the updates couldn't get through (as predicted) and it blocked Malware.
Any idea as to whats going on guys?
Jack
p.s. contacted Bullgaurd on the issue.
-
Sorry to double post!
Bullgaurd support have got back to me saying:
"Dear Jack,
Thank you for contacting us.
- First of all, I will recommend that you to do a scan from Windows Safe Mode as only critical Windows processes in Safe Mode and BullGuard has greater permissions to remove any threats.
> To enter safe mode, restart your computer and keep tapping the F8 key from your keyboard as your computer starts (before the Windows logo screen appears).
> When the Windows Start up menu appears, please select the Safe Mode option.
Note: In Safe Mode, BullGuard will not start automatically so you will have to start it via START > All Programs > BullGuard. Please ignore the error messages you will get from BullGuard (they will tell you that some components could not be loaded). After this, just run a full system scan as usual.
- If BullGuard does not eliminate all threats, please do as follows in order to send us the scan log:
> After the scanning process finishes, scroll down to the end of the report shown by BullGuard and press the button Copy Log to Desktop > restart your computer in Normal Mode and send it as an attachment to support@bullguard.com
Thank you for your cooperation.
Best regards,
Costa Hilohi
BullGuard Support Team"
Does that sound good to you guys/Terry?
Jack :)
-
My advice at this stage, seeing as how you have established a conversation with the vendor of your current AV, is to pursue a resolution through them.
If you get to a point where it's not fixed and you've had a gutful, PM me and I'll tell you how to send the file to me so I can scan it, observe it in a sandbox, and disassemble it to see if it is, in fact, malware.
-
Bah...This virus is having a laugh now >:(
Used the instructions above, seems to be in safe mode, scanned using Bullgaurd, and its found nothing...Unsure of what to do now, whether to call someone out or experiment with Terry's info etc.
Thanks for the offer Kuusuru, I might need to :)
Jack.
-
Hi Jack.
Bullguard advised you to do exactly what I did, i.e. boot into safe mode and run it. But they also asked you to send them a copy of the report if it still didn't fix it.
I'd strongly suggest you do that.
I'd also suggest that you don't try emailing a virus. Many reasons:
(1) Your ISP may decide that you've breached your terms of use and disconnect you. They can and will do it.
Here's the real killer:
(2) When you attach an infected file to an email and then send it, how many other of your systems do you think you might infect? Of course, Bullguard may strip it out, anyway.
Just do what Bullguard advised you. Follow one course, Jack. :)
-
I'd also suggest that you don't try emailing a virus. Many reasons:
All true. That's why we in the business :police: use things like password-protected zip files and secure file transfers to do this :angel:
Just do what Bullguard advised you. Follow one course, Jack. :)
Unless you're piloting the Titanic ;D that's good advice :thumbs:, and hopefully they'll be able to help him achieve a satisfactory resolution, but if not, he at least has options.
-
Well, guys...It would seem the virus has gone!
It would also seem that whatever happened when it was in "safe mode" the first time, it actually wasn't in safe mode and I did not realise ::) Typical me.... :D
Well anyway, I thought to myself, I'll try it again before I go because nothing has appeared to have changed.
But before I did that, I thought about something, that maybe, System Restore had the virus in there, and that was what Bullgaurd was picking up. Could that be why? Just a (Slightly :lol:) Educated guess.
But anyway, I fiddled around with the computer again, and last night, I certainly think it was in safe mode, because it looked like windows 95, and all the icons were big, and the background was black.
Did a full system scan-Nothing revealed. So I was unsure as to whether that was a good thing, or as Terry said, the Virus could get past while Bullgaurd is sniffing its tail....or something :lol:
This morning, I turned the computer on, and No warning! And it didn't say windows updates had to be stopped (Encountered a problem).
Does this mean the virus has now gone? But if it has gone....Why was nothing found, was it System Restore? :-[
Jack.
-
Assuming that its gone, wooohooooo! :)
Congratulations! I know its been getting on your wick for the past few days so now your computer is free again ;D
Oh and, I think Terry wants the cheque to be posted in the next few days ;D
-
Oh and, I think Terry wants the cheque to be posted in the next few days ;D
He certainly does deserve one!! ;D Thanks a MILLION Terry! It would appear it HAS gone, and it has only gone (I think) Because of your advice, I think about the System Restore bit! :)
Thanks a lot Terry, your a star :) ;D
You know where I am if you ever want anything, to return the favour :)
Thankyou thankyou thankyou thankyou thankyou! ;D :lol:
Jack.
-
I had a virus on my PC; it was difficult to get rid of.
-
He certainly does deserve one!! ;D Thanks a MILLION Terry!
A cheque for a million? Thanks!
The system restore is a "cheap" way that virus use to re-infect th ePC. They go and infect a file in system restore as well as wherever else they go. Then, when you delete the infected file, Windows does all the work. It sees that a system file is now the wrong size (or so it thinks) afer a recent change. So it goes to its backup set and copies across the infect file again.
There's nothing magical about viruses. The technology behind them is quite basic. But its amazing how tricky it can be to cope with basic technology, sometimes.
Glad its all OK now. ;D
-
Thanks a lot Terry, it does seem to have gone now alright, but, one thing, how can I actually tell it has gone? or would you say that it has certainly gone now?
Also, when should I switch System Restore back on? Or should I not switch it back on at all?
Thanks a million (Cheque's in the post now :lol:)
Jack.
-
Hi Jack.
You've probably beaten it by now.
Get Bullguard to scan the entire PC one more time, and if all is OK, switch system restore back on.
Then restart the PC and run Bullguard again. If all is OK, then all is OK!
-
Hi Jack.
You've probably beaten it by now.
Get Bullguard to scan the entire PC one more time, and if all is OK, switch system restore back on.
Then restart the PC and run Bullguard again. If all is OK, then all is OK!
When you say the entire system, do you mean to put in safe mode again? then scan?
Thanks for your help!
Jack :)
-
When you say the entire system, do you mean to put in safe mode again? then scan?
Thanks for your help!
Jack :)
Probably a good idea to do that.
-
Ok, Thanks Terry! I shall do that now, Bye bye! My cup of tea downstairs is calling me, along with the TV :lol:
Thanks a million, once again Terry, your advice solved my problem :) :thumbs:
Jack.
-
Oh, so that's a cheque for two million now, is it? :evil: ;D
-
Hope it's not in Zimbabwan dollars.. ;D
-
Probably... :evil:
-
Then Jack, if I were you, I would start saving up. ;D