Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91634 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

gmer.net blocked in IE, gmer download error if using Firefox


  • Please log in to reply
6 replies to this topic

#1 finiteworld

finiteworld

    Authentic Member

  • Authentic Member
  • PipPip
  • 48 posts

Posted 09 January 2009 - 12:24 AM

Had a machine that was infected with Anti-virus 2009, it was also loaded with tool-bars and .cab game files from winnersworld.com. I removed all of that (think anyway) and also found and removed the postcard.exe worm/virus which had the local settings\temp .bat file and associated registry entries. -SO- I then wanted to poke around on this system with gmer and see if I caught anything running. When I tried to access www.gmer.net with IE7, was told that web page unavailable (the standard ie error when a page doesn't load). I was able to access www.gmer.net from another computer, however. I then downloaded and installed firefox from download.com just fine. Using firefox, I was able to now get to www.gmer.net. However, when I tried to download gmer I was given an error stating that the "source file cannot be read". I was able to download gmer onto another computer just fine. host file is clean and I can navigate with IE7 to greatis.com and download unhackme just fine, which found nothing; by the way. I also was able to get to avg's website with IE7. The machine shows clean according to malwarebytes and mcafee antivirus. I know that the above information is general and that I am not posting a log so -> what I'm really asking for is if by chance anyone knows of a piece of malware out recently which could be kernel-level rootkit/cloaking malware, run stable, block gmer, and not be detected IN ANY WAY with malwarebytes or mcafee? Just thought that I'd ask.
All targets met.
All systems working.
All staff eager and enthusiastic.
All pigs fed and ready to fly.

    Advertisements

Register to Remove


#2 John B..

John B..

    Honors Grad

  • Authentic Member
  • PipPipPip
  • 324 posts

Posted 09 January 2009 - 01:22 AM

Hi,

what I'm really asking for is if by chance anyone knows of a piece of malware out recently which could be kernel-level rootkit/cloaking malware, run stable, block gmer, and not be detected IN ANY WAY with malwarebytes or mcafee?

How could I know of malware that is not detectable? ;) Just joking. I recommend that you post in one of the private forums and ask there. You may still be infected (don't know how far you are in training) and the malware experts visit those subforums more than these tech forums.

Regards,
John.

#3 ISHAN.SHARMA

ISHAN.SHARMA

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts
  • Interests:Programming,network security and other computer related subjects, Reading and swimming

Posted 09 January 2009 - 02:18 AM

At first look I thought yours is a case of malware infection. I myself have been infected by Antivirus 2008 once and although all the antivirus and anti-spyware programs (except threatfire, which always detected two rootkits in my PC) displayed clean logfies I knew I was infected. Antivirus 2008 blocked all access to malware removal websites and other antivirus and anti-spyware websites. Perhaps this is what happened to you too. But hey! even I'm not able to access gmer.net presently and I know I'm clean.
ISHAN SHARMA
Posted Image

#4 paws

paws

    Tech Team

  • Administrator
  • 5,914 posts

Posted 09 January 2009 - 05:50 AM

Just for the record, I was able to access OK the GMER site a second or two ago with no problems. There's no telling what the infections may have done to the system in question.....the safe and quick answer is blitz the disc and format and reinstall the OS and Applications....... However as we don't provide malware removal advice on this subforum and perhaps you may be treating this machine as a learning exercise......... if so then maybe you should ask one of your teachers here for their views. Malware of this type often takes out various security related websites and prevents either the downloading of common removal tools or their installing and functioning....or all three! Also even though the back up/copy /archive of all important documents data etc may be 100% up to date, accurate and reproducible and kept safely on removable media, it may be compromised in terms of the viral activity experienced! Regards paws
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#5 ISHAN.SHARMA

ISHAN.SHARMA

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts
  • Interests:Programming,network security and other computer related subjects, Reading and swimming

Posted 09 January 2009 - 09:36 AM

For the records: I tried again after paws post and was able to browse the GMER website now.
ISHAN SHARMA
Posted Image

#6 finiteworld

finiteworld

    Authentic Member

  • Authentic Member
  • PipPip
  • 48 posts

Posted 09 January 2009 - 09:52 AM

thanks to everyone for the input. yeah, the machine's not mine and it'll probably end up being swiped and the OS reloaded. I spent a few hours toying with it yesterday to see if I could get any better experience with GMER. I just started training here at WTT and still lack foundational knowledge that I think is required for a tool such as GMER. Not for long, though, right? :) I've obtained a book and other literature on rootkits but they're beginner-type (Rootkits for Dummies etc...) and I'm now trying to progress to the intermediate level; like being able to recognize poor-dll's, hijacks, injections, etc... I'm pretty sure my buddy will do the swipe and reload today and therefore won't have time to post the hijack this logs and troubleshoot. if I had another machine with the same hardware configuration i'd ask'em to let me put it's image on another pc so that I could train with it. i have many friends who practice way unsafe computing, to the nth degree in fact; despite my best efforts to modify their behavior otherwise. guess that since i always fix their machines, there's not too much incentive for them to watch where they surf and what they download. more training for me :lol: so i'm sure that the next infection for me to work/learn on is "in the post" with my address on it; just as soon as they call for me to fix their pc again.
All targets met.
All systems working.
All staff eager and enthusiastic.
All pigs fed and ready to fly.

#7 paws

paws

    Tech Team

  • Administrator
  • 5,914 posts

Posted 09 January 2009 - 10:43 AM

:thumbup:
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users