Worm

Viruses, hackers and crackers
Mike_J.M
Registered User
Posts: 234
Joined: 23 Jan 2010, 18:24

Worm

Post by Mike_J.M »

Hi there

Anyone else having a problem with this "Worm:Win32/Autorun.gen!BS" ?
Besides the fact that its a worm.. Wat is this?
MSI Z97 Gaming 3
Intel i7 4790 @ 3.6GHz
Corsair DDR3 16GB RAM @ 2400MHz
Gigabyte GTX 770 2GB OC
Corsair RM 850W PSU
Corsair Force GS 180GB SSD
Mike_J.M
Registered User
Posts: 234
Joined: 23 Jan 2010, 18:24

Re: Worm

Post by Mike_J.M »

Go here: http://www.repairwindowserrors.com/worm ... orun-genbs
Download these tools to remove it.
It downloads stuff off the internet on its own if you leave it.
Compromises SafeBoot registry key(s) in an attempt to disable the Safe Mode.
Sets the drive to autoplay by creating autorun.inf file in its root directory. If the drive is shared across the network then other remote computers can be infected any time they try to access this share.
MSI Z97 Gaming 3
Intel i7 4790 @ 3.6GHz
Corsair DDR3 16GB RAM @ 2400MHz
Gigabyte GTX 770 2GB OC
Corsair RM 850W PSU
Corsair Force GS 180GB SSD
Mike_J.M
Registered User
Posts: 234
Joined: 23 Jan 2010, 18:24

Re: Worm

Post by Mike_J.M »

I tried removing it. Cant. Anyone can help me?
MSI Z97 Gaming 3
Intel i7 4790 @ 3.6GHz
Corsair DDR3 16GB RAM @ 2400MHz
Gigabyte GTX 770 2GB OC
Corsair RM 850W PSU
Corsair Force GS 180GB SSD
Siemens
Registered User
Posts: 2812
Joined: 01 Jul 2005, 02:00
Location: somewhere over the rainbow where katie melua is running from me.

Re: Worm

Post by Siemens »

Had AutoRun-S[wrm]
http://forums.pcformat.co.za/viewtopic.php?f=24&t=39624
Although I am not sure if the virus actually did anything bad. However when removing uTorrent my symptoms also disappeared. When I googled it no one really gave symptoms so I guess it's not that harmful.
Image
"Friends are a lot like potatoes. If you eat them they die." - Stuart
Siemens
Registered User
Posts: 2812
Joined: 01 Jul 2005, 02:00
Location: somewhere over the rainbow where katie melua is running from me.

Re: Worm

Post by Siemens »

Mike_J.M wrote:Go here: http://www.repairwindowserrors.com/worm ... orun-genbs
Download these tools to remove it.
It downloads stuff off the internet on its own if you leave it.
Compromises SafeBoot registry key(s) in an attempt to disable the Safe Mode.
Sets the drive to autoplay by creating autorun.inf file in its root directory. If the drive is shared across the network then other remote computers can be infected any time they try to access this share.
Oh didn't see that nevermind.
Image
"Friends are a lot like potatoes. If you eat them they die." - Stuart
Mike_J.M
Registered User
Posts: 234
Joined: 23 Jan 2010, 18:24

Re: Worm

Post by Mike_J.M »

Huys... How do I fix this in point form please
MSI Z97 Gaming 3
Intel i7 4790 @ 3.6GHz
Corsair DDR3 16GB RAM @ 2400MHz
Gigabyte GTX 770 2GB OC
Corsair RM 850W PSU
Corsair Force GS 180GB SSD
Slimshaedy
Registered User
Posts: 673
Joined: 11 Aug 2010, 15:32
Location: Durban, Pinetown
Contact:

Re: Worm

Post by Slimshaedy »

Get an antivirus,you can try the free one to download. Its called AVG. Its not such a good antivirus but its better than nothing. An antivirus should remove the worm. Otherwise format your hdd. Unfortunate I know.
[i7 2600K @ 4.6 ghz 1.35V] [Asus P8P67 Deluxe] [G-Skill RipjawsX 2x2GB DDR3 1600 CL6 (6-8-6-24) 1.5V]
[Sapphire Radeon 6870 @ 975/1200 1.2V] [Coolermaster V6 GT] [WD Caviar Black 640GB SATA3 6Gbps]
[Samsung SA350 23" LED] [NZXT Phantom White] [Corsair TX750W V2] [Zalman RS6F-USB 5.1 Surround Sound Headphones] My rig and benchmarks
Mike_J.M
Registered User
Posts: 234
Joined: 23 Jan 2010, 18:24

Re: Worm

Post by Mike_J.M »

Im using MSE. Which found the virus for me. but it doesnt properly remove it. So now i downloaded SpyBot
MSI Z97 Gaming 3
Intel i7 4790 @ 3.6GHz
Corsair DDR3 16GB RAM @ 2400MHz
Gigabyte GTX 770 2GB OC
Corsair RM 850W PSU
Corsair Force GS 180GB SSD
Slimshaedy
Registered User
Posts: 673
Joined: 11 Aug 2010, 15:32
Location: Durban, Pinetown
Contact:

Re: Worm

Post by Slimshaedy »

Ya bro just carry on trying all kinds of tools u can get your hands on. Fortunately I keep my info backed up and if I get a virus then I format...
[i7 2600K @ 4.6 ghz 1.35V] [Asus P8P67 Deluxe] [G-Skill RipjawsX 2x2GB DDR3 1600 CL6 (6-8-6-24) 1.5V]
[Sapphire Radeon 6870 @ 975/1200 1.2V] [Coolermaster V6 GT] [WD Caviar Black 640GB SATA3 6Gbps]
[Samsung SA350 23" LED] [NZXT Phantom White] [Corsair TX750W V2] [Zalman RS6F-USB 5.1 Surround Sound Headphones] My rig and benchmarks
User avatar
Stuart
Lead Forum Administrator
Posts: 38503
Joined: 19 May 2005, 02:00
Location: Home

Worm

Post by Stuart »

You need to wake up at 3:00 AM and run a virus scan.
Image
Mike_J.M
Registered User
Posts: 234
Joined: 23 Jan 2010, 18:24

Re: Worm

Post by Mike_J.M »

Why 3AM?
MSI Z97 Gaming 3
Intel i7 4790 @ 3.6GHz
Corsair DDR3 16GB RAM @ 2400MHz
Gigabyte GTX 770 2GB OC
Corsair RM 850W PSU
Corsair Force GS 180GB SSD
User avatar
Stuart
Lead Forum Administrator
Posts: 38503
Joined: 19 May 2005, 02:00
Location: Home

Re: Worm

Post by Stuart »

Mike_J.M wrote:Why 3AM?
Because . . . wait for it . . .
Spoiler (show)
. . . the early bird catches the worm.
Image
wizardofid
Registered User
Posts: 10962
Joined: 03 Oct 2003, 02:00
Processor: Intel 2500K
Motherboard: Gigabyte B75M D3H
Graphics card: inno3d Jericho 570GTX
Memory: 8Gig DDR3 1333mhz
Location: I'm so Goth, my wrists slit themselves.
Contact:

Re: Worm

Post by wizardofid »

http://www.repairwindowserrors.com

What I think is really, really scary is that you trust websites like this one, especially sites like these that install ransomware....that does absolutely nothing....

sigh
Image
"In my weird politically incorrect hypothetically incoherent contradicting obscured world definitively maybe"
User avatar
hamin_aus
Forum Moderator
Posts: 18363
Joined: 28 Aug 2003, 02:00
Processor: Intel i7 3770K
Motherboard: GA-Z77X-UP4 TH
Graphics card: Galax GTX1080
Memory: 32GB G.Skill Ripjaws
Location: Where beer does flow and men chunder
Contact:

Re: Worm

Post by hamin_aus »

wizardofid wrote:What I think is really, really scary is that you trust websites like this one
First link on a Google search - whats not to trust :lol:

Here's how you remove the virus, in point form:

1 - format your PC and reinstall Windows

It's been on your machine so long now that removing it will probably be impossible.
Image
wizardofid
Registered User
Posts: 10962
Joined: 03 Oct 2003, 02:00
Processor: Intel 2500K
Motherboard: Gigabyte B75M D3H
Graphics card: inno3d Jericho 570GTX
Memory: 8Gig DDR3 1333mhz
Location: I'm so Goth, my wrists slit themselves.
Contact:

Re: Worm

Post by wizardofid »

First link on a Google search - whats not to trust :lol:
Always trusting the first link on google, is like your first Russian Roulette homosexual experience in jail, you always end up with a big, bald, butt ugly transgender dude that just wants to cuddle.....




If I do ever end up in jail, I'd hope to God that my big, bald, butt ugly cell mate just wants to cuddle!!!
- jamin


Thus you prove the point.....:wink:
-wiz
Image
"In my weird politically incorrect hypothetically incoherent contradicting obscured world definitively maybe"
Mike_J.M
Registered User
Posts: 234
Joined: 23 Jan 2010, 18:24

Re: Worm

Post by Mike_J.M »

haha. and if i back up my stuff, wat if it infects the external hdd? back to square one?
MSI Z97 Gaming 3
Intel i7 4790 @ 3.6GHz
Corsair DDR3 16GB RAM @ 2400MHz
Gigabyte GTX 770 2GB OC
Corsair RM 850W PSU
Corsair Force GS 180GB SSD
User avatar
hamin_aus
Forum Moderator
Posts: 18363
Joined: 28 Aug 2003, 02:00
Processor: Intel i7 3770K
Motherboard: GA-Z77X-UP4 TH
Graphics card: Galax GTX1080
Memory: 32GB G.Skill Ripjaws
Location: Where beer does flow and men chunder
Contact:

Re: Worm

Post by hamin_aus »

Who said anything abut backing your stuff up first?
Image
Sojourn
Registered User
Posts: 5649
Joined: 02 Sep 2004, 02:00
Location: Still looking...

Re: Worm

Post by Sojourn »

No winking in thread after given comments.
Also, you both lost out. Stuart already won this thread.

Mike, I know it is a pain, but some viruses are only ever fully removed with a format/reload.
You might be able to fully remove what you have, just pointing out hat you might have to be harsh with the critter.
Sad but true.
Mike_J.M
Registered User
Posts: 234
Joined: 23 Jan 2010, 18:24

Re: Worm

Post by Mike_J.M »

It seems like its gone from my PC.. My AV hasnt detected its activity again.. The only thing leaving me suspicious is that google chrome runs on startup when its disabled and not running physically. Also my RAM usage is about 1.4GB average.. Is this kinda normal?
MSI Z97 Gaming 3
Intel i7 4790 @ 3.6GHz
Corsair DDR3 16GB RAM @ 2400MHz
Gigabyte GTX 770 2GB OC
Corsair RM 850W PSU
Corsair Force GS 180GB SSD
Sojourn
Registered User
Posts: 5649
Joined: 02 Sep 2004, 02:00
Location: Still looking...

Re: Worm

Post by Sojourn »

1.4 gb's ram sounds about right for Win 7.
Some Trojans / viruses leaves such a tiny footprint on mem usage, you wont be able to see it anyway.
User avatar
Stuart
Lead Forum Administrator
Posts: 38503
Joined: 19 May 2005, 02:00
Location: Home

Worm

Post by Stuart »

Test by plugging in a flash drive and then using it to transfer data to a friend's computer. Preferably one who has no virus protection.
Image
User avatar
Tribble
Registered User
Posts: 88465
Joined: 08 Feb 2007, 02:00
Processor: Intel Core i7-4770K CPU@3.50GHz
Motherboard: ACPI x64-based PC
Graphics card: GeForce GTX 780 Ti
Memory: 16GB
Location: Not here
Contact:

Re: Worm

Post by Tribble »

Stuart wrote:
Mike_J.M wrote:Why 3AM?
Because . . . wait for it . . .
Spoiler (show)
. . . the early bird catches the worm.
Oh a win for the mousey.
Image
ADV4NCED
Registered User
Posts: 2164
Joined: 07 Nov 2004, 02:00
Location: KZN
Contact:

Re: Worm

Post by ADV4NCED »

LOL Stuart! You were hilarious in this thread Sir :mrgreen:

Now give Mike a break lol, he's not used to your Mzansi humour :wink:

Mike aint half bad with a PC... why all you folk telling him to format for an AUTORUN worm?? God these things come and go all the time...

The payload for these worms is diddly squat, why all the fuss Mike? Grab some tools off the net and clean your PC and you'll be fine...hell you could leave that autorun worm on there and still not even notice the difference (most of the time anyway). Worst I've seen it do to a PC is change the HDD icons in My computer and create an "open with" dialog box everytime one double clicks on a drive.

Oh, and you might wanna brush up on your googling buddy :lol:

peace!
Image
I am 63% addicted to Counterstrike. What about you?
wizardofid
Registered User
Posts: 10962
Joined: 03 Oct 2003, 02:00
Processor: Intel 2500K
Motherboard: Gigabyte B75M D3H
Graphics card: inno3d Jericho 570GTX
Memory: 8Gig DDR3 1333mhz
Location: I'm so Goth, my wrists slit themselves.
Contact:

Re: Worm

Post by wizardofid »

Mike aint half bad with a PC
So only to break him down again....
Oh, and you might wanna brush up on your googling buddy :lol:
AUTORUN worm
Yeah, not when it starts hiding as gif's and hiding in zip files....
Image
"In my weird politically incorrect hypothetically incoherent contradicting obscured world definitively maybe"
User avatar
hamin_aus
Forum Moderator
Posts: 18363
Joined: 28 Aug 2003, 02:00
Processor: Intel i7 3770K
Motherboard: GA-Z77X-UP4 TH
Graphics card: Galax GTX1080
Memory: 32GB G.Skill Ripjaws
Location: Where beer does flow and men chunder
Contact:

Re: Worm

Post by hamin_aus »

ADV4NCED wrote:why all you folk telling him to format for an AUTORUN worm?? God these things come and go all the time...
You best be trolling...

You're the guy in charge of web security at ANCYL.co.za, right :?:
Image
Locked