Help! My comp is infeted with this: Win32:Klone-AQ [Trj]
I think.... this thing inserts its link in evvery my post, I've done a scan-before-Windows-loads, Avast found some "Win32:Klone-AQ [Trj]" and deleted them but, ehh, the links are still here! HELP!
.

http://www.precisesecurity.com ... ter-virus/klone-oct09.htm

Hope it helps

It's teh nukulear holocaust! OMG HAX WTF KEKEKEKE!



Are you using IE or Foxy?

I clicked that link that you posted, and I downloaded "beginning.exe" to my desktop. I scanned it with Panda Antivirus, and it said that no virus was detected. Now I am going to d/l QEMU, make a windows XP installation, and run it in QEMU, just to see what the hell it is. I wonder if it will work with a win98 installation?

I can't even open that link. NOD32 detects the threat straight away Ahh it's magic having the best AV around.

start up in safe mode, and delete that shit.. problem solved

no more porn for you!.. youngin


if you're wondering why avast didn't seem to "delete" it, is because it only deletes the file, the program is still running in a .dll file, and reinstalls itself later on thus you constantly have to delete it to keep it "out", even though its still there the whole time

so if you start up in safe mode, it only runs the bare processes you need, and just find it... delete it, and problem is solved

OMFG VIRUS! i clicked on the link, YOU MIGHT WANT TO EDIT SOMETHING LIKE THIS INTO YOUR FIRST POST
DO NOT CLICK THAT LINK!

I clicked on it too, but AV blocked it.

How does a computer dummy go about starting it up in safe mode? (anything beyond double clicking is new to me) Also, when I look at active processes, there are like 80 of them running, how do I know what I need to be running? No performance issue's here, ive just been curious about that for a while.

what is it.. hold F12 when it starts up? its F something, but i'm pretty sure its F12, and it comes up with a list of modes to start up in

if you have 80 processes going on then... **** i have a slow computer lol

either way, majority of time (99.9%) of trojans hide themselves as "required" processes, or names of such, which can't be ended, and when they are.. they automatically restart, thus i recommend starting up in safe mode

its saved me out of the few trojans i have come across.. nasty things.. then i switched to firefox and haven't had a single problem since then

What scares me is that Panda doesn't detect anything!

Quote from th84 :

...Also, when I look at active processes, there are like 80 of them running, how do I know what I need to be running? No performance issue's here, ive just been curious about that for a while.

Public service notice: You only need about 10-20 processes to run XP perfectly fine for all things computing.

Quote from spankmeyer :

Public service notice: You only need about 10-20 processes to run XP perfectly fine for all things computing.

How do I know which ones? Or does it matter?

Quote from XCnuse :

if you have 80 processes going on then... **** i have a slow computer lol

79 to be exact. (this is with two user's logged in though, im sure its less with just me...EDIT: i just logged the wifey off and now i have 55 running)

Quote from th84 :

How do I know which ones? Or does it matter?

just google for each process, there always results at the top that tell what they do, or if they are a worm / trojan.

Thats alot of googling!! Thanks though

Quote from [RCG]Boosted :

just google for each process, there always results at the top that tell what they do, or if they are a worm / trojan.

problem about that is what I already said, 99% of trojans and viruses hide themselves as required processes, for example: svhost.exe
while it is often considered a trojan, it is also a fully required program for windows which if shut off will cause your computer to restart

Quote from XCNuse :

problem about that is what I already said, 99% of trojans and viruses hide themselves as required processes, for example: svhost.exe
while it is often considered a trojan, it is also a fully required program for windows which if shut off will cause your computer to restart

yes...
but most virus scanner find them, cuz theyre usually in the system32 folder and have different size or whatever.
and i think he will get suspuicious if he finds 1 process listed 10 times

With regards to running services, check out this site...http://www.blackviper.com/WinXP/servicecfg.htm
a wealth of good info.

This utility http://www.softpedia.com/get/T ... m-Tweak/FSAutoStart.shtml
is made for flight sim, but can be used for any game.

I have my machine down to 18 running services when im gaming. Shutting down all unnesecary crap makes a hell of a difference to the performance and smoothness of games

Having over 55 processes running is ridiculous

Hmm, thanks, but eh it found something else: Win32:Zhelatin-H [Wrm], some worm , 2 dlls were infected
.

As well as running up to date AV and firewall I keep Adaware and Spybot installed to keep things clean. Spybot gives very easy access to the startup list with (admittidly incomplete at times) info about each entry.
If things get really bad get Hijackthis, youll need to post the scan logs from this on a forum (not this one) for experts to look at.
Linkage -

adaware
spybot
hijackthis
forum to post hijackthis logs

Yayzorz!!!! /me won!!! the virus threat is no more dangerous! All I needed was a proper A/V which I've got now (Kaspersky). Avast missed 55 viruses and 2361 dangerous scripts, lol. But now i have a problem: LAN/Internet doesn't work on my comp anymore! I have a home router and 2 comps, mine and dad's, I'm currently online from my dad's because mine has problems with refreshing IP address and some stuff ActiveSync pops up now: TCP/IP problems etc etc.
What I know is that Kaspersky messed with system32 exes and dlls, but touched nothing important i think, e.g. svchost and lsass are the same lenght as they're on my dad's. Help please!

You could try to repair your windows with the windows disc. Don't ask me how, I never had to use this function myself.

Give hijackthis a try, no internet is a common problem caused by this stuff.
Post your log and let the experts have a look, then you know for sure when its finally clean. Good luck.

Quote from mantis9 :

Give hijackthis a try, no internet is a common problem caused by this stuff.
Post your log and let the experts have a look, then you know for sure when its finally clean. Good luck.

Log of what? This spysweeper thingy? I've already got spyware protection...

I'm actually thinking about copying the whole system32 from another comp with the same system installed, can it help?

Sorry, I'm a dummy about viruses (virii?)/spyware stuff

I guess I'll fire up a bestest-fullest scan and check for rootkits & stuff

edit: Ok, scanning atm
edit2: 0_o holy sh** these mother****ers can hide! and there are lots of them!

In future , dont visit and download porn shit

Quote from RudolfR :

In future , dont visit and download porn shit

Porn shit wasn't involved here