ggFTW

MMORPG Gamer Community


Go Back   ggFTW Forum > Off Topic > Computers & Technology > Technical Issues

Elsword
Looking for a new MMO?

Try 

Elsword

Rating:  

8.7

 
LinkBack Thread Tools Display Modes
04-22-2012   #1 (permalink)
Static
Cornflake's Avatar
 
Join Date: Jun 2008
Posts: 1,020
iTrader: (0)
Cornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to all
Default how to deal with worms?


earlier i got this and when i logged back on to check my error out on google someone named 'welcometohellforever' had added me on steam.

i should be patched against the blaster worm and with avast, panda, nod32 and mse i didn't find any viruses. i'm guessing i need a better firewall aswell, but i'm not sure what to use. pctools doesn't seem to be cutting it.
__________________
Mabinogi - Ruairi ch5 - Spliff
 
Get rid of this ad by registering for our community.
04-23-2012   #2 (permalink)
kag
meow
kag's Avatar
Games
Asda StoryLunia
Awards MoM Award
 
Join Date: Aug 2007
Location: Rodesia
Posts: 2,900
iTrader: (0)
kag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond repute
Class: Dacy lu_dacy
Guild: ForielUnion, OurStory
Default

it does look like ms blaster/Sasser worm to me unless it is just task in your task scheduler
Both discontinued
A tool is available to remove Blaster worm and Nachi worm infections from computers that are running Windows 2000 or Windows XP
A tool is available to remove the Sasser worm variants

So you need to download the malicious software removal tool
http://support.microsoft.com/kb/890830

Try to download from another computer and make sure the infected one isn't connected to the network or all the other unpatched computers will get infected.
__________________

Fanart Anime/Manga Tees at http://www.facebook.com/metronomist
 
04-23-2012   #3 (permalink)
Static
Cornflake's Avatar
 
Join Date: Jun 2008
Posts: 1,020
iTrader: (0)
Cornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to all
Default

the removal tool did not find anything. the problem hasn't occurred again and firewalls, etc.. have been updated. i wouldn't even be worried at this point if that strange person hadn't added me on steam right after it happened (their steam account looks perfectly normal by the way though the user seems a bit insane).
__________________
Mabinogi - Ruairi ch5 - Spliff
 
04-23-2012   #4 (permalink)
kag
meow
kag's Avatar
Games
Asda StoryLunia
Awards MoM Award
 
Join Date: Aug 2007
Location: Rodesia
Posts: 2,900
iTrader: (0)
kag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond repute
Class: Dacy lu_dacy
Guild: ForielUnion, OurStory
Default

i doubt steam have such a serious security issue
i've seen this happen with some software before as well

You can try your luck with event viewer to find out if there's anything causing it.
__________________

Fanart Anime/Manga Tees at http://www.facebook.com/metronomist
 
04-23-2012   #5 (permalink)
Static
Cornflake's Avatar
 
Join Date: Jun 2008
Posts: 1,020
iTrader: (0)
Cornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to all
Default

Quote:
Originally Posted by kag
i doubt steam have such a serious security issue
i've seen this happen with some software before as well

You can try your luck with event viewer to find out if there's anything causing it.
i'm not sure what you mean by steam having a security issues. my concern was that right after the fault occurred i had been added by someone i don't know, which means they knew my steam account name (we're not in any of the same groups).

i may look through event viewer, but it's always such a long list. the only program behaving oddly is svchost but i can't figure out what service is causing the problem since they all look normal.
__________________
Mabinogi - Ruairi ch5 - Spliff
 
04-24-2012   #6 (permalink)
Static
Cornflake's Avatar
 
Join Date: Jun 2008
Posts: 1,020
iTrader: (0)
Cornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to all
Default

i found a few errors when looking through event viewer that seemed abnormal.
the first being that another computer on the network gave a message saying it was the master browser (this computer was heavily infected but has since been cleaned). the second a bunch of services failed to start (among them igalive [not sure what that is] and npkcrypt).

i didn't find anything else that looked terribly out of place around the time of the intrusion. i still haven't found anything that points to what happened, but i've beefed up system security a bit and removed unnecessary programs that were acting strangely, stuff that came from legitimate sources.
__________________
Mabinogi - Ruairi ch5 - Spliff
 
04-24-2012   #7 (permalink)
kag
meow
kag's Avatar
Games
Asda StoryLunia
Awards MoM Award
 
Join Date: Aug 2007
Location: Rodesia
Posts: 2,900
iTrader: (0)
kag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond repute
Class: Dacy lu_dacy
Guild: ForielUnion, OurStory
Default

Quote:
Originally Posted by Cornflake
i found a few errors when looking through event viewer that seemed abnormal.
the first being that another computer on the network gave a message saying it was the master browser (this computer was heavily infected but has since been cleaned). the second a bunch of services failed to start (among them igalive [not sure what that is] and npkcrypt).

i didn't find anything else that looked terribly out of place around the time of the intrusion. i still haven't found anything that points to what happened, but i've beefed up system security a bit and removed unnecessary programs that were acting strangely, stuff that came from legitimate sources.
igalive seems suspicious when i searched for igalive.sys, not much info thou but it seems like a malware from chinese site.
Try to do a scan using malware scanners. (Full System)

If you want you can post a HJT log for both.
__________________

Fanart Anime/Manga Tees at http://www.facebook.com/metronomist
 
04-24-2012   #8 (permalink)
Static
Cornflake's Avatar
 
Join Date: Jun 2008
Posts: 1,020
iTrader: (0)
Cornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to allCornflake is a name known to all
Default

malware scanners haven't turned up anything in months (not even tracking cookies) when scanning in safe mode with a fresh (working) offline install. if igalive ever actually started up i'd go and find it in the registry and remove it, but since it doesn't start i'm unable to locate the entry or the file.


this is my current HJT just for reference, maybe you'll spot something i missed. a few of the utilities will be removed shortly i'm just using them to monitor my internet.
Spoiler!
__________________
Mabinogi - Ruairi ch5 - Spliff
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


DarkOrbit
Need a new browser game?

Try 

DarkOrbit

Rating:  

5.8
Hide this banner by registering for our community.