nasty virus

[kylebisme]

i started geting some breif pauses in games yesterday and thought i had a virus. came to find out msconfig closed out on its own so that pretty well sealed the deal. thought i got rid of the virus though an online scan but then today i got the pauses again, and msconfig was closeing out, as was regedit. went to do a virus scan again and found that i couldn't connect to any virus sites, the virus had blocked them though my hosts file. cleaned that up and looked in the processes, shut down csrss32.exe and serv1ces.exe so i could use reg edit and found them and dissabled them from the runservices section of the registry. there is also an nsdcmds.exe listed in that list but i didn't remove it as i don't know what it is and i can't find the actuall exe file anyway so i'm not sure if it matters.

anyway, i still want to know exactly what i was hit with and if you all think i got it cleared up?

 

[Robor]

Did you try downloading and installing AVG Antivirus? Here's a link to their main site

Good luck!

 

[computerABUSER]

Dude, you have over 2500 posts and you don't know to use an AntiVirus program ??? well, good luck. I use Bitdefender and I sware by it...its great stuff.

CA

 

[Winchester]

Guys, I found a virus on a clients computer that shut down ANY anti virus, even AVG and Avisoft. You also could not go into Regedit, it would close like after 5 seconds.

I found the perpitrator by going into services, and finding a duplicate record. THe one I found was a DCOM service, it had it listed 2x but with extra obvious words on the end of one. Stop that service, set it to manual, then you will be able to go into REGEDIT and remove it etc.

 

[shadowfaX]

This virus may be some variant of Gaobot, which does take advantage of the DCOM service vulnerability. You'll probably want to try taking it out in safe mode. I've found that Gaobot likes to hide things in the System32 directory, so doing a sort by "Date Modified" will usually show the suspicious files in the more recent dates. Hope this helps a bit.

 

[Frazas]

Find a boot CD with a anti-virus installed and run it from the CD. This way you won't have any problems removing the files infected in your operating system drive.

 

[kylebisme]

Originally posted by: shadowfaX
This virus may be some variant of Gaobot

sure enough it was, it was nsdcmds.exe and i couldn't find any info on it anywhere on the net but i found some infor on gaobot and i had a 0k "testfile" in my shared documents folder and found nsdcmds.exe in there as well when booting in safe mode. pretty sure i have everything cleared up now as nothing funny is going on.


as for anti-virus software, i don't bother with it as it is a self-perpetuating industry and is far from fullproof as Winchester said. i preffer to simply aviod the likely ways one might get a virus and clear them out manualy when they do come around so i learn how to deal with what a virus scan won't catch. i tend to stay free of issues, but viruses sure are getting bad these days; i opened up my sharded folder for one day to transfer some files on my network and wound up with another lesson to learn.

anyway, thanks for the help everyone.