Help - First Infection in 8 Years .

[majithia23]

Howdy homies .!

allright , here's the thing .

2 days back i right clicked on the Explorer icon in the Windows toolbar , and noticed it mentioning a folder on my desktop with some strange Chinese Letters . see the pic --

i knew something was not right .

just did a quick clean up with CCleaner and noticed it was gone .

called it a night .

next day started my work , and later in the evening again noticed these strange chinese letters and this time there were about 3 or 4 mentions .

NOTE -- i was not connected to the internet the whole day .

again after a run of CCleaner it was gone .

but i knew it was not ACTUALLY gone , so did a scan with Malware Bytes and this is what it found --

Trojan.Stuxnet !!

did a clean up with it and it restarted .

seeing the location of the file , i remembered these folders were created automatically by a recovery software i used to recover some deleted files from a memory card .

did a scan with Super Anti Spyware --- Found Nothing .

did a scan with Hitman PRO -- Found Nothing .

Presently ( as i type this message ) -- Running Kaspersky Online Scan .

so what are my options now ?

severity of the infection ?

or is it even a real infection ?

next steps ?

p.s. -

i donot use any AntiVirus , and have been so for the last 3 years , and was running all clean and safe until now when Stupidity struck .

the memory card belonged to my friend , and unfortunately the only computer he had access to was mine !

it was a life and death situation for him to recover the files and i had to do it ...! :doh:

[Alanon]

Well, first off, methinks you probably nailed it with MBAM, and when cleaning some friends' PC's awhile ago, didn't find stuxnet too challenging. What you'd want to (If you're crazy like me :P) is to make sure it's gone. So go and download RootkitBuster and HouseCall from Trend Micro. Both free and useful scanners. You can also download Dr. Web, boot into safe mode and scan, remove anything unknown it finds. In the end, if you feel extra zealous, you could try ComboFIX or Avenger (boot scanners, but that's more for the heavy stuff, as I've said, I think you basically clobbered it with Malwarebytes'). Keep in mind that these last two can do serious harm unless carefully used, so it's usually only as a last resort.

That's about it. :) As a precaution, you can keep Emsisoft Free as another on-demand scanner, it detects everything, you'll get a million FP's, but also perhaps something you've missed. Anyways, all this may be a little overkill, but that's what I'd do if I had an infection. Oh, and let me know if you need any further help. :)

[Tweety.Abd]

All I can say is that the US & the Israeli government is after you or your friend?, for some unknown reasons.

Anyways, I know how much you hate Norton and rightly so, but did you try out the Norton Power Eraser, give it a try and see if it finds anything.

[donkey-girl]

Look to my thread other place, I got exat same like you and never found out what it was, Norton,Mban, Kaspersky found nothing (only my cracks-patch-keygens from trusted members here on board, I thought it was from a USB key I bought there was infekted, but now some thing says me its not from there (still dont know from where it comes from) my laptob and stationær got same infektion and they are not connected together only by ISB network cable, (I dont share files between theese 2 pc) I did the hard way and formated and reinstalled both pc but as mention still dont know what shit it was on my pc.Also this shit starts rename all my photos and documents so be carefull my friend

By the way I try all recomended step from all theese good member we have here and it included combofix and other tools and nothign found thats why I did the format.

[SkyrimGuy]

I think that you should try a few things. Disable system restore. Go into safe mode. Run a full scan with MBAM, EAM, Kaspersky TDSS killer and Dr web. If you still don't find anything download and run a Kaspersky or Dr web rescue disk. (Boot time disk). This should find anything that might be hiding. If you proficient you should also run combofix and Gmer and see what the logs say.

[AlienForce1]

I would scan with Kaspersky and BitDefender Rescue Disk - both are updatable and have great detection rate .

(Kaspersky online scan will only tell if you have any infected file , without removing any ...)

[PurplebeanZ]

I'd reinstall that :P

[Ambrocious]

The Stuxnet virus doesn't actually do any harm to your computer unless you have certain government programs on your computer, namely Iranian software. It can lay dormant on a system doing no actual harm unless/until you have that software (government type) as far as I remember being informed.

Still, good idea to remove it lol.

[visualbuffs]

Howdy homies .!

allright , here's the thing .

2 days back i right clicked on the Explorer icon in the Windows toolbar , and noticed it mentioning a folder on my desktop with some strange Chinese Letters . see the pic --

i knew something was not right .

just did a quick clean up with CCleaner and noticed it was gone .

called it a night .

next day started my work , and later in the evening again noticed these strange chinese letters and this time there were about 3 or 4 mentions .

NOTE -- i was not connected to the internet the whole day .

again after a run of CCleaner it was gone .

but i knew it was not ACTUALLY gone , so did a scan with Malware Bytes and this is what it found --

Trojan.Stuxnet !!

did a clean up with it and it restarted .

seeing the location of the file , i remembered these folders were created automatically by a recovery software i used to recover some deleted files from a memory card .

did a scan with Super Anti Spyware --- Found Nothing .

did a scan with Hitman PRO -- Found Nothing .

Presently ( as i type this message ) -- Running Kaspersky Online Scan .

so what are my options now ?

severity of the infection ?

or is it even a real infection ?

next steps ?

p.s. -

i donot use any AntiVirus , and have been so for the last 3 years , and was running all clean and safe until now when Stupidity struck .

the memory card belonged to my friend , and unfortunately the only computer he had access to was mine !

it was a life and death situation for him to recover the files and i had to do it ...! :doh:

scan with SUPERANTISPYWARE AND F-SECURE EASY CLEAN! virus will remove 100 percent!

f-secure easy clean

http://www.f-secure.com/en/web/labs_global/removal/easy-clean

superantispyware

http://www.nsanedown.com/?request=12224817

[rudrax]

Guru, prevention is better than cure..Keeping an AV program slows down system a bit but they prevent our systems from getting infected..Never feel yourself to be the luckiest one not to get infected..

[dcs18]

but i knew it was not ACTUALLY gone , so did a scan with Malware Bytes and this is what it found --

Stuxnet is not destructive, however - it's got rootkit like behavior which needs to be taken seriously (and fortunately can be handled effectively, by MBAM.)

I'd suggest running MBAM, once again - if those threats are are not re-detected, you can be rest assured that MBAM did it's stuff comprehensively.

[7even]

i donot use any AntiVirus , and have been so for the last 3 years

Awesome! I ever let my PC without having antivirus for a month and the following month it got a severe infection. :o

[johndoe]

majithia, you should have been using an antivirus, whatever the hit to system resources... :)

[speedy57]

Hi my friend !

Take a look here: http://support.autom...bjaction=csopen

or here: http://www.hotforsec...et-removal-tool

perhaps here: http://uk.norton.com/support/DIY

;)

[majithia23]

Well, first off, methinks you probably nailed it with MBAM, and when cleaning some friends' PC's awhile ago, didn't find stuxnet too challenging. What you'd want to (If you're crazy like me :P) is to make sure it's gone. So go and download RootkitBuster and HouseCall from Trend Micro. Both free and useful scanners. You can also download Dr. Web, boot into safe mode and scan, remove anything unknown it finds. In the end, if you feel extra zealous, you could try ComboFIX or Avenger (boot scanners, but that's more for the heavy stuff, as I've said, I think you basically clobbered it with Malwarebytes'). Keep in mind that these last two can do serious harm unless carefully used, so it's usually only as a last resort.

That's about it. :) As a precaution, you can keep Emsisoft Free as another on-demand scanner, it detects everything, you'll get a million FP's, but also perhaps something you've missed. Anyways, all this may be a little overkill, but that's what I'd do if I had an infection. Oh, and let me know if you need any further help. :)

thanks Alanon for the suggestions . i have always read EAM finding a sh!t load of stuff in a computer .

downloading it and lets see what it finds ;)

and yes i am a bit crazy regarding things like these , also may be because of what i deal with every day .

have to be101% sure . 100% is not good enough !

All I can say is that the US & the Israeli government is after you or your friend?, for some unknown reasons.

Anyways, I know how much you hate Norton and rightly so, but did you try out the Norton Power Eraser, give it a try and see if it finds anything.

how much i hate Norton ! lol :)

nothing of the sort Tweety !

as what might have been inferred from one of the past discussions i engaged in with a fellow member in the forum , i actually have been a Norton user . ( NAV 2009 , NIS 2011 ! ) .

and i still consider it good . just barring the fact that as of now it does not suite my habits and taste !

but right now, i need to see which Gov , Israeli or American , is after my a@@ . ( did read a lil history of the Stuxnet )

so anything which saves ...! :P

I think that you should try a few things. Disable system restore. Go into safe mode. Run a full scan with MBAM, EAM, Kaspersky TDSS killer and Dr web. If you still don't find anything download and run a Kaspersky or Dr web rescue disk. (Boot time disk). This should find anything that might be hiding. If you proficient you should also run combofix and Gmer and see what the logs say.

thanks for the suggestion buddy !

already scanned with TDSS Killer . found nothing ...

I would scan with Kaspersky and BitDefender Rescue Disk - both are updatable and have great detection rate .

(Kaspersky online scan will only tell if you have any infected file , without removing any ...)

thanks mate . already downloading Kaspersky Rescue Disc ... ;)

scan with SUPERANTISPYWARE AND F-SECURE EASY CLEAN! virus will remove 100 percent!

f-secure easy clean

http://www.f-secure.com/en/web/labs_global/removal/easy-clean

superantispyware

http://www.nsanedown.com/?request=12224817

thanks buddy .

but as i said , Super dint find anything .

and did try FSecure before also , but it just fails to download the update files and then stops ..

Hi my friend !

Take a look here: http://support.autom...bjaction=csopen

or here: http://www.hotforsec...et-removal-tool

perhaps here: http://uk.norton.com/support/DIY

;)

thanks speedy .

checking ....... ;)

[majithia23]

Look to my thread other place, I got exat same like you and never found out what it was, Norton,Mban, Kaspersky found nothing (only my cracks-patch-keygens from trusted members here on board, I thought it was from a USB key I bought there was infekted, but now some thing says me its not from there (still dont know from where it comes from) my laptob and stationær got same infektion and they are not connected together only by ISB network cable, (I dont share files between theese 2 pc) I did the hard way and formated and reinstalled both pc but as mention still dont know what shit it was on my pc.Also this shit starts rename all my photos and documents so be carefull my friend

By the way I try all recomended step from all theese good member we have here and it included combofix and other tools and nothign found thats why I did the format.

sounds strange ... :think:

something should have worked to prevent you from reformatting or even atleast finding the infection .

Stuxnet does not rename files and stuff . it does some thing else .

and as of now i dint see any out of the ordinary events on my PC other than some random .LNK file names and that is what Stuxnet or its like Infections will actually do ..

so lets see ...

I'd reinstall that :P

why w'd you do that ! ?

Still, good idea to remove it lol.

of course mate ! ;)

Guru, prevention is better than cure..Keeping an AV program slows down system a bit but they prevent our systems from getting infected..Never feel yourself to be the luckiest one not to get infected..

Awesome! I ever let my PC without having antivirus for a month and the following month it got a severe infection. :o

majithia, you should have been using an antivirus, whatever the hit to system resources... :)

i had been using an AV 3 years back . tried almost every commercially available option .

its just that i liked none to keep it running faithfully up till now !

( most are bloated air bags . the better ones also have started to lose in this herd race .)

the first infection i caught was some thing that ate up the CPU cycles and then made it restart . some 10 or 12 years back .

McAfee took care of it .

and the last infection i remember was something a rogue MP3 file that came through Limewire . some 9 or 10 years back

AVG was installed . it missed it .

Avast Free missed it .

Avast PRO removed it .

and as of now i believe for an informed user , its very difficult to get infected that easily !

supplemented with the fact that a Multi Layer Approach is always better than a single AV or an Internet Security Suite ,

so i have the other component security measures up and running MINUS the Anti Virus !

and this is what has been working for me and has kept my system clean for the last few years and i am more than happy and satisfied and feel safe .

it was just this stupid moment when i had to plug in the memory card and in the haste of doing the job forgot to turn on Sandboxie !

well any ways learnt my lesson . !

Stuxnet is not destructive, however - it's got rootkit like behavior which needs to be taken seriously (and fortunately can be handled effectively, by MBAM.)

I'd suggest running MBAM, once again - if those threats are are not re-detected, you can be rest assured that MBAM did it's stuff comprehensively.

yup as of now MBAM reports all clean after a second scan .

but still getting a second opinion with other scanners ... ;)

[johndoe]

Guru, prevention is better than cure..Keeping an AV program slows down system a bit but they prevent our systems from getting infected..Never feel yourself to be the luckiest one not to get infected..

Awesome! I ever let my PC without having antivirus for a month and the following month it got a severe infection. :o

majithia, you should have been using an antivirus, whatever the hit to system resources... :)

i had been using an AV 3 years back . tried almost every commercially available option .

its just that i liked none to keep it running faithfully up till now !

( most are bloated air bags . the better ones also have started to lose in this herd race .)

the first infection i caught was some thing that ate up the CPU cycles and then made it restart . some 10 or 12 years back .

McAfee took care of it .

and the last infection i remember was something a rogue MP3 file that came through Limewire . some 9 or 10 years back

AVG was installed . it missed it .

Avast Free missed it .

Avast PRO removed it .

and as of now i believe for an informed user , its very difficult to get infected that easily !

supplemented with the fact that a Multi Layer Approach is always better than a single AV or an Internet Security Suite ,

so i have the other component security measures up and running MINUS the Anti Virus !

and this is what has been working for me and has kept my system clean for the last few years and i am more than happy and satisfied and feel safe .

it was just this stupid moment when i had to plug in the memory card and in the haste of doing the job forgot to turn on Sandboxie !

well any ways learnt my lesson . !

very simply, think of it as being promiscuous without using a condom. however selective or careful you are, you only have to get unlucky once to get infected, if you know what i mean... ;)

[avmad]

There's some good removal tools from most companies. You may want to try this from Bitdefender http://www.bitdefender.co.uk/VIRUS-1000637-uk--Win32-Worm-Stuxnet-A.html

No idea if it will work though. :)

[Shadowx]

Good idea B)

[majithia23]

thanks avmad ...

already did a scan with this tool .

it found nothing ...

( the tool is real slow in running ... took quite a long to finish the scans and found nothing )

UPDATE --

as i said i had already scanned and fixed the Trojan with Malware Bytes yesterday .

so today just now finished scanning the system with 2 other options

Kaspersky Online Scanner -- Found the .LNK files created by the Stuxnet and some other also . mostly FPs , Lasso Patch etc .. total 16 ( True + and False + )

Emsisoft AM -- Found Nothing . !

contrary to the popular notion of finding everything , Emsisoft dint find anything .

where as Kaspersky Scanner found stuff left behind .

see the pic --

so Kaspersky has to be a better solution ..! ?

running more scans ..........................

[majithia23]

@johndoe

i understand what you mean to say ! ;)

as i said , stupidity strikes without notice !

i exercise common sense precautionary measures , but slipped this time , and yes this was that one unlucky moment ..

well any ways the situation is still under control and lesson learnt !

[Alanon]

Hell, you don't have to have an AV to be safe. But you might want a HIPS keeping you company. ;)

Glad you solved it! :rockon:

[SkyrimGuy]

The problem is the signatures that companies have. Dr Web catchs a lot of things that other AV's miss. The same goes for kaspersky and norman. Yes norman. Just take a look at VT or Joti. You'll have some ITW malware and norman will be the first to find it. Another one will have Dr web and kaspersky on another one. Some of it is Heuristics som of its signatures. The only safe way is to format your drive and write a new MBR. Other than that you can hope that nothing is hiding somewhere.

[DKT27]

It'd use Malicious Software Removal Tool. :P

But yea, seeing how famous Stuxnet is, any good AV would probably stopped it from entering. ESET (for its speed) or Kaspersky (for it's protection) is always the way to go. Take this example, just because you are sure you'll not get infected because you are very hygienic and careful about yourself, you will not take a vaccine required/recommended? :)

[speedy57]

Next time, take care my fiend... :P