School Virus is smart

I don't know what's with this virus…. Our school district caught something bad alright. This virus is able to think for itself and morph accordingly to protect itself.

It deletes all antivirus software including installs, locks out of all administrative tools such as cmd, taskman, msconfig, registry, and everything else. It was able to recover after a system restore and proceeded to infect the older restore points (The dates all changed to 2078 or something similar) and it even got past web scanners.

How the devil do you deal with something like this?

I tried an alternate for the registry and all other admin tasks but it deletes them before they install, safe mode is frozen out as well somehow, and the virus morphs every time we get a solid signature on it and pulls a Houdini…

Never seen anything like this before.

korg is your man for this one dude .

I've personally never heard of anything like that happening before, but my guess is there isn't much to do unless there is a patch or straight up clearing your hard drive. I could be wrong but your safest bet with a virus like that is to reformat

Umm…. Really dude, at this point I' am just thinking you should shut down the server and all internet access connecting the computers together. Wipe alll information, something like a massive d-ban, and start over. It'll be in maintenance forever anyway. Idk if you were actually looking for a solution, as this one doesnt really let you understand whats going on. On that note though, I doubt its learning by its self. It sounds more like its having contact with someone, reporting home if you will and somebody else is merely pulling the strings. Sounds more sensible, but not very intelligent (who the hell would put that much effort in a school system?).

Have you tried zerowave yet? It is highly efficient at killing processes(even many system protected processes)

http://www.softpedia.com/get/System/System-Miscellaneous/ZeroWave.shtml

INSANE Termination (INSANE mode)

The last termination available on ZeroWave is exclusive of this program and exploits the power of a kernel mode driver to destroy any process-being.

Warning: ZeroWave requires Administrative Privileges to perform this operation!

The insane termination is not meant to be used in any circumstance, that should be used only with processes which cannot be killed in any other way. ZeroWave performs ring zero operations (and it takes its name 'ZeroWave' by that), in case of critical errors probably the entire system will crash (blue screen).

Therefore use it at your own risk and intelligently.

To realize the third termination you need to right-click on a process and choose the last option and confirm this operation from a security screen:

If confirmed, the operations will take a few seconds to terminate any kind of process on Windows.

Hey Lemur, This sounds like one I removed from a college campus just a bit ago. It will keep restarting and creating more as you let it go. Get a copy of Combofix and hijackthis. Run them in that order. (you may need to rename the exe for each, The virus in question will stop them from running). Post the hijackthis log when your done and we can cook up a registry fix.

Lemur, please post it in this thread and not PM or IM so that we can learn from your experience.

Without stealing the thread too much.. Just wondering if anyone's ever thought of making an anti-virus virus? That spreads and infects, exactly like a virus would, but instead it kills viruses & trojans etc.. rather than causing problems. Could be pretty powerful, could it not?

but yeah, sounds like you've got the help you need from korg :]

Well, I have a 30.5kb cracked registry tool that doesn't need any administrative privilege to run. I use it a lot when fixing infected PCs. I repair like 7PCs/week. About the virus that can disinfect other viruses, I think it is nearly impossible to make one who's effective for all viruses since each virus has its own places on the PC and the registry. Even if it is possible and you want it to act like an anti-virus, It will be very big in size which is unsuitable.

Doesn't sound too smart.

cause shit cause shit o hai time to download a new virus from home to replace me

cause shit cause shit

   ▲  ▲  ▲

end.

MoshBat wrote: [quote]x_5631 wrote: Without stealing the thread too much.. Just wondering if anyone's ever thought of making an anti-virus virus? That spreads and infects, exactly like a virus would, but instead it kills viruses & trojans etc.. rather than causing problems. Could be pretty powerful, could it not?

but yeah, sounds like you've got the help you need from korg :] No. It's still illegal, and anti-virus companies would kill you. Literally. [/quote]

Just to point out before I ask, I'm not contradicting you.. it's an honest, curious question.. what'd be illegal about it?

454447415244 wrote: About the virus that can disinfect other viruses, I think it is nearly impossible to make one who's effective for all viruses since each virus has its own places on the PC and the registry. Even if it is possible and you want it to act like an anti-virus, It will be very big in size which is unsuitable. Well, it could frequently update.. just like actual anti-virus programs. The size thing's a good point.. I never thought of that

Yeah, like mosh said, it is illegal since it is a virus by itself and viruses are illegal whatever was their purpose.