Spyware, Viruses, & Security forum

General discussion

New Deadly Virus/Worm discovered last night

by booboo3172 / September 27, 2008 10:45 AM PDT

I was perhaps one of the first to have my computer distroyed last night. Worked on trying my to make some type of repiar with no success. It downloads super fast with no chance to stop it. Hits your security programs first disabling them. Then drops them into every possible file or location that will distroy your machine from and including: downloads, kills net access, it's RAM, Registry, boot files, recovery files, restore files and including many IC's just to name a few. It actually kills the whole computer, not just your hard drive. My Counter Spy program threat level hits maximum threat. I got it from ebay on germany's version. I clicked on a coin and made a bid. After that I went to his profile to see his feedback and I believe that's when it hit. It may have been as soon as I clicked on make a bid or earlier. his ebay ID is "silvestercoin", location on ebay is germany. It may very well be on many other sites by now. None of my security recognized it. It changes your programs and files and disguises them so your system doesnt see them or recognize them until after the damage has been done. This virus is amazing! Who ever wrote it must belong to Mensa. Please notify everyone asap including those who may be able to generate a fix. If more info is needed please feel free to reply to this.

Discussion is locked
You are posting a reply to: New Deadly Virus/Worm discovered last night
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: New Deadly Virus/Worm discovered last night
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
ANY idea "what" you downloaded?
by Marianna Schmudlach / September 27, 2008 11:56 AM PDT

Did you see a "name" or "something" ? You "only" clicked on a coin?

Collapse -
Yes, all i did was click on a coin
by booboo3172 / September 27, 2008 1:11 PM PDT

Yea thats All I did. The link takes you to a different site. Counter Spy called it (General) but 2 it did say during a scan it; (VIPER: (General),Threat level HIGH.. During the first couple of of scans there were only 53 or 54 different threats but after those it really went crazy flashing up warnings so fast that you could the click BLOCK key

Collapse -
by Marianna Schmudlach / September 27, 2008 3:05 PM PDT

Could it be, it is this "old one" ??


File Infector

Viper is a file infecting virus. It does not become memory resident. It infects .COM and .EXE files. It also infects COMMAND.COM.

Each time a file infected with Viper is executed, the Viper virus infects up to four files in the current directory.


Collapse -
New Deadly Virus/Worm discovered last night
by booboo3172 / September 27, 2008 10:34 PM PDT

Perhaps. If it is; is there a fix? why would my memory be maxed out right from start up? and registry and restore and recovery files?

Collapse -
Btw. did you inform eBay about it?
by Marianna Schmudlach / September 28, 2008 1:09 AM PDT

IF NO....... I would suggest reporting EBay what happened to you !

Did you scan your computer with some on-line scans:

Please perform this online scan: F-Secure Online Scanner
The online scanner is on the bottom right of the page.
Follow the directions in the F-Secure page for proper Installation.

* You may receive an alert on the address bar at this point to install the ActiveX control.
* Click on that alert and then click "Install ActiveX component".
* Read the license agreement and click "Accept".
* Click "Full System Scan" to download the scanning components and begin scan and cleaning.
* When the scan completes, click the "I want to decide item by item" button.
* For each item found, Select "Disinfect" and click "Next".


Be sure and put a check in the box by Auto Clean before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.


Please download Malwarebytes Anti-Malware or alternate download link

* Make sure you are connected to the Internet.
* Double-click on Download_mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
* - Update Malwarebytes' Anti-Malware
* - Launch Malwarebytes' Anti-Malware
* Then click Finish.
* MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

* On the Scanner tab:
* - Make sure the "Perform Quick Acan" option is selected.
* - Then click on the Scan button.
* The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.
* Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

* -- Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

**If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Download and scan with SUPERAntiSpyware Free for Home Users

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".

Collapse -
new viper or ? virus
by booboo3172 / September 29, 2008 12:14 AM PDT

Yes I did inform ebay from a different computer but I have yet to hear anything about it. So far no reply. I am going to call them this morning. I dont think I can download anything now. Can it run from the site or does it have to be downloaded? Im stuck so far. I have never seen anything so completely destructive. I am truly amazed! Michael

Collapse -
The first 2 links are on-line scans........
by Marianna Schmudlach / September 29, 2008 12:20 AM PDT
In reply to: new viper or ? virus

...so, the scans will be be done ON-LINE. The last 2 - you have to download MalwareBytes Anti Malware and Super AntiSpyware. Maybe you can download these from a different computer and burn them to a CD?

Collapse -
Thank you
by classicride72 / September 29, 2008 8:12 AM PDT

I just wanted to thank you for the assistance you provide to others. You have certainly helped me in the past and I really appreciate you.

Collapse -
by TreTipi / September 29, 2008 7:51 AM PDT

I can't believe you reported my post as offensive. Ridiculous.

The original post here is NONSENSE and fear mongering.

Please ignore it, people...

Collapse -
viper virus
by booboo3172 / September 29, 2008 7:59 AM PDT
In reply to: Awwwww

I dont know who reported or should I say replied to the post but in no way was anything as the last reply states. I would love to know who wrote that....

Collapse -
by meepo97-22313731183197971 / September 29, 2008 7:59 AM PDT

Is it really a virus!

Anyway Counter Spy is not a very well known and trusted piece of software and has been known to be rouge.

But if your PC is really infected and is driving itself down get a good anti-virus and anti-spyware scanner like Kaspersky.

Before somebody said something about the "Viper" virus.
Clicked on the McAfee link there and there you are, an old virus discovered back in 1992!

Does this ever pop up on your PC:
-/\-] S.C.P.[-/\- Welcome, you have just joined the SCP Wasted Victims club!, yep thats right..your've got the ViPER-I virus! and Lord Venom wont even charge you for it!.NO CRIPPLE WAREZ HERE!!! |--------------------------------------------| Copyright by Lord Venom & S.C.P.Australia

Anyway about Counter Spy..........

They once had a scanner called VIPRE
The name is spelt similar to the "Viper".
Viper was created in Australian ever though Counter Spy is located in the USA.

Anyway I hoped this helped Happy

Collapse -
by mrobinson52 / September 29, 2008 3:11 PM PDT
In reply to: Virus

Having visited the Sunbelt Software offices, where they make Counterspy and now the brand NEW Vipre, I can assure you that they are in fact highly respected and have never been rouge. You must have them confused with some other software with a similar name, as that is a popular trick.

And sometimes old viruses do come back. Sometimes software updates re-open old vulnerabilities.

Collapse -
It has to start somewhere
by Syzzygy / September 30, 2008 2:47 AM PDT
In reply to: CounterSpy

Guy's I have to say this. I've seen this to much to let it pass.

ROUGE (pronounced ruge) is a red cosmetic women use to highlight their cheeks.

I hope you meant ROGUE (pronounced rog) meaning a deceitful program.

Collapse -
by mrobinson52 / October 2, 2008 12:05 AM PDT

I should have double checked the spelling. I was just using the spelling of the post I was replying to. Thanks for the correction!

Collapse -
exe files freeze on launch
by luvtahug / September 30, 2008 3:37 AM PDT
In reply to: CounterSpy

When launching my Dreamweaver 8 it tries to open double, then freezes on launch saying it doesn't have cache files. I can launch Fireworks and Flash just fine. I uninstalled DW using my CCleaner Tools and re-installed, same thing happened. I am also having problems with other programs, such as my Adobe Standard 6.0. It will open but cannot convert to PDF files now. I tried to reinstall that also, but it cannot reinstall the full program. I get error messages saying that it cannot find framedyn.dll

I've run malwarebytes, Spybot, Super Anti-spyware, and CCleaner (registry). It will not let me launch Registry Mechanic or Ad-Aware at all. It makes a thud noise and nothing else happens. I googled what was in the logs of items removed. I found out that this is a trojan- Win32.Small.ih was in the log of CCleaner.

I cannot launch any of these from my external hard drive back-up either. I have an HP a1600n with WIN XP Media Center Edition 2005. Please HELP! I need my Dreamweaver- and this PC fixed.

Collapse -
by Marianna Schmudlach / September 30, 2008 3:48 AM PDT
Collapse -
Thanks! (exe freezes...)
by luvtahug / October 1, 2008 5:01 AM PDT

Last night I purchased Trojan Hunter and it fixed the problem. Someone said the 30 day trial was fully functional- it is not. It will scan but will not fix them. Anyway, Thanks. I appreciate it.

I did a search for the program.exe and it was gone.

Collapse -
(NT) Great Job :) Thanks for posting back !
by Marianna Schmudlach / October 1, 2008 5:09 AM PDT
Collapse -
don't lose hope!
by auswar3ft / September 29, 2008 11:02 PM PDT

if you haven't done anything to your computer then there is a solution:

first, you need to wait for a few days for a antivirus company to release an update that detects and cleans the virus you have.

then you need to physically remove your hard drive from your computer and connect it to a friend's PC on which that update has been installed. and do a full system scan of your whole hard drive, twice, to make sure no other instances of the virus exist. it'll take long but it is sure to clean the system completely. do NOT let your friend run anything from your computer. do NOT let him access your hard drive from his PC just make sure the hard drive is connected then run the scan. because accessing the hard drive or running any of the programs you have on your hard drive will infect your friend's PC and you'd have to do the whole thing again on another guy's computer.

now return the hard drive to your computer and boot up normally. your system is clean.

but if some of the essential rights on your computer are blocked. like accessing the task manager, or accessing your C: partition you'll have to format your C: to clear this problem up.... i know you'll lose a lot of data and have to install a million programs, drivers, windows updates, antivirus updates, all over again. but it's better than buying a new hard drive.......

I hope i've been useful

Collapse -
Tisk Tisk the power of...
by motoxcreature / September 30, 2008 4:27 AM PDT

Looks like I'm safe. Ubuntu can't get infected by it Wink

Collapse -
Virus Damage
by Roy011 / September 30, 2008 9:38 PM PDT

From your description the only solution is to replace your mother board. It is almost impossible for a Virus/Worm/Malware/Etc to cause the damage described.

It sounds like there was a power surge. The same thing happened to me with all kinds of strange occurances. Many surge protectors actually do not work.

Collapse -
Symanic Norton 360
by homeydakine / November 23, 2008 8:53 AM PST
In reply to: Virus Damage

As a Internet Marketer my Symanic Norton 360 blocks these aweful things before it goes into my PC and all that skanky garb them cockroaches put on the net which I see almost everyday.
The best defense is the best offence. If you want the best then you have to pay for it and believe me it's worth it. They even fix your PC by a phone call & keep it running strong. Who could want more?

Collapse -
Not a good Idea
by homey4u / February 1, 2009 3:40 AM PST

I'd like to say that was not a good idea to click on a coin to downlaod a virus to ruin your PC. Did you have McAfee SiteAdvisor? This points out bad sites before you click on them. It is Free!

Collapse -
Web of Trust
by mrobinson52 / February 1, 2009 5:40 AM PST
In reply to: Not a good Idea

The problem with the Site Advisor is that it does not always show you a bad link within a trusted site. If you use Firefox (highly recommended)you can get the Web of Trust (WOT) extension that will also rate most of the links within a page. It is surprising how many trusted sites have untrusted links in them.

Collapse -
FF 3
by homey4u / February 16, 2009 5:54 AM PST
In reply to: Web of Trust

Thanks I am already on FF 3 & it's hard to keep them cockroaches off your PC. I'm glad I have Norton 360!

Collapse -
Site Advisor out of date
by mrobinson52 / February 16, 2009 6:24 AM PST
In reply to: Web of Trust
Collapse -
by homey4u / February 16, 2009 1:03 PM PST

About McAfee is I use for siteadvisor only free. I've used Norton since 2003. I gave my friend McAfee Suite 2006 Antivirus but she didn't like it.

Collapse -
by mrobinson52 / February 16, 2009 2:05 PM PST
In reply to: McAfee

Both McAfee and Norton are overbloated. Have your friend try the free trial of Sunbelt Software Vipre. http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/ It does not depend on the old huge definition files. It looks for a virus to act like a virus. It is at least worth a try if she does not like McAfee. And there is always AVG free, but I found it took too long to scan.

Collapse -
McAfee reveals SiteAdvisor's retesting policy
by Carol~ Moderator / February 18, 2009 3:12 PM PST
Top Story, February 19, 2009
McAfee reveals SiteAdvisor's retesting policy

McAfee revealed toll-free number that Web site owners can call to talk with a human being about erroneous ratings. The number ? which hasn't been visible at SiteAdvisor.com but has previously been used by McAfee.com ? is 1-866-622-3911. (This number is not accessible or toll-free from every country.)........

http://windowssecrets.com/2009/02/19/01 ... /?n=story1
Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?