MmMm - Help. Spyware/adware.

[Darknight]

all started with "a.exe"
Spybot.info dont trace much of it and I went to download adaware only to find that its also found a way to null all adaware software sites to 127.0.0.1?
Anyone had this before? all adware/av progs cant update either.

[david432111]

Run an online scan. Google it.

[Decker]

Rename your hosts file and renew your network config and try one of the online scanners.

Or try downloading this one (the only difference with free and paid is automatic montoring, the free one is a great on demand scanner - run the update first then the quick scan)- http://www.malwarebytes.org/mbam.php

[SC-Jon]

Wow, I had that recently too.

It's suppose to be an email virus, but I'm nto sure. A day later my registry hives were gone, and windows couldn't repair it. MBR was gone too, along with systemroot\windows\system32\config \software \SAM \system

was all gone.

a.exe is registered as the W32.Ahlem.A@mm worm which is transmitted via e-mail and attempts to install itself on your computer.

[Decker]

Comes in as a load of things at the mo, there's a few new mutexes doing the rounds.

Just don't bottle it It's not too bad and easy enough to get rid of as long as you don't ignore it too long. Owning the hosts file is a ----- that throws a lot of folk though.

[Darknight]

I am most pissed off about the time its going to take.
There is no entries in the host file that shouldnt be there.
Since they block adaware im guessing it must do something so ima download it through a vps.

Run an online scan. Google it.

if you knew this virus/worm you would have understood using google is almost impossible with it.

EDIT:
Adaware worked slightly, trying deckers now.

[Darknight]

k, 2 more gone with avast a rootkit named sysrest.sys
and a "other" win32ther lol.

Now my only issue is the DNS thats been fuxerd and the google searchs that turns ever search result in to a ad when you click....

[hamster]

Since we're talking about spyware/adware, there's been this stupid portable thingy going around infecting each and every drive in the computer if you're infected. This thingy causes your drive to be un-openable by double clicking but you can right-click and open it from my computer though. Other file explorers still work.

I dunno, but my entire school network has this thingy and they're all frantic over it. No one dares to plug in their thumbdrives into the school comps lol.

Has anyone seen or head of this kinda thing before? There's no information on what it does so far.

[Decker]

Been looking at this one and I recon it's a varient of the recent Vundo strains, USB keys write disabled should be okay but anything else is dodgy.

Grab a pack and burn it to CD/DVD on a non infected and hit the infected ones, although I had it on one system and Malwarebytes did the trick, just don't do any manual editting/deleting first, but use the log after scanning.

[hamster]

It spreads like wildfire... one USB device plugs in, gets the thing, plugs into another PC, infects that PC and the cycle just keeps repeating with more and more people with more and more USB devices!

[Darknight]

w00t, thanks for that link decker, it was by far the best program I tried.
It removed other sections of the rootkit AVAST missed as well as fixed the DNS poising issue.
It also found many other things that adaware 2008, spybot and avast missed.
Thanks again.
Decker > a.exe

[Decker]

glad it helped out, Malware is the best one I've found for ages, and it's quick, and best of all free