VIRUS!

yowanvista · 15 May 2011

rigz said:

UnderJonathan said:

rigz said:

hey help?i found virus. .in my netbook. .HERSS.EXE and PAIQE.exe. .avast couldnt detect it..im using Altap Salamander..and when i go to location..i couldnt find it..

I saw it when i type Msconfig..and i saw it in Start up list.. but it is not also in task manager processes..

PLEASE?..it slows down my netbook. .

If avast! did not detect it, how did you know it was a virus? Anyway, if it is, start in Safe Mode and then go to the location and see if you can find it. Download Malwarebytes' Anti-Malware Free and run a FULL SCAN. Then, download SUPERAntiSpyware and run a "Complete Scan" (Note: All these actions can be done in Safe Mode but it can also be performed in Windows' normal state.

well i run the msconfig..and i saw some suspicious running files in start up :
Herss.exe and Paiqe.exe..then i looked for their names in google.

These are malware, did you run Malwarebytes?

rigz · 15 May 2011

[/QUOTE]

well i run the msconfig..and i saw some suspicious running files in start up :
Herss.exe and Paiqe.exe..then i looked for their names in google.[/QUOTE]
These are malware, did you run Malwarebytes?[/QUOTE]

yah boss.. that is why i was thankful for you.. ^^

damien76 · 15 May 2011

Hello rigz,

You mentioned you are using Avast. Free? So you got a non-detection? As I read it the worm/trojan infection either came from an infected removable media or via online gaming. Are you using a firewall with HIPS? What is your security set-up? I think you should re-think your security set-up and how you behave while using the internet especially online gaming.

Had a nephew who previously would go nuts calling for help when he get's infected. He is apt to do all sorts of things that do not promote his security until the laptop broke down and parts had to be replaced. Honestly, the biggest flaw(including those who have no clue what they're doing) is most people want to have his/her way. Doesn't want to be inconvenienced or something..at the expense of being vulnerable. If user just starts hitting YES over and over without looking that's trouble.

Some (kids mostly) will spend their time playing games or visit sites on the internet "finger's-crossed" all the while accumulating trojans and various malware silently. When an infection is suspected/seen they cry wolf and blame the AV. Some learn after they get a trojan that brings the computer to its knees. Some never.

Keeping away from threats/infections(prevention) is the "cure" and not removal.

Assuming you use common sense when using the net/pc, try re-setting up your security applications to get you protected properly. Try a layered security and not just trust one AV.

Some light combinations and discussions can be seen here(containing links for download):

What is a good free security software suite?

Get this one(for quick file submission testing):

VirusTotal Uploader 2.0

or(alternative),

Jottiq

Threat analysis:

ThreatExpert

Threat Explorer

ThreatCenter

Computer Threats

Because you are using Avast, read here:

How to use the Virus Chest in avast!

The future of avast protection

More importantly,

Securing Your PC and Data

How did I get infected? With steps so it does not happen again! by Grinler_Bleepingcomputer

One doesn't need to know a lot about pc security. But as much as one just want to click and click, he must at least try and take actions to learn. Again, keeping away from threats/infections(prevention) is the "cure" and not removal. No amount of security will be effective if you do not consider that.

And along "removal", Sevenforums has a very good guide for malware removal here:

Malware removal- resources packed website

Stay safe dude:)

bigcitycat · 15 May 2011

rigz said:

bigcitycat said:

Use Firefox with noscript from now on.

im using Chrome..what is wrong with that?

Chrome does have the noscript add on available now. You should add it.

damien76 · 15 May 2011

bigcitycat said:

rigz said:

bigcitycat said:

Use Firefox with noscript from now on.

im using Chrome..what is wrong with that?

Chrome does have the noscript add on available now. You should add it.

I second that, use it sandboxed. Or use Firefox 4.01 (in sandboxed also). Chrome vullnerability

rigz · 16 May 2011

helo boss actually ..it was on my netbook,and it does not have a constant internet connection ,and i just connect it on my home..via wireless.. i think it is from a removable media when my relative borrowed my netbook. actually i just killed the first one virus Paiqe.exe manually..i dont know why Avast 6 cant detect it,i used a Pro one version ..and i just notice when my netbook runs slower so i check out my task manager if i used a lot of memory..then i just notice the "paiqe.exe"..which i tried to end process but it states: it was in used,so i suspected it was a virus i tried a boot scan..but still it was there. .so i looked for its location run in safe mode and run the Altap Salamander to view where it is.then i deleted it.. it happpened last march.. then just last week i run msconfig... i saw again the Paiqe.exe..with other one suspicious file "Herss.exe"..then i asked help in this forum..and now there where no more malwares. im using now Malwarebytes and MSE..it was now ok for me for the mean time.

I be he · 16 May 2011

CanIHaz said:

i also suggesting to add some kind of sandbox software. You can try Sandboxie Free or Bufferzone Pro which became free. So when you're browsing, nothing to your real HD.

Makes life much easier

damien76 · 17 May 2011

@rigz,

..it was on my netbook,and it does not have a constant internet connection ,and i just connect it on my home..via wireless..

-- Wireless is still a connection.

actually i just killed the first one virus Paiqe.exe manually..i dont know why Avast 6 cant detect it,i used a Pro one version ..

-- Using only one AV setup there. No on-demand/2nd opinion checker.

then i just notice the "paiqe.exe"..which i tried to end process but it states: it was in used,so i suspected it was a virus i tried a boot scan..but still it was there. .so i looked for its location run in safe mode and run the Altap Salamander to view where it is.then i deleted it.. it happpened last march.. then just last week i run msconfig... i saw again the Paiqe.exe..with other one suspicious file "Herss.exe"..

-- You cannot just delete a trojan even in safe mode. Altap Salamander is just a file manager. You should have placed the suspicious file in Avast's Virus Chest. Strains was still left and due to it's behavior..resurfaced as Herss.exe or you just missed Herss.exe in the first place.

AvastPro user. Why did you choose AvastPro? While it is one of the best user-friendly AV's around it still is "not" a "install and leave" application. User input is needed as well as settings beyond the defualt. I have AIS(without the firewall so it's function is same as AvastPro and also have used AvastPro till end of 2010).

Well imho in the very least it's quite effective especially with a low level trojan. Something is wrong with your settings. I can't imagine non-detection there File System Shield and Behavioral Shield or at least the AutoSandbox should have alerted it (well okay maybe not Behavioral Shield).

Either you or your relative has disabled something there or definitely "settings". If the borrower has a freehand to disable Avast or something in your shield settings or allow/ignore alerts then "game over".

as mentioned,

Honestly, the biggest flaw(including those who have no clue what they're doing) is most people want to have his/her way. Doesn't want to be inconvenienced or something..at the expense of being vulnerable.

That is classic example of how a user wrongly uses his security app especially one like AvastPro.
Yes you trusted the AV but the AV cannot do it alone for you. User input is needed.

File system shield has a tendency to make opening/closing/reading files slow so I think there was something done there plus definitely settings are not to par. Instead of disabling a shield some advice to exclude it in the File System Shield>Exclusions, that is "if" you will exclude a file/folder/app, make sure it's clean. Then go and use that file/folder/app.

In the first place you should have password protected Avast (See files.avast.com/files/manuals/user-manual-pro-eng.pdf) so the whole disabling or changing some settings should not have occurred. (I know how Filipino's are when it comes to relatives so better that it's you who will takes steps).

As far as many are in doubt as to the effectiveness of the Behavioral Shield of Avast(I call it urban legend) I still believe that it should have alerted the user or you about this. This is just a low level trojan. What happened is an example of not using security app properly. A "flaw' exists there.

..i dont know why Avast 6 cant detect it,i used a Pro one version ...i tried a boot scan..but still it was there. .

This is a cry-wolf syndrome. Not entirely the fault of non-detection by Avast. Just to make a point, I am not a die-hard fan of Avast (among my top 5 AV's, Avast is the last for me) but in fairness here..not entirely their fault until proven otherwise. The least you could have done was to:

a) place it in the virus chest, and then
b) submitted the files to avast for verification. (or checked it at VT or Jotti's)

Then you "wolf-cry" them for non-detection at the avast forums. Lot of good guys there, like British guy "essexboy" for me I think he's the top-gun for malware removal there.

im using now Malwarebytes and MSE..it was now ok for me for the mean time.

MSE/MBAM..maybe...I can't say I'll take that as "enough" security. If you have a default-deny settings and light virtualization like Sandboxie/Bufferzone, yes definitely..but just them and considering the behavior when you got infected..(plus MBAM scanning a measely 160gb/250gb drive for long stretches of 2-3hours...----tendency of not finishing it looms..this will be close to "game over" again).

AvastPro is good + you need a good HIPS program (MBAM as on-demand or the light HitmanPro --Prevx/GData/Emsisoft/Dr.Web/Ikarus cloud fast scanners) but that's just me. I be he and CanIHaz has a point there also. What is needed IS a review of your security settings/how you use it/what to do..etc.

The links given above are worth reading to be better informed so this "event" to not happen again. But in all honesty/as stated also, no amount of security will be effective if you do not consider what really went wrong there (the main reason for being infected with non-detection) and take steps to correct that.

Stay safe dude (at least try and take actions to learn from this)and give your relative a whacking "pitik sa tenga" , netbooks aren't cheap there in your country.

damien

rigz · 17 May 2011

Wireless-yeah its a connection but i said "not constant"..what i mean about that is i just use my netbook's wireless connection when i needed it,not the same with desktop always on connected..

and Altap Salamander was "only" file manager...but if you have tried using its benefit. .you can easily view files with attributes RSHA..which commonly used with worms and viruses to hide and cannot be seen in ordinary windows or just viewing hidden files w/c other anti viruses couldnt even detect it..

And actually i was not totally dscourage with Avast Pro..but i dont know what your trying to point with this post are you trying to say that i should use back avast?? dont worry evryone of us has a time of choice im just trying another suggestion...because ive tried already avast,and the point of this thread was about "HELP!VIRUS"..and now my virus was cured its my now dcsion how to prevent it..and what should i used ,sir..Thanks anyway for the effort to give information

Layback Bear · 18 May 2011

You are absolutely correct rigz. You have the right to choose how to get rid of a infection; just like you have the right of how to get a infection. Some post give suggestion of how to get rid of the infection and some on how to stop from getting them again. All are intended to help you. Any thing that connects to a computer can do good or bad things. It could be a usb,floppy,cd,dvd or the internet. It can happen wired or wireless it doesn't matter. Connected is connected. I have used many paid for anti virus programs and a few free ones and they all have something in common; user input.