- Aug 2, 2010
- 3
- 0
- 18,510
I am in the midst of the worst malware/virus/trojan/rootkit attack I've ever experienced, ever heard of, ever imagined.
■It re-directs web pages to sites that pay for traffic, no big deal of course, but get this:
■It established a new User Account named "Administrator." When I log off that User and log on to my User, suddenly "Administrator" is gone. Presumably it established the User to acquire privileges to access the BIOS ...
■Because it infected and altered the BIOS to lock out IDE and floppy ports. No kidding. I've cleared the CMOS, locked changes out, new password, but nothing. I've tried numerous IDE devices in these ports, BIOS refuses to see them (these devices work fine elsewhere)
■Before it disabled the IDEs, I attached an IDE HDD to offload data, but the virus jumped into that HDD ... I realize this seems impossible, but it's true. Must've came from the infected BIOS.
■I cannot seem to burn DVDs ... they all fail between 80 and 95% complete
■I got a BIOS flash from MSI, but that's only do-able in DOS of course, so I started up with a 'Bart's Way' DOS bootable CD. I went into C to retrieve the flash BIOS file - but it was gone, invisible. It was there when I re-booted into Windows.
■Can I make a Bart's Bootable CD and include the Flash BIOS file in the burn? Then boot and flash from the CD?
I realize this all sounds preposterous, but I assure you it's all real.
Some consolation that it permits full use of the computer (it's clearly a pay-per-click money-maker), but I have to do something. Ideas?
Just FYI: The sites that get the redirected traffic are primarily 'Tazinga,' 'Scour' and "My Yearbook." The jump URLs that flash up are mostly "Get-Search-Results," "New Search Results," "Traffic-Master."
■It re-directs web pages to sites that pay for traffic, no big deal of course, but get this:
■It established a new User Account named "Administrator." When I log off that User and log on to my User, suddenly "Administrator" is gone. Presumably it established the User to acquire privileges to access the BIOS ...
■Because it infected and altered the BIOS to lock out IDE and floppy ports. No kidding. I've cleared the CMOS, locked changes out, new password, but nothing. I've tried numerous IDE devices in these ports, BIOS refuses to see them (these devices work fine elsewhere)
■Before it disabled the IDEs, I attached an IDE HDD to offload data, but the virus jumped into that HDD ... I realize this seems impossible, but it's true. Must've came from the infected BIOS.
■I cannot seem to burn DVDs ... they all fail between 80 and 95% complete
■I got a BIOS flash from MSI, but that's only do-able in DOS of course, so I started up with a 'Bart's Way' DOS bootable CD. I went into C to retrieve the flash BIOS file - but it was gone, invisible. It was there when I re-booted into Windows.
■Can I make a Bart's Bootable CD and include the Flash BIOS file in the burn? Then boot and flash from the CD?
I realize this all sounds preposterous, but I assure you it's all real.
Some consolation that it permits full use of the computer (it's clearly a pay-per-click money-maker), but I have to do something. Ideas?
Just FYI: The sites that get the redirected traffic are primarily 'Tazinga,' 'Scour' and "My Yearbook." The jump URLs that flash up are mostly "Get-Search-Results," "New Search Results," "Traffic-Master."
/support.kaspersky.com/viruses/solutions?qid=208280684
Facebook
Twitter