Well to my utter enjoyment this morning, I discovered I am now the proud owner of a malware/rootkit virus Win32:Agent-MET...Well I can't delete it permanently so I believe I am screwed. Avast Anti Virus pops up almost immediately on start up telling me about this and as long as I don't close it out, I can run my computer, which I am nervous about even now, but I needed to back up my files and get some information.
I tried running Byond, dream maker, and dream seeker. None of those will work but everything else does. I assume its the work of an old gm I fired because he was terrible to the players and now wants his revenge. Not much I can do about that, but I was wondering if it really is the malware blocking Byond use or if its my system trying to protect itself.
On another note I feel ashamed of myself for not making system recover date set ups, in case this happened. It came word to me I would be hacked several months back, but nothing happened after that first month, so i dropped the extra protection I set up because it was sucking up a lot of my CPU, a mistake I do regret. But if anyone knows anything, or any information on this virus it'd be appreciated.
ID:182965
 Dec 5 2007, 7:22 am
|
|
|
Dec 5 2007, 7:30 am
|
|
NLW Development Team
 |
Uh, I googled 'W32/Agent-MET' and it found no result. Are you sure the virus is named that?
|
You might have to print these instructions if you use them, as they will require you to reboot your computer.
W32/Agent-BB This could be interrupting your BYOND connection. W32/Agent.nm This could also be it. Check the symptoms to be sure. Trojan-Downloader:W32/Agent.EOA If it is this, close all your browsers. If the browser process is still there, end it IMMEDIATELY. You can look at all your processes with the Windows Task Manager. W32/Agent.ULL I doubt you have this one, but be careful. W32/Agent-UF If you opened an attachment tiled 'Ebay-rechnung.pdf.exe' in an e-mail, you may have this one. If you have any of these, you should BACK UP YOUR FILES IMMEDIATELY!!! Scan all the files you need backed up and save them on a disk or on an online file storage website. CAUTION: Use the next part only as a LAST RESORT. The next part will require you to format your drive. If all else fails, continue reading. If you have a Windows installation disk that came with your computer, or you used to install Windows, put that disk into your CD drive. Reboot your computer. When your computer boots up, you may see a black screen with white words saying 'Press any key to boot from CD...'. When that comes up, you should press any key. If it doesn't, you have to go into the BIOS setup. An online guide can show you how to use the BIOS setup to change the boot order. Changing the boot order through BIOS Use this to put your CD drive at the top of the boot order. When you are done with that, reboot your computer again. You should be able to boot from CD. This will run the Windows Setup. When the setup is loaded, reformat the drive so the virus will be permanently deleted. Make sure before the drive is reformatted that you backed up your files. When your drive is reformatted, install Windows. Then you can put all the files back. And you won't have the virus. | |
Windows System Recovery won't help you with a rootkit. I think AVG has a rootkit remover. Have you given that a shot?
| |
I wasn't talking about Windows System Recovery, I was talking about a full hard drive wipe and a re-installation after backing up the files.
| |
Copy all needed files to ex. C: disk, and reinstall windows, it will say that it already have installation so choose to delete it, your files will be saved, and you will get rid of virus... Unless one of your needed files have it xD
| |
Ripiz, the best way to get rid of it is to back up all the files you need and format the drive and re-install Windows.
| |
SS10trunks wrote:
Well to my utter enjoyment this morning, I discovered I am now the proud owner of a malware/rootkit virus Win32:Agent-MET...Well I can't delete it permanently so I believe I am screwed. Avast Anti Virus pops up almost immediately on start up telling me about this and as long as I don't close it out, I can run my computer, which I am nervous about even now, but I needed to back up my files and get some information. Do you honestly believe someone has 'hacked' you and its not just coincidence? The guy was probably like thirteen. "Nobodi banz me!!! Muahaha I'ma hakin' ur maneframez! *opens Page Source in Firefox and starts deleting things*" People watch too many movies... You've got bigger problems than this if some random script kiddy off Byond can 'hack' your computer. I don't think a system recover would protect non-system files like Byond, otherwise it'd revert all your programs. | |
That's not always possible or even economical. I know Microsoft only allows you to reformat with one CD so many times, so you have to go out and buy a new one. Did you know that reformatting too much can do major to your harddrive? Same thing goes for defragging.
Most of the time, it's just better to deal with the virus if you can manage to. Manually delete it yourself if a program can't, but don't reformat. You should only do that if your machine's OS is screwed beyond repair, which, in this case, it isn't. | |
Well I have some new information on this.
First off I discovered that avast can delay the virus/malware's effects, allowing me to get on the computer but I cannot access programs after the virus has been stopped. Itunes will not start, Byond, AIM, MSN messenger, Adobe Photoshop etc. Secondly, I do not have the CD to install windows. Unfortunately It seems to have been misplaced somewhere in this horrible garbage dump I call an office. Lastly, the man who made my computer, Evan, said its possible to do something about it if I have Internet Explorer 7 (and he doesn't know everything about the virus, because my computer illiterate father spoke to him). Well heres my question, would it matter if I had IE7 before or after the malware appeared? Because I originally had it but that was what started a flood of adware appearing and other things, before we were fine, so I downgraded back to IE6 but the problems persisted even after numerous virus scans. But today I downloaded IE7, and I'm going to speak with Evan, but he charges to come out here and I really don't have the money to do that, so I'm hoping this extra information might help diagnose the malware. Thanks again. | |
CaptFalcon33035 wrote:
That's not always possible or even economical. I know Microsoft only allows you to reformat with one CD so many times, so you have to go out and buy a new one. Not if it is a OEM copy you can install it to the same hardware as many times as you want. If you have a retail box you can just call them and they will unlock your COA number for you. Just say your having hardware trouble. | |
Few more things I forgot to mention, Um I cannot start up IE7 now, even though its installed so I doubt that will do me much good, and it also appears to be blocking my connection to myspace for some reason. I am able to sign in, and edit my profile and such, but I cannot view other people's profiles because it says the connection was reset, or the page failed to load.
ALSO before I forget, if I try to start certain programs such as AIM or dreammaker, the process tab under task manager shows it was called but the memory is roughly always around 60k and never increases showing something is stopping it, and if Im lucky enough to start it up when the computer first starts up, it just freezes once avast finds the virus, and I cannot end the process once it has been called. | |
Doesn't appear you've tried AVG's Anti-Rootkit. Remember when I posted about that? Anyway, this is the link.
http://free.grisoft.com/doc/5390/us/frt/0?prd=arw If you can't download that for whatever reason, get it at school or something. Get a flash drive. | |
Defragging wont break your harddrive, neither will reinstalling Windows. In fact, reinstalling Windows is nothing more than copying files. It's about the same as download 1GB worth of data onto your harddrive. Defragging will help catch harddrive errors early, allowing you to react. Please don't spread myths like that.
| |
What if there are problems with your filesystem? There could be errors in the way things are stored on the disk (very likely in this case), and defragmenting that could move data around in a way that might cause some data to be accidentally overwritten if the filesystem is damaged or the file index is inaccurate. If power is lost during defragmentation, the computer might suffer loss of data.
Both defragmenting and reformatting can put wear on a drive as well. | |
Most defragging software, including the stock Windows defrag, includes redundancy systems to prevent problems like this.
Both defragmenting and reformatting can put wear on a drive as well. And so can booting up your OS, or copying a few files. That doesn't mean we should avoid doing them. Even powering on your computer stresses the drives, but that doesn't mean they aren't built to withstand the stress. | |
Danial.Beta wrote:
And so can booting up your OS, or copying a few files. That doesn't mean we should avoid doing them. Even powering on your computer stresses the drives, but that doesn't mean they aren't built to withstand the stress. You are right, but think of the amount of stress involved here. You are comparing grapes to watermelons. Searching through, locating, finding a position for, and moving the fragments, all within so little time, versus just booting up the system or copying a "few" files is a very big difference. I never said that the two shouldn't be done, just that reformatting be a last resort. | |
It's not the much stress, I move several GB files around my hard drive constantly. We have computers at work that are used for backup that copy over 120GBs worth of files onto them on a weekly basis, and the hard drive is running fine after over a year. If your hard drive can't take the stress, then it is a bad hard drive.
| |