|
Log in to post
|
Print Thread |
|
|
|
|
|
Off-Topic
|
Joined: Jul 2006
Posts: 1,126
Expert
|
Expert
Joined: Jul 2006
Posts: 1,126 |
Quote:
...the Kaspersky tool that is Linux based so when you deploy it windows doesn't start...
You're starting to sound a lot like me, John! (or is it me sounding like you?)
Either way, I'd be mildly alarmed... 
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: Aug 2006
Posts: 8,730
Veteran
|
|
Veteran
Joined: Aug 2006
Posts: 8,730 |
We all want to be cool like you when we grow up Oren!
If we grow up!
HP Win 11 12 gig ram, Mac mini Sonoma with 16 gig of ram, BiaB/RB 2026, Reaper 7, Harrison Mixbus 11 , Presonus Audiobox USB96
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: Jul 2006
Posts: 1,126
Expert
|
|
Expert
Joined: Jul 2006
Posts: 1,126 |
Quote:
...last problem prompted me to go full linux on my internet computer, due to it kept coming back, even after two formats and four different AV assaults...
Good idea! When the drive is re-formatted to EXT2, EXT3, or EXT4 file systems, malicious code written for Windows can't survive.
It is one of life's great mysteries why Microsoft continues to use their ancient NT file system...
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: Jul 2006
Posts: 1,126
Expert
|
|
Expert
Joined: Jul 2006
Posts: 1,126 |
Quote:
...If we grow up!...
You got that right, Pardner... 
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: May 2003
Posts: 8,021
Veteran
|
|
Veteran
Joined: May 2003
Posts: 8,021 |
Quote:
Quote:
...If we grow up!...
You got that right, Pardner...
Growing up puts you that much closer to death.
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: Jul 2006
Posts: 1,126
Expert
|
|
Expert
Joined: Jul 2006
Posts: 1,126 |
Quote:
Quote:
Quote:
...If we grow up!...
You got that right, Pardner...
Growing up puts you that much closer to death.
If growing up means growing dull... I agree!
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: Jul 2007
Posts: 996
Expert
|
|
OP
Expert
Joined: Jul 2007
Posts: 996 |
OK had a brief look yesterday eve and this morning (the main problem here is that I have almost no time to devote to solving this problem).
In safe mode, this is what Sophos comes up with:
Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE. You may not have access rights to the whole registry.
Area: Windows registry
Description: Hidden registry key
Location: \HKEY_LOCAL_MACHINE\SAM
Removable: No
Notes: (no more detail available)
As regards the 2 iexplore.exes, I took a look at them using ProcExp, and the properties are as follows
Path
C:\Program Files\Internet Explorer\iexplore.exe
Command Line
Removed as suggested below
Current directory
C:\Documents and Settings\Marc\Bureau\
Path
C:\Program Files\Internet Explorer\iexplore.exe
Command Line
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:5460 CREDAT:79873
Current directory
C:\Documents and Settings\Marc\Bureau\
Last edited by mglinert; 04/07/11 12:19 PM.
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: May 2000
Posts: 22,544
Veteran
|
|
Veteran
Joined: May 2000
Posts: 22,544 |
Looks like that blacboa URL is your first problem.
That page contains nothing but a script, according to web-sniffer.net
FWIW my properties show no URL after the iexplore program path.
It may be a problem that it is a clickable link above, and NOBODY CLICK ON IT!
mglinert, if you can still edit it, please remove it so nobody accidently clicks on it. It's a public link to an infected site.
Last edited by rharv; 04/07/11 07:51 AM.
I do not work here, but the benefits are still awesome
Make your sound your own!
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: Jul 2007
Posts: 996
Expert
|
|
OP
Expert
Joined: Jul 2007
Posts: 996 |
Gosh sorry Bob -Sorry everyone. HOpe no one was rash enough to click on it.
I can see now that I will almost certainly have to reformat the drive.
In my BitDefender Firewall have just set the following rule
Path: c:\program files\internet explorer\iexplore.exe
Any command line
Deny access
Yes I can still use IE to access the web!
I guess my concerns now are more these:
Where else might this malware reside?
Is my external HDD, on which my data is backed up, also infected?
After a Windows reinstall is there still a risk that the malware will have survived?
Thanks everyone
Marc
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: May 2000
Posts: 22,544
Veteran
|
|
Veteran
Joined: May 2000
Posts: 22,544 |
Better safe than sorry. What you have sounds nasty if antimalwaremalware didn't find it. I'd update the antimalware and run again in safe mode. It keeps prett current and a couple days can make a difference; I've seen that happen on a firends machine.
Is there a chance the external drive is indected? Can't rule it out.
If the problem comes back that's one thing to suspect.
I'd unhook it for a couple days after fixing, see if everything seems OK, then pay attention after hooking it back up.. if it comes back you know there's an issue.
You don't show any unusual services running in task manager?
I often start looking for clues on what the infection is right there in taskmanager. Google the processes, and see what it is. Be careful where you go to check, as some of the sites that turn up will offer to run a 'free scan'... and you probably want to avoid that.
Personally I'd google that url too and see if others reported problems related to it.
Also, I'd search BitDefender support to see if there is a way to check that behavior.
Reformatting often results in a loss of a lot of data, and I try to avoid that first, even if time is a factor. Depends on how recent your backup was.
I looked at the main home page for that URL you showed previousy and it has a script to write the URL into favorites right away if IE is browser, then forcibly using a command common in other browsers using javascript before the page even loads. Then it runs some php commands I didn't want to try to follow. Pretty nasty site there for both pages I looked at the code for ..
Last edited by rharv; 04/07/11 01:21 PM.
I do not work here, but the benefits are still awesome
Make your sound your own!
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: Jul 2007
Posts: 996
Expert
|
|
OP
Expert
Joined: Jul 2007
Posts: 996 |
I’ve been researching this a bit on the superspecialised web sites (majorgeeks, bleeping computer and what have you).
Apparently, the software protects itself from AV scans through changes it has made to the system at the registry level of even deeper.
One of the tools that is most frequently recommended for removing this protection in order to get at the malware is Kaspersky’s ‘TDSSkiller.exe’.
I can get this on to my machine, but it won’t run even when renamed (although it will on my other systems).
The standard procedure thereafter seems to involve the tools DDR, Gmer and Combofix and much expert analysis of the logs produced by these tools. The humble user is advised not to attempt to use these tools without supervision, so I have not.
Also, there are any number of support threads of this type which go on for pages (and weeks) and finish up with a still infected system.
The main symptoms I have are two bogus instances of iexplore.exe which start up shortly after bootup and without my having opened IE.
There seem to be a number of sites at the end of the command line that opens. If I close down one, the new process that opens to replace it is likely to have a different site in the command line, but they all appear to be equally suspect. These URLs are clearly written into the software (malware) as they appear when my connection is disabled.
The other symptom – which I appear to experience less frequently, if at all now – is URL redirect following searches with search engines.
When my internet connection is enabled, I note (from the BitDefender activity window) that data is being downloaded through these processes into my system; so far I have never seen any outbound data (i.e. data being uploaded from my system).
My guess now is that this infection pre-dated the installation of the ‘WindowsRepair’ virus, which must have been downloaded on to the PC through these processes. Indeed this kind of unwanted installation may be the very point of the iexplore.exe infection.
“Reformatting often results in a loss of a lot of data, and I try to avoid that first, even if time is a factor. Depends on how recent your backup was.”
Surely reformatting results in the loss of all data?
I can backup now (the system is still very much up and operational).
I have scanned my external drive (MalwareBytes, BitDefender) and it comes up clean, but then again so does my internal drive.
If there were just some failsafe way to stop any process called iexplore.exe from running, then that would help.
Thanks a lot Bob for your help
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: May 2003
Posts: 8,021
Veteran
|
|
Veteran
Joined: May 2003
Posts: 8,021 |
Marc,
I told you what to do. Why don't you do it?
Oren I guess he don't trust us Linux users. LOL
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: Jul 2007
Posts: 996
Expert
|
|
OP
Expert
Joined: Jul 2007
Posts: 996 |
John,
I really appreciate your help and advice.
As Oren says above:
“If you have no previous experience with Linux and a live CD, think it over carefully. Success requires that you understand the fundamentals of your specific Windows release, plus a working knowledge of Linux and Live CDs - for instance, how to do an md5sum integrity confirmation of your download.”
I have never even seen a Linux system, let alone used one. And I have only the most cursory understanding of my own OS.
One of the principles I try to use in problem solving is not to make the situation worse than it is already.
While it is quite possible that a Linux- based clean up tool would take a look at my dormant Windows system, decide which file or files are the culprit and suitably eliminate them, I have no assurance of this scenario.
Also I am just a little surpised that this solution – if it is as risk free and effective as you suggest - is not more widely recommended in the specialist AV and PC support fora.
So, as Oren suggests, I am still thinking it over.
The solutions I plan to implement, in order, are as follows:
- continue Windows-based remedies and scans until I have reasonably exhaused them
- attempt to remount the image backup I have made with Reflect in the hope that it was made before any of this started occurring
- alternative OS based solution on bootable media (your recommended approach)
- reformat of internal HD and reinstallation of W XP (in the hope that my backed up data is not also infected)
All of these take a fair amount of time, which I do not have what with a FT job, a young family, a gigging band etc.
Because I have not performed your suggestion yet does not mean I have ruled it out.
Thanks again,
Marc
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: May 2003
Posts: 8,021
Veteran
|
|
Veteran
Joined: May 2003
Posts: 8,021 |
The Kaspersky rescue disc IS NOT A LIVE LINUX CD. It is a removal tool that if you follow my instructions will clean your mess up.
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: Feb 2003
Posts: 2,427
Veteran
|
|
Veteran
Joined: Feb 2003
Posts: 2,427 |
Marc, if I were in your shoes I'd back up valuable data and then zap the bloody lot and start over with a re-format clean install of Windows 7 64 bit. Your symptoms sound extemely scary to me and I wouldn't muck about trying to repair things. I trust you don't do online banking as I'd be petrified of key loggers stealing my passwords. Sorry to sound alarmist, but it sounds like you need to regain confidence in your system.
My PC became slow a couple of months ago and although I had none of the scary stuff going on which you describe I nevertheless lost confidence. I keep copies of my important stuff an an external drive, so reformatted and installed Windows 7 64 bit and have never looked back. It was a pain re-installing a lot of music apps like plugins, etc. but the PC runs smooth and fast now.
John
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: May 2003
Posts: 8,021
Veteran
|
|
Veteran
Joined: May 2003
Posts: 8,021 |
Quote:
Marc, if I were in your shoes I'd back up valuable data
I don't disagree with a reformat.It's an opportune time to get a fresh install.I wouldn't take that machine from XP to Win7x64 though.Not yet anyway.
What I wouldn't do though is back up the data on an infected machine and then reinstall it on a clean machine. There are some real nasty viruses that are know to corrupt EXE., like programs that you may have saved the EXE in a folder, files and when you go and reload these programs BANG back to square one.That's why it best to try and clean the thing as much as you can first or you've got to bite the bullet and reformat the drive without saving anything.And then you may not be good. It can be bad. Sorry.
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: Jul 2006
Posts: 1,126
Expert
|
|
Expert
Joined: Jul 2006
Posts: 1,126 |
Quote:
The Kaspersky rescue disc IS NOT A LIVE LINUX CD. It is a removal tool that if you follow my instructions will clean your mess up.
That Kapersky tool (and the one from AVG) is designed to function within the comfort zone of a Microsoft user, but still work with Windows disabled - and contain the open-source (Linux) elements required to recognise and eliminate Microsoft-dependent malicious code.
Invasive software that relies upon Windows' vulnerabilities to hide and "mutate" can not perform its trickery when your Microsoft operating system is dormant and Linux (from AVG or Kapersky) is running the show.
Just make sure all your imortant files are backed up, then procede with confidence.
Worst case - you accidentally scramble your drive and have to re-format. If this goes down, wipe the drive squeaky clean with "Darryl's Boot and Nuke" (D-BAN) and reformat to NTFS. Your system will be sanitized and ready for a fresh install... not such a bad thing... 
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: Jun 2000
Posts: 1,944
Expert
|
|
Expert
Joined: Jun 2000
Posts: 1,944 |
Marc said: Quote:
One of the principles I try to use in problem solving is not to make the situation worse than it is already.
Marc I like your caution. I have always thought the expression "Don't do anything until you know what to do" has served me well through the years.
Oren said:
Quote:
Just make sure all your important files are backed up, then proceed with confidence.
John (silvertones) said:
Quote:
What I wouldn't do though is back up the data on an infected machine and then reinstall it on a clean machine. There are some real nasty viruses that are know to corrupt EXE., like programs that you may have saved the EXE in a folder, files and when you go and reload these programs BANG back to square one.
I'm certain when Oren said your "important files", he meant your data files; text files, mp3s, waves, Biab music files, etc. Unless you are a programmer or an extreme advanced user, I highly doubt you would need to back up any executable files; ".exe", "bat", ".com", etc. Your critical data files should be safe from malware infections, and once they have been copied to cd, dvd, or a separate usb drive, you can scan them when your system has been cleaned by one of the many processes mentioned here.
Lastly, I would like to suggest that since you live in France (found in your profile), you might do a search for some knowledgeable, friendly local Linux help. Europe seems to be a bastion for Linux.
Jim
†=☮&♥
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: Dec 2007
Posts: 1,439
Expert
|
|
Expert
Joined: Dec 2007
Posts: 1,439 |
G'day Marc, I would have no trouble with using either the Kaspersky or AVG disks. I suspect you do not have a root kit or the root kit killer you tried would have fixed it. Root kit killers do only that, kill root kits. They are not normal AV or Anti malware tools and do not look for anything other than root kits. hmm, there's a lot of root kits there...  Whatever malware is left is clearly hiding from your AV software so a tool like the Kaspersky or AVG boot CD is a good tool to use.
--=-- My credo: If it's worth doing, it's worth overdoing - just ask my missus, she'll tell ya  --=--You're only paranoid if you're wrong!
|
|
|
|
|
|
|
|
|
|
|
|
|
Off-Topic
|
Joined: Dec 2007
Posts: 618
Journeyman
|
|
Journeyman
Joined: Dec 2007
Posts: 618 |
Marc,
If you're worried about infections being on your backup, don't remount the image backup.
Just backup your data and reformat and do a clean install.
When you're done your machine will be like new. Clean and fast and then make an image backup.
Wayne,
|
|
|
|
|
|
|
|
|
|
|
|
Ask sales and support questions about Band-in-a-Box using natural language.
ChatPG's knowledge base includes the full Band-in-a-Box User Manual and sales information from the website.
|
|
|
|
|
|
|
|
|
|
|
Band-in-a-Box® 2025 for Mac® users: Build 904 now available!
If you're already using Band-in-a-Box® 2025 for Mac®, make sure to grab the latest update! Build 904 is now available for download and includes the newest additions and enhancements from our team.
Band-in-a-Box® 2026 for Windows® users: Build 1237 is now available!
Already a Band-in-a-Box 2026 for Windows user? Stay up to date and download the build 1237 to get all the latest additions and enhancements.
PowerTracks Pro 2026 for Windows is Here!
PowerTracks 2026 is here—bringing powerful new enhancements designed to make your production workflow faster, smoother, and more intuitive than ever.
The enhanced Mixer now shows Track Type and Instrument icons for instant track recognition, while a new grid option simplifies editing views. Non-floating windows adopt a modern title bar style, replacing the legacy blue bar.
The Master Volume is now applied at the end of the audio chain for consistent levels and full-signal master effects.
Tablature now includes a “Save bends when saving XML” option for improved compatibility with PG Music tools. Plus, you can instantly match all track heights with a simple Ctrl-release after resizing, and Add2 chords from MGU/SGU files are now fully supported... and more!
Get started today—first-time packages start at just $49.
Already using PowerTracks Pro Audio? Upgrade for as little as $29 and enjoy the latest improvements!
Order now!
Band-in-a-Box 2026 for Windows Special Offers End Tomorrow (January 15th, 2026) at 11:59 PM PST!
Time really is running out! Save up to 50% on Band-in-a-Box® 2026 for Windows® upgrades and receive a FREE Bonus PAK—only when you order by 11:59 PM PST on Thursday, January 15, 2026!
We've added many major new features and new content in a redesigned Band-in-a-Box® 2026 for Windows®!
Version 2026 introduces a modernized GUI redesign across the program, with updated toolbars, refreshed windows, smoother workflows, and a new Dark Mode option. There’s also a new side toolbar for quicker access to commonly used windows, and the new Multi-View feature lets you arrange multiple windows as layered panels without overlap, making it easier to customize your workspace.
Another exciting new addition is the new AI-Notes feature, which can transcribe polyphonic audio into MIDI. You can view the results in notation or play them back as MIDI, and choose whether to process an entire track or focus on specific parts like drums, bass, guitars/piano, or vocals. There's over 100 new features in Band-in-a-Box® 2026 for Windows®.
There's an amazing collection of new content too, including 202 RealTracks, new RealStyles, MIDI SuperTracks, Instrumental Studies, “Songs with Vocals” Artist Performance Sets, Playable RealTracks Set 5, two RealDrums Stems sets, XPro Styles PAK 10, Xtra Styles PAK 21, and much more!
Upgrade your Band-in-a-Box for Windows to save up to 50% on most Band-in-a-Box® 2026 upgrade packages!
Plus, when you order your Band-in-a-Box® 2026 upgrade during our special, you'll receive a Free Bonus PAK of exciting new add-ons.
If you need any help deciding which package is the best option for you, just let us know. We are here to help!
Band-in-a-Box® 2026 for Windows® Special Offers Extended Until January 15, 2026!
Good news! You still have time to upgrade to the latest version of Band-in-a-Box® for Windows® and save. Our Band-in-a-Box® 2026 for Windows® special now runs through January 15, 2025!
We've packed Band-in-a-Box® 2026 with major new features, enhancements, and an incredible lineup of new content! The program now sports a sleek, modern GUI redesign across the entire interface, including updated toolbars, refreshed windows, smoother workflows, a new dark mode option, and more. The brand-new side toolbar provides quicker access to key windows, while the new Multi-View feature lets you arrange multiple windows as layered panels without overlap, creating a flexible, clutter-free workspace. We have an amazing new “AI-Notes” feature. This transcribes polyphonic audio into MIDI so you can view it in notation or play it back as MIDI. You can process an entire track (all pitched instruments and drums) or focus on individual parts like drums, bass, guitars/piano, or vocals. There's an amazing collection of new content too, including 202 RealTracks, new RealStyles, MIDI SuperTracks, Instrumental Studies, “Songs with Vocals” Artist Performance Sets, Playable RealTracks Set 5, two RealDrums Stems sets, XPro Styles PAK 10, Xtra Styles PAK 21, and much more!
There are over 100 new features in Band-in-a-Box® 2026 for Windows®.
When you order purchase Band-in-a-Box® 2026 before 11:59 PM PST on January 15th, you'll also receive a Free Bonus PAK packed with exciting new add-ons.
Upgrade to Band-in-a-Box® 2026 for Windows® today! Check out the Band-in-a-Box® packages page for all the purchase options available.
Happy New Year!
Thank you for being part of the Band-in-a-Box® community.
Wishing you and yours a very happy 2026—Happy New Year from all of us at PG Music!
Season's Greetings!
Wishing everyone a happy, healthy holiday season—thanks for being part of our community!
The office will be closed for Christmas Day, but we will be back on Boxing Day (Dec 26th) at 6:00am PST.
Team PG
|
|
|
|
|
|
|
|
|
|
|
|
Forums57
Topics86,062
Posts799,671
Members40,025
| |
Most Online44,367
Mar 4th, 2026
|
|
|
|
|
|
|
|
|
Dansk
Deutsch - Windows
Español
Français - Windows
Italiano - Windows
Nederlands
Polski
Português
Svenskt
русский
Japanese
Simplified Chinese
Traditional Chinese
Korean