OT - Mirar Virus - Lone Star Ball

OT - Mirar Virus

by Coolbean04 on Dec 6, 2008 12:47 PM CST Comment 59 comments

Any of you guys ever get it? I got it today on my computer and I can't get rid of it. I try to do the self removal steps but it doesn't help. It gives you steps to get rid of

HKEY files

DLL files

but none of the files they tell me to remove is located in the registry.

What should I do? I don't have the money to pay for a new virus scanner to remove it.

Any advice would be grateful.

0 recs | Comment 59 comments

Story-email Email Printer Print

Comments

I would

I would backup your data and then reinstall your OS to how it was when it left the factory.

by jf55510 on Dec 6, 2008 12:56 PM CST reply actions 0 recs

afterdark forums link regarding mirar

bleeping computer forum link regarding mirar

computing.net link regarding mirar

amazon askville about how to remove mirar

id say your best bet is either going with the afterdark or the bleeping computer links first. id go with the bleeping computer link – about 2/3rds of the way down theres a list of stuff to DL that may work/take care of it?

theres an auto-remove program for mirar in one of the links but its hard to know what to do because im not sure which varint you might have vs which one they have

id say go to bleeping computer and post there maybe if none of this stuff works?

let me know if i can do anything else to help or if you have any futher questions – emal is in profile — GOOD LUCK

Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.

"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles

by knockoutking on Dec 6, 2008 1:13 PM CST reply actions 0 recs

bleepingcomputer

Here’s a few of the things from the website.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA1\Grisoft\AVGFRE1\avgamsvr.exe

My question is, am I suppose to delete this list of stuff?

My second question is, when I try to delete it, it won’t let me. I get message saying

Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use.

by Coolbean04 on Dec 6, 2008 1:28 PM CST up reply actions 0 recs

here is what i would suggest doing

download this:
http://www.stevengould.org/index.php?Itemid=69&id=15&option=com_content&task=view

then run it (make sure your actually running it, not just the practice “clean up”)

run this:
http://www.kaspersky.com/virusscanner

download in windows, open and update but dont run yet. a2 free
a2 – removes trojans/worms/dialers
spybot s&d
ad-aware

download the 2 programs in blockquotes, then print off this stuff (or save it to a txt doc on your desktop if your not around a printer)

boot to safe mode

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.

Download\install ‘SuperAntiSpyware Home Edition Free Version’ from here:
http://www.superantispyware.com/downloadfi…ANTISPYWAREFREE

Launch SuperAntiSpyware and click on ‘Check for updates’.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.

Now double-click ATF-Cleaner.exe to run the program.
Click ‘Select All’ found at the bottom of the list.
Click the ‘Empty Selected’ button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose ‘Select All’ from the list.
Click the ‘Empty Selected’ button.
NOTE:
If you would like to keep your saved passwords,please click ‘No’ at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose ‘Select All’ from the list.
Click the ‘Empty Selected’ button.
NOTE:
If you would like to keep your saved passwords,please click ‘No’ at the prompt.
Click ‘Exit’ on the Main menu to close the program.

Now Start SuperAntiSpyware.
On the main screen click on ‘Scan your computer’.
Check: ‘Perform Complete Scan’.
Click ‘Next’ to start the scan.

Superantispyware will now scan your computer,when it’s finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press ‘Next’.
Click on ‘Finish’ when you’ve done.

It’s possible that the program will ask you to reboot in order to delete some files.

if it asks your to reboot, reboot then go boot back to safe mode

still in safe mode do this:
a2 free – run and scan
spybot s&d – run and scan
ad-aware – run and scan

restart

download/run/update in regular windows:
ie-spyad – A registry file that adds a long list of known malware domains to your restricted sites section of Internet Explorer.

spyware blaster – A program that locks your browser from running known malware or downloading programs from known malware sites.

Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.

"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles

by knockoutking on Dec 6, 2008 1:56 PM CST up reply actions 0 recs

let mek now if this works :)

Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.

"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles

by knockoutking on Dec 6, 2008 2:08 PM CST up reply actions 0 recs

Is there any other options?

I’m not that great with computers and I can see myself screwing that up.

by Coolbean04 on Dec 6, 2008 4:48 PM CST up reply actions 0 recs

do this

run Malwarebytes, spybot.

Then run your AV, hopefully you have a pretty solid one like AVG.

Jindal - 2012

by Longhorn on Dec 6, 2008 5:03 PM CST up reply actions 0 recs

thats the problem with a lot of malware

its hard a shit to remove

Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.

"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles

by knockoutking on Dec 6, 2008 6:04 PM CST up reply actions 0 recs

Malwarebytes should kill it.

I had a bug from an infected webpage recently, Kaspersky or F-Secure could not clean it, as the virus was stopping them, Malwarebytes DID.

Good Luck!

"...my balls are really like a veiny flesh color" blueballlefty on Jun 4, 2008 7:44 PM EDT
"you gonna lose your horse. seriously." FX2
Yes we can! November 04, 2008

by Rodney on Dec 6, 2008 5:57 PM CST reply actions 0 recs

I googled Malwarebytes

and got spyware cease at anti-malwarebytes.com, is that it?

by Coolbean04 on Dec 6, 2008 6:17 PM CST up reply actions 0 recs

www.download.com

is your friend.

Jindal - 2012

by Longhorn on Dec 6, 2008 6:22 PM CST up reply actions 0 recs

Just curious...

How did you get the virus?

I propose a 5-year moratorium on trading any young Ranger pitchers who throw over 90 mph.

by Ajax68 on Dec 6, 2008 6:28 PM CST reply actions 0 recs

Downloading Chessmaster 10

by Coolbean04 on Dec 6, 2008 6:30 PM CST up reply actions 0 recs

If you use AVG and Firefox....

…there’s an extension that integrates AVG into the browser. I’d recommend getting that after you get your problem straightened out.

613photo

by Black Francis on Dec 7, 2008 9:28 AM CST up reply actions 0 recs

look dude

your probably going to have to do all of that above anyway or its gonna come back…

Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.

"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles

by knockoutking on Dec 6, 2008 6:46 PM CST reply actions 0 recs

no

that’s not true. you and the guy that said to reinstall the O.S. are attacking this problem with a butcher knife instead of the scalpel (i miss election season).

he just needs to find every file and registry key associated with the virus. combinations of the options listed above will do it without having to do everything you said. most of the stuff you listed is duplicative anyway. stop scaring the man.

""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley

by ab03 on Dec 6, 2008 7:15 PM CST up reply actions 0 recs

well..

once a systems been compromised the best defense is a re-install assuming recent backups were made.
also many cases you have to remove regkeys etc in safemode and even then the damn thing sometimes still comes back.

"I'm against picketing, but I don't know how to show it." - Mitch Hedberg

by rentz on Dec 6, 2008 8:34 PM CST up reply actions 0 recs

yuuup

if you want to make sure you get rid of it reformat

Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.

"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles

by knockoutking on Dec 6, 2008 10:23 PM CST up reply actions 0 recs

its always better to be safer than sorry

and the odds of manually getting rid of it on the first pass are slim to none (from personal experience with ppl while workin in IT)

Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.

"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles

by knockoutking on Dec 6, 2008 10:22 PM CST up reply actions 0 recs

and by come back

i mean that you probably wont get all of it the first time and it will re-manifest itself from whereever it has hidden itself

Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.

"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles

by knockoutking on Dec 6, 2008 10:23 PM CST up reply actions 0 recs

OK, this is weird

I’m on my laptop now talking on here. I downloaded malwarebytes from download.com and it got rid of the virus. I don’t have the pop ups anymore which is great.

Now my new problem.

My computer seems to be screwed up. Now my internet on the desktop doesn’t work. Every time I try to open firefox or IE, the browser freezes. What do you think is the problem?

It’s weird, with the Mirar virus, everything worked. Now that malwarebytes got rid of the virus, my browsers now don’t work.

by Coolbean04 on Dec 6, 2008 8:22 PM CST reply actions 0 recs

Solution

Intentionally get the virus again.

by LiamP on Dec 6, 2008 9:56 PM CST up reply actions 0 recs

It could be that to get rid of the virus

something else got screwed up in the process. Try re-installing Firefox and see if that helps.

My recommendation is to back up everything you have that you care about and re-install your OS. If you’ve have your computer for more than a half year or so, re-installing your OS would be a good idea anyways. After you do this, you’ll see your computer works better than you ever remember.

By 2028, Mark Teixeira will be in the HOF.
-The Outlaw

by Gdawg on Dec 6, 2008 11:59 PM CST up reply actions 0 recs

you probably haven't completely gotten rid of it

or it messed up something. download hijackthis , do the “system scan and save a log file.”

Now, this is where I would tell you to copy and paste everything in your log file on here but there might be something you don’t want me to see and it’s really long.

If you want to paste everything that you see, you can.

Otherwise, let me know if there is anything that shows up with a prefix of N#, O5, O12. Start with those for now.

Also, if you can figure out a way to get google chrome onto your desktop, try that.

""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley

by ab03 on Dec 7, 2008 12:01 AM CST up reply actions 0 recs

but to be clear

don’t do anything else after the scan. Don’t put a checkmark next to anything, don’t fix anything.

""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley

by ab03 on Dec 7, 2008 12:06 AM CST up reply actions 0 recs

also

list anything under O2

""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley

by ab03 on Dec 7, 2008 12:10 AM CST up reply actions 0 recs

or he could just do what i suggested above

and make sure his system is clean of mirar and whever else is on there

Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.

"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles

by knockoutking on Dec 7, 2008 12:35 AM CST up reply actions 0 recs

how is doing what you said easier than doing what I said?

you’re being a little obtuse about this.

and, if you’ve never used hijackthis, you might give it a try yourself before you judge it. it’s actually all you need

""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley

by ab03 on Dec 7, 2008 11:29 AM CST up reply actions 0 recs

hijack this

one problem with that app (last time i saw it which was quite a while ago) is it would be really easy to tell it to delete reg entries you need

"I'm against picketing, but I don't know how to show it." - Mitch Hedberg

by rentz on Dec 7, 2008 11:34 AM CST up reply actions 0 recs

yup

that is a big big problem (still). but as long as you don’t “fix” anything with proper authorization, you should be fine

""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley

by ab03 on Dec 7, 2008 11:54 AM CST up reply actions 0 recs

i have used it

however 99.99% of the people who do use it have no clue how to use it

Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.

"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles

by knockoutking on Dec 7, 2008 1:02 PM CST up reply actions 0 recs

When I got hit earlier this year,

the virus fucked any attempt to connect to any AV website out there. It also erased/hijacked all my bookmarks in IE. I would assume the same is happening with FF.

Your browsers may have “worked” on some sites, but the little bastard virus was just waiting for you to let your gaurd down, and then it was gonna Hijack Away!

I would also recommend a root kit scan. You may have a backdoor installed also. Get a good free one here.

"...my balls are really like a veiny flesh color" blueballlefty on Jun 4, 2008 7:44 PM EDT
"you gonna lose your horse. seriously." FX2
Yes we can! November 04, 2008

by Rodney on Dec 7, 2008 11:34 AM CST up reply actions 0 recs

buy a mac

by neon greon on Dec 6, 2008 9:02 PM CST reply actions 1 recs

The ultimate false sense of security.

by Inkara1 on Dec 6, 2008 10:19 PM CST up reply actions 0 recs

+1 million

Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.

"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles

by knockoutking on Dec 6, 2008 10:22 PM CST up reply actions 0 recs

might be a false sense of security

but its proven to be better than windows when it comes to virus’s
though i openly admit that if all the windows virus and malware writers concentrated on mac we’d have mac virus/malware be more common.

"I'm against picketing, but I don't know how to show it." - Mitch Hedberg

by rentz on Dec 7, 2008 4:48 AM CST up reply actions 0 recs

That;s because

you write a virus for the pc, and it attackes 90% of the computers out there.

You write a virus for Mac, and attacks a few computers run by effete hairdressers and graphic artists.

Nolan Ryan is the Greatest Pitcher ever, because Google says so.

"BTW I’m officially welching ab03. Yeah I planned too all along, but I figured I’d try to get off the hook with double or nothing first."- Sharky

by DJCahill on Dec 7, 2008 5:57 AM CST up reply actions 0 recs

virus's

that and most windows users are too dumb to avoid virus’s

"I'm against picketing, but I don't know how to show it." - Mitch Hedberg

by rentz on Dec 7, 2008 8:46 AM CST up reply actions 0 recs

add elitist to the list of adjectives

mac users just go to a “genius” to fix their computers.

or, they buy another one.

""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley

by ab03 on Dec 7, 2008 11:28 AM CST up reply actions 0 recs

ironically

most mac people i know more closely resemble the pc person in the mac pc ads
i use mac because i dont like windows and got sick of messing with linux kernels all the time.

if my mac breaks i know how to fix it, i dont need a “genius” to tell me jack.
pc users just call the geek squad

"I'm against picketing, but I don't know how to show it." - Mitch Hedberg

by rentz on Dec 7, 2008 11:36 AM CST up reply actions 0 recs

+1

I use Mac because it is incredibly stable. I rarely have any problems. I use windows at work and it drives me nuts.

I'm undefeated in fights. Have I been in any? No. Thats because people know my f'ing status. Don't mess with the elite. - Miles

by Dirk Diggler on Dec 7, 2008 11:41 AM CST up reply actions 0 recs

sure

you are clearly the prototypical mac user, right? one that dabbled in linux previously? sure…

""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley

by ab03 on Dec 7, 2008 11:58 AM CST up reply actions 0 recs

i dont know what the typical user is really

most people i know were like me and linux/unix oriented and switched when osx took off.

"I'm against picketing, but I don't know how to show it." - Mitch Hedberg

by rentz on Dec 7, 2008 12:07 PM CST up reply actions 0 recs

most people i know that are like that

also dual boot their mac’s

""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley

by ab03 on Dec 7, 2008 12:59 PM CST up reply actions 0 recs

dual boot

ive got windows on mine via bootcamp and vmware fusion, but i rarely access it. only for apps that dont support mac.

"I'm against picketing, but I don't know how to show it." - Mitch Hedberg

by rentz on Dec 7, 2008 1:10 PM CST up reply actions 0 recs

PC vs. MAC

Warning: Language is a bit, umm, mature

By 2028, Mark Teixeira will be in the HOF.
-The Outlaw

by Gdawg on Dec 7, 2008 12:58 PM CST up reply actions 0 recs

is there a more pretentious person in the world than steve jobs?

the real brains behind apple was woz.

"I'm against picketing, but I don't know how to show it." - Mitch Hedberg

by rentz on Dec 7, 2008 1:12 PM CST up reply actions 0 recs

apple products in general, i dont' think so

product design innovations are what sell apple products and that is all steve jobs

""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley

by ab03 on Dec 7, 2008 2:28 PM CST up reply actions 0 recs

and indie rock hipsters.

613photo

by Black Francis on Dec 7, 2008 9:32 AM CST up reply actions 0 recs

People who listen to garbage like 'The Submarines.'

meet me at the mawwl... it's goin dowwn...

by oc on Dec 7, 2008 1:38 PM CST up reply actions 0 recs

Thumbs up on the stereotypes.

meet me at the mawwl... it's goin dowwn...

by oc on Dec 7, 2008 1:35 PM CST up reply actions 0 recs

I bought this Mac in the Fall of '03.

It has never ever crashed, runs every program I throw at it, and to my eye it’s just as fast as the day I bought it. I’m sure some of it is luck, as all their computers can’t be still running great 5years later, but, still.

I love it.

When this thing finally breaks down you bet your ass I’m gonna go with another Mac. It does everything I need it to do and it does it faster and more reliably and has done so over a much longer period of time than any PC I’ve ever owned.

The 40 Trumps All!!!

There are two kinds of men in this world: Men who make jump throws, and men who wish that they were Derek Jeter so that they could make jump throws.

by thedirkatron on Dec 8, 2008 1:11 PM CST up reply actions 0 recs