OT - Mirar Virus
by Coolbean04 on Dec 6, 2008 12:47 PM CST
Email
PrintAny of you guys ever get it? I got it today on my computer and I can't get rid of it. I try to do the self removal steps but it doesn't help. It gives you steps to get rid of
HKEY files
DLL files
but none of the files they tell me to remove is located in the registry.
What should I do? I don't have the money to pay for a new virus scanner to remove it.
Any advice would be grateful.
59 comments
|
0 recs |
Do you like this story?
Comments
I would
I would backup your data and then reinstall your OS to how it was when it left the factory.
afterdark forums link regarding mirar
bleeping computer forum link regarding mirar
computing.net link regarding mirar
amazon askville about how to remove mirar
id say your best bet is either going with the afterdark or the bleeping computer links first. id go with the bleeping computer link – about 2/3rds of the way down theres a list of stuff to DL that may work/take care of it?
theres an auto-remove program for mirar in one of the links but its hard to know what to do because im not sure which varint you might have vs which one they have
id say go to bleeping computer and post there maybe if none of this stuff works?
let me know if i can do anything else to help or if you have any futher questions – emal is in profile — GOOD LUCK
Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.
"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles
bleepingcomputer
Here’s a few of the things from the website.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA1\Grisoft\AVGFRE1\avgamsvr.exe
My question is, am I suppose to delete this list of stuff?
My second question is, when I try to delete it, it won’t let me. I get message saying
Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use.
here is what i would suggest doing
download this:
http://www.stevengould.org/index.php?Itemid=69&id=15&option=com_content&task=view
then run it (make sure your actually running it, not just the practice “clean up”)
run this:
http://www.kaspersky.com/virusscanner
download in windows, open and update but dont run yet. a2 free
a2 – removes trojans/worms/dialers
spybot s&d
ad-aware
download the 2 programs in blockquotes, then print off this stuff (or save it to a txt doc on your desktop if your not around a printer)
boot to safe mode
Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.
Download\install ‘SuperAntiSpyware Home Edition Free Version’ from here:
http://www.superantispyware.com/downloadfi…ANTISPYWAREFREE
Launch SuperAntiSpyware and click on ‘Check for updates’.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.
Now double-click ATF-Cleaner.exe to run the program.
Click ‘Select All’ found at the bottom of the list.
Click the ‘Empty Selected’ button.
If you use Firefox browser, do this also:
Click Firefox at the top and choose ‘Select All’ from the list.
Click the ‘Empty Selected’ button.
NOTE:
If you would like to keep your saved passwords,please click ‘No’ at the prompt.
If you use Opera browser,do this also:
Click Opera at the top and choose ‘Select All’ from the list.
Click the ‘Empty Selected’ button.
NOTE:
If you would like to keep your saved passwords,please click ‘No’ at the prompt.
Click ‘Exit’ on the Main menu to close the program.
Now Start SuperAntiSpyware.
On the main screen click on ‘Scan your computer’.
Check: ‘Perform Complete Scan’.
Click ‘Next’ to start the scan.
Superantispyware will now scan your computer,when it’s finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press ‘Next’.
Click on ‘Finish’ when you’ve done.
It’s possible that the program will ask you to reboot in order to delete some files.
if it asks your to reboot, reboot then go boot back to safe mode
still in safe mode do this:
a2 free – run and scan
spybot s&d – run and scan
ad-aware – run and scan
restart
download/run/update in regular windows:
ie-spyad – A registry file that adds a long list of known malware domains to your restricted sites section of Internet Explorer.
spyware blaster – A program that locks your browser from running known malware or downloading programs from known malware sites.
Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.
"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles
let mek now if this works :)
Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.
"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles
Is there any other options?
I’m not that great with computers and I can see myself screwing that up.
thats the problem with a lot of malware
its hard a shit to remove
Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.
"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles
Malwarebytes should kill it.
I had a bug from an infected webpage recently, Kaspersky or F-Secure could not clean it, as the virus was stopping them, Malwarebytes DID.
Good Luck!
"...my balls are really like a veiny flesh color" blueballlefty on Jun 4, 2008 7:44 PM EDT
"you gonna lose your horse. seriously." FX2
Yes we can! November 04, 2008
I googled Malwarebytes
and got spyware cease at anti-malwarebytes.com, is that it?
Just curious...
How did you get the virus?
I propose a 5-year moratorium on trading any young Ranger pitchers who throw over 90 mph.
If you use AVG and Firefox....
…there’s an extension that integrates AVG into the browser. I’d recommend getting that after you get your problem straightened out.
by Black Francis on Dec 7, 2008 9:28 AM CST up reply actions
look dude
your probably going to have to do all of that above anyway or its gonna come back…
Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.
"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles
no
that’s not true. you and the guy that said to reinstall the O.S. are attacking this problem with a butcher knife instead of the scalpel (i miss election season).
he just needs to find every file and registry key associated with the virus. combinations of the options listed above will do it without having to do everything you said. most of the stuff you listed is duplicative anyway. stop scaring the man.
""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley
well..
once a systems been compromised the best defense is a re-install assuming recent backups were made.
also many cases you have to remove regkeys etc in safemode and even then the damn thing sometimes still comes back.
"I'm against picketing, but I don't know how to show it." - Mitch Hedberg
yuuup
if you want to make sure you get rid of it reformat
Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.
"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles
by knockoutking on Dec 6, 2008 10:23 PM CST up reply actions
its always better to be safer than sorry
and the odds of manually getting rid of it on the first pass are slim to none (from personal experience with ppl while workin in IT)
Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.
"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles
by knockoutking on Dec 6, 2008 10:22 PM CST up reply actions
and by come back
i mean that you probably wont get all of it the first time and it will re-manifest itself from whereever it has hidden itself
Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.
"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles
by knockoutking on Dec 6, 2008 10:23 PM CST up reply actions
OK, this is weird
I’m on my laptop now talking on here. I downloaded malwarebytes from download.com and it got rid of the virus. I don’t have the pop ups anymore which is great.
Now my new problem.
My computer seems to be screwed up. Now my internet on the desktop doesn’t work. Every time I try to open firefox or IE, the browser freezes. What do you think is the problem?
It’s weird, with the Mirar virus, everything worked. Now that malwarebytes got rid of the virus, my browsers now don’t work.
It could be that to get rid of the virus
something else got screwed up in the process. Try re-installing Firefox and see if that helps.
My recommendation is to back up everything you have that you care about and re-install your OS. If you’ve have your computer for more than a half year or so, re-installing your OS would be a good idea anyways. After you do this, you’ll see your computer works better than you ever remember.
By 2028, Mark Teixeira will be in the HOF.
-The Outlaw
you probably haven't completely gotten rid of it
or it messed up something. download hijackthis , do the “system scan and save a log file.”
Now, this is where I would tell you to copy and paste everything in your log file on here but there might be something you don’t want me to see and it’s really long.
If you want to paste everything that you see, you can.
Otherwise, let me know if there is anything that shows up with a prefix of N#, O5, O12. Start with those for now.
Also, if you can figure out a way to get google chrome onto your desktop, try that.
""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley
but to be clear
don’t do anything else after the scan. Don’t put a checkmark next to anything, don’t fix anything.
""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley
also
list anything under O2
""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley
or he could just do what i suggested above
and make sure his system is clean of mirar and whever else is on there
Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.
"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles
by knockoutking on Dec 7, 2008 12:35 AM CST up reply actions
how is doing what you said easier than doing what I said?
you’re being a little obtuse about this.
and, if you’ve never used hijackthis, you might give it a try yourself before you judge it. it’s actually all you need
""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley
hijack this
one problem with that app (last time i saw it which was quite a while ago) is it would be really easy to tell it to delete reg entries you need
"I'm against picketing, but I don't know how to show it." - Mitch Hedberg
yup
that is a big big problem (still). but as long as you don’t “fix” anything with proper authorization, you should be fine
""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley
i have used it
however 99.99% of the people who do use it have no clue how to use it
Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.
"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles
When I got hit earlier this year,
the virus fucked any attempt to connect to any AV website out there. It also erased/hijacked all my bookmarks in IE. I would assume the same is happening with FF.
Your browsers may have “worked” on some sites, but the little bastard virus was just waiting for you to let your gaurd down, and then it was gonna Hijack Away!
I would also recommend a root kit scan. You may have a backdoor installed also. Get a good free one here.
"...my balls are really like a veiny flesh color" blueballlefty on Jun 4, 2008 7:44 PM EDT
"you gonna lose your horse. seriously." FX2
Yes we can! November 04, 2008
+1 million
Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.
"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles
by knockoutking on Dec 6, 2008 10:22 PM CST up reply actions
might be a false sense of security
but its proven to be better than windows when it comes to virus’s
though i openly admit that if all the windows virus and malware writers concentrated on mac we’d have mac virus/malware be more common.
"I'm against picketing, but I don't know how to show it." - Mitch Hedberg
That;s because
you write a virus for the pc, and it attackes 90% of the computers out there.
You write a virus for Mac, and attacks a few computers run by effete hairdressers and graphic artists.
Nolan Ryan is the Greatest Pitcher ever, because Google says so.
"BTW I’m officially welching ab03. Yeah I planned too all along, but I figured I’d try to get off the hook with double or nothing first."- Sharky
virus's
that and most windows users are too dumb to avoid virus’s
"I'm against picketing, but I don't know how to show it." - Mitch Hedberg
add elitist to the list of adjectives
mac users just go to a “genius” to fix their computers.
or, they buy another one.
""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley
ironically
most mac people i know more closely resemble the pc person in the mac pc ads
i use mac because i dont like windows and got sick of messing with linux kernels all the time.
if my mac breaks i know how to fix it, i dont need a “genius” to tell me jack.
pc users just call the geek squad
"I'm against picketing, but I don't know how to show it." - Mitch Hedberg
+1
I use Mac because it is incredibly stable. I rarely have any problems. I use windows at work and it drives me nuts.
I'm undefeated in fights. Have I been in any? No. Thats because people know my f'ing status. Don't mess with the elite. - Miles
by Dirk Diggler on Dec 7, 2008 11:41 AM CST up reply actions
sure
you are clearly the prototypical mac user, right? one that dabbled in linux previously? sure…
""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley
i dont know what the typical user is really
most people i know were like me and linux/unix oriented and switched when osx took off.
"I'm against picketing, but I don't know how to show it." - Mitch Hedberg
most people i know that are like that
also dual boot their mac’s
""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley
PC vs. MAC
Warning: Language is a bit, umm, mature
By 2028, Mark Teixeira will be in the HOF.
-The Outlaw
is there a more pretentious person in the world than steve jobs?
the real brains behind apple was woz.
"I'm against picketing, but I don't know how to show it." - Mitch Hedberg
apple products in general, i dont' think so
product design innovations are what sell apple products and that is all steve jobs
""If they'd have told me you can make the team but you've got to shine the shoes, I'd have been there shining shoes." -Bradley
People who listen to garbage like 'The Submarines.'
meet me at the mawwl... it's goin dowwn...
by oc on Dec 7, 2008 1:38 PM CST up reply actions
Thumbs up on the stereotypes.
meet me at the mawwl... it's goin dowwn...
by oc on Dec 7, 2008 1:35 PM CST up reply actions
I bought this Mac in the Fall of '03.
It has never ever crashed, runs every program I throw at it, and to my eye it’s just as fast as the day I bought it. I’m sure some of it is luck, as all their computers can’t be still running great 5years later, but, still.
I love it.
When this thing finally breaks down you bet your ass I’m gonna go with another Mac. It does everything I need it to do and it does it faster and more reliably and has done so over a much longer period of time than any PC I’ve ever owned.
The 40 Trumps All!!!
There are two kinds of men in this world: Men who make jump throws, and men who wish that they were Derek Jeter so that they could make jump throws.
I will never buy a mac
Simply becuase those “I’m a mac and I’m a PC” commercials got to be such a beating.
"Somewhere out there, between 14-32 BBWAA NL MVP voters are trying to get cheaper winter heating by drilling a hole in the microwave." - Jeff at LoL
I can't believe
all the problems I’m getting just because I wanted to play a chess game.
you sure it wasnt a porn chess game?
chest masters 10?
"I'm against picketing, but I don't know how to show it." - Mitch Hedberg
Not always true...
Most of my infections have been from downloading music…
meet me at the mawwl... it's goin dowwn...
by oc on Dec 7, 2008 1:34 PM CST up reply actions
what are you using to download?
Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.
"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles
Stealing or paying?
The 40 Trumps All!!!
There are two kinds of men in this world: Men who make jump throws, and men who wish that they were Derek Jeter so that they could make jump throws.
question
who on here owns a netbook, and do you like it?
Scout: He was a first-round pick right? Got a huge bonus?
KG: Oh yeah.
Scout: Well, he spent a lot of it on milkshakes.
"If I go to this "party", I will give "save us" a piece of my knuckle sandwich…" -- miles
Comments For This Post Are Closed
Secondary Sidebar
User Tools
FanPosts
Community blog posts and discussion.
Certain photos copyright © 2012 by Associated Press or Getty Images. Any commercial use or distribution without the express written consent of Associated Press and Getty Images is strictly prohibited.
