I've been wondering for a while now why my Torrent application seems to be
using all my upload bandwidth and slowing browsing to a crawl even when I
have the Torrent upload limit capped to a sensible level. I shut all apps
down and fired up the DSL modem meter and bugger me there's about 70kb/s of
upload ticking away in the background all the time. Me smells a Snark that's
insinuated its nasty little self onto my pc.

Nothing unusual appearing in Task Manager but then most nasties don't show
up there anyway. Fire up MBAM and it won't update itself. Hmmm. Check
firewall settings. Still no joy. Into Firefox and try to access the MBAM
website to download the current version. No joy. Hmmm. Nasty little Snark is
stopping anything MBAM related running it seems. Clever little Snark. I like
a challenge

Run "NETSTAT -B" and there's an unknown component running.

Time to dig all the Snark hunting tools out and see if I can pot myself
something tasty for lunch.
--
Dave Baker

"Dave Baker" <(E-Mail Removed)> wrote in message
news:h4jr84$lsr$(E-Mail Removed)...
> I've been wondering for a while now why my Torrent application seems to be
> using all my upload bandwidth and slowing browsing to a crawl even when I
> have the Torrent upload limit capped to a sensible level. I shut all apps
> down and fired up the DSL modem meter and bugger me there's about 70kb/s
> of upload ticking away in the background all the time. Me smells a Snark
> that's insinuated its nasty little self onto my pc.
>
> Nothing unusual appearing in Task Manager but then most nasties don't show
> up there anyway. Fire up MBAM and it won't update itself. Hmmm. Check
> firewall settings. Still no joy. Into Firefox and try to access the MBAM
> website to download the current version. No joy. Hmmm. Nasty little Snark
> is stopping anything MBAM related running it seems. Clever little Snark. I
> like a challenge
>
> Run "NETSTAT -B" and there's an unknown component running.
>
> Time to dig all the Snark hunting tools out and see if I can pot myself
> something tasty for lunch.
> --
> Dave Baker

OK I'm getting ****ed off now. It's disabled System Restore, Hijackthis is
not showing anything I can spot as an immediate problem and I can't run any
anti malware programs. This little sod might actually be too clever for me.
Any suggestions?

Dave Baker wrote:
>I can't run any
>anti malware programs. This little sod might actually be too clever for me.
>Any suggestions?

Are these programs already on your machine yet won't run,
or are they not available to download
because maybe your hosts file had been corrupted?

"ASCII" <(E-Mail Removed)> wrote in message news:4a6d9555.3504937@EBCDIC...
> Dave Baker wrote:
>>I can't run any
>>anti malware programs. This little sod might actually be too clever for
>>me.
>>Any suggestions?
>
> Are these programs already on your machine yet won't run,
> or are they not available to download
> because maybe your hosts file had been corrupted?

I've got MBAM installed and the last update was a month or so ago. It won't
re-update and as far as I can see the hosts file is not corrupted so I'm not
sure how this little bastard is stopping access to the MBAM website.

I've tried turning System Restore on again and it won't let me do that
either so this thing is clever.

Dave Baker wrote:
> "ASCII" <(E-Mail Removed)> wrote in message news:4a6d9555.3504937@EBCDIC...
>> Dave Baker wrote:
>>> I can't run any
>>> anti malware programs. This little sod might actually be too clever for
>>> me.
>>> Any suggestions?
>> Are these programs already on your machine yet won't run,
>> or are they not available to download
>> because maybe your hosts file had been corrupted?
>
> I've got MBAM installed and the last update was a month or so ago. It won't
> re-update and as far as I can see the hosts file is not corrupted so I'm not
> sure how this little bastard is stopping access to the MBAM website.
>
> I've tried turning System Restore on again and it won't let me do that
> either so this thing is clever.

Although you did mention MBAM by name, you have failed to give us any
specifics about your system OS & your antimalware.

Rename MBAM's executable to something like Baker001 and try running
the update. If that works, you'll probably be able to run a scan in
normal mode, with networking of course.

Please update this this thread with your progress.

Regards,

Pete
--
1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]

"Dave Baker" <(E-Mail Removed)> wrote in message
news:h4k3vk$fdq$(E-Mail Removed)...

> OK I'm getting ****ed off now. It's disabled System Restore,
> Hijackthis is not showing anything I can spot as an immediate problem
> and I can't run any anti malware programs. This little sod might
> actually be too clever for me. Any suggestions?

Download the tools using another (non-infested) machine. Rename the
tools before attempting to execute them on the affected machine.

"FromTheRafters" <(E-Mail Removed)> wrote in message
news:h4k7tu$1cq$(E-Mail Removed)...
> "Dave Baker" <(E-Mail Removed)> wrote in message
> news:h4k3vk$fdq$(E-Mail Removed)...
>
>> OK I'm getting ****ed off now. It's disabled System Restore, Hijackthis
>> is not showing anything I can spot as an immediate problem and I can't
>> run any anti malware programs. This little sod might actually be too
>> clever for me. Any suggestions?
>
> Download the tools using another (non-infested) machine. Rename the tools
> before attempting to execute them on the affected machine.

If I had another non-infested machine......

In article <h4k5vb$hu3$(E-Mail Removed)>, (E-Mail Removed) says...
> I've got MBAM installed and the last update was a month or so ago. It won't
> re-update and as far as I can see the hosts file is not corrupted so I'm not
> sure how this little bastard is stopping access to the MBAM website.
>
> I've tried turning System Restore on again and it won't let me do that
> either so this thing is clever.
>

MBAM had updates over the weekend - there is new malware that it detects
as of the Sunday update that it didn't detect on Thursday. Download a
new copy and install it again.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
(E-Mail Removed) (remove 999 for proper email address)

Dave Baker wrote:
> "FromTheRafters" <(E-Mail Removed)> wrote in message
> news:h4k7tu$1cq$(E-Mail Removed)...
>> "Dave Baker" <(E-Mail Removed)> wrote in message
>> news:h4k3vk$fdq$(E-Mail Removed)...
>>
>>> OK I'm getting ****ed off now. It's disabled System Restore, Hijackthis
>>> is not showing anything I can spot as an immediate problem and I can't
>>> run any anti malware programs. This little sod might actually be too
>>> clever for me. Any suggestions?
>> Download the tools using another (non-infested) machine. Rename the tools
>> before attempting to execute them on the affected machine.
>
> If I had another non-infested machine......

....and you can rename the downloaded MBAM installer file before
execution too.

/Some/ likelihood exists that HJT actually /does/ see your malware.
However, don't post your HJT log here. If it comes to it, you can
submit your HJT log to:

<http://www.bleepingcomputer.com/forums/forum22.html>

If any of your efforts produces the /name/ of the malware, please make
careful note and repost here.

Pete
--
1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]

"Dave Baker" <(E-Mail Removed)> wrote in message
news:h4k8el$l68$(E-Mail Removed)...
>
> "FromTheRafters" <(E-Mail Removed)> wrote in message
> news:h4k7tu$1cq$(E-Mail Removed)...
>> "Dave Baker" <(E-Mail Removed)> wrote in message
>> news:h4k3vk$fdq$(E-Mail Removed)...
>>
>>> OK I'm getting ****ed off now. It's disabled System Restore,
>>> Hijackthis is not showing anything I can spot as an immediate
>>> problem and I can't run any anti malware programs. This little sod
>>> might actually be too clever for me. Any suggestions?
>>
>> Download the tools using another (non-infested) machine. Rename the
>> tools before attempting to execute them on the affected machine.
>
> If I had another non-infested machine......

See if you can FTP the tools. See if you can access the website by
putting the IP address in the address bar instead of relying on a lookup
(DNS / hosts file). Have someone you trust download the tool and host it
for your retrieval from them (HTTP/FTP/ ..or e-mail (ugh)).

....do you know any good chants or mantra's?