[RESOLVED] Black hole virus

March 26th, 2001, 08:52 AM

Customer has win 98, on the weekend recieved the blackhole virus, you know the one where it is a big hole in the middle of the screen. Any advice about a solution to her problem

jay015 · March 26th, 2001, 08:57 AM

Sorry if it seems obvious, but is an up to date antivirus software installed? If you run it, it should be able to remove it.

March 26th, 2001, 09:03 AM

it's a new computer, she has at least a newer version on norton or mcafee

jay015 · March 26th, 2001, 09:17 AM

Did you try to scan the drives with the antivirus? Does it detect it? Does it tell you that it cannot remove it?

Larommi · March 26th, 2001, 02:44 PM

Quote:

Originally posted by nathanmorris:
it's a new computer, she has at least a newer version on norton or mcafee

Newer version or not does not matter if the virus patterns are not up to date.

ilovetheusers · March 28th, 2001, 02:55 PM

Yeah, go to the website of the antivirus maker and download and run the DAT files to update the antivirus scanner. After that you are up to date.

March 28th, 2001, 05:54 PM

Any chance it's the Hybris plugin? If so, look in the win.ini file in sysedit, it would be in the [windows] section at the run= line. If the file name consists of an eight letter file name ending in .exe, delete the file name up to the run= line. Worth a shot.

tha 4NiK8R · April 2nd, 2001, 09:58 AM

If she is on a network you can remote scan her pc and kill it off that way. Otherwise boot up with the McAfee restore disk. You can also(on another machine) download AVG from www.grisoft.com, make a restore disk and boot up with it. I have killed many a virus this way.

cyberhh · April 2nd, 2001, 10:15 AM

Also from another machine go to the virus encyclopedia on mcafee or symantec's web site and look up the virus you are infected with - it will give you instructions on how to repair it.

dopeyismyhero · April 3rd, 2001, 12:08 PM

You just can't have a AV software "clean" out a virus, at least the new ones! What are you people thinking? Ever had a AV software "clean" PrettyPark, Emmanuel, MTX, or Hybris (which this one sounds like it is, btw)? Did it run right afterwards? NO! Why? Cuz you need to edit the registry and INI files first, and in the case of MTX and Hybris, replace your wsock32.dll. If you THINK you have a virus, SCAN not CLEAN with an AV that actually works....that leaves NAV and VSCAN out.... and find out WHAT it is you have. THEN, go to www.fsecure.com or www.virus.com and find out JUST WHAT THE HELL YOU ARE YOU ARE DEALING WITH. READ IT. LEARN IT. LIVE IT.

For example, if you are infected with Hybris and you run NAV or VSCAN in it's default mode, you have just moved or deleted most if not all of your Windows .dlls and exes. Yeh, it will run reallllll good after that. First, scan the system and confirm the infection (and make sure that is the only one you have) with AVP or ESET. Edit the registry to remove the virus entries there. Now, boot to DOS and delete WSOCK32.DLL and replace it with a clean copy. Boot back to Windows and run good AV (AVP, FSecure, or ESET)in DISINFECT MODE. That will clean all but the email database and plugins. Now re run the AV to DELETE what is left. Now you just have to go in and kill the inbox.mdx and any other email databases that may have the infected email in it (trash, outbox, etc). Reboot. 9 times out of 10, it is fixed. Unfortunately some plugins screw up the whole TCP\IP stack and the only solution is an F&F.

Phew.

Radical Dreamer · April 10th, 2001, 08:46 AM

Quote:

Originally posted by dopey, the stupid:
You just can't have a AV software "clean" out a virus, at least the new ones! What are you people thinking? Ever had a AV software "clean" PrettyPark, Emmanuel, MTX, or Hybris (which this one sounds like it is, btw)? Did it run right afterwards? NO! Why? Cuz you need to edit the registry and INI files first, and in the case of MTX and Hybris, replace your wsock32.dll. If you THINK you have a virus, SCAN not CLEAN with an AV that actually works....that leaves NAV and VSCAN out.... and find out WHAT it is you have. THEN, go to www.fsecure.com or www.virus.com and find out JUST WHAT THE HELL YOU ARE YOU ARE DEALING WITH. READ IT. LEARN IT. LIVE IT.

For example, if you are infected with Hybris and you run NAV or VSCAN in it's default mode, you have just moved or deleted most if not all of your Windows .dlls and exes. Yeh, it will run reallllll good after that. First, scan the system and confirm the infection (and make sure that is the only one you have) with AVP or ESET. Edit the registry to remove the virus entries there. Now, boot to DOS and delete WSOCK32.DLL and replace it with a clean copy. Boot back to Windows and run good AV (AVP, FSecure, or ESET)in DISINFECT MODE. That will clean all but the email database and plugins. Now re run the AV to DELETE what is left. Now you just have to go in and kill the inbox.mdx and any other email databases that may have the infected email in it (trash, outbox, etc). Reboot. 9 times out of 10, it is fixed. Unfortunately some plugins screw up the whole TCP\IP stack and the only solution is an F&F.

Phew.

No need to flame them.

xGHOSTx521x · January 24th, 2008, 05:21 PM

hey does anyone happen to know how to get this blackhole ip virus i have had so many people have my accounts and i wanted to set one up so if they try it again they won't be able to get into my accounts

*NooNoo* · January 24th, 2008, 05:41 PM

Welcome to Windrivers Ghost...

I don't think that will solve your problem. If other people have your account information, you should change your account information. What sort of accounts are you trying to protect.

Niclo Iste · January 24th, 2008, 09:11 PM

Well if you want to know how to acquire a virus you can always contact the virus scan companies. There are also companies that collect virii to distribute to programming companies to use in testing. All you need to get the virii files is a license in computer forensics, and fill out paper work proving your good intentions not to use them for malicious reasons. You may also have to prove that you are affiliated with the correct departments in law enforcement to acquire said files. However if you have plans to use the virii for ways to damage a persons system be aware that they will have a record of when you got the code, and what your said intentions were. Also keep in mind they will also execute any laws against you if you use the coding maliciously. I researched securities against malicious software for 6 months. there are lots of ways to get these files just you have to be authorized under extreme scrutiny to acquire them.

P.S.
We're here to help people fix computers I doubt you're going to get a straight answer on how to ruin someones computer regardless of how mean and evil you portray the victim to be. If you are worried about people accessing your documents and passwords I suggest using stronger passwords, firewalls, a good virus scan and also locking up your network.

March 26th, 2001, 08:52 AM	#1
nathanmorris Guest Posts: n/a	Black hole virus Customer has win 98, on the weekend recieved the blackhole virus, you know the one where it is a big hole in the middle of the screen. Any advice about a solution to her problem

April 2nd, 2001, 09:58 AM	#8
tha 4NiK8R Registered User Join Date: Mar 2001 Location: Idaho Posts: 465	If she is on a network you can remote scan her pc and kill it off that way. Otherwise boot up with the McAfee restore disk. You can also(on another machine) download AVG from www.grisoft.com, make a restore disk and boot up with it. I have killed many a virus this way. __________________ "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - Albert Einstein

April 2nd, 2001, 10:15 AM	#9
cyberhh Registered User Join Date: Jul 2000 Location: Huntington Beach, CA, USA Posts: 1,515	Also from another machine go to the virus encyclopedia on mcafee or symantec's web site and look up the virus you are infected with - it will give you instructions on how to repair it. __________________ Death is lighter than a feather - duty heavier than a mountian. The answer to your question is: 00110100 00110010

April 3rd, 2001, 12:08 PM	#10
dopeyismyhero Registered User Join Date: Apr 2001 Posts: 13	You just can't have a AV software "clean" out a virus, at least the new ones! What are you people thinking? Ever had a AV software "clean" PrettyPark, Emmanuel, MTX, or Hybris (which this one sounds like it is, btw)? Did it run right afterwards? NO! Why? Cuz you need to edit the registry and INI files first, and in the case of MTX and Hybris, replace your wsock32.dll. If you THINK you have a virus, SCAN not CLEAN with an AV that actually works....that leaves NAV and VSCAN out.... and find out WHAT it is you have. THEN, go to www.fsecure.com or www.virus.com and find out JUST WHAT THE HELL YOU ARE YOU ARE DEALING WITH. READ IT. LEARN IT. LIVE IT. For example, if you are infected with Hybris and you run NAV or VSCAN in it's default mode, you have just moved or deleted most if not all of your Windows .dlls and exes. Yeh, it will run reallllll good after that. First, scan the system and confirm the infection (and make sure that is the only one you have) with AVP or ESET. Edit the registry to remove the virus entries there. Now, boot to DOS and delete WSOCK32.DLL and replace it with a clean copy. Boot back to Windows and run good AV (AVP, FSecure, or ESET)in DISINFECT MODE. That will clean all but the email database and plugins. Now re run the AV to DELETE what is left. Now you just have to go in and kill the inbox.mdx and any other email databases that may have the infected email in it (trash, outbox, etc). Reboot. 9 times out of 10, it is fixed. Unfortunately some plugins screw up the whole TCP\IP stack and the only solution is an F&F. Phew. __________________ Dopey Is My Hero, the king of idiots, the mentors of morons.

January 24th, 2008, 05:21 PM	#12
xGHOSTx521x Registered User Join Date: Jan 2008 Posts: 1	blackhole hey does anyone happen to know how to get this blackhole ip virus i have had so many people have my accounts and i wanted to set one up so if they try it again they won't be able to get into my accounts

March 26th, 2001, 08:57 AM	#2
jay015 Registered User Join Date: Nov 2000 Location: Montreal Posts: 534	Sorry if it seems obvious, but is an up to date antivirus software installed? If you run it, it should be able to remove it.

March 26th, 2001, 09:03 AM	#3
nathanmorris Guest Posts: n/a	it's a new computer, she has at least a newer version on norton or mcafee

March 26th, 2001, 09:17 AM	#4
jay015 Registered User Join Date: Nov 2000 Location: Montreal Posts: 534	Did you try to scan the drives with the antivirus? Does it detect it? Does it tell you that it cannot remove it?

March 28th, 2001, 02:55 PM	#6
ilovetheusers Flabooble! Join Date: Nov 2000 Location: Downtown Banglaboobia Posts: 6,391	Yeah, go to the website of the antivirus maker and download and run the DAT files to update the antivirus scanner. After that you are up to date.

March 28th, 2001, 05:54 PM	#7
harlyblnde Guest Posts: n/a	Any chance it's the Hybris plugin? If so, look in the win.ini file in sysedit, it would be in the [windows] section at the run= line. If the file name consists of an eight letter file name ending in .exe, delete the file name up to the run= line. Worth a shot.

January 24th, 2008, 05:41 PM	#13
NooNoo Driver Terrier Join Date: Dec 2000 Location: UK Posts: 31,622	Welcome to Windrivers Ghost... I don't think that will solve your problem. If other people have your account information, you should change your account information. What sort of accounts are you trying to protect. __________________ Never, ever approach a computer saying or even thinking "I will just do this quickly."

January 24th, 2008, 09:11 PM	#14
Niclo Iste Registered User Join Date: Oct 2007 Location: Pgh, PA Posts: 1,043	Well if you want to know how to acquire a virus you can always contact the virus scan companies. There are also companies that collect virii to distribute to programming companies to use in testing. All you need to get the virii files is a license in computer forensics, and fill out paper work proving your good intentions not to use them for malicious reasons. You may also have to prove that you are affiliated with the correct departments in law enforcement to acquire said files. However if you have plans to use the virii for ways to damage a persons system be aware that they will have a record of when you got the code, and what your said intentions were. Also keep in mind they will also execute any laws against you if you use the coding maliciously. I researched securities against malicious software for 6 months. there are lots of ways to get these files just you have to be authorized under extreme scrutiny to acquire them. P.S. We're here to help people fix computers I doubt you're going to get a straight answer on how to ruin someones computer regardless of how mean and evil you portray the victim to be. If you are worried about people accessing your documents and passwords I suggest using stronger passwords, firewalls, a good virus scan and also locking up your network. __________________ Never do today what you can put off tomorrow.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode