Ah man, now it got me too.

Today i downloaded Brothers in Arms: Hell's Highway from Rapidshare. It included a link to a "cookie" from RELOADED You know what i mean. I alwasy check that kind of files with antivirus before i run them. Kaspersky didn't show anything. So i replaced the game exe with the "cookie". Run it. Game didn't start. Wrong "cookie" i thought...so i went on a website with game "cookies" (rofl, this name is starting to be funny) to dl another one.
In the meantime, my firewall started to display some stuff. Actually a module of my firewall called "component controll". It checks every file for it's activity. At start i didn't notice that those message coming from firewall are suspicious. But then i saw a file called "myconfig.php" is trying to gain access to network. That's the time when i started to block further connections and suspicious system activities. Too late. Some files has been already installed and added to registry.
So back to the "cookie". I went on that site and what do i see? There is only 1 "cookie" for BiA:HH from RELOADED so it has to work. I downloaded it anyway and compared with the one i dlded from RS. A tiny difference:

good "cookie": 52 106 544 bytes
bad "cookie": 52 408 128 bytes

301 584 bytes difference. That's a lot and enough for a malicious code. I will disassemble both files and compare it's codes later.
The first symptom of infection occured when i rebooted my comp. After a short time my net stopped to respond. It was working but no website could be loaded. So i checked my firewall for network activities, and i see this:

and that's just a tiny, little, itsy bitsy part of the log. Ok, i'm being DDoS'ed. But the funniest thing is...when i search google for something, whatever result i click, i'm being redirected to some advertising site. Either my HOSTS file has been compromised or a malicious network driver layer has been installed. I hope the 1st one.

But the most rediculous thing is...that i can't fucking find what's causing all this. I ran several different tools, rootkit scanners included, checked vulnerable places, deep registry check... and nothing has been found. NOTHING. Like i had ghosts in my PC.

I finally have some challenge...Wish me luck. I don't like to do format c:

__________________

Geez, it's also blocking sites like "www.kaspersky.com" and other security related sites. I can't download tools to fix it god damnit. At least i found the cause now. It's a rootkit.

__________________

Pfffffffffffffffffffffff, that was quick. HAD tdssserv rootkit. Needed one program to fix it but i couldn't dl it bcz it was being blocked by the rootkit. I couldn't open any security related site containing virus fix tools. Luckily Max was still on msn so he dlded me the necessary proggie and i was able to fix that crap.

Thanks Max

Now my comp is clean.

__________________

Love you Mist

__________________

lol so it wasnt much of a challange then?
Good that it all got sorted

__________________

I thought it's gonna be some challenge cuz i couldn't find the reason what's causing all that mess. All AV and malware scans failed. Like ghosts, as mentioned. But i just had to use the rest of my braincells and i got it all figured. I checked which files in my system were created at the time when i ran the "cookie". I noticed this file tdssserver.sys which installed itself as a driver without my permission. I digged deeper and found more tdss*.* files which were messing with my computer ports and network activities. So there, that was it. Unloaded the driver+removed all the files+cleaned the registry and comp was fixed.

Still waiting for some challenge then...

__________________