• hdhecaytssd.exe
    30 replies, posted
Hello FacePunch, I need a little help here. A fake anti-virus program has in some way gotten onto my computer, this wasn't necessarily unexpected as I have been downloading a shitstorm of stuff today, though thats not important at the moment. Thankfully I was compiling a source map while this happened so hammer, being the resource hog it is, took the advantage to crash yet another program that dares show it's ugly head. I was relieved to see that "hdhecaytssd.exe has stopped working" and I managed to have taken it off of the system configuration startup list. Now I am currently pressure free, and I have the moment's advantage to kill this program once and for all. Just as a precaution I have my anti-virus software scanning everything on my computer. The "Antivirus Soft" as it likes to call itself, looks like this; [img]http://www.2-viruses.com/wp-content/uploads/2010/02/AntivirusSoft-300x227.jpg[/img] (Sorry for the small image, this isn't my image.) Long story short, has this happened to you and how do you get rid of it?
It has happened to me, and the only way to completely rid yourself of it is to reformat. The virus scanners always miss some part of it and it reconstitutes itself; it's a fucking nasty virus. I scanned using three AV scanners, two Antispyware scanners, and one general scanner, and it still came back. Back up important stuff, and reformat.
I've never had to deal with this particular form of fake anti virus. But generally they camp out in the Windows folder using obvious executable names like vIrU5.exe and 7r0G4n.exe. Take a look around in your Windows directory, maybe you can find something fishy. Also, because you have the executable name just throw 'hdhecaytssd.exe' into a system search and delete the bugger.
I got this once, on my crappy computer that was 10+ years old. It was a good excuse to buy a new, good computer.
This happened to me, all you have to do is reboot the computer, and [i] quickly [/i] press Ctrl alt delete, than click the fake anti-virus, it will show up in Ctrl alt delete. End that goddamned task. Do this every time you boot up your computer and it will eventually go away.
[url]http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft[/url] There.
what happened to quality support (except post above me) when you get a virus, you're not supposed to format. There are enough way to get rid of it. First, start in safe mode with networking mode. To get into that mode, restart your pc, and keep pressing f8 on the screen that comes before the windows loading screen. It's usually some kind of screen of your motherboard. So after you tapped f8 lots of times, you should get a screen allowing you to choose what safe mode you want. Choose the 'safe mode with networking' after windows boots [url=https://docs.google.com/uc?id=0B7pJ7yI2AU6jMWZmNTAyNGEtZjc4YS00ZGY2LWFlZWMtYzI5ZTEzMGIwOTk0&export=download&hl=en]download this (click)[/url]. The program is actually hijackthis, but renamed (apparently the virus accepts that name). If that one does not work, [url=https://docs.google.com/uc?id=0B7pJ7yI2AU6jNjlmODZiNjQtMDA2NC00YzczLWJiMjktMDk3NDdiNzYwNDNl&export=download]try this one[/url]. Open it, click on 'Do a systemscan only'. So after you got the bunch of lines, try to find those lines: [code] O4 – HKLM\..\Run: [mxdeorsw] C:\Documents and Settings\User\Local Settings\Application Data\rmqwne\[b][U]lkwc[/U][/b]sysguard.exe O4 – HKCU\..\Run: [mxdeorsw] C:\Documents and Settings\User\Local Settings\Application Data\rmqwne\[b][U]lkwc[/U][/b]sysguard.exe O4 – HKCU\..\Run: [wdpayrmq] C:\Users\Owner\AppData\Local\rtpoma\[b][u]rewq[/u][/b]sftav.exe O4 – HKCU\..\Run: [kgtrlpor] C:\Users\Owner\AppData\Local\mfkrtl\[U][B]oprg[/B][/U]sftav.exe R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555[/code] please note that yours might be slightly different, as you can see above, the bold and underlined parts can be different on your computer as that part is just a random string. Just delete it and make sure you backup it. so yeah, check the boxes next to them and click on the button 'fix selected'. Then download [url=http://www.filehippo.com/download_malwarebytes_anti_malware/]malware bytes[/url]. Save the setup file and rename it to winlogon.exe or to iexplore.exe. Run the setup and after you got it, run a full scan with it. Then you can also try [url=http://www.filehippo.com/download_superantispyware/]SUPERAntispyware[/url] and [url=http://www.filehippo.com/download_spybot_search_destroy/]spybot - search & destroy [/url] if you want to be sure you got rid of it. Also rename the install file there! After everything's done, reboot your pc in normal mode and look whether you still have it. instruction are from [url]http://deletemalware.blogspot.com/2010/01/how-to-remove-antivirus-soft-fake.html[/url] thank them
Trust me, it'll still be there even after all that stuff if it's the newest incarnation of the Antivirus Soft virus.
[QUOTE={ABK}AbbySciuto;22102570]Trust me, it'll still be there even after all that stuff if it's the newest incarnation of the Antivirus Soft virus.[/QUOTE] yes because viruses nowadays are impossible to remove without a format just shut up already
[QUOTE=BrQ;22101357]what happened to quality support (except post above me) when you get a virus, you're not supposed to format. There are enough way to get rid of it. [/QUOTE] [QUOTE=BrQ;22103493]yes because viruses nowadays are impossible to remove without a format just shut up already[/QUOTE] If a machine is tainted or compromised, nothing less then total sanitation should be considered. Get it in a usable condition to back shit up, then Wipe and Reload. This is pretty much standard procedure in any IT shop.
[QUOTE=Morphology53;22103646]If a machine is tainted or compromised, nothing less then total sanitation should be considered. Get it in a usable condition to back shit up, then Wipe and Reload. This is pretty much standard procedure in any IT shop.[/QUOTE] I don't know what IT shops you go to, but here they try to remove the virus. Why do you think virus- and malwarescanners excist. Why do you think there are removal instructions. Why have I plenty of times easily removed fake antivirus software.
[QUOTE=BrQ;22103732]I don't know what IT shops you go to, but here they try to remove the virus. Why do you think virus- and malwarescanners excist. Why do you think there are removal instructions. Why have I plenty of times easily removed fake antivirus software.[/QUOTE] Guess what? Wiping and reinstalling removes the virus [i]completely[/i]. It just takes longer, but is easier than sitting through hours of virus scanning, hoping that it'll be caught. [editline]03:29PM[/editline] [QUOTE=BrQ;22103493]yes because viruses nowadays are impossible to remove without a format just shut up already[/QUOTE] Maybe I should send you this virus, so you can easily remove it. :v:
You can rid this quite easily. Well, you should be able to. Download and install Malwarebytes Anti Malware (google it). Do a quick scan and reboot when it asks. If that didn't work, do a full scan and reboot when it asks. If that doesn't work, then I'm out of ideas.
[QUOTE={ABK}AbbySciuto;22106786]Guess what? Wiping and reinstalling removes the virus [i]completely[/i]. It just takes longer, but is easier than sitting through hours of virus scanning, hoping that it'll be caught. [editline]03:29PM[/editline] Maybe I should send you this virus, so you can easily remove it. :v:[/QUOTE] Sure, as long as it does not harm files, please send it.
You should never reformat, stop shitposting. SafeMode solves every problems. Do as BrQ said, and you'll be fine. You'll eventually take one entire day to wipe it, but that's not a problem. You'll acquire knowledge, and this can only be good. When formatting is fucking boring. Stop formatting for nothing. OH WAIT THERE'S A SPYWARE ON MY PC I MUST FORMAT
[QUOTE=PiXeN;22121705]You should never reformat, stop shitposting. SafeMode solves every problems. Do as BrQ said, and you'll be fine. You'll eventually take one entire day to wipe it, but that's not a problem. You'll acquire knowledge, and this can only be good. When formatting is fucking boring. Stop formatting for nothing. OH WAIT THERE'S A SPYWARE ON MY PC I MUST FORMAT[/QUOTE] -preemptive snip-
Google ads gave me this virus, I got a new PC and have adblocker on. You may of goten it from google. If you fix it. Get adblocker.
[QUOTE=dvc;22132655]Google ads gave me this virus, I got a new PC and have adblocker on. You may of goten it from google. If you fix it. Get adblocker.[/QUOTE] for gods sake, random ads don't give you viruses, what the fuck is wrong with you
Go to the thread, Does Facepunch have Malaware on it? Turn on adblock and read it. It will be shown that the virus manifested itself on our PCs from a google ad.
[QUOTE=BrQ;22134666]for gods sake, random ads don't give you viruses, what the fuck is wrong with you[/QUOTE] This. I'd still use Adblock because it's just faster that way.
[QUOTE=dvc;22135225]Go to the thread, Does Facepunch have Malaware on it? Turn on adblock and read it. It will be shown that the virus manifested itself on our PCs from a google ad.[/QUOTE] shut up thank you
Nah, Talking is my hobby.
Okay guys, the actual virus is gone but steam is all fucked up because it's browser runs off of a variant of IE, which has also been all raped... Do you know any way of repairing all the damage that this seems to have caused? [editline]01:59PM[/editline] Don't tell me to reinstall IE, that doesn't work in this case.
[QUOTE=dvc;22151117]Nah, Talking is my hobby.[/QUOTE] then stop talking shit [editline]11:13PM[/editline] [QUOTE=Magman77;22151208]Okay guys, the actual virus is gone but steam is all fucked up because it's browser runs off of a variant of IE, which has also been all raped... Do you know any way of repairing all the damage that this seems to have caused? [editline]01:59PM[/editline] Don't tell me to reinstall IE, that doesn't work in this case.[/QUOTE] What do you mean 'all raped'
I might of gotten it from downloading something. That's just what I saw while reading the thread. Anyways. My old PC got infected by this so I bought a shiny new laptop. Back to you. I believe you can rid yourself of this fucker manually. Using tools such as HiJack this. But be warned. You can fuck up your PC easily with the slightest misstep
[QUOTE=Magman77;22151208]Okay guys, the actual virus is gone but steam is all fucked up because it's browser runs off of a variant of IE, which has also been all raped... Do you know any way of repairing all the damage that this seems to have caused? [editline]01:59PM[/editline] Don't tell me to reinstall IE, that doesn't work in this case.[/QUOTE] It doesn't use IE's Mosaic anymore. It uses WebKit now.
[QUOTE={ABK}AbbySciuto;22151936]It doesn't use IE's Mosaic anymore. It uses WebKit now.[/QUOTE] Well, then it's also managed to fuck up webkit. [editline]02:47PM[/editline] [QUOTE=BrQ;22151500]then stop talking shit [editline]11:13PM[/editline] What do you mean 'all raped'[/QUOTE] Go into offline mode and goto a page you've never been too before. Theres a pretty example. :v:
[img]http://dl.dropbox.com/u/6681840/Screencap/2010-05-24_2350.png[/img] it asks to connect to the internet or to stay offline, and if I choose the last option, nothing happens. can you just screenshot it [editline]11:53PM[/editline] [QUOTE=dvc;22151781]I might of gotten it from downloading something. That's just what I saw while reading the thread. Anyways. My old PC got infected by this so I bought a shiny new laptop. Back to you. I believe you can rid yourself of this fucker manually. Using tools such as HiJack this. But be warned. You can fuck up your PC easily with the slightest misstep[/QUOTE] You bought a new laptop because you got a virus? Or are your parents just easy to convince. Hijack this is a cool tool, nothing goes wrong until you do something wrong. Fucking your whole pc up is very unlikely unless you decide to check everything in that tool and delete them all. And you can backup things. I honestly don't see how you can make a misstep in this program unless you're retarded.
I just bought a new laptop to upgrade and used the virus as an excuse. Also, you could accidentally delete a very important file, though I have to admit, you'd have to be retarded to do so.
[QUOTE=BrQ;22152267]-stuff-[/QUOTE] I thought it'd say "Internet Explorer cannot display this webpage" sorry. :v: [editline]03:28PM[/editline] Hey guys, it turns out that going to Tools>Internet Options>Connections>Lan Settings>Then unchecking the box that says "Use a proxy for your lan (These settings will not apply for Dial up or VPN connections)". Thanks for all the help you guys! You're all awesome! :buddy:
Sorry, you need to Log In to post a reply to this thread.