I've narrowed a virus down to two programs, now I need help.. - by 37637598
37637598 on 16/12/2009 at 09:52
There's a virus embedded in one of two programs, but I need both programs in order to do what I need to do. I legally downloaded both programs from their authors websites, so I have no clue why either one would have a virus in the first place.
The first is caled JoyToKey, the second is called XBCD (Xbox Controller Driver). When I install these programs, my computer stops running Daemon virtual emulation, tells me that Daemon is missing core file, and installs 3 pornographic website shortcuts onto my desktop, along with popping up messages telling me how my computer may be infected with spyware.
I know the virus is in one of these programs, but I'm not sure which. I've scanned both files with AVG, Spybot S&D, Spyware Doctor, Avast, and SuperAntiSpyware. They come up with no results. Does anyone know of a way I can search the contents of the programs? They're packed into .exe installers, each taking up all of about 250-450KB. Can I perhaps use a program to search for text within these exe's? Then maybe I could just search for the titles of the porn icons to see which file is the source of the virus.
Any suggestion is much appreciated. I would like to get my controller working so I can play Oblivion how it's supposed to be played. =)
PS, JoyToKey is a small app that allows you to simulate keyboard buttons from any controller you plug into your computer. XBCD is a driver for the original xbox controllers. You must have a modded xbox controller for this to be of any use.
theBlackman on 16/12/2009 at 10:37
If you know it's one of these why in the hell do you keep using them. There must be other programs that will do the same thing for you.
That sounds like "OMG it hurts when I stick myself with a pin", but you keep sticking yourself.
An advanced Google search should find something for you.
And you might even EMAIL or contact both sites and see if anyone else had the same problem. They might even have a solution for you or a revamp of the apps that are updated without the virus.
If Daemon gives you the error, maybe the virus is in Daemon and not the apps. It's obvious that there is a conflict, but it may not be in one of the apps you think it is.
I would start with a complete uninstall of the two apps, and Daemon, a full registry cleaning and a reinstall of Daemon, then the apps and go from there.
37637598 on 16/12/2009 at 17:37
the problem is, XBCD is the only XBOX controller driver I know of, so I need that program in order to use my controller. And I don't keep sticking myself with a pin, I've known these two programs were the source of a virus from the day I installed them. I've reformatted my computer a few times, afterwards only installing the two programs, and I still get the viruses. I refrmatted my computer last night after posting here, so my computer is completely clean. I could just go buy a new controller, so I have a way out, I just want to know if there's some method I'm unaware of for scanning what I have for viruses, so I know if it's the xbox driver, or the joytokey software.
I've searched very throughly on google and yahoo but didn't find anything linking these programs with viruses. I will however take your advice and contact the authors of the programs. I know I have the most up-to-date versions, so they may be unaware of any viruses attached.
Thanks for the suggestions.
Displacer on 16/12/2009 at 17:51
Sounds like Koobface. Try malwarebytes website to get rid of it.
David on 16/12/2009 at 19:15
Try uploading the suspicious files here: (
http://www.virustotal.com/)
It's an online virus scanner that scans the files you upload with almost every popular and major virus scanner currently out.
This will then tell you whether you're on the right track or whether you should stop going to those
dodgy sites.
heywood on 16/12/2009 at 19:16
Quote Posted by theBlackman
That sounds like "OMG it hurts when I stick myself with a pin", but you keep sticking yourself.
Exactly. Yet another reason not to pirate stuff.
37637598 on 16/12/2009 at 21:32
Quote Posted by David
dodgy sites.
Quote Posted by heywood
Exactly. Yet another reason not to pirate stuff.
If ttlg counts as a dodgy site, and planetelderscrolls is now considered 'pirating', then I'm just setting myself up for disaster!
No, everything I download is legit. My computer, with a fresh reformat, still installs a virus from one of the two supposedly 'legit' files.
Thanks for the link, I'll try that out tonight.
heywood on 16/12/2009 at 22:25
If you had a legit copy, why would you need to be using Daemon tools? And if what I suspected is correct and you have a downloaded game image, then how sure are you that the problem didn't come from there?
Something else I don't understand. If the problem occurs on installation, as you have stated, then how could you not know which installer caused it? Did you not think to check your desktop for pron links in between running the two installers?
Anyway, it should be simple enough to figure out which installer contains the trojan by a process of elimination. Uninstall both, then install one and see if you get pron on your desktop. If not, install the other. Still no pron? Then repeat with a fresh OS install.
You might also want to download the same versions of XBCD and JoyToKey from different web sites and compare the downloaded installer executables. Maybe that will give a clue about whether one source has been compromised.
Finally, there are supposedly games out there which try to defeat or disable Daemon tools.
Renzatic on 17/12/2009 at 00:03
Quote Posted by heywood
If you had a legit copy, why would you need to be using Daemon tools?
Benefit of the doubt answer: he's either running an older game on a netbook, or he's one of those rare people who abhor CD checks and absolutely refuse to play even legitimately bought games with a disc in the drive.
37637598 on 17/12/2009 at 04:41
Renz is spot on. Ever since my computer started snapping disks in half, I've started backing up all of my games as ISO's, and it's also great because I never have to change disks when I want to play different games or programs. And it allows me to have oblivion active at the same time as the TES construction set CD, so I don't have to change disks back and forth when I'm making mods. I have a 1TB HD with nothing but programs and games on it, though it's no where near full.
The thing is, the pron icons don't just pop up right away after installation. I install, browse the internet or play a game, and minutes or even hours later, my computer freezes up for a good 30 seconds, then unfreezes with a popup saying I'm infected, and goes to the desktop as it places the icons there, as if it's saying 'look what i'm doing, i'm ruining your life with pron links'. I don't even like pron, so I really get zero benefit from any of it.
I'll try to use that scan website now, then look for other versions, then I'll install the programs one at a time, then if nothing else, I'll just buy a different controller with new software. Thanks for the awesome process of elimination, it's a great start. This should definetely get me closer than my previous method which consisted souly of thumb twiddling and coffee sipping whilst mentally screaming out loud in my head about how much I hate viruses.
Thanks!
