Author Topic: Help with Virus / Malware?  (Read 823 times)

Offline Infidelz

  • Nickel Member
  • ***
  • Posts: 449
Re: Help with Virus / Malware?
« Reply #15 on: January 30, 2010, 03:21:59 PM »
Did you run the full malwarebytes scan?

Infidelz.

Offline BaldEagl

  • Plutonium Member
  • *******
  • Posts: 10791
Re: Help with Virus / Malware?
« Reply #16 on: January 30, 2010, 03:34:29 PM »
In this instance, I have to respectfully disagree with BE - clearing system restore areas are in my opinion a method of last resort.  

I know that some viruses/malware will hide in the system restore files as it's a location that's inaccessable to many AV applications.  I know this because I picked one up somehow a month or so ago.  Removing the restore points was a simple and effective method of clearing the bug.

My brother had the same bug as the OP.  He clicked on one of those "your computer might be infected" pop-ups on the Internet.  Rather than going though a long drawn out attempt to clean it with him over the phone I had him try a couple basic steps then advised him to re-install his OS and all his applications (Toshiba laptop).  Because he had upgraded from Vista to Win 7 I had him do a clean install rather than use the restore discs.  Toshiba has all the Win 7 drivers and apps all packaged together on their web-site for anyone doing a clean Win 7 install so that part wasn't a problem at all.  The only thing we couldn't restore was his copy of MS Works so I had him install Open Office instead.

To the OP:  If you ever see one of those "your computer might be infected" pop-ups on the Internet again do not click on any part of that pop-up, even the close button in the top right corner.  It is part of the active window.  You need to hit control+alt+delete and close that pop-up from the task manager.

Of course, you can get rid of the annoying pop-ups after being infected by paying them for their software.  That's the scam... they tell you you're infected so you'll click and get infected, then, they ask you to pay for their great AV software and after you do they set the infection to hibernate.  After that you're rid of the annoying pop-ups but are still infected.  Of course they don't tell you that... they report a clean machine.
I edit a lot of my posts.  Get used to it.

Offline Ghastly

  • Silver Member
  • ****
  • Posts: 1756
Re: Help with Virus / Malware?
« Reply #17 on: January 31, 2010, 08:15:05 AM »
Quote
I know that some viruses/malware will hide in the system restore files as it's a location that's inaccessable to many AV applications.

That's true. But a better way to deal with that (IMHO) is to move the "System Volume Information" directory branch to another directory (again, another thing you must do using either another Windows installation on a different partition (and after adjusting ownership and permissions), or while booted under Linux).  This is something I do after every cleanup anyway, because while you can clean up the live installation you can't clean up the compressed backups of the the critical files made by System Restore ( or at least, I don't know how).  And if you don't , the user of system could do a System Restore back to an infected state.  I suppose you could do this early on in the process and it would clean up an infection that was located solely in the System Restore directory structure, but most infections these days infect a number of different areas, and if it's somewhere else, it's going to be recreated by the infection process at the next boot (or more usually these days, at the next event timer tick).

My usual method is to do nothing to the file structure until I've identified every startup hook the infection has made, and then suspended via ProcessExplorer (when working though Windows) every thread associated with it ( or these days, rebooted into Linux where I can be sure it's not running) before I start removing/repairing files.

The problem I see with clearing system restore is that it's an all or nothing gambit, in the sense that
a) the systems I clean up for folks are rarely backed up at all, and never in a way that contains a usable system state
b) the only copy of a good registry hive I will have to work with is going to be those I find from System Restore

Of course, if you aren't going to go the next level of trying to repair the registry from files contained in System Restore, then you have nothing to lose by doing so, and as you've said, in some instances, it will help clear the infection. 

Again, all just my humble opinion.

<S>
"Curse your sudden (but inevitable!) betrayal!"
Grue

Offline SKJohn

  • Nickel Member
  • ***
  • Posts: 792
Re: Help with Virus / Malware?
« Reply #18 on: February 01, 2010, 12:08:24 PM »
Well, Denholm's idea didn't seem to work.  I guess I'm gonna have to find someone local who knows what they're doing and reinstall the OS. . .

Offline Jayhawk

  • Gold Member
  • *****
  • Posts: 3909
Re: Help with Virus / Malware?
« Reply #19 on: February 01, 2010, 12:37:51 PM »
You've got plenty of people here who know much more about this than me but I'll share my experience if it helps.  I've gotten two viruses within the last few months and they sound similar to yours.  It shows itself as a security center and says it has found a virus and you have to purchase the full version to get rid of them.  My anti-virus software didn't catch it (McAfee or ESET) but Malwarebytes found the virus the first time and cleaned it up fine. However the second time it couldn't find the virus so I checked for updates in the Malwarebytes software.  There were updates but I was unable to download them, I assume the virus was blocking it somehow.  I ended up downloading the newest version of Malwarebytes with the updates, ran the full scan, and cleaned out the virus.
LOOK EVERYBODY!  I GOT MY NAME IN LIGHTS!

Folks, play nice.

Offline ink

  • Persona Non Grata
  • Plutonium Member
  • *******
  • Posts: 11274
Re: Help with Virus / Malware?
« Reply #20 on: February 01, 2010, 05:33:36 PM »
Well, Denholm's idea didn't seem to work.  I guess I'm gonna have to find someone local who knows what they're doing and reinstall the OS. . .


IObit Security

ADVANCE SYSTEM CARE
 
Threatfire

all you need!!!!!!!!!!!!!!!!