Aces High Bulletin Board
General Forums => Hardware and Software => Topic started by: Pigslilspaz on June 18, 2012, 03:16:27 AM
-
Tonight my computer got hit with a small virus that quickly took down MSE and was one of those "your computer may be infected gimme gimme gimme" virus's. I got it taken care of and was happy, and Then it happened. After booting it up to just browse the web, a short while after booting, I got a message saying "Error Windows has encountered a critical problem and will restart automatically in one minute" and then after a minute it shutoff and started back up again. trying to figure out what it is, I booted in safe mode where it STILL HAPPENED. I'm able to be on long enough to find out that there is a new Trojan that is now here called sirefef.y
what should I do if I can do anything? also, since I had already ordered a new HDD could I possibly put windows on that and then just transfer files to it (since was going to be storage and is larger than my other two drives combined) and then wipe the main one?
-
Tonight my computer got hit with a small virus that quickly took down MSE and was one of those "your computer may be infected gimme gimme gimme" virus's. I got it taken care of and was happy, and Then it happened. After booting it up to just browse the web, a short while after booting, I got a message saying "Error Windows has encountered a critical problem and will restart automatically in one minute" and then after a minute it shutoff and started back up again. trying to figure out what it is, I booted in safe mode where it STILL HAPPENED. I'm able to be on long enough to find out that there is a new Trojan that is now here called sirefef.y
what should I do if I can do anything? also, since I had already ordered a new HDD could I possibly put windows on that and then just transfer files to it (since was going to be storage and is larger than my other two drives combined) and then wipe the main one?
Try a linux based antivirus scanner which lets you boot from dvd and then scan windows without even starting it i.e. no virus can activate either. http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
I would be VERY cautious transfering any files from the infected computer. The virus may have injected dlls and exes with its payload so you can't essentially trust anything on your hdd anymore. But if you must, do a full scan on the infected drive from boot-dvd before you install your new hdd and windows.
-
Try a linux based antivirus scanner which lets you boot from dvd and then scan windows without even starting it i.e. no virus can activate either. http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
I would be VERY cautious transfering any files from the infected computer. The virus may have injected dlls and exes with its payload so you can't essentially trust anything on your hdd anymore. But if you must, do a full scan on the infected drive from boot-dvd before you install your new hdd and windows.
Great idea with the Linux except one small problem, I have 0 Linux experience and would probably need help. Also with transferring files, I transfer files individuallly so as to avoid that. There shouldn't be a problem with that, right?
-
Does not matter how you transfer the files. If a file is infected, the virus goes with it.
The real nightmare is even using a virus scanner it may not fix/detect an infected file. All you can do is improve the odds.
-
run a boot time scan if you can, and good luck getting of this ransomware.
-
Does not matter how you transfer the files. If a file is infected, the virus goes with it.
The real nightmare is even using a virus scanner it may not fix/detect an infected file. All you can do is improve the odds.
That's what I was afraid of. :(. Thankfully MSE does pick it up, problem is that it can't kill it before it shuts down the computer.
Also, if worst comes to worst and I can't beat this thing, does Geek Squad actually work on these sort of problems or are they just a ripoff that can't do real work?
-
That's what I was afraid of. :(
Also, if worst comes to worst and I can't beat this thing, does Geek Squad actually work on these sort of problems or are they just a ripoff that can't do real work?
Just wipe and resotre of worse comes to worse, and if is still a problem yeah you're gonnaa have to get a pro to help
-
Just wipe and resotre of worse comes to worse, and if is still a problem yeah you're gonnaa have to get a pro to help
I'd rather not lose 700GB+ of stuff,
-
"Denial" is one of the steps in realizing you should have done more to protect your data. Don't worry as "acceptance" is only a few steps away.
-
"Denial" is one of the steps in realizing you should have done more to protect your data. Don't worry as "acceptance" is only a few steps away.
The HDD I ordered to use as a backup just arrived this morning :cry. Talk about horrible timing. I feel acceptance coming. Sadly I'm not back in the dorms with their rediculously fast DL speeds.
-
Backups do not help as a virus does not care where the files are. It is worse if the backup device is a USB base device as most of the modern day viruses hook the USB routines which activate when you plug in a USB device.
-
The HDD I ordered to use as a backup just arrived this morning :cry. Talk about horrible timing. I feel acceptance coming. Sadly I'm not back in the dorms with their rediculously fast DL speeds.
Unless you can get a boottime scan ran AND it finds the issue you most likely SOL. Shoulda looked at that porn in a non admin account.
-
Backups do not help as a virus does not care where the files are. It is worse if the backup device is a USB base device as most of the modern day viruses hook the USB routines which activate when you plug in a USB device.
Wouldn't making a copy of your C: periodically (like once a month) on a separate HDD and then using that to re copy everything once you completely wipe the main? Would obviously disconnect the backup when not in use to keep that from being hit.
Also, thank you for your patience with me, I know a lot about computers compared to the average person (which isn't saying much) but I don't know jack compared to you guys. Always willing to learn though. Shoulda looked at that porn in a non admin account.
I wouldn't be as pissed off it was because of that. It would have just meant I had it coming, but I don't use this computer for that seeing as my girlfriend uses it quite often for FB and yahoo and whatnot (all safe sites)
I wish I could swear in just this one thread. Can't accurately convey my feelings without it lol. But I'd rather not get banned.
-
It isn't possible to use the words "all safe sites" and Facebook and yahoo all in one sentance. It just doesn't make any sense. Facebook and it's links are horrible with yahoo not far behind.
-
Wouldn't making a copy of your C: periodically (like once a month) on a separate HDD and then using that to re copy everything once you completely wipe the main? Would obviously disconnect the backup when not in use to keep that from being hit.
Also, thank you for your patience with me, I know a lot about computers compared to the average person (which isn't saying much) but I don't know jack compared to you guys. Always willing to learn though. I wouldn't be as pissed off it was because of that. It would have just meant I had it coming, but I don't use this computer for that seeing as my girlfriend uses it quite often for FB and yahoo and whatnot (all safe sites)
I wish I could swear in just this one thread. Can't accurately convey my feelings without it lol. But I'd rather not get banned.
like fugitive said, no such thing as "safe sites". follow a link and you're taking a huge chance. last 4 infections i've cleaned came from links on facebook, 2 adverts and 2 posts. microsoft security essentials stinks against malware droppers.
if that's one of the <blah blah> 2012 variants it may have installed a rootkit along with everything else, get on another computer and grab either the bitdefender rescue disk iso http://download.bitdefender.com/rescue_cd/ or the kaspersky rescue disc http://support.kaspersky.com/viruses/rescuedisk. once you can get back on the computer, save your stuff and reload that drive completely.
-
, but I don't use this computer for that I wish I could swear in just this one thread. Can't accurately convey my feelings without it lol. But I'd rather not get banned.
Have you used a usb device on both computers? How do you know they are not both infected now. The virus dfoesnt have to display itself right away at the same time. Even baclking up the c drive the virus may already be there as A Trojan letting ,mmore stuff In.
-
last time i had one of these types of things, i needed to load superantispyware, and malewarebytes onto a thumb drive, and run them on the computer from there. it was booted in safemode to do this.
when they cleaned everything, i lost a lsp-something or other that then prevented me from logging onto the internet. once reinstalled, i was good to go.
-
Wouldn't making a copy of your C: periodically (like once a month) on a separate HDD and then using that to re copy everything once you completely wipe the main? Would obviously disconnect the backup when not in use to keep that from being hit.
Also, thank you for your patience with me, I know a lot about computers compared to the average person (which isn't saying much) but I don't know jack compared to you guys. Always willing to learn though. I wouldn't be as pissed off it was because of that. It would have just meant I had it coming, but I don't use this computer for that seeing as my girlfriend uses it quite often for FB and yahoo and whatnot (all safe sites)
I wish I could swear in just this one thread. Can't accurately convey my feelings without it lol. But I'd rather not get banned.
Today's viruses may sit dormant on your computer for 6 months, or longer, before a trigger event actually causes them to start running. They do this so it makes it difficult for the user to know where it came from, to take advantage of people who do regularly scheduled backups, and so they can proliferate over your entire network, without your knowledge.
Facebook is absolutely not secure. It has been hacked too many times.
-
Its called ransomware basically all you can do is look at thier fake antivirus and either pay the ransom or hope your a/v works for this. I linked to cnn.com from work and got a nice little rookit on my system from a google add(you dont even have to click them apperently) we thought we had it beaten then a few weeks later i start hearing audio ads comeing form my comp.
-
Today's viruses may sit dormant on your computer for 6 months, or longer, before a trigger event actually causes them to start running. They do this so it makes it difficult for the user to know where it came from, to take advantage of people who do regularly scheduled backups, and so they can proliferate over your entire network, without your knowledge.
:bhead :bhead :bhead
Why the hell do scumbags do this? Drag them out of their basements, line them up out back and let the firing squad do the rest.
-
:bhead :bhead :bhead
Why the hell do scumbags do this? Drag them out of their basements, line them up out back and let the firing squad do the rest.
Becasue its big business, Russia is just no cracking down on these companies, Most folks just pay the money none the wiser.
http://krebsonsecurity.com/2011/08/fake-antivirus-industry-down-but-not-out/ (http://krebsonsecurity.com/2011/08/fake-antivirus-industry-down-but-not-out/)
-
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Download and run that.
Assuming you can.
There is so much misinformation on "viruses" (which are largely nonexistent today, and is simply a catch-all term used to describe any malicious bit of code) out there... in the past 5 years, of all the corporate/friends/family members that have come to me with their computer equivalent of an STD (because you, almost without exception, do not screw a computer going to legit sites), I have lost ONE machine... and that was due to massive hardware failure (and a profound lack of spare parts for that model of HD).
I run with 0 anti-virus... I facebook it up, get plenty of spam email... and I don't have any issues. Ever. (I am not at all saying that you shouldn't run without anti-virus)
Keep your programs/operating systems updated... use common sense when surfing/opening stuff... don't let the kids/grandkids run an admin account (though this isn't full-proof).
Go buy yourself a USB to SATA adapter (preferably a powered one, and if you have the $$$ grab an actual drive caddy) and scan it with Malware-Bytes (and a second opinion if you wish). This whole concept of simply plugging in an infected device and having it go nuts is 99.9% bollocks.
Whatever Malware Bytes can't fix, ComboFix will storm hammer. Of course, common sense computing is priceless.
-
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Download and run that.
Assuming you can.
There is so much misinformation on "viruses" (which are largely nonexistent today, and is simply a catch-all term used to describe any malicious bit of code) out there... in the past 5 years, of all the corporate/friends/family members that have come to me with their computer equivalent of an STD (because you, almost without exception, do not screw a computer going to legit sites), I have lost ONE machine... and that was due to massive hardware failure (and a profound lack of spare parts for that model of HD).
I run with 0 anti-virus... I facebook it up, get plenty of spam email... and I don't have any issues. Ever. (I am not at all saying that you shouldn't run without anti-virus)
Keep your programs/operating systems updated... use common sense when surfing/opening stuff... don't let the kids/grandkids run an admin account (though this isn't full-proof).
Go buy yourself a USB to SATA adapter (preferably a powered one, and if you have the $$$ grab an actual drive caddy) and scan it with Malware-Bytes (and a second opinion if you wish). This whole concept of simply plugging in an infected device and having it go nuts is 99.9% bollocks.
Whatever Malware Bytes can't fix, ComboFix will storm hammer. Of course, common sense computing is priceless.
Have to disagree. Just in my Wife's family alone I know every single computer has some type of virus, spyware, malware, and/or worm on it. They all run some type of A/V software as well, which I can actually attribute as being the single largest reason for the problems. They all think the A/V software will take of them and so they do stupid things without thinking about it.
I have seen too many computers infected with some type of virus, worm, malware, and/or spyware with USB memory sticks. There are, at least, 18 viruses I know of, which will trigger on the USB device change message (this message happens every time you add or remove a USB device to/from your computer).
No one has to take the word from anyone, for any of this. There are many sites on the Internet which will give you information about confirmed viruses. How they are delivered, and what to do about them. Knowing what the vulnerabilities are is a good step in securing your computer Try http://www.us-cert.gov for starters.
tunnelrat, I do not use any A/V software at all either. My computer will never have a virus or any other type of "bad" software as every mechanism used for delivering said software is disabled or highly impaired on my computer. I agree the A/V software industry, as a whole, do everything they can to drive paranoia. I also know too many people who would turn a blind eye to the problems Facebook has had, and continues to have, with security.
Legit sites have been and continue to be infected with viruses if they are using a Windows OS for the server. Too many businesses would rather run risky software than update it and risk breaking what they have working. Or they simply refuse to pay the licensing fees associated with maintaining the software and run the old stuff as long as they can.
My own opinion is ;I would not go over the top on proclamations either way (no viruses versus everything is a virus) as I think it is a disservice to the end user. The problem with the end user is they are technically ill equipped to deal with some of these viruses today. No matter how good the tools are, you still have to know how to tell if they really did the job and that is where most end users fail.
-
Basically ya play with fire ya get burned, better be ready to accept the consequencesI had a scriptt blocker for awhile bvut I can not remember the name of it to save my life.
-
Well thanks for everyone's input, but I'm going to just wipe it and reinstall my games. To Skuzzy and everyone else, anything I can do to keep this from happening again, aside from the safe browsing stuff. I'm already going to be far more careful with that anyways.
-
Difficult for me to make recommendations. My computer does not have Flash installed (if a site requires Flash to be viewed at all, that is a red-flag), no Acrobat (been using Foxit with great success), no Java (not going to happen) and Java script is disabled.
I disable services in Windows which are all 'fluff' (i.e. Themes, Remote Access, Indexing...). I remove Windows Media player and do not install any such software.
My computer is tailored to run the applications I use, nothing more, nothing less. I do not 'surf' the Internet. My 'bookmarks' of sites I go to can be counted on one hand. I have no use for Facebook. I barely use email at all. I insta-delete any email sent to me if it comes from someone I did not send an email to. I do not play games on my computer.
I also have a dedicated hardware firewall which prevents anything asynchronously attacking my systems.
My computer is primarily used for processing video and audio content I generate and that is it.
So, I am not the best person to ask about typical configurations for a computer. Most people would scream in terror if they had to rely on my computer configuration to satisfy whatever it is they need to satisfy today.
-
Well thanks for everyone's input, but I'm going to just wipe it and reinstall my games. To Skuzzy and everyone else, anything I can do to keep this from happening again, aside from the safe browsing stuff. I'm already going to be far more careful with that anyways.
As Skuzzy says hes got his machine on lockldown but he astill doesnt go on risky sites, if you're gonna porn surf do it on a guest account with no admin rights whatsoever and be prepared for the consequences, as for streaming or torrenting that new movie thats just inviting trouble.
-
Difficult for me to make recommendations. My computer does not have Flash installed (if a site requires Flash to be viewed at all, that is a red-flag), no Acrobat (been using Foxit with great success), no Java (not going to happen) and Java script is disabled.
I disable services in Windows which are all 'fluff' (i.e. Themes, Remote Access, Indexing...). I remove Windows Media player and do not install any such software.
Can you explain why you do these points?
-
Several reasons. Flash is full of security holes. Adobe is just starting to address the most egregious ones. It was never designed to be secure.
Java and javascript can easily be used to access almost anything on you computer, and are a primary delivery tool for bad things.
Take Facebook. There is nothing that Facebook should be doing that requires the use of Java. The fact any site requires Java to be enabled is a big red flag to me.
The 'fluff' stuff are just resource hogs with no real benefit to me. I do not care what my desktop looks like. It is there for me to use to run applications. My Windows 7 partition looks like Windows 98, including all the gray frames and menu bars.
I do not have any need for media players on my computer. Windows Media players likes to 'call home' periodically and I see no reason for that. I do not 'stream' anything from the Internet at all. That is just asking for bad things. It is trivial to embed bad programs in any data stream.
Am I paranoid? A bit. I have over 8TB of data to protect on my home systems. I err to caution because I cannot imagine losing all that data.
-
Am I paranoid? A bit. I have over 8TB of data to protect on my home systems. I err to caution because I cannot imagine losing all that data.
Do you use an off site service as backup or stick with in house raid?
-
Sandboxie
Benefits of the Isolated Sandbox
Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.
Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.
Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.
Regards,
Sun
http://www.sandboxie.com/
-
I like ESET Smart Security 5 and I have NEVER had a virus on any of my PC's.
-
Those "You may have a virus" adware attacks are very very hard to get rid of. You're best off to just reimage and start over. Whatever data you had is lost.
-
Great idea with the Linux except one small problem, I have 0 Linux experience and would probably need help. Also with transferring files, I transfer files individuallly so as to avoid that. There shouldn't be a problem with that, right?
Don't worry if I didn't mention linux you wouldn't know they work on it. Try it out. They're tools for ordinary people.
-
Do you use an off site service as backup or stick with in house raid?
I would never, ever use anything off site for my data. I manage it myself.
-
Yesterday it was the landmark of 2nd malware/viral infection of my moms new win7 laptop. Spent last night installing and configuring linux on it. She didn't want it at first, complaining to me how 'linux doesnt work with the printer upstairs' and I showed her it's kinda hard to print with the usb cord unplugged :) After that she actually suggested mid-cleaning of win7 to dump it and put linux on it :old:
-
Am I paranoid? A bit. I have over 8TB of data to protect on my home systems. I err to caution because I cannot imagine losing all that data.
8TB :O
-
8TB :O
Sounds like a lot, but considering one high-def video, including the source, can take up 100GB of space, it does not take many videos to eat through terra-bytes of disk space.
Backups to Blu-ray have proven unreliable. There is something wrong with the media that is causing it to lose data over short periods of time (< 6 months). So I cannot remove projects from my hard drive. I keep another set of hard drives on the network as a backup.
-
Sounds like a lot, but considering one high-def video, including the source, can take up 100GB of space, it does not take many videos to eat through terra-bytes of disk space.
Backups to Blu-ray have proven unreliable. There is something wrong with the media that is causing it to lose data over short periods of time (< 6 months). So I cannot remove projects from my hard drive. I keep another set of hard drives on the network as a backup.
may I ask what kinds of videos?
-
may I ask what kinds of videos?
I make a lot of videos of different things. Events, weddings, various celebrations, and some just to have fun with. Right now I am experimenting with animation.
-
I make a lot of videos of different things. Events, weddings, various celebrations, and some just to have fun with. Right now I am experimenting with animation.
If your looking for another hobby I know a WW2 flight combat game that might interest ya, people are always posting vids on youtube of it.
-
Il-2 or World of Warplanes?
Why do I have a slight feeling I'll get a temp ban for this?
-
If your looking for another hobby I know a WW2 flight combat game that might interest ya, people are always posting vids on youtube of it.
I will never post anything on Youtube.
Between the video/audio (I write music) stuff and my car(s), I am pretty set for hobbies.
I cannot play the game at home or I would make some videos. I do not have the physical space for a HOTAS. Heck I can barely move my mouse (4" x 4" area to work in).
-
I have two external harddrives with all my data on it, my new desktop? HAS NOTHING.
What I do is simply unplug the drives if I am not using them, I have enough music on my desktop it gets me through.
I could throw the PC out the window, and wouldn't care, everything is safe. What happens if one drive goes bad? I replace it before turning on the other drive.
I did have one External book with just 1 backup copy of my stuff, fall off a desk and click, LOSS of everything - this is why I keep TWO copies, I paid $90 for pair of 750gb drives, they are not networked, as they are esata/USB (insurance in case a problem with 1 or other).
Ever since I started doing this back in 2000 I never had a problem, I did have one drive fail (early version of western digital black) otherwise its not worth taking the risk :(
-
There is so much misinformation on "viruses" (which are largely nonexistent today, and is simply a catch-all term used to describe any malicious bit of code) out there... in the past 5 years, of all the corporate/friends/family members that have come to me with their computer equivalent of an STD (because you, almost without exception, do not screw a computer going to legit sites), I have lost ONE machine... and that was due to massive hardware failure (and a profound lack of spare parts for that model of HD).
I run with 0 anti-virus... I facebook it up, get plenty of spam email... and I don't have any issues. Ever. (I am not at all saying that you shouldn't run without anti-virus)
Keep your programs/operating systems updated... use common sense when surfing/opening stuff... don't let the kids/grandkids run an admin account (though this isn't full-proof).
You probably generate most of the spam the rest of us get.
Safe surfing is a myth.
-
Those "You may have a virus" adware attacks are very very hard to get rid of. You're best off to just reimage and start over. Whatever data you had is lost.
They aren't very hard to get rid of actually. The key to removing the virus easily is to have a reg key that stops the virus from preventing you from running programs or your browser. Once you run that reg key you'll be able to run anti-virus programs to remove the virus.
My fiance got hit by it last week, it only took the time to plug in the USB stick that I have the reg key on and install it and after that it was just the amount of time it took ESET to run and clear her machine. Probably total time was under 30 minutes.
ack-ack
-
They aren't very hard to get rid of actually. The key to removing the virus easily is to have a reg key that stops the virus from preventing you from running programs or your browser. Once you run that reg key you'll be able to run anti-virus programs to remove the virus.
My fiance got hit by it last week, it only took the time to plug in the USB stick that I have the reg key on and install it and after that it was just the amount of time it took ESET to run and clear her machine. Probably total time was under 30 minutes.
ack-ack
Yep and the rootkit maker is now enjoying your fiances lingerie shows through her webcam :neener:
-
where would one find this "reg key"?
-
where would one find this "reg key"?
Yes where
-
Yes where
In reality it's not that simple :)
Ack-Ack may have run into some very basic version of malware which could be removed so easily. The more advanced attacks will write randomly named copies of itself and reg entries to start with. They will inject existing and 'legal' dll and .exe files with their attack code. They will inject and alter critical system files (rootkitting the system). They will write a payload to MBR or boot sector, infecting the machine again on the next bootup even if cleaned. They will flash your bios with malware. They will win, if you're foolish enough to think you're outsmarting the criminal genius :)
Only way to handle an infection or even suspected infection is to do a total reinstall, including erasing master boot records which a regular format won't do - and always keep the bios locked.
I have seen infections dance past up to date mainstream antiviruses so many times that I have zero confidence in them anymore.
-
...
Only way to handle an infection or even suspected infection is to do a total reinstall, including erasing master boot records which a regular format won't do - and always keep the bios locked.
...
Sadly, this ^ is the one and only absolutely certain way to defeat a virus.
You *might* be able to get it with anti-virus software, but that is not 100% certain.
-
Tonight my computer got hit with a small virus that quickly took down MSE and was one of those "your computer may be infected gimme gimme gimme" virus's. I got it taken care of and was happy, and Then it happened. After booting it up to just browse the web, a short while after booting, I got a message saying "Error Windows has encountered a critical problem and will restart automatically in one minute" and then after a minute it shutoff and started back up again. trying to figure out what it is, I booted in safe mode where it STILL HAPPENED. I'm able to be on long enough to find out that there is a new Trojan that is now here called sirefef.y
what should I do if I can do anything? also, since I had already ordered a new HDD could I possibly put windows on that and then just transfer files to it (since was going to be storage and is larger than my other two drives combined) and then wipe the main one?
I had The same prob with my last comp my family fixed it but it was so ****ing annoying