Need Help with Virus/Malware Issue [Archive] - Glock Talk

PDA

View Full Version : Need Help with Virus/Malware Issue


RAH
05-11-2009, 12:11
I need help with a major virus/malware issue, I'm not sure what I have but it's bad.

Last night AVAST warned me about an infection, I tried to delete the virus/malware but the PC froze. When I tried to restart, it would freeze on the blue welcome screen, I'm running XP.

I went to safemode and from there I tried to run an AVAST virus check at restart, it ran but then the frozen blue screen issue came on again. In safemode I ran a virus check but it didn't find anything.

From safemode I restarted the PC, this time it worked but a message from Microsoft about installing updates came on, I tried to run that, it ran for a while but then the machine froze.

I tried to restart but again it froze on the blue screen. I went to safemode, restarted from there, again it worked, but this time I can't find some programs like Netscape or some folders like the system folder. I shut it off, restarted, but again it locked on the blue screen.

On safemode I can find all the programs, except I can't access the system restore function.

Any suggestions on what I should do?

silentpoet
05-11-2009, 12:18
In safemode can you open a run program window? If you can, try browsing to the system restore program, buried in whatever windows(I think)subfolder it is in.

woodasptim
05-11-2009, 12:26
http://www.malwarebytes.org

COMplex
05-11-2009, 12:29
Some of the new variants are very tough to remove, especially if you aren't too computer savvy.

I'd recommend avira and malwarebytes after running combofix (google search - all free tools)

I would also recommend having it looked at by a professional, especially if you use the computer for any business, financial, or personal information.

Also, System Restore is not recommended, since some malware actually targets and hides in those hidden folders.

Dragline
05-11-2009, 14:15
If you are stuck with the Blue Screen of Death your OS may be fried.

You may be best off starting from scratch at this point, and go with a
re-install.

Kevin108
05-11-2009, 14:42
What's your virus doing? I finally got rid of some BS that had fake copies of SVCHOST.EXE and RUNDLL32.EXE running and a READER_S.EXE that opened out of TMP and HTML files that stemmed from flaws in IE5 that are still exploitable. Haven't had a virus in over 10 years until this. Some web page the GF went to.

The Windows XP setup CD can rebuild your current install.

COMplex
05-11-2009, 14:47
What's your virus doing? I finally got rid of some BS that had fake copies of SVCHOST.EXE and RUNDLL32.EXE running and a READER_S.EXE that opened out of TMP and HTML files that stemmed from flaws in IE5 that are still exploitable. Haven't had a virus in over 10 years until this. Some web page the GF went to.

The Windows XP setup CD can rebuild your current install.

Did you just say IE5? Why on earth are you still using IE5? Please consider firefox or google chrome.

No web browser is perfect, but using IE5 is like engaging in a gunfight with an empty glock...

RAH
05-11-2009, 15:02
Thanks for the help.

I can't do a system restore as I can't start in standard or safemode.

I'm going to try all the suggestions. If worse comes to worse I'm going to wipe the HD clean.

I managed to get some files onto an older PC via a local network, I'm also going to buy an external HD to save the rest of the files. Is there any danger of the malware or virus hiding in the backup files?

Thanks!

Gallium
05-11-2009, 18:29
If you have another computer,

1. Make sure this other computer is up to date on it's virus definitions. If possible, get the most current version of your preferred antivirus software.

2. Remove the hard drive from the suspect computer, and scan it in this updated computer.

'Drew

curator
05-11-2009, 18:52
Best approach is to do a "clean boot" from a CD with an operating system that can access all of your drives and current anti-virus. Don't know about AVAST, but check Symantec, McAfee, etc. Your files may or may not be fried, but this approach will bring the system up (assuming no hardware damage) without activating anything lurking in system files. Should be able to clean the system, or at least identify what's there for further cleaning. At that point, you will hopefully be able to go back in using safe mode.

Good luck! These things are ugly, and I'd hate to have to spend the time rebuilding all the app installs etc. that might be necessary if you clean out the OS and reinstall.

m87
05-11-2009, 19:08
http://www.malwarebytes.org


I second this. It's worked for me several times.

Another thing, for the future, is to make backups every once in awhile, when you know your computer is clean. I don't do this myself often enough but it's a good idea.

If you have a Seagate Hard drive, then you have Seagate Diskwizard. This program is GREAT and VERY easy to use. It backs up an entire hard drive as one file (hopefully you have a second hard drive to put this file on; internal, external, doesn't matter). When your computer messes up, run this program and tell it to restore the drive that's "bad" to this earlier copy. Takes less than an hour, and it's a lot easier than re-installing Windows because everything is exactly as it was when you made the backup.

By the way, "Acronis Disk Wizard" is the program that the Seagate program is based off of; if you don't have a Seagate hard drive, you can still buy this program, though I don't know the cost.

Soujurn
05-11-2009, 20:30
Is Norton Ghost any good?

Glock20 10mm
05-11-2009, 20:47
Use a Knoppix Linux live CD to get in and clean house. I have a post to something similar to this thread located here... (http://glocktalk.com/forums/showthread.php?t=1053332). Bottom line, you are most likely looking at a complete system re-installation.

DO NOT USE SYMANTIC AV! It's extremely resource intensive and WILL cause serious system performance issues. Especially if you are already on an underpowered system.

One more thing I forgot to cover in the other post, partition your Windows drive into two partitions minimum. The C:\ partition is to hold apps and OS. The D:\ partition is to hold files, such as photos and documents. This way when you have to wipe and go again you don't have to worry about recovering your files or losing them in the process (so long as you don't format the D:\ drive during the reinstall.

And as a parting tid-bit, Norton Ghost is supposed to be an excellent image copy solution. Once you have a solid and stable system then make a Ghost image of it. Then at regular intervals as you use your system and you are satisfied it's in excellent shape, create another image so as to keep your re-build image as current as possible... so when you need it you won't have to regress as far.

curator
05-12-2009, 01:28
Is Norton Ghost any good?

Too late for Norton Ghost. It will make an image of your drive(s), including whatever malware you've got. If you had a Ghost image from before, you'd be good to go, except for any files added/changed since the image was created.

Peace Warrior
05-12-2009, 01:33
I need help with a major virus/malware issue, I'm not sure what I have but it's bad.

Last night AVAST warned me about an infection, I tried to delete the virus/malware but the PC froze. When I tried to restart, it would freeze on the blue welcome screen, I'm running XP.

I went to safemode and from there I tried to run an AVAST virus check at restart, it ran but then the frozen blue screen issue came on again. In safemode I ran a virus check but it didn't find anything.

From safemode I restarted the PC, this time it worked but a message from Microsoft about installing updates came on, I tried to run that, it ran for a while but then the machine froze.

I tried to restart but again it froze on the blue screen. I went to safemode, restarted from there, again it worked, but this time I can't find some programs like Netscape or some folders like the system folder. I shut it off, restarted, but again it locked on the blue screen.

On safemode I can find all the programs, except I can't access the system restore function.

Any suggestions on what I should do?
Avast has a VRDB or something like that. Run it. YOu know that thing that re-boots your pc to an earlier time, so to speak. It will boot you to a time when there wasn't an infection. Not fool proof, but if someone is only messing with you it will work.

Also, run the start-up boot sector, drive, and memory scan, but select the option that AUTOMATICALLY throw viruses into the chest.

Personally, I am just having the usual hackers as I always have. Avast does nothing as far as firewall. So knowing, if someone was mad at you, they could slip into your stack through the millions of window-xp or whatever program holes and put both viruses and crap into your puter that way.


EDIT:

Information about current update:
Total time: 2 s

- Program: Already up to date
(current version 4.8.1335) I just tried a manual update and this is what I got. Are you on that number/version?

Peace Warrior
05-12-2009, 01:38
What's your virus doing? I finally got rid of some BS that had fake copies of SVCHOST.EXE and RUNDLL32.EXE running and a READER_S.EXE that opened out of TMP and HTML files that stemmed from flaws in IE5 that are still exploitable. Haven't had a virus in over 10 years until this. Some web page the GF went to.

The Windows XP setup CD can rebuild your current install.
I got several fake srvhost ones... small world.

Kevin108
05-13-2009, 14:34
Did you just say IE5? Why on earth are you still using IE5? Please consider firefox or google chrome.

No web browser is perfect, but using IE5 is like engaging in a gunfight with an empty glock...

Nobody is using IE5! Trust me! Been running Firefox since it went into stable beta. Even this I was switching from the old Mozilla browser. :wavey:

TBO
05-14-2009, 11:46
Damn virus writers should be hung by their thumbs!

ProGun3400
05-15-2009, 12:07
http://www.malwareremoval.com/

BigSexy
05-15-2009, 12:54
If you are stuck with the Blue Screen of Death your OS may be fried.

You may be best off starting from scratch at this point, and go with a
re-install.

Start over, and start right...

http://badattitudes.com/MT/gangtux_ubuntu.jpg

RAH
05-28-2009, 12:29
Thanks for all the help! I updated Avast in Windows safe mode and ran a scan at start-up. I used the move files to chest option as suggested. Avast found a bunch of Trojans and other malaware infecting my machine. Everything works great now. I updated Windows and ran Avast again to double check for viruses and malaware. Everything's working great now.:wavey:

MavsX
05-28-2009, 17:03
Start over, and start right...

http://badattitudes.com/MT/gangtux_ubuntu.jpg


yeah!

Peace Warrior
05-28-2009, 20:02
Thanks for all the help! I updated Avast in Windows safe mode and ran a scan at start-up. I used the move files to chest option as suggested. Avast found a bunch of Trojans and other malaware infecting my machine. Everything works great now. I updated Windows and ran Avast again to double check for viruses and malaware. Everything's working great now.:wavey:
Good to hear. :wavey: If you didn't already, do the advanced scan and check "include archive files," or something like that.

southernshooter
05-30-2009, 16:39
I had something like that one time. Avast could see it but not get rid of it. malwarebites didn't get rid of it but hijack this did.