Home Forums Classifieds Blogs Today's Posts Search Social Groups



  
SIGN-UP
Notices

Glock Talk
Welcome To The Glock Talk Forums.

 
  
Reply
 
Thread Tools Display Modes
Old 05-11-2009, 12:11   #1
RAH
Keep The Change
 
RAH's Avatar
 
Join Date: Feb 1999
Posts: 9,014
Need Help with Virus/Malware Issue

I need help with a major virus/malware issue, I'm not sure what I have but it's bad.

Last night AVAST warned me about an infection, I tried to delete the virus/malware but the PC froze. When I tried to restart, it would freeze on the blue welcome screen, I'm running XP.

I went to safemode and from there I tried to run an AVAST virus check at restart, it ran but then the frozen blue screen issue came on again. In safemode I ran a virus check but it didn't find anything.

From safemode I restarted the PC, this time it worked but a message from Microsoft about installing updates came on, I tried to run that, it ran for a while but then the machine froze.

I tried to restart but again it froze on the blue screen. I went to safemode, restarted from there, again it worked, but this time I can't find some programs like Netscape or some folders like the system folder. I shut it off, restarted, but again it locked on the blue screen.

On safemode I can find all the programs, except I can't access the system restore function.

Any suggestions on what I should do?
__________________
"Every government interference in the economy consists of giving an unearned benefit, extorted by force, to some men at the expense of others." Ayn Rand, Capitalism: The Unknown Ideal
RAH is offline   Reply With Quote
Old 05-11-2009, 12:18   #2
silentpoet
Senior Member
 
silentpoet's Avatar
 
Join Date: Jan 2007
Location: This Old Caddy
Posts: 17,273
In safemode can you open a run program window? If you can, try browsing to the system restore program, buried in whatever windows(I think)subfolder it is in.
silentpoet is offline   Reply With Quote
Old 05-11-2009, 12:26   #3
woodasptim
Senior Member
 
woodasptim's Avatar
 
Join Date: Feb 2007
Location: NE Arkansas
Posts: 3,631
http://www.malwarebytes.org
__________________
Tim
woodasptim is online now   Reply With Quote
Old 05-11-2009, 12:29   #4
COMplex
Senior Member
 
Join Date: Oct 2008
Location: Denver, CO
Posts: 133
Some of the new variants are very tough to remove, especially if you aren't too computer savvy.

I'd recommend avira and malwarebytes after running combofix (google search - all free tools)

I would also recommend having it looked at by a professional, especially if you use the computer for any business, financial, or personal information.

Also, System Restore is not recommended, since some malware actually targets and hides in those hidden folders.
COMplex is offline   Reply With Quote
Old 05-11-2009, 14:15   #5
Dragline
Senior Member
 
Dragline's Avatar
 
Join Date: Nov 2003
Location: Coastal SC
Posts: 4,455
If you are stuck with the Blue Screen of Death your OS may be fried.

You may be best off starting from scratch at this point, and go with a
re-install.
__________________
Birds and Alligators

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
Dragline is offline   Reply With Quote
Old 05-11-2009, 14:42   #6
Kevin108
HADOKEN!
 
Kevin108's Avatar
 
Join Date: Mar 2005
Location: Portsmouth, VA
Posts: 7,815


What's your virus doing? I finally got rid of some BS that had fake copies of SVCHOST.EXE and RUNDLL32.EXE running and a READER_S.EXE that opened out of TMP and HTML files that stemmed from flaws in IE5 that are still exploitable. Haven't had a virus in over 10 years until this. Some web page the GF went to.

The Windows XP setup CD can rebuild your current install.
__________________
Those who would give up Essential Liberty to purchase a
little Temporary Safety, deserve neither Liberty nor Safety.
_____- Ben Franklin |
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
Kevin108 is offline   Reply With Quote
Old 05-11-2009, 14:47   #7
COMplex
Senior Member
 
Join Date: Oct 2008
Location: Denver, CO
Posts: 133
Quote:
Originally Posted by Kevin108 View Post
What's your virus doing? I finally got rid of some BS that had fake copies of SVCHOST.EXE and RUNDLL32.EXE running and a READER_S.EXE that opened out of TMP and HTML files that stemmed from flaws in IE5 that are still exploitable. Haven't had a virus in over 10 years until this. Some web page the GF went to.

The Windows XP setup CD can rebuild your current install.
Did you just say IE5? Why on earth are you still using IE5? Please consider firefox or google chrome.

No web browser is perfect, but using IE5 is like engaging in a gunfight with an empty glock...
COMplex is offline   Reply With Quote
Old 05-11-2009, 15:02   #8
RAH
Keep The Change
 
RAH's Avatar
 
Join Date: Feb 1999
Posts: 9,014
Thanks for the help.

I can't do a system restore as I can't start in standard or safemode.

I'm going to try all the suggestions. If worse comes to worse I'm going to wipe the HD clean.

I managed to get some files onto an older PC via a local network, I'm also going to buy an external HD to save the rest of the files. Is there any danger of the malware or virus hiding in the backup files?

Thanks!
__________________
"Every government interference in the economy consists of giving an unearned benefit, extorted by force, to some men at the expense of others." Ayn Rand, Capitalism: The Unknown Ideal
RAH is offline   Reply With Quote
Old 05-11-2009, 18:29   #9
Gallium
CLM Number 182
Charter Lifetime Member
 
Gallium's Avatar
 
Join Date: Mar 2003
Posts: 47,557


If you have another computer,

1. Make sure this other computer is up to date on it's virus definitions. If possible, get the most current version of your preferred antivirus software.

2. Remove the hard drive from the suspect computer, and scan it in this updated computer.

'Drew
Gallium is offline   Reply With Quote
Old 05-11-2009, 18:52   #10
curator
Senior Member
 
Join Date: Feb 2009
Location: Marin County, CA
Posts: 350
Best approach is to do a "clean boot" from a CD with an operating system that can access all of your drives and current anti-virus. Don't know about AVAST, but check Symantec, McAfee, etc. Your files may or may not be fried, but this approach will bring the system up (assuming no hardware damage) without activating anything lurking in system files. Should be able to clean the system, or at least identify what's there for further cleaning. At that point, you will hopefully be able to go back in using safe mode.

Good luck! These things are ugly, and I'd hate to have to spend the time rebuilding all the app installs etc. that might be necessary if you clean out the OS and reinstall.
curator is offline   Reply With Quote
Old 05-11-2009, 19:08   #11
m87
Senior Member
 
Join Date: Feb 2009
Posts: 303
Quote:
Originally Posted by woodasptim View Post

I second this. It's worked for me several times.

Another thing, for the future, is to make backups every once in awhile, when you know your computer is clean. I don't do this myself often enough but it's a good idea.

If you have a Seagate Hard drive, then you have Seagate Diskwizard. This program is GREAT and VERY easy to use. It backs up an entire hard drive as one file (hopefully you have a second hard drive to put this file on; internal, external, doesn't matter). When your computer messes up, run this program and tell it to restore the drive that's "bad" to this earlier copy. Takes less than an hour, and it's a lot easier than re-installing Windows because everything is exactly as it was when you made the backup.

By the way, "Acronis Disk Wizard" is the program that the Seagate program is based off of; if you don't have a Seagate hard drive, you can still buy this program, though I don't know the cost.
m87 is offline   Reply With Quote
Old 05-11-2009, 20:30   #12
Soujurn
Deus Diligo USA
 
Soujurn's Avatar
 
Join Date: Jul 2001
Location: Las Cruces, N.M.
Posts: 18,235


Is Norton Ghost any good?
__________________
I welcome you to Crackerbox Palace, we've been expecting you!
"No man's life, liberty, or property is safe while the legislature is in session."
Soujurn is offline   Reply With Quote
Old 05-11-2009, 20:47   #13
Glock20 10mm
Use Linux!
 
Glock20 10mm's Avatar
 
Join Date: Dec 2005
Location: Land of Idiots and Libtards
Posts: 14,622
Use a Knoppix Linux live CD to get in and clean house. I have a post to something similar to this thread located here.... Bottom line, you are most likely looking at a complete system re-installation.

DO NOT USE SYMANTIC AV! It's extremely resource intensive and WILL cause serious system performance issues. Especially if you are already on an underpowered system.

One more thing I forgot to cover in the other post, partition your Windows drive into two partitions minimum. The C:\ partition is to hold apps and OS. The D:\ partition is to hold files, such as photos and documents. This way when you have to wipe and go again you don't have to worry about recovering your files or losing them in the process (so long as you don't format the D:\ drive during the reinstall.

And as a parting tid-bit, Norton Ghost is supposed to be an excellent image copy solution. Once you have a solid and stable system then make a Ghost image of it. Then at regular intervals as you use your system and you are satisfied it's in excellent shape, create another image so as to keep your re-build image as current as possible... so when you need it you won't have to regress as far.
__________________
Using Microsoft is like playing Russian roulette with an automatic pistol... the results are always messy
"The Constitution is my Law. The Declaration of Independence my bible. And Freedom my religion." - Me
Thick skin... a must in a free society.
Glock20 10mm is offline   Reply With Quote
Old 05-12-2009, 01:28   #14
curator
Senior Member
 
Join Date: Feb 2009
Location: Marin County, CA
Posts: 350
Quote:
Originally Posted by Soujurn View Post
Is Norton Ghost any good?
Too late for Norton Ghost. It will make an image of your drive(s), including whatever malware you've got. If you had a Ghost image from before, you'd be good to go, except for any files added/changed since the image was created.
curator is offline   Reply With Quote
Old 05-12-2009, 01:33   #15
Peace Warrior
CLM Number 221
Am Yisrael Chai
 
Peace Warrior's Avatar
 
Join Date: Jan 2007
Location: With the other 7,999,999
Posts: 28,369
Blog Entries: 1
Quote:
Originally Posted by RAH View Post
I need help with a major virus/malware issue, I'm not sure what I have but it's bad.

Last night AVAST warned me about an infection, I tried to delete the virus/malware but the PC froze. When I tried to restart, it would freeze on the blue welcome screen, I'm running XP.

I went to safemode and from there I tried to run an AVAST virus check at restart, it ran but then the frozen blue screen issue came on again. In safemode I ran a virus check but it didn't find anything.

From safemode I restarted the PC, this time it worked but a message from Microsoft about installing updates came on, I tried to run that, it ran for a while but then the machine froze.

I tried to restart but again it froze on the blue screen. I went to safemode, restarted from there, again it worked, but this time I can't find some programs like Netscape or some folders like the system folder. I shut it off, restarted, but again it locked on the blue screen.

On safemode I can find all the programs, except I can't access the system restore function.

Any suggestions on what I should do?
Avast has a VRDB or something like that. Run it. YOu know that thing that re-boots your pc to an earlier time, so to speak. It will boot you to a time when there wasn't an infection. Not fool proof, but if someone is only messing with you it will work.

Also, run the start-up boot sector, drive, and memory scan, but select the option that AUTOMATICALLY throw viruses into the chest.

Personally, I am just having the usual hackers as I always have. Avast does nothing as far as firewall. So knowing, if someone was mad at you, they could slip into your stack through the millions of window-xp or whatever program holes and put both viruses and crap into your puter that way.


EDIT:

Information about current update:
Total time: 2 s

- Program: Already up to date
(current version 4.8.1335)
I just tried a manual update and this is what I got. Are you on that number/version?
__________________
“After a shooting spree, they always want to take the guns away from the people who didn't do it.” - William S. Burroughs
"Nothing we're gonna do is going to fundamentally alter or eliminate the possibility of another mass shooting or guarantee that [our gun ban legislation] will bring gun deaths down..." - VPOTUS Joe Biden
"Love 'Em All!!! Let Jehovah sort 'em out." - The Holy Bible
"It's a lot simpler to fool people than it is to convince them they've been fooled."

Last edited by Peace Warrior; 05-12-2009 at 01:35..
Peace Warrior is offline   Reply With Quote
Old 05-12-2009, 01:38   #16
Peace Warrior
CLM Number 221
Am Yisrael Chai
 
Peace Warrior's Avatar
 
Join Date: Jan 2007
Location: With the other 7,999,999
Posts: 28,369
Blog Entries: 1
Quote:
Originally Posted by Kevin108 View Post
What's your virus doing? I finally got rid of some BS that had fake copies of SVCHOST.EXE and RUNDLL32.EXE running and a READER_S.EXE that opened out of TMP and HTML files that stemmed from flaws in IE5 that are still exploitable. Haven't had a virus in over 10 years until this. Some web page the GF went to.

The Windows XP setup CD can rebuild your current install.
I got several fake srvhost ones... small world.
__________________
“After a shooting spree, they always want to take the guns away from the people who didn't do it.” - William S. Burroughs
"Nothing we're gonna do is going to fundamentally alter or eliminate the possibility of another mass shooting or guarantee that [our gun ban legislation] will bring gun deaths down..." - VPOTUS Joe Biden
"Love 'Em All!!! Let Jehovah sort 'em out." - The Holy Bible
"It's a lot simpler to fool people than it is to convince them they've been fooled."
Peace Warrior is offline   Reply With Quote
Old 05-13-2009, 14:34   #17
Kevin108
HADOKEN!
 
Kevin108's Avatar
 
Join Date: Mar 2005
Location: Portsmouth, VA
Posts: 7,815


Quote:
Originally Posted by COMplex View Post
Did you just say IE5? Why on earth are you still using IE5? Please consider firefox or google chrome.

No web browser is perfect, but using IE5 is like engaging in a gunfight with an empty glock...
Nobody is using IE5! Trust me! Been running Firefox since it went into stable beta. Even this I was switching from the old Mozilla browser.
__________________
Those who would give up Essential Liberty to purchase a
little Temporary Safety, deserve neither Liberty nor Safety.
_____- Ben Franklin |
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
Kevin108 is offline   Reply With Quote
Old 05-14-2009, 11:46   #18
TBO
CLM Number 122
Why so serious?
 
TBO's Avatar
 
Join Date: Dec 2002
Location: NRA Life Member
Posts: 46,451
Blog Entries: 1


Damn virus writers should be hung by their thumbs!
__________________
"Men occasionally stumble over the truth, but most of them pick themselves up and hurry off as if nothing had happened."

"If you have integrity, nothing else matters. If you don't have integrity, nothing else matters".

"A person who won't reason has no advantage over one who can't reason."

"Facts do not cease to exist because they are ignored."

“Ignorance is a lot like alcohol: the more you have of it, the less you are able to see its effect on you.”


Originally Posted by Rooster Rugburn:
Didn't the whole sheepdog thing actually start right here on Glock Talk? A bunch of wannabees bought a bunch of T-shirts and took an oath to defend those who won't defend themselves?
TBO is offline   Reply With Quote
Old 05-15-2009, 12:07   #19
ProGun3400
Member
 
Join Date: May 2009
Location: Illinois
Posts: 54
http://www.malwareremoval.com/
ProGun3400 is offline   Reply With Quote
Old 05-15-2009, 12:54   #20
BigSexy
Senior Member
 
BigSexy's Avatar
 
Join Date: Jan 2009
Location: Fargo ND
Posts: 489
Quote:
Originally Posted by Dragline View Post
If you are stuck with the Blue Screen of Death your OS may be fried.

You may be best off starting from scratch at this point, and go with a
re-install.
Start over, and start right...

Tech Talk
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.

Lasciate ogni speranza voi ch’entrate

If the bible proves the existence of god, then D.C. Comics proves the existence of Superman.
BigSexy is offline   Reply With Quote

 
  
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT -6. The time now is 12:39.




Homepage
FAQ
Forums
Calendar
Advertise
Gallery
GT Wiki
GT Blogs
Social Groups
Classifieds


Users Currently Online: 921
265 Members
656 Guests

Most users ever online: 2,672
Aug 11, 2014 at 2:31