GlockTalk.com
Home Forums Classifieds Blogs Today's Posts Search Social Groups



  
SIGN-UP
Notices

Glock Talk
Welcome To The Glock Talk Forums.

 
  
Reply
 
Thread Tools Display Modes
Old 02-10-2011, 09:53   #1
Dyno
Senior Member
 
Join Date: Oct 2002
Location: Ga
Posts: 240
Virus came home with school work…. Help!

My granddaughter brought some of her school work home on a flash drive and it had a virus in it.

Well it got in my HP desktop computer and messed things up and AVG did not help. So I had the idea to just let the HP do what it calls a destructive reload of the os. When everything was finished with the newly installed os I used IE to go to major geeks for the AVG free and Malwarebytes so things would get started off on the right foot. Well guess what ??? After the new os reload IE would not let me go to major geeks and redirected itself to another website. I finally got avg and malwarebytes installed by going to Google websight and installing Chrome and then getting AVG and Malwarebytes before it could take over Chrome.

How do I clear a virus from a flash drive ?

How did that virus survive the os destructive reload and what should I do next ?

Thanks in advance , Dyno
Dyno is offline   Reply With Quote
Old 02-10-2011, 10:06   #2
HerrGlock
CLM Number 2
Scouts Out
 
HerrGlock's Avatar
 
Join Date: Dec 2000
Posts: 64,493


What virus? Yes it makes a difference.

Some viruses attach to the boot sector which may or may not get cleaned by a reinstall. Some of the newer ones actually attach to the area of the drive where the OS reinstall image is stored so you cannot get rid of it.
__________________
Sent from my rotary phone
"The way I see it as soon as a baby is born, he should be issued a banjo!"- Linus Van Pelt
UNIX - Not just for Vestal Virgins any more
HerrGlock is offline   Reply With Quote
Old 02-10-2011, 11:13   #3
Dyno
Senior Member
 
Join Date: Oct 2002
Location: Ga
Posts: 240
[QUOTE=HerrGlock;16846686]What virus? Yes it makes a difference.

Ok , If you tell me how to find out what virus it is I will be glad to post it.

Thanks , Dyno
Dyno is offline   Reply With Quote
Old 02-10-2011, 11:43   #4
gemeinschaft
AKA Fluffy316
 
gemeinschaft's Avatar
 
Join Date: Feb 2004
Location: Houston, TX
Posts: 4,617
Send a message via AIM to gemeinschaft Send a message via Yahoo to gemeinschaft Send a message via Skype™ to gemeinschaft
Quote:
Originally Posted by HerrGlock View Post
What virus? Yes it makes a difference.

Some viruses attach to the boot sector which may or may not get cleaned by a reinstall. Some of the newer ones actually attach to the area of the drive where the OS reinstall image is stored so you cannot get rid of it.
This is exactly why I don't like the Recovery Partitions that HP likes to setup.

Dyno, do you have physical discs that you can reinstall Windows from?
__________________
Check my Photography Site at:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
gemeinschaft is offline   Reply With Quote
Old 02-10-2011, 11:46   #5
HerrGlock
CLM Number 2
Scouts Out
 
HerrGlock's Avatar
 
Join Date: Dec 2000
Posts: 64,493


Quote:
Originally Posted by Dyno View Post
Quote:
Originally Posted by HerrGlock View Post
What virus? Yes it makes a difference.
Ok , If you tell me how to find out what virus it is I will be glad to post it.

Thanks , Dyno
http://housecall.trendmicro.com/
__________________
Sent from my rotary phone
"The way I see it as soon as a baby is born, he should be issued a banjo!"- Linus Van Pelt
UNIX - Not just for Vestal Virgins any more
HerrGlock is offline   Reply With Quote
Old 02-10-2011, 12:02   #6
JimmyN
Senior Member
 
Join Date: Sep 2006
Location: Virginia
Posts: 1,528
Did the recovery delete all your documents and installed software? If it didn't then you did a system recovery rather than a destructive recovery. System recovery just replaces system files, destructive recovery re-formats the drive then installs the OS.

You can use Malwarebytes to scan the flash drive. Start Malwarebytes and select "Perform Full Scan" to get a drive list. Remove the check from C drive and put a check in whatever drive letter the flash drive is using.
__________________
** Sent from my rotary dial phone using TwirlaWord **
JimmyN is online now   Reply With Quote
Old 02-10-2011, 14:00   #7
Dyno
Senior Member
 
Join Date: Oct 2002
Location: Ga
Posts: 240
gemeinschaft ,
No physical discs with this HP box.

HerrGlock ,
Thanks for the Trend link , I'll post results today.

JimmyN ,
I will do that this afternoon.

Dyno
Dyno is offline   Reply With Quote
Old 02-10-2011, 14:04   #8
Pierre!
NRA Life Member
 
Pierre!'s Avatar
 
Join Date: Jun 2003
Location: Lovin Sparks Nv!
Posts: 4,188
Hey Dyno,

Don't forget to press <F8> while the system boots. Then select SAFE MODE W/ NETWORKING

Then do your scans. It will work much more effectively, most likely on the first try...

HTH
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.


Download YOUR copy of
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.

My Gift to You, AND it's >FREE<
Pierre! is offline   Reply With Quote
Old 02-11-2011, 09:53   #9
Dyno
Senior Member
 
Join Date: Oct 2002
Location: Ga
Posts: 240
Pierre ,
Thanks for the tip on the f8 and scan in safe mode. I did not get to do this yesterday so today is the day. I will post findings.

Dyno
Dyno is offline   Reply With Quote
Old 02-11-2011, 10:32   #10
gemeinschaft
AKA Fluffy316
 
gemeinschaft's Avatar
 
Join Date: Feb 2004
Location: Houston, TX
Posts: 4,617
Send a message via AIM to gemeinschaft Send a message via Yahoo to gemeinschaft Send a message via Skype™ to gemeinschaft
I would also suggest that after you start in Safe Mode, you can go to

RUN --> MSCONFIG and look at the "Startup" tab.

There, you will find a list of the all of the processes that are scheduled to start up when you boot your system normally.

Many times, you can see the virus that is running in the background from this screen and simply remove it from the Startup tab. Of course, this is just a bandaid that is to be applied until you find how to remove the virus, but it can lead you to where the virus is hiding.
__________________
Check my Photography Site at:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
gemeinschaft is offline   Reply With Quote
Old 02-14-2011, 08:33   #11
C.Lee
Senior Member
 
Join Date: Nov 2009
Location: Maine
Posts: 212
For future reference. By default AVG does not scan removable drives, you have to turn it on yourself, at least that is how it works for me.


Open AVG, Tools, Advanced settings, scroll down to and expand "scans", Put a check mark in the box next to "Enable Removable device scan"
also put a check in "use heuristics", "enable thorough scan" and select "all file types" and put a check in "scan files without extensions" and anything else you wish.

Click on "apply".

AVG should now scan every removable drive when it is first plugged in.
You may also want to turn off auto-play on any drives other than your DVD drives, I think windows had a patch that stops auto-play on all non DVD drives.
C.Lee is offline   Reply With Quote
Old 02-14-2011, 09:10   #12
hamster
NRA Life Member
 
Join Date: Feb 2010
Posts: 3,066
Blog Entries: 1
Try the free and excellent Microsoft Security Essentials. It is fairly good at clearing up infections.
hamster is offline   Reply With Quote
Old 02-14-2011, 20:26   #13
Linux3
Senior Member
 
Linux3's Avatar
 
Join Date: Dec 2008
Posts: 1,399
Quote:
Originally Posted by hamster View Post
Try the free and excellent Microsoft Security Essentials. It is fairly good at clearing up infections.
The last time I 'Ran' a MS OS was Windows 98. Well, actually 98SE. When I found that 98SE was nothing but a bug fix for 98 AND I had to pay for it I moved to Solaris for x86.

I gotta ask, why is Microsoft Security Essentials 'fairly good'?
I mean, MS releases an OS that is insecure and open to viruses, worms, trojan horses and tigers; Oh my.
Then they have the OPTION of installing Security Essentials. Why not just make it part of the basic OS install?
It's not for ethical reasons. MS has no problem changing the DRM or WGA or IE plugins without permission. Why not just secure the OS and install their Security package by default?

Lots of companies have made major bucks selling third party stuff in an effort to secure Microsoft's mistakes. Is MS getting a cut of the action?

If Security Essentials is indeed essential why is installing it an option?

To me and many people I know the whole thing is actually kind of funny but I don't think Microsoft is doing this just for my amusement.
__________________
It it's not on fire,
It's a software problem.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
Linux3 is offline   Reply With Quote
Old 02-14-2011, 21:14   #14
Pierre!
NRA Life Member
 
Pierre!'s Avatar
 
Join Date: Jun 2003
Location: Lovin Sparks Nv!
Posts: 4,188
And my final comment for this thread...

Schools are the *worst* place for virus and malware. Children haven't learned enough about computers to protect their thumb drives, or learn all the nuances of security and what to be concerned about.

Teens - These are some really malicious kind of 'students'. They actively work to exploit any flaws in the district IT plans and architecture. It's a game for many of them - the goal? Free Grades, Attendance Records 'updates'... You name it, they go after it!

So - When that USB drive or the CD-Rom disk comes home from the school with work to be transferred to the main computer... The *first* thing you should do is scan the media for virus and malware infection. Catch it before it gets a chance to latch on to your system.

It would also make sense to make sure you have a recent backup updated as well! Sure does make recovery a joy when there is very little pressure due to a recent data backup.

Better yet, use the built in Windows 7 'Drive Image' backup to ready your system for a complete restore... After the initial 'Drive Image' is created, the next backups go VERY quickly!

Hope that helps you out!
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.


Download YOUR copy of
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.

My Gift to You, AND it's >FREE<
Pierre! is offline   Reply With Quote
Old 02-15-2011, 07:32   #15
IndyGunFreak
KO Windows
 
IndyGunFreak's Avatar
 
Join Date: Jan 2001
Location: Indiana
Posts: 30,384
Send a message via ICQ to IndyGunFreak Send a message via AIM to IndyGunFreak Send a message via MSN to IndyGunFreak Send a message via Yahoo to IndyGunFreak Send a message via Skype™ to IndyGunFreak


Quote:
Originally Posted by Pierre! View Post
Hey Dyno,

Don't forget to press <F8> while the system boots. Then select SAFE MODE W/ NETWORKING

Then do your scans. It will work much more effectively, most likely on the first try...

HTH
I've found scanning w/ Networking under Safe Mode, to be problematic with some viruses. I've scanned "w/ Networking" rebooted, and still had the virus despite it previously showing "cleared". I'm assuming the virus determines it has been removed, and uses the network connection to reinstall itself...

What I've usually done...

1. Boot safe mode, update antivirus/malware software.
2. Reboot to safe mode w/o networking
3. Run scans.
4. Back to normal OS...

IGF
__________________
Quote:
Ronald Reagan
"If we ever forget that we are One Nation Under God, then we will be a nation gone under."
"Man is not free unless Government is limited"
IndyGunFreak is offline   Reply With Quote
Old 02-15-2011, 08:37   #16
Pierre!
NRA Life Member
 
Pierre!'s Avatar
 
Join Date: Jun 2003
Location: Lovin Sparks Nv!
Posts: 4,188
Quote:
Originally Posted by IndyGunFreak View Post
I've found scanning w/ Networking under Safe Mode, to be problematic with some viruses. I've scanned "w/ Networking" rebooted, and still had the virus despite it previously showing "cleared". I'm assuming the virus determines it has been removed, and uses the network connection to reinstall itself...

What I've usually done...

1. Boot safe mode, update antivirus/malware software.
2. Reboot to safe mode w/o networking
3. Run scans.
4. Back to normal OS...

IGF
Agreed. Just depends on whether the infection will provide a clean update while in standard operating mode... or if it will load AV/AM at all.

It does allow the user to upgrade the sig file, which could be considered important for a first scan cleanup...

Really a case by case process! and, the user needs to know to update sig files in the first place

HTH
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.


Download YOUR copy of
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.

My Gift to You, AND it's >FREE<
Pierre! is offline   Reply With Quote
Old 02-15-2011, 11:27   #17
sbhaven
Senior Member
 
sbhaven's Avatar
 
Join Date: Jun 2008
Location: Constitution State
Posts: 4,686
Some kinds of infections will disable some parts of AV or malware programs so even when they're run they miss the virus/malware. One of my machines recently got hit with a google redirect virus/malware that was particulary nasty and difficult to get rid of. The infected machine is scanned weekly with McCafee Security Center and Malwarebyes yet both missed the infection and wouldn't clean it. It took several hours of running Combofix (from BleepingComputers) to remove the infection (appeared to be a rootkit). Combofix is a last resort type of fix though, its better to try other fixes before resorting to it.

DSLReports has some good suggestions for cleaning malware/virus off one's computer and they also have a remove rootkit page for dealing with those too.
__________________
Currently hiding behind enemy lines in a Blue State.
sbhaven is online now   Reply With Quote

 
  
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT -6. The time now is 06:44.




Homepage
FAQ
Forums
Calendar
Advertise
Gallery
GT Wiki
GT Blogs
Social Groups
Classifieds


Users Currently Online: 786
226 Members
560 Guests

Most users ever online: 2,672
Aug 11, 2014 at 2:31