close

Privacy guaranteed - Your email is not shared with anyone.

Welcome to Glock Talk

Why should YOU join our Glock forum?

  • Converse with other Glock Enthusiasts
  • Learn about the latest hunting products
  • Becoming a member is FREE and EASY

If you consider yourself a beginner or an avid shooter, the Glock Talk community is your place to discuss self defense, concealed carry, reloading, target shooting, and all things Glock.

Need Help with Virus/Malware Issue

Discussion in 'Tech Talk' started by RAH, May 11, 2009.

  1. RAH

    RAH Keep The Change Millennium Member

    994
    0
    Feb 12, 1999
    I need help with a major virus/malware issue, I'm not sure what I have but it's bad.

    Last night AVAST warned me about an infection, I tried to delete the virus/malware but the PC froze. When I tried to restart, it would freeze on the blue welcome screen, I'm running XP.

    I went to safemode and from there I tried to run an AVAST virus check at restart, it ran but then the frozen blue screen issue came on again. In safemode I ran a virus check but it didn't find anything.

    From safemode I restarted the PC, this time it worked but a message from Microsoft about installing updates came on, I tried to run that, it ran for a while but then the machine froze.

    I tried to restart but again it froze on the blue screen. I went to safemode, restarted from there, again it worked, but this time I can't find some programs like Netscape or some folders like the system folder. I shut it off, restarted, but again it locked on the blue screen.

    On safemode I can find all the programs, except I can't access the system restore function.

    Any suggestions on what I should do?
     
  2. silentpoet

    silentpoet

    25,557
    10,250
    Jan 11, 2007
    This Old Caddy
    In safemode can you open a run program window? If you can, try browsing to the system restore program, buried in whatever windows(I think)subfolder it is in.
     


  3. COMplex

    COMplex

    133
    0
    Oct 23, 2008
    Denver, CO
    Some of the new variants are very tough to remove, especially if you aren't too computer savvy.

    I'd recommend avira and malwarebytes after running combofix (google search - all free tools)

    I would also recommend having it looked at by a professional, especially if you use the computer for any business, financial, or personal information.

    Also, System Restore is not recommended, since some malware actually targets and hides in those hidden folders.
     
  4. Dragline

    Dragline

    3,511
    834
    Nov 5, 2003
    Coastal SC
    If you are stuck with the Blue Screen of Death your OS may be fried.

    You may be best off starting from scratch at this point, and go with a
    re-install.
     
  5. Kevin108

    Kevin108 HADOKEN!

    6,637
    728
    Mar 2, 2005
    Virginia Beach, VA
    What's your virus doing? I finally got rid of some BS that had fake copies of SVCHOST.EXE and RUNDLL32.EXE running and a READER_S.EXE that opened out of TMP and HTML files that stemmed from flaws in IE5 that are still exploitable. Haven't had a virus in over 10 years until this. Some web page the GF went to.

    The Windows XP setup CD can rebuild your current install.
     
  6. COMplex

    COMplex

    133
    0
    Oct 23, 2008
    Denver, CO
    Did you just say IE5? Why on earth are you still using IE5? Please consider firefox or google chrome.

    No web browser is perfect, but using IE5 is like engaging in a gunfight with an empty glock...
     
  7. RAH

    RAH Keep The Change Millennium Member

    994
    0
    Feb 12, 1999
    Thanks for the help.

    I can't do a system restore as I can't start in standard or safemode.

    I'm going to try all the suggestions. If worse comes to worse I'm going to wipe the HD clean.

    I managed to get some files onto an older PC via a local network, I'm also going to buy an external HD to save the rest of the files. Is there any danger of the malware or virus hiding in the backup files?

    Thanks!
     
  8. Gallium

    Gallium CLM

    28,685
    9
    Mar 26, 2003
    If you have another computer,

    1. Make sure this other computer is up to date on it's virus definitions. If possible, get the most current version of your preferred antivirus software.

    2. Remove the hard drive from the suspect computer, and scan it in this updated computer.

    'Drew
     
  9. curator

    curator

    350
    0
    Feb 7, 2009
    Marin County, CA
    Best approach is to do a "clean boot" from a CD with an operating system that can access all of your drives and current anti-virus. Don't know about AVAST, but check Symantec, McAfee, etc. Your files may or may not be fried, but this approach will bring the system up (assuming no hardware damage) without activating anything lurking in system files. Should be able to clean the system, or at least identify what's there for further cleaning. At that point, you will hopefully be able to go back in using safe mode.

    Good luck! These things are ugly, and I'd hate to have to spend the time rebuilding all the app installs etc. that might be necessary if you clean out the OS and reinstall.
     
  10. m87

    m87

    303
    0
    Feb 24, 2009

    I second this. It's worked for me several times.

    Another thing, for the future, is to make backups every once in awhile, when you know your computer is clean. I don't do this myself often enough but it's a good idea.

    If you have a Seagate Hard drive, then you have Seagate Diskwizard. This program is GREAT and VERY easy to use. It backs up an entire hard drive as one file (hopefully you have a second hard drive to put this file on; internal, external, doesn't matter). When your computer messes up, run this program and tell it to restore the drive that's "bad" to this earlier copy. Takes less than an hour, and it's a lot easier than re-installing Windows because everything is exactly as it was when you made the backup.

    By the way, "Acronis Disk Wizard" is the program that the Seagate program is based off of; if you don't have a Seagate hard drive, you can still buy this program, though I don't know the cost.
     
  11. Glock20 10mm

    Glock20 10mm Use Linux!

    Use a Knoppix Linux live CD to get in and clean house. I have a post to something similar to this thread located here.... Bottom line, you are most likely looking at a complete system re-installation.

    DO NOT USE SYMANTIC AV! It's extremely resource intensive and WILL cause serious system performance issues. Especially if you are already on an underpowered system.

    One more thing I forgot to cover in the other post, partition your Windows drive into two partitions minimum. The C:\ partition is to hold apps and OS. The D:\ partition is to hold files, such as photos and documents. This way when you have to wipe and go again you don't have to worry about recovering your files or losing them in the process (so long as you don't format the D:\ drive during the reinstall.

    And as a parting tid-bit, Norton Ghost is supposed to be an excellent image copy solution. Once you have a solid and stable system then make a Ghost image of it. Then at regular intervals as you use your system and you are satisfied it's in excellent shape, create another image so as to keep your re-build image as current as possible... so when you need it you won't have to regress as far.
     
  12. curator

    curator

    350
    0
    Feb 7, 2009
    Marin County, CA
    Too late for Norton Ghost. It will make an image of your drive(s), including whatever malware you've got. If you had a Ghost image from before, you'd be good to go, except for any files added/changed since the image was created.
     
  13. Peace Warrior

    Peace Warrior Am Yisrael Chai CLM

    28,983
    5,387
    Jan 12, 2007
    outside the wire perimeter.
    Avast has a VRDB or something like that. Run it. YOu know that thing that re-boots your pc to an earlier time, so to speak. It will boot you to a time when there wasn't an infection. Not fool proof, but if someone is only messing with you it will work.

    Also, run the start-up boot sector, drive, and memory scan, but select the option that AUTOMATICALLY throw viruses into the chest.

    Personally, I am just having the usual hackers as I always have. Avast does nothing as far as firewall. So knowing, if someone was mad at you, they could slip into your stack through the millions of window-xp or whatever program holes and put both viruses and crap into your puter that way.


    EDIT:

    Information about current update:
    Total time: 2 s

    - Program: Already up to date
    (current version 4.8.1335)
    I just tried a manual update and this is what I got. Are you on that number/version?
     
    Last edited: May 12, 2009
  14. Peace Warrior

    Peace Warrior Am Yisrael Chai CLM

    28,983
    5,387
    Jan 12, 2007
    outside the wire perimeter.
    I got several fake srvhost ones... small world.
     
  15. Kevin108

    Kevin108 HADOKEN!

    6,637
    728
    Mar 2, 2005
    Virginia Beach, VA
    Nobody is using IE5! Trust me! Been running Firefox since it went into stable beta. Even this I was switching from the old Mozilla browser. :wavey:
     
  16. TBO

    TBO Why so serious? CLM

    Damn virus writers should be hung by their thumbs!
     
  17. BigSexy

    BigSexy

    489
    0
    Jan 26, 2009
    Fargo ND
    Start over, and start right...

    [​IMG]