close

Privacy guaranteed - Your email is not shared with anyone.

Virus came home with school work…. Help!

Discussion in 'Tech Talk' started by Dyno, Feb 10, 2011.


  1. Dyno

    Dyno
    Expand Collapse

    Joined:
    Oct 11, 2002
    168
    0
    Location:
    Ga
    My granddaughter brought some of her school work home on a flash drive and it had a virus in it.

    Well it got in my HP desktop computer and messed things up and AVG did not help. So I had the idea to just let the HP do what it calls a destructive reload of the os. When everything was finished with the newly installed os I used IE to go to major geeks for the AVG free and Malwarebytes so things would get started off on the right foot. Well guess what ??? After the new os reload IE would not let me go to major geeks and redirected itself to another website. I finally got avg and malwarebytes installed by going to Google websight and installing Chrome and then getting AVG and Malwarebytes before it could take over Chrome.

    How do I clear a virus from a flash drive ?

    How did that virus survive the os destructive reload and what should I do next ?

    Thanks in advance , Dyno
     

    Wanna kill these ads? We can help!
  2. HerrGlock

    HerrGlock
    Expand Collapse
    Scouts Out
    CLM

    Joined:
    Dec 28, 2000
    23,791
    182
    What virus? Yes it makes a difference.

    Some viruses attach to the boot sector which may or may not get cleaned by a reinstall. Some of the newer ones actually attach to the area of the drive where the OS reinstall image is stored so you cannot get rid of it.
     

  3. Dyno

    Dyno
    Expand Collapse

    Joined:
    Oct 11, 2002
    168
    0
    Location:
    Ga
     
  4. gemeinschaft

    gemeinschaft
    Expand Collapse
    AKA Fluffy316

    Joined:
    Feb 7, 2004
    2,181
    0
    Location:
    Houston, TX
    This is exactly why I don't like the Recovery Partitions that HP likes to setup.

    Dyno, do you have physical discs that you can reinstall Windows from?
     
  5. HerrGlock

    HerrGlock
    Expand Collapse
    Scouts Out
    CLM

    Joined:
    Dec 28, 2000
    23,791
    182
    http://housecall.trendmicro.com/
     
  6. JimmyN

    JimmyN
    Expand Collapse

    Joined:
    Sep 29, 2006
    1,266
    7
    Location:
    Virginia
    Did the recovery delete all your documents and installed software? If it didn't then you did a system recovery rather than a destructive recovery. System recovery just replaces system files, destructive recovery re-formats the drive then installs the OS.

    You can use Malwarebytes to scan the flash drive. Start Malwarebytes and select "Perform Full Scan" to get a drive list. Remove the check from C drive and put a check in whatever drive letter the flash drive is using.
     
  7. Dyno

    Dyno
    Expand Collapse

    Joined:
    Oct 11, 2002
    168
    0
    Location:
    Ga
    gemeinschaft ,
    No physical discs with this HP box.

    HerrGlock ,
    Thanks for the Trend link , I'll post results today.

    JimmyN ,
    I will do that this afternoon.

    Dyno
     
  8. Pierre!

    Pierre!
    Expand Collapse
    NRA Life Member

    Joined:
    Jun 20, 2003
    3,952
    137
    Location:
    Lovin Sparks Nv!
    Hey Dyno,

    Don't forget to press <F8> while the system boots. Then select SAFE MODE W/ NETWORKING

    Then do your scans. It will work much more effectively, most likely on the first try...

    HTH
     
  9. Dyno

    Dyno
    Expand Collapse

    Joined:
    Oct 11, 2002
    168
    0
    Location:
    Ga
    Pierre ,
    Thanks for the tip on the f8 and scan in safe mode. I did not get to do this yesterday so today is the day. I will post findings.

    Dyno
     
  10. gemeinschaft

    gemeinschaft
    Expand Collapse
    AKA Fluffy316

    Joined:
    Feb 7, 2004
    2,181
    0
    Location:
    Houston, TX
    I would also suggest that after you start in Safe Mode, you can go to

    RUN --> MSCONFIG and look at the "Startup" tab.

    There, you will find a list of the all of the processes that are scheduled to start up when you boot your system normally.

    Many times, you can see the virus that is running in the background from this screen and simply remove it from the Startup tab. Of course, this is just a bandaid that is to be applied until you find how to remove the virus, but it can lead you to where the virus is hiding.
     
  11. C.Lee

    C.Lee
    Expand Collapse

    Joined:
    Nov 18, 2009
    212
    0
    Location:
    Maine
    For future reference. By default AVG does not scan removable drives, you have to turn it on yourself, at least that is how it works for me.


    Open AVG, Tools, Advanced settings, scroll down to and expand "scans", Put a check mark in the box next to "Enable Removable device scan"
    also put a check in "use heuristics", "enable thorough scan" and select "all file types" and put a check in "scan files without extensions" and anything else you wish.

    Click on "apply".

    AVG should now scan every removable drive when it is first plugged in.
    You may also want to turn off auto-play on any drives other than your DVD drives, I think windows had a patch that stops auto-play on all non DVD drives.
     
  12. hamster

    hamster
    Expand Collapse
    NRA Life Member

    Joined:
    Feb 22, 2010
    3,146
    14
    Try the free and excellent Microsoft Security Essentials. It is fairly good at clearing up infections.
     
  13. Linux3

    Linux3
    Expand Collapse

    Joined:
    Dec 31, 2008
    1,399
    0
    The last time I 'Ran' a MS OS was Windows 98. Well, actually 98SE. When I found that 98SE was nothing but a bug fix for 98 AND I had to pay for it I moved to Solaris for x86.

    I gotta ask, why is Microsoft Security Essentials 'fairly good'?
    I mean, MS releases an OS that is insecure and open to viruses, worms, trojan horses and tigers; Oh my.
    Then they have the OPTION of installing Security Essentials. Why not just make it part of the basic OS install?
    It's not for ethical reasons. MS has no problem changing the DRM or WGA or IE plugins without permission. Why not just secure the OS and install their Security package by default?

    Lots of companies have made major bucks selling third party stuff in an effort to secure Microsoft's mistakes. Is MS getting a cut of the action?

    If Security Essentials is indeed essential why is installing it an option?

    To me and many people I know the whole thing is actually kind of funny but I don't think Microsoft is doing this just for my amusement.
     
  14. Pierre!

    Pierre!
    Expand Collapse
    NRA Life Member

    Joined:
    Jun 20, 2003
    3,952
    137
    Location:
    Lovin Sparks Nv!
    And my final comment for this thread...

    Schools are the *worst* place for virus and malware. Children haven't learned enough about computers to protect their thumb drives, or learn all the nuances of security and what to be concerned about.

    Teens - These are some really malicious kind of 'students'. They actively work to exploit any flaws in the district IT plans and architecture. It's a game for many of them - the goal? Free Grades, Attendance Records 'updates'... You name it, they go after it!

    So - When that USB drive or the CD-Rom disk comes home from the school with work to be transferred to the main computer... The *first* thing you should do is scan the media for virus and malware infection. Catch it before it gets a chance to latch on to your system.

    It would also make sense to make sure you have a recent backup updated as well! Sure does make recovery a joy when there is very little pressure due to a recent data backup. :cool:

    Better yet, use the built in Windows 7 'Drive Image' backup to ready your system for a complete restore... After the initial 'Drive Image' is created, the next backups go VERY quickly!

    Hope that helps you out!
     
  15. IndyGunFreak

    IndyGunFreak
    Expand Collapse
    KO Windows

    Joined:
    Jan 26, 2001
    25,696
    982
    Location:
    Indiana
    I've found scanning w/ Networking under Safe Mode, to be problematic with some viruses. I've scanned "w/ Networking" rebooted, and still had the virus despite it previously showing "cleared". I'm assuming the virus determines it has been removed, and uses the network connection to reinstall itself...

    What I've usually done...

    1. Boot safe mode, update antivirus/malware software.
    2. Reboot to safe mode w/o networking
    3. Run scans.
    4. Back to normal OS...

    IGF
     
  16. Pierre!

    Pierre!
    Expand Collapse
    NRA Life Member

    Joined:
    Jun 20, 2003
    3,952
    137
    Location:
    Lovin Sparks Nv!
    Agreed. Just depends on whether the infection will provide a clean update while in standard operating mode... or if it will load AV/AM at all.

    It does allow the user to upgrade the sig file, which could be considered important for a first scan cleanup...

    Really a case by case process! and, the user needs to know to update sig files in the first place :supergrin:

    HTH
     
  17. sbhaven

    sbhaven
    Expand Collapse

    Joined:
    Jun 27, 2008
    4,779
    7
    Location:
    Constitution State
    Some kinds of infections will disable some parts of AV or malware programs so even when they're run they miss the virus/malware. One of my machines recently got hit with a google redirect virus/malware that was particulary nasty and difficult to get rid of. :steamed: The infected machine is scanned weekly with McCafee Security Center and Malwarebyes yet both missed the infection and wouldn't clean it. It took several hours of running Combofix (from BleepingComputers) to remove the infection (appeared to be a rootkit). Combofix is a last resort type of fix though, its better to try other fixes before resorting to it.

    DSLReports has some good suggestions for cleaning malware/virus off one's computer and they also have a remove rootkit page for dealing with those too.