SydLexia.com - The Forums :: View topic

Joined: Jun 08 2010 Location: Termina Field Posts: 1541

Guess what? I have a virus on my computer. And it is proving hard to get rid of.

Also, here's some info on it:
-Blocks both my antivirus programs (Malwarebytes giving an error about something I don't understand and AVG not opening it's interface or updating)
-Before my antivirus programs were blocked, running a scan caused my computer to completely lock up (caps lock buttons not responding, etc.)
-Messages about startup programs being blocked, and system processes crashing.
-Safe Mode being blocked.
-Possibly some other issues I have not seen yet or mentioned.

Anyone know what I could do?

Joined: Dec 06 2007 Location: Connecticut Posts: 11244

I would reimage the computer/reformat. That is just me. The alternative is hours worth of fighting.

The hardest part about fixing problems once you get to this point is that you can't use the computer you have because it is fucked.

So, you need a boot disk with utilities.

I would suggest WinPE with a full set of tools, but that is an extremely large amount of work. So...
My second suggestion would be to boot off of the Windows DVD and get to the command prompt. From there have a USB key plugged in that has portable ClamWin and SpyBot:
http://portableapps.com/apps/security

You should run the portable apps on another working computer to update them prior to using them on your own.

Joined: Jun 08 2010 Location: Termina Field Posts: 1541

Okay, I shall try these tomorrow (it is 12am where I live). I really do not wish to reformat my disk, because I have not backed up my files since that Windows 7 malfunction, so I shall go the harder way.

Joined: Dec 06 2007 Location: Connecticut Posts: 11244

Mr. Satire wrote:

Okay, I shall try these tomorrow (it is 12am where I live). I really do not wish to reformat my disk, because I have not backed up my files since that Windows 7 malfunction, so I shall go the harder way.

Remember, you could boot to any bootable OS and just backup your shit.

Banned Joined: Sep 13 2008 Posts: 3129

What we do at the place I intern when we get a computer that matches what you said
1.) System restore to a week before the virus hit.
2.) Run a boot time scan and/or a full system scan with Avast
3.) verify the virus is gone.

Joined: Jun 08 2010 Location: Termina Field Posts: 1541

GPFontaine wrote:

Mr. Satire wrote:

Okay, I shall try these tomorrow (it is 12am where I live). I really do not wish to reformat my disk, because I have not backed up my files since that Windows 7 malfunction, so I shall go the harder way.

Remember, you could boot to any bootable OS and just backup your shit.

Well, I do have Ubuntu installed on disk and Live CDs of Ubuntu.

Joined: Jun 08 2010 Location: Termina Field Posts: 1541

Hacker wrote:

What we do at the place I intern when we get a computer that matches what you said
1.) System restore to a week before the virus hit.
2.) Run a boot time scan and/or a full system scan with Avast
3.) verify the virus is gone.

I don't have System Restore active, I think. I usually disable it to save disk space.

Posted: Mar 27 2011 05:04 pm

You can try getting the Dr. Web LiveCD. I use it when I need offline antivirus in a fix.

Joined: Dec 06 2007 Location: Connecticut Posts: 11244

Dr. Web? Who/What is that?

Posted: Mar 28 2011 12:12 am

Sounds like one of those "Windows Antivirus 2010" viruses.

Search for the exact name the pop ups give you. You can find detailed instructions of what files you need to get rid of.

You usually have to load into safe made. Kill the related processes, then hunt down and delete the files. (Which are usually hiding in the %appdata% folder somewhere.

Joined: Oct 01 2009 Posts: 5316

All I have to say is..

YOUR'RE IN DANGER! YOUR COMPUTER IS INFECTED WITH SPYWARE!

ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES, SEND E-MAILS... ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES

FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN. Every site you or somebody or even something, like spyware, opened in your browsers, with all the images, and all the downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could break your life!

SECURE YOURSELF RIGHT NOW! REMOVE ALL SPYWARE FROM YOUR PC!

Joined: Jun 08 2010 Location: Termina Field Posts: 1541

Knyte wrote:

Sounds like one of those "Windows Antivirus 2010" viruses.

Search for the exact name the pop ups give you. You can find detailed instructions of what files you need to get rid of.

You usually have to load into safe made. Kill the related processes, then hunt down and delete the files. (Which are usually hiding in the %appdata% folder somewhere.

I know it's not one of those fake antiviruses, since it doesn't seem to install anything that looks like a fake antivirus.

The popups look like typical Windows Vista/7 "this program is not responding/has stopped working" dialogs, and they claim that a program that sounds like a system process (I forgot the name, but it begins with 'Host'). Also, I have seen Windows Data Execution Prevention warnings, and warnings that some startup programs have been blocked.

Like I said, I can't access safe mode, however, I can use Ubuntu to do some stuff relating to files.

Joined: Jun 08 2010 Location: Termina Field Posts: 1541

UPDATE-ME-DO: I now have a screenshot of one of the errors I have been getting presumably due to the virus. Also, when I booted windows today, my antivirus (AVG Free 2011) said it had succeded in removing a malware, and after that, both my antivirus programs worked again. However, I am still getting some errors, and some websites randomly redirect.

Oh, and here is the screenshot:

Posted: Apr 03 2011 03:12 am

I'm no expert but don't windows error msgs like that always ask you if you want to notify Microsft or not? It looks phony and weird with the whole Don't call us we'll call you jazz going on in there... Confused

Joined: Dec 06 2007 Location: Connecticut Posts: 11244

Blackout, that error is not suspect. It is a notice and there is no option when it comes up.

Satire,

Get Super Anti Spyware & Malware Bytes. Run them. http://ninite.com/malwarebytes-super/
Update your video driver
Update the rest of your drivers
Run the manual fix for BITS, do not run the automated portion - http://support.microsoft.com/kb/940520
Unplug all unnecessary USB devices (Keep the Mouse and Keyboard )
Eject all media (CD's, floppy disks?)
Run: C:\Windows\system32\MdSched.exe

Banned Joined: Sep 13 2008 Posts: 3129

Not trying to be a smart ass but why're you having him run a memory test for the last step?

Is there some association between viruses and dead RAM?

Joined: Dec 06 2007 Location: Connecticut Posts: 11244

The chances of this being a memory error are limited, so it is a last test due to its duration.

Also, at that point the problem would coincidentally be timed alongside of malware. The Host Process failing can be linked to memory issues... so thats that.

Banned Joined: Sep 13 2008 Posts: 3129

Ah well cool, I'll have to remember that in the future

Joined: Jun 08 2010 Location: Termina Field Posts: 1541

GPFontaine wrote:

Blackout, that error is not suspect. It is a notice and there is no option when it comes up.

Satire,

Get Super Anti Spyware & Malware Bytes. Run them. http://ninite.com/malwarebytes-super/
Update your video driver
Update the rest of your drivers
Run the manual fix for BITS, do not run the automated portion - http://support.microsoft.com/kb/940520
Unplug all unnecessary USB devices (Keep the Mouse and Keyboard )
Eject all media (CD's, floppy disks?)
Run: C:\Windows\system32\MdSched.exe

I already have Malwarebytes, but when I downloaded SuperAntiSpyware, running the installer gave me this message:

(and, no, my window borders are not set to purple, that was the background, also, Malwarebytes gives the same error when I launch

I think I have the latest drivers for everything, but I'll check later.

I can't see to get that BITS fix for Windows, since I have to run a Windows Validation thingy, which does not work due to the virus.

I can easily remove my USB mouse (I use a laptop Razz

)

I shall try the last step later.

I am screwed, aren't I?

Joined: Jun 08 2010 Location: Termina Field Posts: 1541

Oh, and here is some other things I have noticed.

Sometimes Firefox looks like this until I restart:

Note the classic-style scrollbars, and glitched top.

Also, I have noticed suspicious-looking processes running, trying to kill these gives an 'access is denied' error. I then tried using RKill (http://www.bleepingcomputer.com/download/anti-virus/rkill), but that was blocked too.

My verdict:
I AM SCREWED!

Joined: Dec 06 2007 Location: Connecticut Posts: 11244

GPFontaine wrote:

I would reimage the computer/reformat. That is just me. The alternative is hours worth of fighting.

Joined: Jun 08 2010 Location: Termina Field Posts: 1541

GPFontaine wrote:

I would reimage the computer/reformat. That is just me. The alternative is hours worth of fighting.

I was being sarcastic about being screwed.

Also, I wish to keep going and only reformatting as a last resort, as I haven't backed up my stuff since that Windows 7 fail.

Joined: Dec 06 2007 Location: Connecticut Posts: 11244

You still haven't booted off of a portable media and done a backup?

Joined: Jun 08 2010 Location: Termina Field Posts: 1541

GPFontaine wrote:

You still haven't booted off of a portable media and done a backup?

Nope.

Remember, I am still willing to try and remove the virus without formatting my Windows Vista partition.

Posted: Apr 04 2011 05:42 pm

I know reformatting sucks. But seriously, Fuck the insane amount of hours of trying to outsmart this for an issue you don't know where it is at.

I would be backing my stuff up and reformatting at this point.

FUN FACT: My latest purchase of a laptop did NOT include Windows 7 Discs. It only came pre-installed. I pray I don't have to reformat anytime soon. I know there are "Ways around it" but I'd still like to get Windows Updates. Especially after I paid for the fucking system.