Virus Help - PLEASE!

Zah1 said:
Okay guys, as I said, I'm a bit doff when it comes to these things.

How exactly do I do a boot scan? Can someone give me detailed steps?

Peon, is what you suggested a boot scan?

Tia
Click to expand...

The rescue disks are little linux operating systems tweaked to clean PC's. What will happen is you will download the kaspersky iso. Burn it to a CD. Put that CD into your PC and set your BIOS to boot off the CD. You will see it will boot off the CD and go into a user interface with mouse and icons etc,etc. You will see on the desktop of the boot cd you just loaded is one or two icons.

Normally the scanner icon or similar is what you want. Open it and just like any application look for the update button. Update the version to the latest definitions. Once that is done, go back to the main page and choose what you want to scan. Choose the harddrive in your PC and bootsectors.

The gist of it is that the CD is a small linux os from which you boot. The os runs off the cd and therefore can clean your harddrive without right protection errors(most of the time)

Ten to One your virus isint the problem. Kaspersky will remove all that it finds, however when you get back in windows, use something like malware bytes anti malware to do a full system scan and look for things that are resident in memory after loading windows. This normally(most of the times) picks up the rootkits which are hiding in the kernel.
 
Zah1 said:
Lol, I JUST reinstalled Windows last week! So dreading doing it again, but if that's the easier option, I'll have to go with this.
Click to expand...

So what's the big deal about doing it again THIS week? And installing a decent AV while you're at it?
 
Peon said:
...however when you get back in windows, use something like malware bytes anti malware to do a full system scan and look for things that are resident in memory after loading windows. This normally(most of the times) picks up the rootkits which are hiding in the kernel.
Click to expand...

*ahem*

allow me to point out that once you get a rootkit, it's very difficult to get rid of, and some can't be get rid of by just formatting the HDD, it need be scrubbed properly.

Also, trying to scan for a rootkit whilst in safe mode just won't work - you'll need to boot from a live CD and do a proper examination of the HDD and its boot sectors in order to determine whether the PC have been rootkitted.

Also, if you have a BIOS rootkit, then it's much more difficult getting rid of it as you'll need to replace the BIOS chip with a new, authentic copy. Thank goodness these kind of attacks are much harder to pull off though.

I just want to repeat - some kind of malware hides themselves to such an extent that doing a full system scan in safe mode on the infected PC will be just wasting your time. The best will be to do a full scan from a live CD - and if the windows OS is damaged, do not attempt to repair it, but instead copy the data off, do a full HDD scrub/erase, and reinstall Windows.

Because you never know whether a logic bomb got installed on your system, only to be activated two, three days down the line and you have all the same fun from the beginning.

I am paranoid :p
 
Listen here librarian, you go back to your books and smoothwall. Otherwise I'll come and being IPcop on you, version 1, yeah you know it! :P
 
Googlefu turns up this when searching for that virus described in OP

I'm not expert at all, but I work at a university in China and we've had this virus going around for some time. Here's what it does on my system.

It gets on a flash drive and there makes your folders hidden. Then it creates .exe files with the same names as your folders, and gives them an icon identical to a folder icon. So when you look at your files, you see some icons that look like folders and that have names that you recognize, but they are not folders - they are executable files. When Avast moves them to the virus vault it does not move or alter your original folders. They are still in their original place - but they are now Hidden.

The virus, as far as i know, does not delete the original folders - it just makes them hidden. In order to see them again you must change the view options. Create a new folder. Open it and go to Tools-Folder Options. Go to View. You'll see an option to "Show hidden files and folders". Select this and then click the button that applies the option to all files and folders. Your original folders should now be visible, but they'll be dimmed, indicating that they are still Hidden. Right-click on each folder icon - don't open it, just right-click. Select Properties and de-select Hidden.

If you are ever in doubt whether a icon is a real folder or an executable file (virus) disguised as a folder, you can right-click and look for the "Explore" option. Folders will have this option, but files - including .exe files - will not have this option.

Let me know if that helps or not.
Click to expand...

Seemed to work for another user on that site

Sounds like something malwarebytes can get rid of fairly quickly :whistle:
 
Zah, I would also suggest formatting and re-install. Whether you do or not, check out Bleeping Computer. They are volunteers dedicated to helping people with especially virus problems. They will either help you get rid of ALL the malware on your system or, if you have re-installed, help you run scans to see whether you are clean.

http://www.bleepingcomputer.com/forums/forum79.html

They're really good, but it requires patience and strictly following their instructions.
 
Rustum said:
Zah, I would also suggest formatting and re-install. Whether you do or not, check out Bleeping Computer. They are volunteers dedicated to helping people with especially virus problems. They will either help you get rid of ALL the malware on your system or, if you have re-installed, help you run scans to see whether you are clean.

http://www.bleepingcomputer.com/forums/forum79.html

They're really good, but it requires patience and strictly following their instructions.
Click to expand...

Seems Zah's been there already: http://www.bleepingcomputer.com/forums/topic367194.html
 
Format. Reinstall. Seriously, you're just gonna end up doing that anyway, it really is the easiest, even though it may not sound like it.
If you have access to a Live CD / boot disc (or a working PC), download either a Linux Live CD, or something like Hiren's BootCD so that you can boot an OS and backup your files to USB drive 1st.

Also, use said Live CD to manually clean any USB sticks and / or external hard drives you have, as that's very likely where you got the virus from in the first place. (delete autorun.inf files), you can scan them properly with AV once your system's back up.
 
Wow, some major bad advice in this thread. Shows you the dangers of asking people for help on the internet.

Having said that though... n00bs should not be trying to repair computers until they learn some l33t skillz.

/Thread FAIL
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X