So I got a virus...

gameover

gameover

gameover

Associate
Joined
11 Mar 2009
Posts
257
Location
scotland
Browsing a site in FF (latest version of 3.x), firefox crashes and windows firewall tells me all firewalls have been disabled. I unplugged pc from router, left pc to do a full scan... came back a few hours later and it had a virus (both microsoft security essentials confirmed it, and it had the fake anti virus programs trying to get me to register and buy their product.

How can i go about reinstalling windows and knowing that the files aren't comprismised? (i know how to reinstall windows, looking for advice regarding the virus)

I was thinking of running linux, doing an anti virus scan with that - but i don't know if there are any decent linux anti virus programs that'll search for windows viruses?

any ideas/tips? i've got about 2-3tb of data on there... don't want to lose it all but don't want to risk the virus still being there.
 
I'm planning on doing a full format (of the windows hard drive, not my data) and reinstall of windows anyway - think its worth running malwarebytes anyway?
 
on http://www.malwarebytes.org/ theres an option to buy it - do i just need the free version?

and is there a way to download the updates and put it onto a usb drive or burn to a cd? im going to put it on the infected pc without connecting to the internet
 
theheyes said:
It might work in some instances but you can never trust System Restore for the purpose of getting rid of malware.
Click to expand...

its worked every single time i have used it , to fix clients computers on many many occasions.

it would be the first thing i would try
 
depending on the anitivirus fake my nan had one. after researching spywaredoctor had a definftion to get rid of most of it which then allowed malwarebtyes to wipe the rest of it out.

just type in google " how to remove anitivirisname"

and it probably come up with the steps, like i say i did this on my nans vista laptop and worked like a charm.
 
Boot into safe mode and run MSCONFIG, disable the process from running at start up and then have a scan in within the User Profiles Folder, Most Likely under 'All Users', this is were most of these Fake AntiVirus threats get stored. Once found, Delete the files and re-run a full scan of malware bytes.
 
"Hijackthis" scans your computer for services and running processes it allows you to remove anything, you just need to know what to remove.

This without a doubt is the best tool I've ever found for Viruses, never come across a Virus that it's been unable to remove yet.

If you are not sure how to use it, post up your log and I or someone else can check it for you.
 
Last edited:
gameover said:
How can i go about reinstalling windows and knowing that the files aren't comprismised? (i know how to reinstall windows, looking for advice regarding the virus)

.
Click to expand...

combofix.exe from malwarebytes in safe mode, then malwarebytes..

if you reinstall simply dont run anything exe files from your old install and make sure there is not an autorun on your c: /d: etc...
 
I removed something like this yesterday for the girlfriends aunt, it hijacked the open command and was pretending to be MBAM/MSSE (it disabled the MSSE service, rendering it useless and was restarting itself through the hijacked open command). In the end I had to kill the process then delete the file before it restarted itself, a swift reboot to safemode, rkill, combofix and MBAM scan and I managed to root it out. Think it came in through a buffer overrun in a flash ad. It also replaced explorer.exe with a file that restarted itself and then called the renamed explorer.exe.

I've hardened windows as much as I can for her and it's the second time i've been up to clean it in just over a month, I think next time she's getting linux on her machine since all she uses it for is online banking, web browsing and office stuff!
 
normally i wil try a system restore usually works to get rid of them messages, then backup my data and then do a full restore
 
You must log in or register to reply here.
Back
Top Bottom