Computer People! - virus question

[Road Guy]

Alright folks, I know we have a ton of smart fokls here!

We have identified a virus on our PC, and found the location but cant seem to delete it. Anyone know the trick to doing that? We have a virus checker but that seems to be pretty worthless..

I was going to be smart and use dos, but I cant even find a log in prompt for dos anymore

 

[Capt Worley PE]

I've had good luck with AVG..

Using Malwarebytes at work.

 

[roadwreck]

I've had success with Malwarebytes also.

 

[blybrook PE]

Get malwarebytes, install and update, then reboot into safe mode with networking before running. To do this, while rebooting, hit f8 (typically) until the boot menu shows up. After you are in safe mode, run malwarebytes as administrator to hopefully find and remove the virus.

If that doesn't work, avg is pretty good, yet I've switched to microsucks security essentials after it found and removed a virus that avg didn't / wouldn't touch.

K1F3 may have some other suggestions when he sees this thread, but this should get you started. Good luck.

 

[knight1fox3]

First off, what operating system are you using? I could remote into your PC and take care of it that way instead of echoing a bunch of tips here.

Sounds like you might have something a bit deeper than just a trojan. A replicating worm or worse yet, a root kit. My immediate advice is to disconnect the infected machine from the internet. As a rule of thumb, once infected, the door is then usually opened up to invite other unwelcomed infections and/or spyware. The infection your PC has will most likely need to be removed in Safe Mode. And it's going to probably block most forms of typical remedies. That's what the more advanced infections are designed to do.

More on this as it develops.

 

[knight1fox3]

Get malwarebytes, install and update, then reboot into safe mode with networking before running. To do this, while rebooting, hit f8 (typically) until the boot menu shows up. After you are in safe mode, run malwarebytes as administrator to hopefully find and remove the virus.

If that doesn't work, avg is pretty good, yet I've switched to microsucks security essentials after it found and removed a virus that avg didn't / wouldn't touch.

K1F3 may have some other suggestions when he sees this thread, but this should get you started. Good luck.

+1. When a PC is infected, I try to download the recommended programs from a different PC along with the update patches. That way you can leave the infected PC disconnected from the internet (see reasons above for this).

In addition to malwarebytes (MBAM), also get SuperAntiSpyware (SAS). Ridiculous name I know, but the combo of those two typically send most infections packing.

Also what is your current anti-virus? Obviously it has not done it's job for you and it might be time for a switch. I used to use AVG exclusively but they became sloppy and lazy with their updates. After the 3rd time being burned, they got the boot. I can make some recommendations if you like. I'm a fan of free-ware as I do not care to pay for monthly subscriptions.

 

[Road Guy]

Thanks! I'm not at home at the moment but will get these answered and will try the malwarebyte.. We did disconnect from Internet.... It's a 2 year old dell PC, not even sure which windows....?

 

[matt267 PE]

If all the above doesn't work, you might be able to do a web search for the virus and find directions to manually remove it. Your antivirus software will likely tell you what virus you do have.

If the computer has Windows XP on it and you use "restore points," read this article: http://antivirus.about.com/od/windowsbasics/a/systemrestore.htm

Good luck.

 

[knight1fox3]

Most likely Windows 7 then. Which also has the capability to restore to an earlier operating period.

However, it's best to first discover what the infection is before doing a restore. If a rootkit has found its way into the registry, it's likely that it will remain there even with a system restore and continue to muck things up down the road. The only sure-fire to recover from a restoration would be from a hard disk image that you would need to create. I do monthly back-up images on all our PCs in the house. Not so much for infections but rather data corruption and/or potential hardware failure.

 

[Master slacker]

I have ALWAYS been successful with the Bleeping Computer forums. They may not be the quickest, but **** they're good.

 

[matt267 PE]

My reference to the restore point was to disable it as part of the virus removal procedure. As Knight noted the virus can stay in there.

 

[knight1fox3]

Thanks! I'm not at home at the moment but will get these answered and will try the malwarebyte.. We did disconnect from Internet.... It's a 2 year old dell PC, not even sure which windows....?

As I mentioned above, most likely Win7. In which case the "F8" trick will work to get to safe mode. Do safe mode "without network". And here are the software packages and definitions you should use:

SAS: http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

Definitions (for manual install): http://cdn.superantispyware.com/SASDEFINITIONS.EXE

Choose the "quick scan" method. Remove anything it finds.

MBAM: http://www.malwarebytes.org/mwb-download/

Definitions (for manual install): http://data-cdn.mbamupdates.com/tools/mbam-rules.exe

I would also highly recommend you run this rootkit discovery utility:

TDSSKiller Anti-Rootkit: http://www.bleepingcomputer.com/download/tdsskiller/dl/4/

And if we have to take the proverbial "gloves off", let me know. But that will take us down a much more advanced path.

 

[knight1fox3]

I have ALWAYS been successful with the Bleeping Computer forums. They may not be the quickest, but **** they're good.

+1. I also use over-clockers, tweaks.com, and Seven forums. A couple of those I help manage some of the sub-forums.

 

[knight1fox3]

Any word on this? Successes? Failures? :dunno:

 

[Road Guy]

sorry for not responding, wife read through this thread and was able to get it deleted so many thanks! I think we(she) caught it pre-trojan-really bad phase. whatever cheap virus software she was using had detected it but couldnt delete it.

many thanks to all of you!

 

[knight1fox3]

^ good to hear. And this might be a good opportunity to re-evaluate what your utilizing for anti-virus software. Meaning if it let something through, it will most likely happen again.