+ Reply to Thread
Results 1 to 19 of 19

Thread: Virus that wont quit     submit to reddit submit to twitter

  1. #1
    Salvage Bans
    Join Date
    Jul 2006
    Posts
    853
    BG Level
    5
    FFXI Server
    Fenrir

    Virus that wont quit

    So borrowed my friends laptop, turn it on and its full of malware blue screen of death pops up, addcrap and slow as heck. At first I start by running Malwarebytes, that gets like 1500 stuff out the laptop. I keep running it till it comes back clean, then I run ccleaner.
    I got tire of trying to work it, because even after all that, it was still acting up. So I did a to factory reset. Lo and behold after the reset, the anti virus is blocking malware even though all I did was turn it on.
    No es bueno, what can I do to clean this really good.

  2. #2
    Salvage Bans
    Join Date
    Mar 2008
    Posts
    852
    BG Level
    5
    FFXIV Character
    Niya Kouya
    FFXIV Server
    Odin

    If it's still "tainted" after a factory reset (recovery partition?) the only way to get it completely clean would probably be to do a completely fresh windows install from DVD, not from recovery.
    Hopefully your friend didn't manage to catch one of those rare boot loader/BIOS viruses, then you'd be completely screwed...

  3. #3
    Hyperion Cross
    Join Date
    Jan 2007
    Posts
    8,667
    BG Level
    8
    FFXIV Character
    Kai Bond
    FFXIV Server
    Gilgamesh

    Sounds really interesting. I would be up for investigating if you put TeamViewer on it; timezone pending.

    Also if Malwarebytes doesn't do the job, I recommend the lesser known Adwcleaner https://toolslib.net/downloads/viewd.../1-adwcleaner/
    A dose of that and Malwarebytes usually gets rid of most problems that I've been given; after that I prune through the task manager to see what's alien and eliminate them on sight.

  4. #4
    Leader of the Brain Eating Space Monkeys
    Join Date
    Dec 2009
    Posts
    429
    BG Level
    4
    FFXI Server
    Ramuh

    You could also try Commodo KillSwitch, that can be quite handy for identfying processes which your not sure about.

  5. #5
    Salvage Bans
    Join Date
    Feb 2007
    Posts
    811
    BG Level
    5
    FFXIV Character
    Orinthia Warsong
    FFXIV Server
    Excalibur
    FFXI Server
    Bahamut

    Factory reset probably had a bunch of normal junkware in it, the kind that companies love to pack with their systems. Though if it's actually the true stuff, the only way to be certain is to install fresh from an install cd from ms. You could try a customized live linux boot disc though to scan, like from kaspersky ( http://rescuedisk.kaspersky-labs.com..._rescue_10.iso ), which can then update its own definitions and scan the drive/hardware all from outside windows. Can be useful to get at your files too since the linux ntfs driver tends to ignore some ntfs-user permissions lol.

    Personally I have a morbid fascination with trying to not use the windows disc to save a system, especially when it'd be the fastest method. There's various rescue discs made by different anti-virus companies, some compilations by various groups or people (hiren's is a nice choice), i've even tried leaked geek squad tools for fun (the tools were solid, the ground techs are dumb lol).

    There's different ways to go about getting a clean windows install disc if you don't have one. Unfortunately, ms seems to have pulled their digital river distributions (which were the retail isos), so you'll need to be careful when choosing a download (especially if you're using a magnet). mydigitallife's forums are the best place to look. Everything you'd usually want is in their associated forum's stickies (you'll need to make an account to thank the poster to see some links though...).

  6. #6

    Usually if Malwarebytes/CCleaner doesn't do the job and it's something I can't isolate (like "oh hey there's a random process running, ill google wtf it is and how to remove it) then I turn to combofix. Using combofix is my last resort before a full system wipe because of it's ability to fuck your system up by how clean it will make it. If you're not sure what you're doing it can nuke the shit out of a lot of your System32 folder and .sys files.

    I'm guessing factory reset is using the partitioned HD most Dells/HPs come with to restore back to OEM basic install? Or are you just doing a system restore?

  7. #7
    The Tower
    Join Date
    Apr 2005
    Posts
    2,160
    BG Level
    7
    FFXIV Character
    Stromgarde Siren
    FFXIV Server
    Gilgamesh
    FFXI Server
    Siren

    Gonna put this here, since you're probably going to end up looking for it before too long

    http://windows.microsoft.com/en-us/w...-refresh-media

  8. #8

    Create installation media for Windows 8.1
    The only thing I want to do with Windows 8 is uninstall!!

  9. #9
    I Am, Who I Am.
    Join Date
    Nov 2005
    Posts
    15,994
    BG Level
    9
    FFXIV Character
    Trixi Sephyuyx
    FFXIV Server
    Excalibur
    FFXI Server
    Ragnarok

    Reformat~

  10. #10
    Salvage Bans
    Join Date
    Jul 2006
    Posts
    853
    BG Level
    5
    FFXI Server
    Fenrir

    lol, thanks for the info guys. Im gonna do some research and check out some of the things you mentioned.

  11. #11
    Salvage Bans
    Join Date
    Jul 2007
    Posts
    870
    BG Level
    5

    I'd suggest you to boost disconnect the computer from the internet, and Boost in Safe Mode if possible...Then download and run the following programs (this routine fixes bout 95% of the computer problems I ran to when people asked me to fix theirs due to virus/malwares)

    1/ Rkill - http://www.bleepingcomputer.com/download/rkill/
    2/ RougeKiller - http://www.bleepingcomputer.com/download/roguekiller/
    3/ ComboFix - http://www.bleepingcomputer.com/download/combofix/
    4/ Adwcleaner - http://www.bleepingcomputer.com/download/adwcleaner/
    5/ Junkwareremover - http://www.bleepingcomputer.com/down...-removal-tool/
    6/ Malwarebytes Anti-Rootkit - http://www.bleepingcomputer.com/down...-anti-rootkit/

  12. #12
    Hyperion Cross
    Join Date
    Jan 2007
    Posts
    8,667
    BG Level
    8
    FFXIV Character
    Kai Bond
    FFXIV Server
    Gilgamesh

    Quote Originally Posted by gt_killa View Post
    I'd suggest you to boost disconnect the computer from the internet, and Boost in Safe Mode if possible...Then download and run the following programs (this routine fixes bout 95% of the computer problems I ran to when people asked me to fix theirs due to virus/malwares)
    Sorry I found the typo funny

    Anyway unless network is enabled in safe mode (to be honest I've never done it before or accessed the net from safe mode), he won't be able to download anything. Best to download it elsewhere and stick it on a USB drive then transport it over.

  13. #13
    Relic Weapons
    Join Date
    Jun 2007
    Posts
    329
    BG Level
    4

    Quote Originally Posted by gt_killa View Post
    I'd suggest you to boost disconnect the computer from the internet, and Boost in Safe Mode if possible...Then download and run the following programs (this routine fixes bout 95% of the computer problems I ran to when people asked me to fix theirs due to virus/malwares)
    http://i13.photobucket.com/albums/a2.../BestBoost.jpg

  14. #14
    Can you spare some gil?
    Join Date
    Feb 2009
    Posts
    8,577
    BG Level
    8

    Quote Originally Posted by gt_killa View Post
    I'd suggest you to boost disconnect the computer from the internet, and Boost in Safe Mode if possible...Then download and run the following programs (this routine fixes bout 95% of the computer problems I ran to when people asked me to fix theirs due to virus/malwares)

    1/ Rkill - http://www.bleepingcomputer.com/download/rkill/
    2/ RougeKiller - http://www.bleepingcomputer.com/download/roguekiller/
    3/ ComboFix - http://www.bleepingcomputer.com/download/combofix/
    4/ Adwcleaner - http://www.bleepingcomputer.com/download/adwcleaner/
    5/ Junkwareremover - http://www.bleepingcomputer.com/down...-removal-tool/
    6/ Malwarebytes Anti-Rootkit - http://www.bleepingcomputer.com/down...-anti-rootkit/
    I hope you don't have these all installed, and running either one at a time or all at once at all. Because anti-virus/malware/spyware/retardware have a unique way of flagging certain files that are safe that gets picked up by other anti-retardware software that not only slows down the overall process of your removal but can ignore certain files that may be malicious/virus infested elsewhere.

    Quote Originally Posted by Meresgi View Post
    The only thing I want to do with Windows 8 is uninstall!!
    Classic shell and never look back at windows 7, it's a great upgrade and more often than not the people that talk poorly about 8 are those that never used 8 lol.

  15. #15

    Quote Originally Posted by Shenrien View Post
    I hope you don't have these all installed, and running either one at a time or all at once at all. Because anti-virus/malware/spyware/retardware have a unique way of flagging certain files that are safe that gets picked up by other anti-retardware software that not only slows down the overall process of your removal but can ignore certain files that may be malicious/virus infested elsewhere.



    Classic shell and never look back at windows 7, it's a great upgrade and more often than not the people that talk poorly about 8 are those that never used 8 lol.
    Bleh, tons of features I hated in Win 8, though I admit I didn't use 8.1 much before I wiped the drive and put 7 back on it. P2v conversions are a fucking pain.

    And yeah @ what Shen said, run each of those tools and then uninstall afterwards before running another. Just like other software like that, some are technically seen as malware because of what they can do. Hell netcat is picked up on certain scans because it's a choice favorite for backdooring into a system.

  16. #16
    Salvage Bans
    Join Date
    Feb 2007
    Posts
    811
    BG Level
    5
    FFXIV Character
    Orinthia Warsong
    FFXIV Server
    Excalibur
    FFXI Server
    Bahamut

    That's most of the reason I suggested to scan from outside windows. I wouldn't trust a program running in an infected system to scan itself properly. It's where things like hiren's or other rescue/linux boot discs shine, especially in helping you simply backup some files before ultimately flattening the install and starting anew.

    You can run as many scans as you want, but a system that is infected a single time can't be fully trusted until it is destroyed and rebuilt. It's a simple truth that's difficult to stick to when you have a lot of software toys you want to try lol, or the current install is very valuable.

  17. #17
    Salvage Bans
    Join Date
    Jul 2007
    Posts
    870
    BG Level
    5

    Whooops, sorry for the typo lol...And yes, please do run one program one at time (in the order I listed). You don't have to uninstall them as each of themare independently run from its own .exe. They only scan the computer, find it and ask if you want to clean/kill the infecteds..They don't store or install anything on your computer except saving a log of theirs finding.. Good Luck!

  18. #18
    Pens win! Pens Win!!! PENS WIN!!!!!
    Sweaty Dick Punching Enthusiast

    Join Date
    Oct 2007
    Posts
    2,192
    BG Level
    7

    Don't know what it was exactly, but a couple days ago my laptop started running like complete shit, I assume it's from something I dl'd. MBAM wouldn't pick it up for whatever reason, but my laptop was acting like I had a million processes going on, CPU usage was spiking around 80% but maintaining 68% steadily, physical memory around 30%, nothing would load for me on the internet etc....

    Dl'd CCleaner after reading this and everything seems to be working awesome now!

  19. #19
    Relic Shield
    Join Date
    Apr 2006
    Posts
    1,546
    BG Level
    6
    FFXI Server
    Gilgamesh

    Nevermind, I was replying to the OP, but this is an old thread, heh.

Similar Threads

  1. Virus wont die D:
    By Not Kuno in forum Tech
    Replies: 9
    Last Post: 2008-10-08, 11:34