cxhb
cxhb HalfDork
2/4/11 12:13 p.m.

First off, ill admit I am not the most computer savvy. But recently I seemed to have picked up some crap that loads up a faux "virus sweep" as soon as my computer turns on and locks it up. I then tried turning it on in safe mode and running a virus sweep and it found 3 things, all were then quarantined and deleted. "Problem fixed!" I thought. But no... Still happening. Anybody have any ideas? Contemplating just wiping out everything and starting over... I need to upgrade to windows 7 anyway as I'm still running XP...

Thanks in advance.

Cone_Junky
Cone_Junky Reader
2/4/11 12:16 p.m.

Have you gone into the "remove programs" menu to find the offending virus software.

4cylndrfury
4cylndrfury SuperDork
2/4/11 12:24 p.m.

XP>7 IMHO.

Grtechguy
Grtechguy SuperDork
2/4/11 12:29 p.m.

http://grassrootsmotorsports.com/tech-tips/73/

Rusted_Busted_Spit
Rusted_Busted_Spit Dork
2/4/11 12:31 p.m.

My advice is to stay with XP, give 7 a chance to mature some more. Wipe the machine and start over. After the reinstall load your favorite anti virus program (I use Avast, free), install something other than Internet Explorer to use on the web, then set aside a coupleof hours to run all of the windows updates.

cxhb
cxhb HalfDork
2/4/11 12:31 p.m.

In reply to Cone_Junky:

I tried in safe mode, found nothing irregular.

Mazdax605
Mazdax605 HalfDork
2/4/11 1:05 p.m.

Shotgun???

alfadriver
alfadriver SuperDork
2/4/11 1:07 p.m.
Grtechguy wrote: http://grassrootsmotorsports.com/tech-tips/73/

Which stetp will fix that?

My wife recently got something similar, and it took some work to force it back onto the net, so that I could find something.

And I had to go backwards a couple of days in set up.

But the maleware eventually got it, and I hope cleaned it up.

16vCorey
16vCorey SuperDork
2/4/11 1:39 p.m.

Go here: http://www.bleepingcomputer.com/forums/forum22.html And do what they say.

Salanis
Salanis SuperDork
2/4/11 1:42 p.m.

Load a system restore point from before the virus came up. Then run combofix.

Fletch1
Fletch1 Reader
2/4/11 1:43 p.m.

Had some hit me at work. IT guy wiped it clean. I had to on my home computer too. That stuff is hard to track down and remove all of it.

GameboyRMH
GameboyRMH SuperDork
2/4/11 2:02 p.m.

7 is better than XP for security...it's a lot of money though...I'd recommend Linux over both (which is free).

Beware that those viruses spread over flash drives (at least most of the Fake AVs I've seen do), so any that have been plugged into that computer recently might be carrying it.

I'll give you instructions on how to clean the flash drives (or digital camera, MP3 player, any removable USB storage basically). Ideally this should be done from a non-Windows system but here's how to do it in Windows:

  1. Hold Shift while plugging in the flash drive. Don't let go until it's finished recognizing the flash drive and everything.

  2. Open Windows Explorer through the Start Menu.

  3. Click the dropdown next to the address bar and choose the letter of the flash drive. Looking at the flash drive's contents any other way will cause the virus to execute.

  4. Go to Tools, Folder Options, View. Show Hidden Files and folders, do not hide protected system files.

  5. Now we'll see if the drive is infected. If the drive has an icon that looks like a folder in Windows Explorer, you know it's infected right off the bat. Look for autorun.inf. If it exists, it's almost certainly infected. A few special-purpose flash drives use autorun.inf for legitimate purposes but they're incredibly rare, and deleting autorun.inf won't stop you from using them.

  6. Open Notepad, look for Autorun.inf and drag it into Notepad.

  7. Delete the .exe file specified in Autorun.inf, then delete autorun.inf. If you're worried you may have one of those rare flash drives that require the file, you can rename both files for safety (postfix the filename with an underscore or something), and then delete them when you're sure.

  8. The drive is now clean. You can undo what you did in Step 4.

cxhb
cxhb HalfDork
2/4/11 2:19 p.m.

Will running a system restore get rid of it? Or is that just going to put me back to the date I choose and the virus still be there and active?

GameboyRMH
GameboyRMH SuperDork
2/4/11 2:21 p.m.

The virus will almost certainly still be there and active.

These fake AVs are usually very easy to remove, you're lucky you didn't get Virtumonde...

Any of the free AVs like AVG or Comodo should take care of it.

cxhb
cxhb HalfDork
2/5/11 7:55 a.m.

Alright, did system restore. Got in the interwebs and downloaded AVG's free trial, I may end up purchasing it. It cleared about 6 or so random things and seems to be running fine now. Thanks for the help everyone!

John Brown
John Brown SuperDork
2/5/11 8:06 a.m.

I bought a new used ($10.00) hard drive that was "clean"... except for a nasty domant virus. Pissed me off to no end. Glad everything worked out.

Kramer
Kramer HalfDork
2/5/11 11:38 a.m.

Along with using AVG, I also use Malwarebytes. I got a virus a few days ago, and was able to do a system restore, then scan using both programs. It cleaned it up.

foxtrapper
foxtrapper SuperDork
2/8/11 8:12 a.m.

Yea, just got hit with the antivirus dot net one, it blew past AVG like it wasn't there.

The Malwarebytes program was what was needed to finally kill it. Works well.

sachilles
sachilles Dork
2/8/11 12:03 p.m.

many of them disable the updates to your antivirus program, so they remain undetectable. Best to periodically look at your antivirus program to see that it's been updated.

Our Preferred Partners
JcnXc38Mb6zS9WKmIewhdsAh13ft6FrClpoP2RhvHa8S0XnHeopC65riwJXbkmBL