PDA

View Full Version : O/T PC Taken Over By Virus



jr45acp
01-30-2010, 11:33 AM
Recently, as in the past week or so, a post was made where the individual had contracted a PC virus and kept getting messages of a removal tool. I've tried searching for that post and can seem to locate it! Does anyone remember that post and could you point me to it?

My need is predicated on a friend who has had the same thing happen, his son downloaded a phoney virus program and it has completely taken over the computer.

Thanks in advance

MTNGUN
01-30-2010, 11:51 AM
search for "malware"

And if you can't find that thread, just wait a few days and someone will start another one. LOL

It might be this thread http://bbs.homeshopmachinist.net/showthread.php?t=39401&highlight=malware

brucepts
01-30-2010, 01:35 PM
"Combofix" is what you need.

I spent 3 days the other week eradicating "IS2010" virus from my system. I had to get into the Windows services and registry before it would let me boot to my system again. I also had the Google Redirect Virus which is now gone.

Malwarebytes ended up finding 256 infections, but Combofix got rid of the final bits. I was still locked out of my Windows logon and had to edit the registry with Bart PE boot CD which I had to make. The virus changed a file name in the registry so it started up what it wanted started. I pulled the HD out of the computer and worked on it attached to another computer with an external USB HD carrier. I ran all virus programs from the second computer as the virus masked itself from the installed virus programs.

I used another computer to research the net as I went along and really had little clue what I was messing with but felt I already lost drive access what did I have to lose, might as well give it a go.

All it in all it was not a fun project but proud to say I did not lose any data files!

dp
01-30-2010, 01:38 PM
http://bbs.homeshopmachinist.net/showpost.php?p=514259&postcount=48

MrSleepy
01-30-2010, 01:54 PM
For me the final solution is either ...

1) use you existing PC and..boot from a linux cd (knoppix) or off a linux filled usb disk as per Evan
2) use a cheap laptop with the above ..or setup a cheap laptop with a restore disk to reset if needed
3)Never surf the PC which is important to you... Accept that there's a chance that you may become infected irrespective of wether its windows - linux - MacOs - or whatever..

Rob

dp
01-30-2010, 02:01 PM
1, 2, and 3 are covered in the link except there's no need for additional hardware. It's all virtualized.

BadDog
01-30-2010, 02:49 PM
I use virtual PCs to access the web, and even then keep permissions set very low. This one runs XP accessed with user account, not admin. And I run the permissions way down in IE's "Internet zone" so that for the most part only plain HTML works. If I need to visit a site like this one, I add it to "Trusted" with permissions set somewhat like the default for "Internet". Once my main link collection is configured, I back it up (copy to another location - it's just a file) so that should anything go wrong, I can just copy the clean original copy over the problematic version and continue. Haven't used AV and haven't had a problem of any sort for years. If I did even suspect I might have any sort of virus or similar issue, I can replace the VPC in a few minutes.

MrSleepy
01-30-2010, 03:14 PM
Other defensive strategies are..

dont let the kids install all the various toolbars that infected PCs always have...Its gets them used to installing anything and trusting anyone..

dont let the kids install Limewire ,bitlord and all the other sharing utils..

use online webmail ...or a utility like Popcorn by ultrafunk to scan emails at the ISP end...instead of downloading everything to your PC.. then inpecting it..

If you buy a new PC/laptop...get rid of norton or McAfee and all the other vendor software it comes with... Get a decent one like Eset...Kaspersky...Bit defender...

Rob

Willy
01-30-2010, 05:39 PM
Sounds like your friend has the Trojan.FakeAV.ABT.

http://www.bitdefender.com/VIRUS-1000579-en--Trojan.FakeAV.ABT.html

I just removed the little rascal myself last night.

jr45acp
02-01-2010, 09:56 AM
Thanks for all the feedback Gang. I called my friend to get his email address so I could send him the various bits of information. Unfortunately, he said when he powered up the PC in question he got a popping sound similar to the sound heard when striking the rod on an arc welder. Long story short, his PC is history.

I do appreciate all the help and that is one thing I love about this forum. Folks helping each other and doing so in a gentlemanly way.

rollin45
02-01-2010, 10:08 AM
If you encounter a pop up that seems like a advertisement for AV, don't try to close the pop up!! The entire thing is " hot", the safest way out of the spot at that point is cntrl, alt,delete,, taskbar time and close the browser.

If you click the little "x" thinking you are closing the window, in some cases it has already got you.

hth

rollin'