Computer help [viral issue]

[Illum]

My desktop has [according to microsoft security essentials] 253 infections, theres something somewhere thats trying to connect to the internet like mad and I can't control it.
So the computer is left offline for now until I can think of some way to go about saving it. The good news is the C:\ is where programs are, and D:\ is where all the data is. So worst case scenario I'll just reformat C:\ but I'm leaving that option open. My brother managed to acquire a supposedly "legit" copy of windows 7, but I have no idea where to get seconds as he left no CD before he left home.

There are no good USB based antivirus programs so instead of attaching a external drive to the computer I'm thinking of doing the exact opposite.

Can anyone tell me if I can yank that hard drive out, slap a IDE controller on it, run it as if it was a external drive, scan it and it would find anything? Theretically there is no way for a virus to travel if its associating system fine is not being ran by windows, but I'm afriad to go about scanning an infected drive using a healthy computer. In this case I'll be running a scan from a winXP operating system at a win7 hard drive, any advice?:shrug:

 

[carrot]

Yes, you may yank the HDD out and use an external IDE-USB interface.

My recommendation is to find one of the Linux LiveCDs with NTFS3G and ClamAV and use that instead of your other Windows machine. Viruses have many methods of transfer and I remember back in the day when floppies were especially suspect virus carriers. If you have a Mac laying around, ClamXAV will suffice, although you'll need to install MacFUSE-NTFS3G so that it can write to the hard drive. That's just how I would do it. Windows + your favorite AV software may just as well be fine but I personally wouldn't bother since LiveCDs are a piece of cake to use and I have access to a bunch of Macs.

 

[csshih]

another option which would probably be faster is:

1. boot into safe mode
2. run a sdfix scan
3. reboot, run hijackthis to remove empty startup entries .. look for items that continue to appear after you remove them.
4. use avenger to remove said items that keep reappearing.

simple viruses may be done by step 2.

 

[Lite_me]

Yes, you can remove your HD and mount it as a slave drive in a host machine. It should be safe. My local computer god does it all the time. Almost every day in fact.

If you decide not to try the above suggestions here's another.


Have the host computer DL and install these two free editions of antispyware utilities. They will see the infections on your drive as a slave. Be sure to point them there. After installation you can R click on the drive in win explorer and 'Scan with'..... should be there as an option.

Malwarebytes...

and

Superantispyware..

Run the two (preferably in that order) utilities on your drive and clean everything it finds. These are a couple of the best antimalware utilities out there. And they're free to boot, but must be run manually on the free versions.

After they are finished, it wouldn't be a bad idea to run whatever AV the host machine has on on your drive also. NO individual tool can find and repair everything.

I've done this to a few relatives infected machines with success.

I run these two utilities once every week or two on all my machines. You need to do a manual definitions update before scanning. And yes, I've caught stuff I was unaware was there.

Good luck.


Edit to add: If you'd rather not do the removal and host computer thing, it is possible to do this in Safe mode on your own machine. You can either boot to Safe mode and choose 'Safe mode with Networking' and then DL and install the two prgms from there and run them. Or, have them on a CD or thumb drive and install them from that. The malware/virus will not be running when in safe mode.

 

[Glenn7]

Superantispyware is one of the few programs that has pulled me out of the poo lots of times over the last 5+ years finding lots of beasties that others couldn't and restoring my PC to working again, I highly recommend it.

Oh and Zemana AntiLogger stops anyone pinching passwords even if they get into your puter.

 

[csshih]

whoops. yeah, forgot about the last step, a malwarebytes scan if all the previous steps didn't get all the nasty bits out.

haven't had a virus myself in ages so I'm a bit rusty... schools been out so teachers haven't needed disinfecting.. xD

 

[Illum]

My bother says I have the worst luck with computers, I've downed 3 new hard drives from different companies in rapid succession so far due to hardware failure, lost a critical fan in a laptop due to hardware failure, ability to crash the most stable of operating systems, roughly in several months...then the latter half get hit by viruses peaking at a catastrophic breakdown like this very couple of years. All I've been using the internet for is different forums, email, school...if theres a well hidden virus somewhere on the internet I'll find a way to step on it accidentally.

Yes, you may yank the HDD out and use an external IDE-USB interface.

My recommendation is to find one of the Linux LiveCDs with NTFS3G and ClamAV and use that instead of your other Windows machine. Viruses have many methods of transfer and I remember back in the day when floppies were especially suspect virus carriers. If you have a Mac laying around, ClamXAV will suffice, although you'll need to install MacFUSE-NTFS3G so that it can write to the hard drive. That's just how I would do it. Windows + your favorite AV software may just as well be fine but I personally wouldn't bother since LiveCDs are a piece of cake to use and I have access to a bunch of Macs.

Slow down there, whats NTFS3G?
You understand my opinions on apple products better thanyone else carrot, you know theres no macs in this house

I first need to figure out whether the hard drive is ATA or SATA...how its installed in the bad system I can't see the plugs:green:

The bad system on LAN will send a massive amount of information in and out of my router that it will actually kick my laptop off the wireless band. I'm keeping it physically quarantined from the internet so theres no way I can install software and update that software through the internet. I haven't a clue how to go into safe mode on either of my desktops [ones XP and the others 7, the XP will not respond to F8, if I type Msconfig is cmd when the computer is on to configure it to safe mode, it will hang until I force a shutdown] the Win7 was done by my brother, boots in 30-40 seconds...if I try to even touch the F8 key I get a stuck key message:shrug:

 

[carrot]

My bother says I have the worst luck with computers, I've downed 3 new hard drives from different companies in rapid succession so far due to hardware failure, lost a critical fan in a laptop due to hardware failure, ability to crash the most stable of operating systems, roughly in several months...then the latter half get hit by viruses peaking at a catastrophic breakdown like this very couple of years. All I've been using the internet for is different forums, email, school...if theres a well hidden virus somewhere on the internet I'll find a way to step on it accidentally.

I'd wager you'd have better luck if you owned a Mac.

 

[JonN06]

+1 on hijack this and malwarebytes. Those two freebie programs have saved me numerous times on various different computers.

 

[Lite_me]

The bad system on LAN will send a massive amount of information in and out of my router that it will actually kick my laptop off the wireless band. I'm keeping it physically quarantined from the internet so theres no way I can install software and update that software through the internet.

That's why you want to enter Safe Mode. The virus should not be running and taking control of your system from there.

I haven't a clue how to go into safe mode on either of my desktops [ones XP and the others 7, the XP will not respond to F8, if I type Msconfig is cmd when the computer is on to configure it to safe mode, it will hang until I force a shutdown] the Win7 was done by my brother, boots in 30-40 seconds...if I try to even touch the F8 key I get a stuck key message:shrug:

Here's a website with some help on entering Safe Mode. The trick is to TAP the F8 key. Don't hold it. I do it every 1 or 2 sec. You want to start tapping after the BIOS screen but before Windows starts loading. If you cant see much at all on the screen on fresh boot, then start tapping soon after you fire it up. If it does a memory check beep, start after that. I've seen some that are tricky to get it to work, you just have to keep trying.

 

[blasterman]

if theres a well hidden virus somewhere on the internet I'll find a way to step on it accidentally.

You avoid this by not surfing or doing general work with admin rights. Malware / spyware / virus issues are not inevitable on windows and are a user problem, not a security problem. Frankly at this point if Windows users don't understand the secueity differences between win95 and XP/Vista/Win7 please move to another platform. No admin rights - no infection.

Teachers and students in the last school district I worked at weren't allowed local admin rights and the result was zero problems with any of this over a period of years. They also weren't running Macs.

Also, safe made allows you to get at *some* of these things, but serious malware attacks will over write critical DLLs, system drivers and restore points and then you're screwed.

Try the web links above. I've had marginal success with both.

 

[carrot]

You avoid this by not surfing or doing general work with admin rights. Malware / spyware / virus issues are not inevitable on windows and are a user problem, not a security problem. Frankly at this point if Windows users don't understand the secueity differences between win95 and XP/Vista/Win7 please move to another platform. No admin rights - no infection.

Teachers and students in the last school district I worked at weren't allowed local admin rights and the result was zero problems with any of this over a period of years. They also weren't running Macs.

Also, safe made allows you to get at *some* of these things, but serious malware attacks will over write critical DLLs, system drivers and restore points and then you're screwed.

Try the web links above. I've had marginal success with both.

That's true. I make sure this is the setup when I admin Windows machines.

But parents, you know, have to use the admin account to install everything under the sun, so it doesn't help much in those kinds of situations.

 

[csshih]

You avoid this by not surfing or doing general work with admin rights. Malware / spyware / virus issues are not inevitable on windows and are a user problem, not a security problem. Frankly at this point if Windows users don't understand the secueity differences between win95 and XP/Vista/Win7 please move to another platform. No admin rights - no infection.

plenty of loopholes in the system... plenty..
I've gone through a bunch of infected student computers..

 

[kramer5150]

My PC was recently infected with the "Antivirus System Pro" virus. This one presents itself as an "anti-virus program", that detected serious threats on my HD... prompting me to enter my CC# and purchase software packages from their www site to alleviate the "threats". I did google search and found a great step by step procedure to remove the obnoxious bugger.

I also installed malwarebytes and ran that too.
I ran a hijackthis scan and my PC thus far is clean.

So far... so good:twothumbs

 

[Lite_me]

Love hearing success stories like this. :thumbsup: These viruses/malware/trojans/spyware/worms/rootkits are APITA!

 

[Ifrit]

Yes take the harddrive out and scan it on another CLEAN pc. Run anti-virus if they have it. Malware bytes, and hijack this(if you understand how to). If you don't have anti-virus, Microsoft security essentials is the way to go, if you don't have legit windows, use Avira-Antivirus, it's free and nearly as good. After all the infections are removed, when you boot it up in the original computer, run another virus scan to catch any of the missed little baddies.

 

[Illum]

I've booted the drive up on ubuntu, allocated my files...and realized that 80% of the files have been backed up into my maxtor external, theres still some recreational pictures I need to backup.

Given its worth, I wonder if I should just clean wipe it and reinstall Win7. The only software I installed on there that do not have seconds is EagleCAD

 

[Lite_me]

The wife was just getting off her laptop at the kitchen table so I ask her not to shut it down I wanted to take a look at it. I occasionally run Malwarebytes on it but I knew that Superantispyware had not been run for awhile and needed updating. I ran the updates (new prgm update and definitions) and did a scan. It found an infection running in memory and a DLL in her /appdata/temp folder. SAS described it as a rogue antivirus trojan that falsely detects infections and usually asks for CC# to DL the software to repair. My niece just had this or something like it last week.

After the quarantine and reboot, Windows reports that it can't find the (trojan)DLL for start up. SAS didn't remove the Run Reg entry. It doesn't show it in msconfig.... hmmm strange. I do a Reg scan and find it in the Run section and delete the entry. Reboot to check, all is well again.

This is just a small example of how annoying these things are.

My main reason for posting this is to point out that this was on Vista in a Limited User Account with UAC enabled and running AVG. I ran the scan from my Admin acct. It still somehow got through. And so no telling what else could too.

Now, there was no indications that there was an infection. No pop-ups, nothing. So, I'm guessing that even tho the infection was there, it wasn't being properly executed. Something was preventing it I guess. Not really sure cause it was running and loaded in memory. It's possible that it might have only shown up when running IE. I dunno... we use FF.

Even tho it's a limited user account, I still periodically run malware scans on it. And oh by the way, this is the second time I've caught something on her acct that had no visible indicators. About a year ago there was another but don't remember what that was exactly.

I don't know if Malwarebytes was missing it, or if it just happened to show up between scans. I'll never know.

So my advice is to scan your systems periodically. I use and recommend the two prgms in my post just above. I use the free versions.

 

[Ras_Thavas]

I just cleaned my friends daughters laptop by taking out the hard drive and scanning it with my computer. I used Microsoft security essentials and it found 14 trojans/viruses. I then checked it with super anti spyware and it showed clean. Just to be safe I also checked it with another machine that has AVG on it.

Installed the hard drive back in the laptop and it was fine. They had no protection on it so I installed MSE and let it scan again. All is good now.

So far I have had the best luck cleaning machines by scanning the drive with a different pc.

 

[Kestrel]

My desktop has [according to microsoft security essentials] 253 infections, theres something somewhere thats trying to connect to the internet like mad and I can't control it.
[...]

My PC was recently infected with the "Antivirus System Pro" virus. This one presents itself as an "anti-virus program", that detected serious threats on my HD... prompting me to enter my CC# and purchase software packages from their www site to alleviate the "threats". I did google search and found a great step by step procedure to remove the obnoxious bugger.

This is pretty much exactly what just happened to me two days ago. Although the rogue "antivirus" software (which somehow has taken up residence in my Windows taskbar) did disable 'Task Manager' and 'Add/Remove programs', my normal antivirus program (AntiVir) wasn't completely hosed & was able to report a couple of warnings but no infections, so the program in question is quite obviously lying. Thanks for posting w/ your suggestion, I will pursue this further this evening.

Illum or kramer5150, do you have any suspects as to which websites you were on prior to this software installing itself on your computers? (I visited only ~6 or so websites in the entire week prior to this infection, so it's a pretty short suspect list on my end.) Also, what websites (besides its own website) was the software attempting to open on your computer? Feel free to PM me on those Q's, I'm curious. Believe me, nothing that you could report would be stranger than what I've just experienced on this.

BTW, this is the first unauthorized software I've ever gotten on any computer in my entire online experience (~20 years since starting with AOL fail way back when) - I'm seriously careful & attentive with respect to this issue.