ugh..virus
Boot the computer into Safe Mode and then run your anti-malware program.
To boot into Safe Mode, as the computer is starting, repeatedly press the F8 key until you get a DOS-like screen with several boot options. Select Safe Mode and press Enter.
EDIT: Since some motherboard BIOS options use F8 to select a Boot Device, if you get a screen asking which device to boot from select the Hard Drive, press Enter and then again begin repeatedly pressing the F8 key to get the Boot Options menu.
If the game spit out 20 dollar bills people would complain that they weren't sequentially numbered. If they were sequentially numbered people would complain that they weren't random enough.
Black Pebble is my new hero.
hmm...f8 doesn't seem to do anything, i just wind up booting like normal. I do get the option to hit tab or delete for setup or bootscreen
Virtue: Sistah Powah, Afrodizziac, NeutronBlonde,Distortionist,IonMaiden,BlindFaith,M adwoman, Vital Signs,Yzzorrdrex,Diesel Mage, Defend, Glasshouse,Rescue I, Bootytrap, The Experience, AE Virus, Drawback, Daytime, Nighttime, Chamberwraith, Invincible Ink, Monster Mitts, Hex Object, Hexperiment, Frightningbolt, Spooky Deville, Scream Weaver, Cackler, Shocktopus, Ogrekill,Road Hazard,Fahrenhate,Duotherm,Black Lung, Horrorculturalist,Foulmouth,
hmm...f8 doesn't seem to do anything, i just wind up booting like normal. I do get the option to hit tab or delete for setup or bootscreen
|
I'll also suggest getting/doing three things (from another PC that's not infected)
1. Malwarebytes. Useful little tool. It will be blocked by several fake AVs. Install, but don't update or run. Go to where you install it, make a copy of MBAM.EXE and rename it. Run *that.* Update. 99% of the time, that's enough to get around these.
2. "FixEXE." (Link is for vista, has another link for 7, search if running XP.) Small registry file. I've been seeing quite a few of these that essentially turn *every* EXE to "Open with" themselves - so with the virus gone, you can't run a program. Kill the virus, run that, get your EXEs back.
3. Go to Control Panel - Internet Options - Connections - LAN settings (button.) Make sure nothing is checked - *especially* "Use a proxy."
I can give somewhat more detailed instructions on tracking down the virus, as well, but since you mentioned "not computer savvy," - well, they're easy to me, but would probably come out greek for you.
Okay, you CAN try to clean it up. You MAY or MAY NOT succeed. Honestly, if your computer's that borked, I wouldn't bother expending the effort. Without a reference image you have no way to be able to tell what's been altered and what hasn't. So even though you clean the initial infection, it could be leaving you open to other things.
In short, a lot of investment in time and effort that could all be for naught and might see you reinstalling the OS anyhow.
My advice.
- Get a USB hard drive and a Linux boot disk (like Ubuntu).
- Boot up into Ubuntu from the CD/DVD.
- Recover any files you have from the Windows partition to the USB drive.
- Once done, disconnect the USB drive.
- Use the Ubuntu partition manager to wipe down the hard drive. Partitions and all.
- Reinstall Windows from scratch.
- Load up an AV as soon as you are able.
- Patch the crap out of the machine.
- Reinstall your apps.
- Patch your apps.
- Make a backup image of the system hard drive. Acronis, Ghost, etc. Will save you most of the above steps if this happens again in the future.
- Retrieve your USB drive and scan the living bejesus out of it before copying ANYTHING from the drive.
- Once scanned and you're assured the files are clean, begin restoring them.
OK, Bill. Before I left for class this morning I found the MBAM.EXE in the infected computer and renamed it, but the virus shut it down when I tried to run it. Should I expect a different result this afternoon when I DL it to another comp and transfer it over?
Yeah, Hyper, I just recently re-installed windows, so I shouldn't have too much of an issue if i need to re-install. THinking about upgrading to Win 7 anyway.
Virtue: Sistah Powah, Afrodizziac, NeutronBlonde,Distortionist,IonMaiden,BlindFaith,M adwoman, Vital Signs,Yzzorrdrex,Diesel Mage, Defend, Glasshouse,Rescue I, Bootytrap, The Experience, AE Virus, Drawback, Daytime, Nighttime, Chamberwraith, Invincible Ink, Monster Mitts, Hex Object, Hexperiment, Frightningbolt, Spooky Deville, Scream Weaver, Cackler, Shocktopus, Ogrekill,Road Hazard,Fahrenhate,Duotherm,Black Lung, Horrorculturalist,Foulmouth,
As per: http://technet.microsoft.com/en-us/l.../cc512587.aspx
Once your machine is compromised by something like FakeAV, you're much better off just rebuilding it from scratch and making sure you secure it properly 2nd time around.
Omnes relinquite spes, o vos intrantes
My Characters
CoX Chatlog Parser
Last.fm Feed
OK, Bill. Before I left for class this morning I found the MBAM.EXE in the infected computer and renamed it, but the virus shut it down when I tried to run it. Should I expect a different result this afternoon when I DL it to another comp and transfer it over?
Yeah, Hyper, I just recently re-installed windows, so I shouldn't have too much of an issue if i need to re-install. THinking about upgrading to Win 7 anyway. |
I agree with Hyper that if you get hosed that bad you're likely to have issues with the OS even after you clear out the virus. Considering that Windows is famous (infamous?) for corrupting it's registry just from normal use over time you're likely to have significant problems post-virus.
COH has just been murdered by NCSoft. http://www.change.org/petitions/ncso...city-of-heroes
Couldn't he just try to go back to a restore point?
And I rarely see a virus - yes, including the fake AV ones - that actually require a reinstall. It's like tearing down every house in the neighborhood because of one cracked window - tends to be an overreaction. (There *are* a few that, yeah, that's the best way of doing things, but they are rather rare. Most consist of a single *file* that's causing all the trouble, and they don't actually infect anything else - at worst, they hijack the .exe file extension, thus the "fixexe" above.)
If it stops MBAM.EXE, even when renamed, you *can* try one other thing - assuming you have it showing file extensions - and that's renaming it from a .exe to a .com.
What does this virus identify itself as? (Something like "XP Antivirus 2011" would show on the alert window, especially when it asks you to buy it.)
(Edit: Should also be doing the renaming, etc. in safe mode.)
I had something similar happen to me a few months ago and this is what i did to fix it.
shut off the pc and restart in safe mode (press f8 while machines boots)
select Boot in Safe mode with Networking
download the free utility called rkill (this program stops other programs from loading in the registry), and also download Malwarebytes.
Shut down and restart the pc again in Safe mode.
run rkill
run malwarebyte
after the scan is complete and you restart the pc in normal mode, i suggest running a full system scan with your AV software, and a full scan using Spybot Search & Destroy.
if you notice that your web browser does not connect to the pages you want it's because some of those viruses change your LAN settings in order to further frustrate users. In that case just go into your browser's networking LAN settings and select the correct setting.
hope this helps you.
For some reason, my keyboard goes inactive during part of the boot-up process ( all or most of my usb ports seem to do this), so hitting f8 isn't working. I've had this usb issue for a long time, don't know why it happens.
Is there another way to get into safe mode? I am able to get into setup and boot menu, but it seems like the time window for hitting f8 is in the period when my keyboard goes dead. (I can tell it's inactive because the lights under the keys go out, as do the lights on my Fang controller)
Virtue: Sistah Powah, Afrodizziac, NeutronBlonde,Distortionist,IonMaiden,BlindFaith,M adwoman, Vital Signs,Yzzorrdrex,Diesel Mage, Defend, Glasshouse,Rescue I, Bootytrap, The Experience, AE Virus, Drawback, Daytime, Nighttime, Chamberwraith, Invincible Ink, Monster Mitts, Hex Object, Hexperiment, Frightningbolt, Spooky Deville, Scream Weaver, Cackler, Shocktopus, Ogrekill,Road Hazard,Fahrenhate,Duotherm,Black Lung, Horrorculturalist,Foulmouth,
not sure if this can help you with the keyboard issue but its worth a look anyways:
Link:http://support.microsoft.com/default...roduct=win2000
i hope this helps you resolve your issue.
For some reason, my keyboard goes inactive during part of the boot-up process ( all or most of my usb ports seem to do this), so hitting f8 isn't working. I've had this usb issue for a long time, don't know why it happens.
Is there another way to get into safe mode? I am able to get into setup and boot menu, but it seems like the time window for hitting f8 is in the period when my keyboard goes dead. (I can tell it's inactive because the lights under the keys go out, as do the lights on my Fang controller) |
I had a virus a few months back and thankfully just doing a system restore fixed everything. I didn't even know f8 boots to safe mode so did it the way I just mentioned.
Good luck.
It just occurred to me that you might have a USB keyboard, if that's the case, you might need to enable USB devices in your BIOS.
Doing a quick search i found quite a few people had the same issue you have trying to boot in safe mode.
Here is the solution i found, this might help you since you stated that none of your USB ports seem to work during boot-up.
To enable USB keyboard support, power up your system and press DELETE (or F1 or F2, depending on your BIOS type) to enter the BIOS. A menu with an assortment of options will greet you. You may have to explore a bit to find the specific option to enable USB Keyboard support, but generally you can find it in the Integrated Peripherals section or in a subsection of Integrated Peripherals that's labeled OnChip PCI Device or PCI Devices. Once you find the correct option, change the setting from Disabled to Enabled and then exit the system BIOS, making sure to save the changes. When the system restarts, you're done.
Something similar happened to me a few months back and what I did was restart the PC and held the ctrl-alt-delete combo to bring up the task manager. As soon as it popped open I was able to stop the virus process from booting up all the way in the services tab. This let me get to the desktop and run the malware and anti-virus programs I use and clean my system out. Give this a try.
Keeping it Brutal !!!!!!!!
BOOM! Got into safemode and ran malwarebytes, it found 4 traces, kileed them. SEEMS to have been taken care of. All my network stuff was set to use proxies, unchecked those. all the .exe stuff seems fine. So far so good. Thanks all!
Virtue: Sistah Powah, Afrodizziac, NeutronBlonde,Distortionist,IonMaiden,BlindFaith,M adwoman, Vital Signs,Yzzorrdrex,Diesel Mage, Defend, Glasshouse,Rescue I, Bootytrap, The Experience, AE Virus, Drawback, Daytime, Nighttime, Chamberwraith, Invincible Ink, Monster Mitts, Hex Object, Hexperiment, Frightningbolt, Spooky Deville, Scream Weaver, Cackler, Shocktopus, Ogrekill,Road Hazard,Fahrenhate,Duotherm,Black Lung, Horrorculturalist,Foulmouth,
Glad to hear it.
Install any available updates, make sure your antivirus is able to update still (as they can be damaged by viruses, though again, this sort *normally* doesn't in most cases) and you should be good.
For some reason, my keyboard goes inactive during part of the boot-up process ( all or most of my usb ports seem to do this), so hitting f8 isn't working. I've had this usb issue for a long time, don't know why it happens.
Is there another way to get into safe mode? I am able to get into setup and boot menu, but it seems like the time window for hitting f8 is in the period when my keyboard goes dead. (I can tell it's inactive because the lights under the keys go out, as do the lights on my Fang controller) |
There are ways to get into Safe Mode by manually editing some files (since the normal methods to edit them aren't available due to the malware) but I won't go into them with people who aren't "computer savvy in the least" as you stated your case to be.
I have to agree with Memphis Bill's assessment and suggestions in his post after my previous response. I'd also agree that it's likely not necessary to do a reinstall. The only way I could recommend that would be if there was no other choice at all.
Another option may be to find a local computer tech to have them work on it for you. A good place to check is with the local school districts Technology department as many of the Techs may do work on the side, usually at very reasonable rates. Also, check the classifieds of the local newspapers as you will often find some good techs advertising there. If you can, get recommendations from co-workers, friends, or similar to find reliable techs that do good work.
I'd recommend against taking it to the repair department of any of the national chain computer parts stores. I won't name any names, but you can likely figure out who these might be on your own.
If the game spit out 20 dollar bills people would complain that they weren't sequentially numbered. If they were sequentially numbered people would complain that they weren't random enough.
Black Pebble is my new hero.
I'd recommend against taking it to the repair department of any of the national chain computer parts stores. I won't name any names, but you can likely figure out who these might be on your own.
|
... you are doing backups, yes? (Even if it's just your documents and such - the stuff that cannot be replaced.) If not, look into mozy, dropbox, and/or an external hard drive. (Yes, I'm big on backups. Used to work for Veritas before their Backup Exec was picked up by - think it was Symantec.)
(Edit: IF at all curious, my general process with these:
1. Grab CProcess, Mike Lin's startup control panel, Malwarebytes and the EXEfix reg entry. Get a command prompt ready.
2. Rename cprocess.exe cprocess.com. Look for the oddball process. Sometimes named by the fake AV's name, more commonly using another program's name but with the wrong EXE (f'rinstance, Windows Live but called slaflkje.exe.) Get the directory it's in.
3. Get the command prompt. Go to that directory. Attrib -r -s -h the random name.
4. Get a rename command ready on that file. Don't hit enter.
5. Kill the process in cprocess.
6. Immediately swap to command prompt, fire off the rename.
7. Double click the Regfix. Let it restore the .exe files.
8. Run the "startup control panel." Look for any other odd entries in startup. (It's actually rather useful. Tend to kill unneeded items at this point anyway.)
9. Run Malwarebytes. Let update. Run.
10. If MWB doesn't see the renamed file, delete it anyway.
Probably a 97% success rate on that. But yeah - not something I'd start telling someone else to do blindly.)
Something I haven't been able to check but that might be of use would be to log in with a different Administrator account if one exists.
I know that I can run MBAM on an account that has domain administrator privileges and remove a small amount of the malware so that I can then log in to the infected account and run the exefix registry entries and then run MBAM as that user.
Of course, with the way our domains are configured I have to temporarily add the users domain account to the domain administrators group to allow them to access the registry for the exefix to be able to work.
I haven't tried this with a computer that is not on a domain but it may work in this case as well.
Just another thought I had.
If the game spit out 20 dollar bills people would complain that they weren't sequentially numbered. If they were sequentially numbered people would complain that they weren't random enough.
Black Pebble is my new hero.
MBAM seems... very hit and miss when not used on the same account as the one having the problem.
My sister's notebook got itself a virus/trojan recently. I just used a combination of MalwareBytes and "SuperAntiSpyware" and got it working fine again.
One thing that really impressed me with SAS was it's repair tab. Things like "Reset Folder Options Permissions" "Reset Task Manager Permissions" "Reset/Unlock Desktop Wallpaper" "Reset Network Connection Settings", AND "Attempt Repair of System Restore Function". For recovering any settings that remain broken after the infection is gone(all free btw too).
I couldn't get either of them to update though, on either of my PCs on the network(via a wireless router). Luckily their existing databases knew about what was screwing with her computer. I have a netgear router, it also wouldn't let Mcafee.com load, but their tech gave me an IP to add to my hosts file which fixed it. Does anyone know of a fix for this(or hosts info for MB and SAS)?
(Now that I think about it, getting my sister's Kaspersky AV to update was always a pain too). I googled it and found detailed instructions about a Linksys router causing these problems, and detailed instructions with their management software to correct it, but it didn't apply to netgear .
10 50's To Date! Check out Titan Sentinel; it got my CoH presence synced online
SO i got this virus today, won't let me open anything that would maybe help. as soon as I open my anti-virus, anti-malware, taskmanager, internet, control panel, it closes the window and messages about not being protected and "click here so we can steal some cash from you to fix the problem we started" and whatnot.
So...any suggestions? I'm not computer savvy in the lest, so please keep it simple :P
Virtue: Sistah Powah, Afrodizziac, NeutronBlonde,Distortionist,IonMaiden,BlindFaith,M adwoman, Vital Signs,Yzzorrdrex,Diesel Mage, Defend, Glasshouse,Rescue I, Bootytrap, The Experience, AE Virus, Drawback, Daytime, Nighttime, Chamberwraith, Invincible Ink, Monster Mitts, Hex Object, Hexperiment, Frightningbolt, Spooky Deville, Scream Weaver, Cackler, Shocktopus, Ogrekill,Road Hazard,Fahrenhate,Duotherm,Black Lung, Horrorculturalist,Foulmouth,