|
|
 |
Overclock.net - Overclocking.net > Software, Programming and Coding > Networking & Security | |
Need help with virii/malware on my PC
|
||
 |
|
|
LinkBack | Thread Tools |
06-20-08
|
#1 (permalink) | ||||||||||||
|
Overclocker
|
Need help with virii/malware on my PC
Yesterday I did something extremely foolish, i let my guard down and accidentally got a trojan, within seconds it had infected my PC, disabled a lot of things, and downloaded even more trojans with it.
__________________Anywho, i quickly pulled out my ethernet cable and then installed Kaspersky Trial edition (and quickly replugged my ethernet cable back for a moment in to download updates). I then ran Kaspersky, it took 5 hours (the first scan is slow, but the ones after are much quicker) with maximum security protection enabled, searching both rookits and using heuristics etc. Anyway, Kaspersky can find the malware, but can't seem to get rid of it. It has buried itself into System Restores and Windows logon (winlogon.exe?) and Explorer.exe. When i try to clean the system restores kaspersky can no longer find the malware, and although Kaspersky can clean Explorer.exe it soon becomes infected again. With the windows logon, kaspersky can't clean it. I believe this is because the windows logon must be essential to windows running. Anywho, I have no idea what to do. I'm willing to format my harddrive but i have a good deal of data on there that i'd rather like to keep. I was thinking of downloading HijackThis but I'm not sure there would be any point as the malware activates itself before I even get into Windows. I also don't know what it does (HijackThis that is, not the malware).  I was also thinking of downloading a program like this: http://www.download.com/Process-Expl...dlPid=10847734 to help me bypass the Task Manager being disabled (the malware has also disabled a lot of start menu stuff, but they can be reenabled easily via rightclicking the taskbar and messing with the properties). So yeah, any help you guys could give would be great, because I'm kind of at a loss here. Thanks, Voice.
|
||||||||||||
|
|
|
06-20-08
|
#2 (permalink) | |||||||||||
|
Folding Fanatic
|
turn off system restore, run your virus protection in safe mode.
use: smitfraudfix, combofix and hijackthis You might have to dive deep into your computer but you can fix everything that has been corrupted dont let anybody tell you that you have to reformat, thats the lazy way out
__________________
multi GPU folding on XP http://www.overclock.net/overclock-n...gfx-cards.html think folding costs too much???http://www.overclock.net/overclock-n...ml#post4175378 Quote:
|
|||||||||||
|
|
|
06-20-08
|
#3 (permalink) | |||||||||||||
|
Security Sleuth
|
Get a process explorer and search for any mischievous looking file names running.
__________________Disable System Restore in Windows. Either by the service or by Windows System Properties. You can try to look at registry fixers, such as CC Cleaner, Spybot S&D, etc. Definitely use HiJack This, AV, CC Cleaner, S&D, Definitely run Windows in Safe Mode for a good amount of time while trying to get rid of all of the things that are infected. Like discjockey said. Another good thing, try killing explorer.exe from the tree and then shut down the computer. As a last resort, you can do a format and reinstall. But Only as a last resort. It really just comes down to manually finding and removing them yourself. Do you happen to know what the Virus is called?
|
|||||||||||||
|
|
|
06-20-08
|
#4 (permalink) | |||||||||||||
|
Fear the Wombat
 
|
safe mode is the key. boot into it using f8 i believe then run all your virus scaners and spyware scanners from there. good luck!
__________________
< Terms of Service/Rules > < OCN Professionalism Initiative > < My Windows Registry Script > < 32 vs. 64 Bit Thread > Ramrod 1.5 + DFI LANPARTY DK 790FX-M2RS + AMD Phenom 9850 BE = Ramrod 2.0! Coming soon...
|
|||||||||||||
|
|
|
06-20-08
|
#5 (permalink) | |||||||||||||||
|
Overclocker
|
Quote:
Quote:
Quote:
 Back in a bit guys, thanks for all the help so far. 
Last edited by voice : 06-20-08 at 01:18 PM. |
|||||||||||||||
|
|
|
|
06-20-08
|
#6 (permalink) | |||||||||||||
|
Security Sleuth
|
Definietely just had a complete take over of my own computer.
__________________Did a registry restore, then used those four computers, and I was back online in less then twenty minutes. Though, I am still scanning through every file at the moment, to make sure I got everything.
|
|||||||||||||
|
|
|
|
06-20-08
|
#7 (permalink) | |||||||||||
|
Folding Fanatic
|
what happened to you GHO???
__________________
multi GPU folding on XP http://www.overclock.net/overclock-n...gfx-cards.html think folding costs too much???http://www.overclock.net/overclock-n...ml#post4175378 Quote:
|
|||||||||||
|
|
|
|
06-20-08
|
#8 (permalink) | |||||||||||||
|
Security Sleuth
|
Not really sure. But it is fixed now.
__________________
|
|||||||||||||
|
|
|
|
06-20-08
|
#9 (permalink) | ||||||||||||
|
Overclocker
|
Kaspersky identified the malware as:
__________________Code:
Trojan.Win32.Small.fb Code:
Heur.Trojan.Generic The trojan is listed here on the viruslist.com: http://www.viruslist.com/en/viruses/...?virusid=89116 EDIT: Also, i just dl'd all the programs that deskjockey listed, they're now on a usb stick about to be moved to my virus ridden PC, should i be worried at all about the virus copying itself onto the USB drive or anything like that? I know it may sound silly but I'm a bit of a paranoid.
Last edited by voice : 06-20-08 at 03:38 PM. |
||||||||||||
|
|
|
|
06-20-08
|
#10 (permalink) | |||||||||||
|
Folding Fanatic
|
I have done that too, didnt have a problem with the virus "jumping" to my thumb drive
you are in safe mode right?
__________________
multi GPU folding on XP http://www.overclock.net/overclock-n...gfx-cards.html think folding costs too much???http://www.overclock.net/overclock-n...ml#post4175378 Quote:
|
|||||||||||
|
|
|
|
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
|
|
