Overclock.net › Forums › Software, Programming and Coding › Networking & Security › How can I get rid of this nasty virus?
New Posts  All Forums:Forum Nav:

How can I get rid of this nasty virus? - Page 5

post #41 of 85
Reappearing viruses that won't go away will require you to edit registry files and you'll have to know which file names of the virus to edit. That will stop them from running at start up but usually at that point the damage is done, its probably changed many things that registry editing won't repair unless you spend endless hours learning and editing Win XP. I wouldn't even save user data. I'd just wipe it all out,(not just reformat) and start over, along with canceling the credit cards.

After that I would suggest using something better than Norton and tell them to stop choosing "OK" on popups from shady websites.
Still pushing
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8400 E0 @ 4.32GHz 1.36v EVGA 750i FTW GTX470 765/1530/1848 (unlocked 465) OCZ Blade 9200LV @ 1080MHz 5-5-5-18-33 
OSMonitorPowerCase
XP 32bit /Win 7 64bit /Arch Linux Samsung PX2370 PCP&Cooling 610w Silencer piece of cardboard 
  hide details  
Reply
Still pushing
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8400 E0 @ 4.32GHz 1.36v EVGA 750i FTW GTX470 765/1530/1848 (unlocked 465) OCZ Blade 9200LV @ 1080MHz 5-5-5-18-33 
OSMonitorPowerCase
XP 32bit /Win 7 64bit /Arch Linux Samsung PX2370 PCP&Cooling 610w Silencer piece of cardboard 
  hide details  
Reply
post #42 of 85
Hooking up the HDD to another computer via external enclosure won't infect your system at all unless you start aimlessly running programs off of it. You can't simple just put something beside the HDD and it infect the other hardware, doesn't work that way.

I have fixed many computers using the method that "ezveedub" has mentioned, it does work, just gotta know what you are doing.

EDIT: And when I say "know what you are doing" this means removing the viruses manually. There are guides on how to do this, while fairly risky, are quite often more accurate and precise than AV software if you know what you are looking for.
    
CPUMotherboardGraphicsRAM
Core i7 3930k @ 4.75GHz (1.32v) ASUS Rampage IV Extreme EVGA 980 GTX 4x8Gb Corsair Vengeance DDR3-2133 
Hard DriveHard DriveCoolingOS
Kingston HyperX 3K, OCZ Vertex 3 120Gb Barracuda 2tb, 2x WD Black 4Tb Corsair H105 2x SP120 QE | 3x SP140 QE  Windows 10 Home 64-bit 
MonitorKeyboardPowerCase
Dual 27" BenQ IPS 1440p Corsair K70  Corsair AX860i Corsair Carbide Air 540 
MouseMouse PadAudio
Logitech G502 Razer Vespula Creative Sound Blaster Z 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i7 3930k @ 4.75GHz (1.32v) ASUS Rampage IV Extreme EVGA 980 GTX 4x8Gb Corsair Vengeance DDR3-2133 
Hard DriveHard DriveCoolingOS
Kingston HyperX 3K, OCZ Vertex 3 120Gb Barracuda 2tb, 2x WD Black 4Tb Corsair H105 2x SP120 QE | 3x SP140 QE  Windows 10 Home 64-bit 
MonitorKeyboardPowerCase
Dual 27" BenQ IPS 1440p Corsair K70  Corsair AX860i Corsair Carbide Air 540 
MouseMouse PadAudio
Logitech G502 Razer Vespula Creative Sound Blaster Z 
  hide details  
Reply
post #43 of 85
Definitely, the number 1 antivirus is safe browsing.
Malice
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2600K @ 4.6GHz Asus Maximus IV Extreme MSI Lightning Xtreme SLI 16gb Corsair Vengeance LP 
Hard DriveOSKeyboardPower
2x Crucual M4 128gb, 4x WD Black 2tb Windows 7 Ultimate x64 Saitek Cyborg Antec HCP-1200 
CaseMouse
CoolerMaster HAF-X Razer Lachesis Banshee Red 
  hide details  
Reply
Malice
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2600K @ 4.6GHz Asus Maximus IV Extreme MSI Lightning Xtreme SLI 16gb Corsair Vengeance LP 
Hard DriveOSKeyboardPower
2x Crucual M4 128gb, 4x WD Black 2tb Windows 7 Ultimate x64 Saitek Cyborg Antec HCP-1200 
CaseMouse
CoolerMaster HAF-X Razer Lachesis Banshee Red 
  hide details  
Reply
post #44 of 85
Quote:
Originally Posted by sanket779292 View Post
get bitdefender total security and update and then run a deep system scan,it it works perfectly right
No, you dont understand with a rootkit can do. It will remove it processes from the process table so it will not be found. It then is in a race condition with the AV software. One way to implement

Another approach is to modify/filter the hard disk device driver. The lower you go the more you control. Trust kills - Does the O/S trust the device driver? Does the device driver trust the hard drive firmware. Has the firmware been modified to not report what is stored at specified position on the platter?

The Rootkit usually wins if constructed well.
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
post #45 of 85
Quote:
Originally Posted by ezveedub View Post
Best to remove the HDD, connect it to another computer and run Microsoft Security Essentials (free download) scan on it. I always clean infected HDDs from another PC running anti-virus software. Most HDDs do not get cleaned properly while they're being used as the boot OS drive.

That doesn't always work, but it will remove some viruses that couldn't be removed while the OS is running.
Still pushing
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8400 E0 @ 4.32GHz 1.36v EVGA 750i FTW GTX470 765/1530/1848 (unlocked 465) OCZ Blade 9200LV @ 1080MHz 5-5-5-18-33 
OSMonitorPowerCase
XP 32bit /Win 7 64bit /Arch Linux Samsung PX2370 PCP&Cooling 610w Silencer piece of cardboard 
  hide details  
Reply
Still pushing
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8400 E0 @ 4.32GHz 1.36v EVGA 750i FTW GTX470 765/1530/1848 (unlocked 465) OCZ Blade 9200LV @ 1080MHz 5-5-5-18-33 
OSMonitorPowerCase
XP 32bit /Win 7 64bit /Arch Linux Samsung PX2370 PCP&Cooling 610w Silencer piece of cardboard 
  hide details  
Reply
post #46 of 85
Quote:
Originally Posted by Drobomb View Post
That doesn't always work, but it will remove some viruses that couldn't be removed while the OS is running.
If it doesn't work, its because the AV software doesn't have the virus definition. That's generally with fresh new viruses, but most are recognized within a week or so.

In most cases, I have saved the OS system, but if the PC was booted up several times and used with the virus on it, it will start to destroy data, making the installed OS unrepairable.
     
CPUMotherboardGraphicsRAM
Intel I7 860  Asus P7P55D-E Pro MSI ATI 6990 8gb G.Skill 1600 DDR3 (4x2Gb) 
RAMHard DriveHard DriveOptical Drive
G. Skill 1600 DDR3 OCZ Agility 2 120Gb  Seagate SATA Barracuda 160GB TSH663B DVD burner 
CoolingCoolingCoolingCooling
EK Supreme HF XSPC RC360 XSPC DDC Reservoir EK-FC6990 - EN (Nickel) 
OSMonitorKeyboardPower
Windows 10 64bit Pro Gateway FHX2300 Microsoft Wireless Multimedia V2 PC Power & Cooling Silencer 750 Quad 
CaseMouseAudio
Cooler Master HAF 932 Microsoft Wireless Optical Creative 5.1 
  hide details  
Reply
     
CPUMotherboardGraphicsRAM
Intel I7 860  Asus P7P55D-E Pro MSI ATI 6990 8gb G.Skill 1600 DDR3 (4x2Gb) 
RAMHard DriveHard DriveOptical Drive
G. Skill 1600 DDR3 OCZ Agility 2 120Gb  Seagate SATA Barracuda 160GB TSH663B DVD burner 
CoolingCoolingCoolingCooling
EK Supreme HF XSPC RC360 XSPC DDC Reservoir EK-FC6990 - EN (Nickel) 
OSMonitorKeyboardPower
Windows 10 64bit Pro Gateway FHX2300 Microsoft Wireless Multimedia V2 PC Power & Cooling Silencer 750 Quad 
CaseMouseAudio
Cooler Master HAF 932 Microsoft Wireless Optical Creative 5.1 
  hide details  
Reply
post #47 of 85
Quote:
Originally Posted by Shoulin View Post
Hooking up the HDD to another computer via external enclosure won't infect your system at all unless you start aimlessly running programs off of it. You can't simple just put something beside the HDD and it infect the other hardware, doesn't work that way.

I have fixed many computers using the method that "ezveedub" has mentioned, it does work, just gotta know what you are doing.

EDIT: And when I say "know what you are doing" this means removing the viruses manually. There are guides on how to do this, while fairly risky, are quite often more accurate and precise than AV software if you know what you are looking for.
No sometime it does. Lets think about this for a bit.

I install a DVD with compromised firmware that the BIOS queries. Hmming seem like I have a injection vector that can be used to compromise.

Is firmware updatable?
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
post #48 of 85
Why not use a Linux LiveCD and use ClamAV? Though that's only good for small things, if it's something embedded I don't think it'll do the job.

My mothers laptop has XP, no matter what I did. Her browsing habits would some how another get some kind of virus on the computer. I just through Linux on it and called it a day. If she somehow gets a virus now, I will be shocked.
post #49 of 85
Quote:
Originally Posted by Kmon View Post
No sometime it does. Lets think about this for a bit.

I install a DVD with compromised firmware that the BIOS queries. Hmming seem like I have a injection vector that can be used to compromise.

Is firmware updatable?
You aren't understanding me, if you take a HDD from ANOTHER computer and hook it up to yours to fix the one from the OTHER computer, it won't infect yours. If the other HDD was infected in another computer, it can't openly infect yours if you just hook it up externally. That's almost like hooking up an MP3 player to your computer, it won't do anything.

Now if you have a second HDD, yea it can infect that one, that is another scenario entirely. But we are saying hooking up the infected HDD to another computer that isn't infected externally. If he does that to run scans on it, the infected HDD is more or less just attached as free weight at that point and can't do anything but accept the scans.
    
CPUMotherboardGraphicsRAM
Core i7 3930k @ 4.75GHz (1.32v) ASUS Rampage IV Extreme EVGA 980 GTX 4x8Gb Corsair Vengeance DDR3-2133 
Hard DriveHard DriveCoolingOS
Kingston HyperX 3K, OCZ Vertex 3 120Gb Barracuda 2tb, 2x WD Black 4Tb Corsair H105 2x SP120 QE | 3x SP140 QE  Windows 10 Home 64-bit 
MonitorKeyboardPowerCase
Dual 27" BenQ IPS 1440p Corsair K70  Corsair AX860i Corsair Carbide Air 540 
MouseMouse PadAudio
Logitech G502 Razer Vespula Creative Sound Blaster Z 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i7 3930k @ 4.75GHz (1.32v) ASUS Rampage IV Extreme EVGA 980 GTX 4x8Gb Corsair Vengeance DDR3-2133 
Hard DriveHard DriveCoolingOS
Kingston HyperX 3K, OCZ Vertex 3 120Gb Barracuda 2tb, 2x WD Black 4Tb Corsair H105 2x SP120 QE | 3x SP140 QE  Windows 10 Home 64-bit 
MonitorKeyboardPowerCase
Dual 27" BenQ IPS 1440p Corsair K70  Corsair AX860i Corsair Carbide Air 540 
MouseMouse PadAudio
Logitech G502 Razer Vespula Creative Sound Blaster Z 
  hide details  
Reply
post #50 of 85
There are numerous boot ISO's offered by many antivirus systems that you can burn to CD and run at boot. Small list:

Dr. Web Cure It!
Avira Rescue CD
Kapersky Rescue CD
AVG Rescue CD
Bitdefender Rescue CD
F-Secure
Panda Safe CD
Alternative Operating System Scanner
Microsoft System Sweeper

There are more that but a good place to start. I have these and more in my mobile software sweet that I use on a regular basis.

The
    
CPUMotherboardGraphicsRAM
INTEL ASUS XFX  SAMSUNG 
Hard DriveOptical DriveCoolingOS
WD/ST LG KUHLER WINDOWS 
MonitorKeyboardPowerCase
LG/SAMSUNG IBM MODEL M CORSAIR THERMALTAKE 
MouseMouse PadAudio
MS INTELLIMOUSE EXPLORER 3.0 REGULAR LARGE PAD ONBOARD but it USED TO BE A XONAR DG  
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
INTEL ASUS XFX  SAMSUNG 
Hard DriveOptical DriveCoolingOS
WD/ST LG KUHLER WINDOWS 
MonitorKeyboardPowerCase
LG/SAMSUNG IBM MODEL M CORSAIR THERMALTAKE 
MouseMouse PadAudio
MS INTELLIMOUSE EXPLORER 3.0 REGULAR LARGE PAD ONBOARD but it USED TO BE A XONAR DG  
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › How can I get rid of this nasty virus?