Overclock.net › Forums › Software, Programming and Coding › Networking & Security › What to do if your compouter gets Infected.
New Posts  All Forums:Forum Nav:

What to do if your compouter gets Infected.

post #1 of 6
Thread Starter 
We may be the best place for OverClockers, but where do you go for Virus / Malware removal help?

For the DiYer.

1. Make sure you are running at least SP2 (if on XP).
2. Download HijackThis
3. Download Spybot S&D
4. Download Ad-Aware
5. Install, Update and Scan with Ad-Aware.
6. Install, Update and Scan with Spybot S&D.
7. Run one of the many FREE online scans. (Trend Micro's Housecall, Panda's Nanoscan, Kaspersky)

Between Spybot, Ad Aware and an Online Scanner, you'll find most normal spyware, adware and viruses will be taken care of. Then there are the persistant ones (like the SmitFraud and Vundo variants). Thats where HijackThis comes in. (Along with specific removal tools.)

When you run HjT, you'll get a log. While there are log analyzers, they don't always do a good job at locating bad entries. Thats where some of the sites I list below become very useful.

Resource List

SpyWareWarrior
http://www.spywarewarrior.com
-BEFORE you install an unknown anti-anything, see if they list it here as a Rogue program.

CastleCops
http://www.castlecops.com
-Searchable database of HijackThis entries, CLSIDs and other useful info.
-Main resource for checking HjT log entries.

Atribune's Site
http://www.atribune.org/
-Wrote the VundoFix.exe
-VundoFix FTW!

Merjin's Page
http://www.spywareinfo.com/~merijn/index.php
-Merjin created HijackThis and CWShredder
-Useful guides for using HjT etc...

noahdfear's Page
http://noahdfear.geekstogo.com/
-One of the 2 best SmitFraud removers around can be found here.

S!ri's Smitfraud Fixer
http://siri.geekstogo.com/SmitfraudFix.php
-The other SmitFraud remover. If one doesn't work, use the other.


Non-DiYers

If you don't want to go through malware removal on your own, there are several forums that offer FREE help.

SpywareInfo
http://www.spywareinfo.org

or

GeeksToGo
http://www.geekstogo.com

I recommend both of these because I have been there, and have gone through part of their training to learn how to help people on their forums.

Other forums that help with Malware removal include:

PCHell
http://www.pchell.com

Bleeping Computer
http://www.bleepingcomputer.com

I haven't used either of them for personal help with Malware Removal, but they have been invaluable resources.

If you get one of those annoying little popups trying to sell you an anti-virus or something, try this to remove it:

1. Google: program pchell (or bleepingcomputer) (ex. spyaxe pchell first link Googled = http://www.pchell.com/support/spyaxe.shtml)
--Spyaxe is a "Anti-Spyware" program, that has false/aggressive advertising and alerts, requires the SmitFraud removers.
2. Click the link and follow the instructions.

Most of the popup style ones will involve VundoFix and a SmitFraud remover.

Please note that if you have an issue and go to one of those four forums, each has their own posting guidelines. Be sure to follow them for accurate help.
    
CPUMotherboardGraphicsRAM
Pentium D - 915 @ 2.8gHz Intel D946GZis GeForce 9500GT 1gb DDR2 
Optical DriveOSCase
DVD/RW WinXP Home SP3 Rosewill Cheapie 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Pentium D - 915 @ 2.8gHz Intel D946GZis GeForce 9500GT 1gb DDR2 
Optical DriveOSCase
DVD/RW WinXP Home SP3 Rosewill Cheapie 
  hide details  
Reply
post #2 of 6
SmitFraud remover is extremely good for the really good malware that acts like a Windows security message.

Good guide.
New Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 @ 3.6GHz Gigabyte GA-EX58-UD3R PowerCooler HD4890 1GB 6GB Corsair DDR3 
Hard DriveOptical DriveOSMonitor
1.5TB Philips DVD-RW (Liteon rebrandeL) Windows 7 x64 Ultimate 24" Dell 2407 WFP 
KeyboardPowerCaseMouse
Microsoft Natural Ergonomic 4000 Corsair HX620W Antec Twelve Hundred Logitech G7 
Mouse Pad
Large Steelpad 
  hide details  
Reply
New Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 @ 3.6GHz Gigabyte GA-EX58-UD3R PowerCooler HD4890 1GB 6GB Corsair DDR3 
Hard DriveOptical DriveOSMonitor
1.5TB Philips DVD-RW (Liteon rebrandeL) Windows 7 x64 Ultimate 24" Dell 2407 WFP 
KeyboardPowerCaseMouse
Microsoft Natural Ergonomic 4000 Corsair HX620W Antec Twelve Hundred Logitech G7 
Mouse Pad
Large Steelpad 
  hide details  
Reply
post #3 of 6
great info
Darkness
(18 items)
 
  
CPUMotherboardGraphicsRAM
4690k asus z97-ar gigabyte 980 ti g1 gaming G-Skill Ripjaw 
Hard DriveHard DriveOSMonitor
WD Black Samsung EVO 840 Windows 8 Pro 64Bit Ultrasharp 27" 
MonitorKeyboardPowerCase
HP W2338H 23" Black Widow Ultimate Corsair HK1000W Corsair 600T SE 
MouseMouse PadAudioAudio
Zowie EC2 Zowie (Pure exellence) dt880 sound blaster recon3d 
Audio
swan m10 
  hide details  
Reply
Darkness
(18 items)
 
  
CPUMotherboardGraphicsRAM
4690k asus z97-ar gigabyte 980 ti g1 gaming G-Skill Ripjaw 
Hard DriveHard DriveOSMonitor
WD Black Samsung EVO 840 Windows 8 Pro 64Bit Ultrasharp 27" 
MonitorKeyboardPowerCase
HP W2338H 23" Black Widow Ultimate Corsair HK1000W Corsair 600T SE 
MouseMouse PadAudioAudio
Zowie EC2 Zowie (Pure exellence) dt880 sound blaster recon3d 
Audio
swan m10 
  hide details  
Reply
post #4 of 6
also do most/all of that stuff in safe mode will help
Bravo
(13 items)
 
  
CPUMotherboardGraphicsRAM
X4 955 @ 3.6 Asus M479T 4870 1GB 8 GB DDR3 
Hard DriveOSPowerCase
160 GB Win 7 Antec 750w Antec 300 
  hide details  
Reply
Bravo
(13 items)
 
  
CPUMotherboardGraphicsRAM
X4 955 @ 3.6 Asus M479T 4870 1GB 8 GB DDR3 
Hard DriveOSPowerCase
160 GB Win 7 Antec 750w Antec 300 
  hide details  
Reply
post #5 of 6
Indeed. Some malware does grip in pretty well.
New Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 @ 3.6GHz Gigabyte GA-EX58-UD3R PowerCooler HD4890 1GB 6GB Corsair DDR3 
Hard DriveOptical DriveOSMonitor
1.5TB Philips DVD-RW (Liteon rebrandeL) Windows 7 x64 Ultimate 24" Dell 2407 WFP 
KeyboardPowerCaseMouse
Microsoft Natural Ergonomic 4000 Corsair HX620W Antec Twelve Hundred Logitech G7 
Mouse Pad
Large Steelpad 
  hide details  
Reply
New Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 @ 3.6GHz Gigabyte GA-EX58-UD3R PowerCooler HD4890 1GB 6GB Corsair DDR3 
Hard DriveOptical DriveOSMonitor
1.5TB Philips DVD-RW (Liteon rebrandeL) Windows 7 x64 Ultimate 24" Dell 2407 WFP 
KeyboardPowerCaseMouse
Microsoft Natural Ergonomic 4000 Corsair HX620W Antec Twelve Hundred Logitech G7 
Mouse Pad
Large Steelpad 
  hide details  
Reply
post #6 of 6
Also it is strongly recommended that you do not attempt to delete anything with HJT unless you know exactly which entries to delete. Chances are you'll end up deleting a legit entry and mess up your registry system. So be sure to follow the links NullWolf posted and go to those help forums to post your HJT scan log. Let one of the experts there examine your log and provide you with solutions.

Great guide NullWolf +1
New rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon64 X2 5000 BE @3.3GHz ASUS M2R32-MVP HD3870 512MB CrossFire GeIL Esoteria 4x1GB DDR2-1100 
Hard DriveOptical DriveOSMonitor
WD Raptor 150GB Lite-On LH-20A1L DVDRW Vista Ultimate 32-bit ViewSonic 22" HD LCD 1680x1050 
KeyboardPowerCaseMouse
Logitech Media Elite PC Power & Cooling Silencer 750W Quad TT Armor Extreme Full ATX Logitech G5 Laser 
  hide details  
Reply
New rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon64 X2 5000 BE @3.3GHz ASUS M2R32-MVP HD3870 512MB CrossFire GeIL Esoteria 4x1GB DDR2-1100 
Hard DriveOptical DriveOSMonitor
WD Raptor 150GB Lite-On LH-20A1L DVDRW Vista Ultimate 32-bit ViewSonic 22" HD LCD 1680x1050 
KeyboardPowerCaseMouse
Logitech Media Elite PC Power & Cooling Silencer 750W Quad TT Armor Extreme Full ATX Logitech G5 Laser 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › What to do if your compouter gets Infected.