comorin From United States of America, joined May 2005, 4721 posts, RR: 17 Posted (3 years 1 month 2 weeks 2 days 10 hours ago) and read 2555 times:
A friend of mine had her PC infected yesterday with some malware. It pops up a a lot of dialog boxes, disables task manager, and installs short cuts to porn sites. An initial attempt to clean up her machine worked, but the virus reappeared on booting up.
Have any of you experienced this, and is there a removal tool anywhere for this particular pest?
newark777 From United States of America, joined Dec 2004, 9348 posts, RR: 33 Reply 1, posted (3 years 1 month 2 weeks 2 days 10 hours ago) and read 2541 times:
Sounds like it's firmly entrenched. Reinstalling the OS is the probably best at that point, especially if she has a backup.
futurepilot16 From United States of America, joined Mar 2007, 2018 posts, RR: 0 Reply 2, posted (3 years 1 month 2 weeks 2 days 10 hours ago) and read 2522 times:
Quoting comorin (Thread starter): Have any of you experienced this, and is there a removal tool anywhere for this particular pest?
Thanks all.
Yes. Try and download Spybot search and destroy on a separate computer, then transfer the file to the infected computer.
"The brave don't live forever, but the cautious don't live at all."
Fly2HMO From , joined Dec 1969, posts, RR: Reply 3, posted (3 years 1 month 2 weeks 2 days 10 hours ago) and read 2522 times:
The only place she could have gotten something like that was if she was visiting shady non-pg rated sites in the first place but I digress...
First off, need much more details, what's the OS? What antivirus or other protections are installed?
Quoting newark777 (Reply 1): Sounds like it's firmly entrenched. Reinstalling the OS is the probably best at that point, especially if she has a backup.
NEGATIVE. Do this as a last resort ONLY. The OS is not toast yet by any means. I'm talking from experience.
Quoting comorin (Thread starter): Have any of you experienced this, and is there a removal tool anywhere for this particular pest?
Run the system in safe mode before doing any of the following installations and/or scans.
signol From United Kingdom, joined Oct 2007, 2953 posts, RR: 7 Reply 4, posted (3 years 1 month 2 weeks 2 days 10 hours ago) and read 2506 times:
Trend Micro offer a free home-user virus scanner and cleanup tool: http://housecall.trendmicro.com/uk/
(I should say that I work for a security distributor, and Trend is one of the Enterprise products we sell. Other products are available)
Give it a go, it can't hurt if you're going to reinstall Windows anyway.
I once had a virus that used to give a popup, which would reboot the PC whenever you clicked "ok" on it. I googled the exact text in the popup, and found a tutorial on removing the virus - which files to delete, and which registry entries to edit (note: be very careful with registry edits!) Since then, no problems.
newark777 From United States of America, joined Dec 2004, 9348 posts, RR: 33 Reply 5, posted (3 years 1 month 2 weeks 2 days 10 hours ago) and read 2473 times:
Quoting Fly2HMO (Reply 3): NEGATIVE. Do this as a last resort ONLY. The OS is not toast yet by any means. I'm talking from experience.
I'm talking from experience as well, and since I always have everything completely backed up, if an issue arises it's easier to scrub everything and restore the system. It could take longer to research the programs and do all the scans, and it still might not fix it. Don't back up? Well, you get a wag of the finger, and hopefully a lesson is learned.
Fly2HMO From , joined Dec 1969, posts, RR: Reply 7, posted (3 years 1 month 2 weeks 2 days 10 hours ago) and read 2453 times:
Quoting newark777 (Reply 5):
I'm talking from experience as well, and since I always have everything completely backed up, if an issue arises it's easier to scrub everything and restore the system.
Sure that works too, yet doing what you do would take what, 1hr if you're lucky?
That's my last resort for many reasons. Although it could be good excuse for upgrading to a newer OS
Quoting CPH-R (Reply 6): If she has Windows installed, she could also give MSSE a shot.
It's worthless. Won't pick up a damn thing for me while all my other security programs will.
comorin From United States of America, joined May 2005, 4721 posts, RR: 17 Reply 8, posted (3 years 1 month 2 weeks 2 days 10 hours ago) and read 2440 times:
Guys, thank you for the many suggestions! She is running Windows Vista by the way. I may try and help out tomorrow and will let you know how it goes. I am still awaiting Klaus' suggestion...
btw will a system restore to an earlier date help?
newark777 From United States of America, joined Dec 2004, 9348 posts, RR: 33 Reply 9, posted (3 years 1 month 2 weeks 2 days 10 hours ago) and read 2411 times:
Quoting comorin (Reply 8): Guys, thank you for the many suggestions! She is running Windows Vista by the way. I may try and help out tomorrow and will let you know how it goes. I am still awaiting Klaus' suggestion...
I have a Mac as my primary computer as well (but have been using PCs for years also), but didn't want to be the douchey Apple fan everyone loves to hate.
Klaus From Germany, joined Jul 2001, 20899 posts, RR: 55 Reply 11, posted (3 years 1 month 2 weeks 2 days 9 hours ago) and read 2369 times:
Quoting Fly2HMO (Reply 10): Quoting comorin (Reply 8):
I am still awaiting Klaus' suggestion...
His solution is of course selling your soul to satan, err... Steve Jobs
I see I'm already getting burned in effigy, as usual. Reminds me of certain rituals in mid-east countries...
To the point: Stomping on it with various tools until you don't see anything happening any more may mean you've gotten rid of the obvious nuisance, but it does not mean that any keyloggers (password skimmers) and botnet services have really been removed. It is quite possible that there are multiple components to the malware, and some of it may not be obvious. Being thorough beyond the visible layer is probably a good idea.
Ryan h From Australia, joined Aug 2001, 1451 posts, RR: 1 Reply 12, posted (3 years 1 month 2 weeks 2 days 9 hours ago) and read 2367 times:
Quoting newark777 (Reply 5): Quoting Fly2HMO (Reply 3):
NEGATIVE. Do this as a last resort ONLY. The OS is not toast yet by any means. I'm talking from experience.
I'm talking from experience as well, and since I always have everything completely backed up, if an issue arises it's easier to scrub everything and restore the system. It could take longer to research the programs and do all the scans, and it still might not fix it. Don't back up? Well, you get a wag of the finger, and hopefully a lesson is learned.
Formatting the drive I have found is easuer (although can be a bit time consuming) than trying to get all the bits of the virus out, and once you have done that there is no gaurantee critical files have not been damaged.
JBirdAV8r From United States of America, joined Jun 2001, 4459 posts, RR: 22 Reply 13, posted (3 years 1 month 2 weeks 2 days 9 hours ago) and read 2349 times:
Quoting Fly2HMO (Reply 3): The only place she could have gotten something like that was if she was visiting shady non-pg rated sites in the first place
Not always true. There are "sites for the naive" that contain those kinds of things. The abyss that is Myspace is full of that crap.
Quoting Fly2HMO (Reply 3): NEGATIVE. Do this as a last resort ONLY. The OS is not toast yet by any means. I'm talking from experience
It may be drastic, but--all things considered--it's usally the best option.
Fly2HMO From , joined Dec 1969, posts, RR: Reply 14, posted (3 years 1 month 2 weeks 2 days 9 hours ago) and read 2340 times:
Quoting JBirdAV8r (Reply 13): It may be drastic, but--all things considered--it's usally the best option.
For the not-so-tech-savvy, perhaps. But doing a thorough manual removal of malware on your own and checking system integrity is really not that hard. Google has all the answers.
I've used this thing several times for entrenched files that don't seem to want to stop running, even after various attempts within Windows to shut them down. This thing kills and deletes them for good every time.
If you need someone to blame / throw a rock in the air / you'll hit someone guilty
ajd1992 From UK - England, joined Jul 2006, 2645 posts, RR: 6 Reply 17, posted (3 years 1 month 2 weeks 2 days 9 hours ago) and read 2296 times:
I'm part of the "backup & wipe" posse.
There's no other way it'll be properly gotten rid of, in my experience - and it's worth doing because you never know what else is lurking about in the PC.
OA412 From United States of America, joined Dec 2000, 4994 posts, RR: 25 Reply 18, posted (3 years 1 month 2 weeks 2 days 9 hours ago) and read 2278 times:
Quoting comorin (Thread starter): A friend of mine had her PC infected yesterday with some malware. It pops up a a lot of dialog boxes, disables task manager, and installs short cuts to porn sites. An initial attempt to clean up her machine worked, but the virus reappeared on booting up.
Have any of you experienced this, and is there a removal tool anywhere for this particular pest?
Thanks all.
I had a similar thing happen to my computer years ago. IIRC, it all came from an email I opened (by the way, talk about a good lesson in not opening email from people you don't know). Anyway, I ended up having to take it to a computer repair place, and they pretty much had to reinstall the OS and remove the virus (I did not have a backup as the computer was secondhand).
newark777 From United States of America, joined Dec 2004, 9348 posts, RR: 33 Reply 20, posted (3 years 1 month 2 weeks 2 days 8 hours ago) and read 2253 times:
LASoctoberB6 From Japan, joined Nov 2006, 2380 posts, RR: 1 Reply 21, posted (3 years 1 month 2 weeks 2 days 8 hours ago) and read 2249 times:
Quoting Fly2HMO (Reply 3): The only place she could have gotten something like that was if she was visiting shady non-pg rated sites in the first place but I digress...
comorin From United States of America, joined May 2005, 4721 posts, RR: 17 Reply 23, posted (3 years 1 month 2 weeks 2 days 8 hours ago) and read 2213 times:
Quoting Klaus (Reply 11): To the point: Stomping on it with various tools until you don't see anything happening any more may mean you've gotten rid of the obvious nuisance, but it does not mean that any keyloggers (password skimmers) and botnet services have really been removed. It is quite possible that there are multiple components to the malware, and some of it may not be obvious. Being thorough beyond the visible layer is probably a good idea.
Good points, will keep in in mind - appreciate your advice.
25 Aaron747: The key is knowing where to get really great stuff without putting one's system in harm's way. Fortunately the sites with the crappiest material seem
26 flanker: I am waiting for the apple crowd to show up here..
27 TSS: Well, here's one: And here's another: And then there's me. My few bits of advice on this subject have already been offered by my esteemed colleague M
30 JETSTAR: Have you tried running System Restore and back dating the computer to before the date she got the virus. A friend of mine opened an e-mail from a know
31 Fly2HMO: Your friend got lucky then. System Restore is not a reliable way of removing viruses or malware. The more aggressive types of these programs will not
32 Longhornmaniac: http://www.techsupportforum.com/secu...-center/virus-trojan-spyware-help/ You'll thank me later. I had a really vicious virus before I came to Oz, and
33 CPH-R: Even worse, you can have viruses & malware hide in old system restores, making your clean-up be in vain. Personally I've disabled system restore
34 comorin: I'd like to thank everyone for their valuable suggestions. The person involved decided to do a system restore against my better judgement and it seeme
35 MasterBean: I had this a few days ago. I didn't have the computer on for a day and when I turned it back on it had magically disappeared.
36 Confuscius: There's porn on the net? Interesting, I didn't know that.
Sponsor Message: 
From United States of America, joined May 2005, 4721 posts, 
but I digress...
From United Kingdom, joined Oct 2007, 2953 posts, 
From Denmark, joined May 2001, 5754 posts, 
From Germany, joined Jul 2001, 20899 posts, 
From Australia, joined Aug 2001, 1451 posts, 
From Japan, joined Aug 2003, 7735 posts, 
From UK - England, joined Jul 2006, 2645 posts, 
From Thailand, joined May 2000, 38587 posts, 
Printer friendly format 
