Page 1 of 2 12 LastLast
  1. #1
    Bitter Old Fart Dribble Joy's Avatar
    Join Date
    March 2003
    Location
    NF, getting pwned.
    Posts
    12,638

    Default [OT] DJ has a virus

    I've managed to pick up a rather nasty virus.

    It repeatedly closes all programs that are running and has nestled itself in the registry somewhere.
    I managed to delete the program I though was responsible (and got hold of a permanent file delete application to zap it) but it's still there.

    How could I DL and run that program?
    Well that's the wierd bit and kinda gives me some hope; It only affects one of the users on the computer, the rest are fine. So presumably it's in the user files somewhere.
    I'd rather not do a full re-instal, but I dont' want to leave it there.

    I've ran Adaware and Spybot, but neither found it.

    Any ideas?

  2. #2

    Default

    Quote Originally Posted by Dribble Joy
    I've ran Adaware and Spybot, but neither found it.

    Any ideas?
    adaware and spybot are anti-spyware, not anti-virus, you really need a virus scanner tbh

    if you need a free one, the windows live virus scanner is actually surprisingly good. Or you could use the mcaffee stinger (http://www.mcafee.com/us/downloads/f...-stinger.aspx), there are a number of other anti-virus solutions that are free, I've used avg in the past, but now I use the enterprise edition of mcafee from uni so haven't got any recent experience with other software

    this might help:
    http://en.wikipedia.org/wiki/List_of_antivirus_software
    ingame names: Biglines (dissy spy), Mr Tool (low tech tank), Engineer Tool (constructor), Medical Tool (ppu/hacker/poker), Father Tool (apu)

  3. #3
    Retired Danae's Avatar
    Join Date
    April 2001
    Location
    Home
    Posts
    1,441
    Blog Entries
    3

    Default

    I always use: http://housecall.trendmicro.com/ to scan for viruses @home

    McAfee @work.

  4. #4

    Default

    also, I'd recommend you stop using adaware, since the app has been bought up by a spammer, which means while it kills a lot of spyware, the new owner's spyware/adware is kept running (and might even be added, not sure)


    (this could ofc be old news by now)
    ingame names: Biglines (dissy spy), Mr Tool (low tech tank), Engineer Tool (constructor), Medical Tool (ppu/hacker/poker), Father Tool (apu)

  5. #5

    Default

    Easiest solution: install a fresh copy of Windows 7.
    It will keep all of your files and throw them in a Windows.old folder as long as you keep your files in sensible locations.
    It's good to do this every couple of months anyways. You never know what other kinds of nasty malware could be operating on your system, under the radar. (ie. evil CP botnets XC )
    Also, Windows tends to get bogged down with crap running in the background that you really don't need. This is a great way to consolidate the stuff you really need.

  6. #6

    Default

    take the disk out of computer buy a "USB disk enclosure" and put the disk in that, then attach it to a *different* PC *making sure to disable autoplay and not open any files on it* - then scan the disk without running anything from it, there is no way for the other computer to get infected if you dont actually open any of the files, and you can pick over everything in and get all the bad bits out then put it back in the other computer

    its better to always keep important stuff on an external disk rather than a computer because of crashes and viruses or if you want to go on holiday etc

  7. #7
    Bitter Old Fart Dribble Joy's Avatar
    Join Date
    March 2003
    Location
    NF, getting pwned.
    Posts
    12,638

    Default

    Housecall got one, but not the right one.

    In the end Malwarebytes got rid of it (and four other trojans).

  8. #8

    Default

    Quote Originally Posted by Dribble Joy
    Housecall got one, but not the right one.

    In the end Malwarebytes got rid of it (and four other trojans).
    if they were called trojans, you might not be rid of it, seeing as usually trojans are only the vehicle through which viruses or spyware are installed.

    Housecall might actually have deleted the actual virus, and then the trojans just reinstalled it, so I would suggest running housecall again.
    ingame names: Biglines (dissy spy), Mr Tool (low tech tank), Engineer Tool (constructor), Medical Tool (ppu/hacker/poker), Father Tool (apu)

  9. #9

    Default

    Quote Originally Posted by daughterolilith
    take the disk out of computer buy a "USB disk enclosure" and put the disk in that, then attach it to a *different* PC *making sure to disable autoplay and not open any files on it* - then scan the disk without running anything from it, there is no way for the other computer to get infected if you dont actually open any of the files, and you can pick over everything in and get all the bad bits out then put it back in the other computer

    its better to always keep important stuff on an external disk rather than a computer because of crashes and viruses or if you want to go on holiday etc
    this is not true, a lot of viruses write their propagation code into the boot sector, and even if you have autorun disabled, the computer reads that bit anyway. If you want to be save, run a livedisk of either windows or linux, and run virusscanners from the live disk. The livedisk OS is very difficult to be corrupted and as such makes it the perfect device for fully purging most virusses.
    ingame names: Biglines (dissy spy), Mr Tool (low tech tank), Engineer Tool (constructor), Medical Tool (ppu/hacker/poker), Father Tool (apu)

  10. #10
    DarK fo life bitchs! Genji's Avatar
    Join Date
    September 2004
    Location
    Nor Cal
    Posts
    286

    Default

    less pron dj!
    GENJI 4 PRESIDENT 2012 2016

  11. #11

    Default

    Quote Originally Posted by Biglines
    this is not true, a lot of viruses write their propagation code into the boot sector, and even if you have autorun disabled, the computer reads that bit anyway. If you want to be save, run a livedisk of either windows or linux, and run virusscanners from the live disk. The livedisk OS is very difficult to be corrupted and as such makes it the perfect device for fully purging most virusses.
    what's a livedisk do you mean like running it off a CD without installing it right? i've not heard it called that before though and didn't even know you could do it with windows?

  12. #12

    Default

    ye, BartPE makes it possible to do it with windows for those who still believe modern linux is hard to use (don't get me wrong, I use windows, not linux, it's just that for things like livedisks modern linux is prolly just as easy to use if not easier)

    you need your windows cd though to make it, as it needs to be made with a handy wizard. Linux livedisks can simply be downloaded and either put on a usb drive or a cd/dvd
    ingame names: Biglines (dissy spy), Mr Tool (low tech tank), Engineer Tool (constructor), Medical Tool (ppu/hacker/poker), Father Tool (apu)

  13. #13
    Loving Titan L0KI's Avatar
    Join Date
    January 2003
    Location
    Sheffield, UK
    Posts
    3,153

    Default

    Avira is pretty good mate; and free.

  14. #14

    Default

    The Microsoft Malicious Software Removal Tool has gotten rid of things for me that no other tool has been able to - highly recommended (even if you think you've already zapped it).

    I've also been using the Panda Cloud Antivirus for a while now, and haven't had a single problem.

    It's also worth having one of the LiveCD Linux distros on disk in case of emergencies. I dual-boot CrunchBang Linux (which is based on Debian) with Windows 7 and can't tell you how many times it's helped me fix issues with a Windows install.

  15. #15
    Bitter Old Fart Dribble Joy's Avatar
    Join Date
    March 2003
    Location
    NF, getting pwned.
    Posts
    12,638

    Default

    Used Malwarebytes and got rid of it, or at least stopped it actually doing the thing it was doing.

    Now though I see a new program in the startup list. I uncheck it - reboot and though it's still unchecked, there's a new one too.
    Managed to find it in the registry through regedit and deleted the entry.

    Oh, the MS website seems to be not working for me...

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •