*pinging a computer genius. Help remove a stubborn virus.

synchronicity
synchronicity Posts: 1,415
edited August 2008 in Campaign
So the ol' computer managed to contract a virus this afternoon. :evil:

This has still not been rectified. HELP.

Downloading a program, went to install, when things went strange:
-Desktop changed colour.
-Sounds of HDD working overtime.
-Fake viral alert messages popping up.
-Browser homepage hijacked.

around this time I unplugged the ADSL connection. :roll:


That bought me enough time to figure out what had been affected:
Luckily nothing-s been deleted, apart from what was on the desktop. I did have a scary panick-attack moment when I thought half my my documents folder had gone | due to extremely slow loading, and most-recently-used folders appearing at the bottom|

Started running AVG virus scanner, it finally located a generic trojan virus. Supposedly removed them all, but extra desktop icons keep appearing from nowhere...

The worst part is that it COMPLETELY overrided my normal windows user profile.
-it removed by ability to see the control panel. It basically disappeared from all known access points. :?
-removed all references to local C + D hard drives... |that made searching tricky| :x
-removed the authorisation to edit the registry :shock:
-removed the authorisation to run the process manager (that's the worst part, I can't kill any running tasks) :shock:
-even removed the ability to access the desktop properties...
-slowed down the computer to the point of wanting to pull my hair out in frustration. :evil:
-added a fake "PC health centre" to the PC. :lol:


After 4 hours, the fekin' thing still has control. :| About all I can do is boot it up in windows safe mode, which I'm in now. That explains the lack of brakets and other type characters by the way |the keyboard symbols are completely messed around now|..... I-m wondering if it-s even worth tracking down. I don-t know where to look. Perhaps a re-format is in order? but this thing didn-t come with oem install discs :evil:

I-ve checked out the permission of the user profiles + everything else I can think of...

Suggestions for next course of action?

|and please don-t suggest installing norton, cause I-d rather live with the virus|

Comments

  • redvee
    redvee Posts: 11,922
    Not all the time but there are some things I scan with AVG before opening.
    I've added a signature to prove it is still possible.
  • peanut
    peanut Posts: 1,373
    I suggest you try to restore the PC to a date prior to contracting the virus.using windows restore.
    START CONTROL PANEL SYSTEM RESTORE
    before you do anything transfer any important files to a pen drive
    You could spend days trying to get rid of this . My advice is if a restore doesn't get rid of it then format the drive and re-install everything from scratch.
  • Stewie Griffin
    Stewie Griffin Posts: 4,330
    Bin AVG for a start, I wouldnt touch it with a barge pole. The below website has free removal software on the left of the page.

    http://eset.co.uk/?gclid=CJzWkYva6ZQCFQ6S1QodOR2sQQ

    Then purchase their AV software, I dont run the whole security package, just the AV software (NOD32).

    I thought that Windows wouldl stop you from formatting the C Drive?
  • peanut
    peanut Posts: 1,373
    Bin AVG for a start, I wouldnt touch it with a barge pole. The below website has free removal software on the left of the page.

    http://eset.co.uk/?gclid=CJzWkYva6ZQCFQ6S1QodOR2sQQ

    Then purchase their AV software, I dont run the whole security package, just the AV software (NOD32).

    I thought that Windows wouldl stop you from formatting the C Drive?

    an Anti virus software is not going to remove this particular virus Stewie because it is now firmly entrenched.
    These types use an executable file which changes its name to a regular file when searched for

    .They hide themselves from anti virus software and can even install themselves in your BIOS chip video bios chip and Memory sticks . You'll be wasting your time with this one , its too thorough. Its been carefully designed to frustrate and thwart you by an expert.
    Every time you re-boot the computer it will re-install the virus usually by going online and downloading it again whilst the PC is booting.

    I have done this for a living as well as a hobby for over 10 years and my advice would be do not waste days,evenings and weekends trying to remove it all you probably never will.

    Just salvage your files and format the drive .re-partition and re-install windows, drivers, software, ISP internet settings etc it will take several hours but you will be starting over with a perfect fresh install. Super quick operation. It will be a joy to use once again.

    If you need advice on how to do this you are welcome to PM me
  • synchronicity
    synchronicity Posts: 1,415
    Well after trying on and off for most of yesterday, I've been defeated.
    It's one of those clever ones that keeps re-installing itself. :x I did manage to put up a good fight, but there was no way for me to get my user permissions back! :evil:

    DVD backups were a bit clumsy...

    So I just purchased a 500Gb external drive for €70. Trouble is, it came formatted for FAT32, and then none of my 4Gb+ avi files could be transferred.

    Anyway, I´ll be backing up all my documents + some config files, etc in a few hours + reformatting the C drive later tonight. Knowing what I know about computer installations taking 5x longer than I always think, so I've set aside ALL of tomorrow to get it done.

    Looking forward to a fresh install!
  • peanut
    peanut Posts: 1,373

    Looking forward to a fresh install!

    wise move knowing when to cut your losses.
    Good luck with the install. Good opportunity to create partitions on the drive and keep one for only Windows and software. 10 Gb should be adequate.

    Copy all the essential windows files into a folder on the root of the C drive for future problems . It will save hunting out the disk evry time.

    When you have everything installed and configured I always use Norton's Ghost to make an exact bootable image of my drive and copy it to a gash 10Gb or 20Gb hard drive.
    stick it on the shelf.
    Next time your drive goes ti*'s up you can use Ghost to copy an instant bootable image back to your drive and be up and running fully configured in 3-4 minutes .
    Its saved my life many times .

    good luck
  • peanut
    peanut Posts: 1,373
    So I just purchased a 500Gb external drive for €70. Trouble is, it came formatted for FAT32, and then none of my 4Gb+ avi files could be transferred.
    !

    If you download Win 98SE boot disk files and copy them to a floppy or memory card or stick. boot the PC with new drive from the boot disk.

    Type in FDISK and you can partition the drive and re-format it for NTFS :lol:

    I then reboot and type FORMAT C:/S

    then when its finished formatting put Win CD in optical drive
    type SETUP wait until drive spins up and begins searching and hit the Enter key and off ya go.

    http://www.bootdisk.com/bootdisk.htm[
    url]http://www.pcguide.com/proc/setup/hdd-c.html[/url]


    .
  • redvee
    redvee Posts: 11,922
    Had the same prob as above with 4gb files and was told about this on another forum I frequent.

    simply open a command prompt and type
    convert drive_letter: /fs:ntfs
    replace "drive_letter" with the letter of the drive you want to convert.

    No need to format the HDD. Done this myslef but as a precaution I did copy everything I could off the HDD but there was no need to panic as I didn't lose anything.
    I've added a signature to prove it is still possible.
  • synchronicity
    synchronicity Posts: 1,415
    Thanks for the advice everyone.
    It's all sorted out now. :)
  • peanut
    peanut Posts: 1,373
    Thanks for the advice everyone.
    It's all sorted out now. :)

    glad to hear it. So did you do a restore or what ? your solution may be helpful to others
  • synchronicity
    synchronicity Posts: 1,415
    I backed up my entire "documents & settings" folder to an external hard drive (make sure it's formatted NTFS not FAT32)
    Then I reformatted everything & reinstalled my most essential software programs one by one.

    I disable system restore etc and can't be bothered with ghost images and whatnot.

    I had 2+ years worth of crap on my computer, so it became quite slow loading up.
    It's sped up considerably since I did the reformat.

    I had the perfect opportunity to load windows vista, but I thought it would make life more difficult, what with all my hardware that is almost 2 years old.
    Besides, I turn off all the fancy animated windows features anyway to speed up the performance a little bit. For instance, why the hell is there a 400ms menu delay by default on all versions of windows? I want my windows + menu to open and close instantly... anyway...

    I do recommend one thing:
    I forgot to back up my driver files (for the soundcard, etc) & they were difficult to find again. So if you do plan on doing this, at least have the model names written down from the device manager... I thought these days, things would be more automatic... :?


    The good news is that one of my HP laser printers now works again, with its brand new 5000-sheet capacity toner cartridge (after several windows auto-updates, it refused to work... I'm positive it was something to do with the USB interface and/or USB2 hub) :D
  • peanut
    peanut Posts: 1,373
    thanks that could be helpful to others.
    I'm an IT technician so I have access to all hardware,software, drivers,recovery programs, password keys, test equipment etc etc
    Whenever a client comes back with a HDD problem I have a copy of their drive image on a DVD which I can re-install in minutes. Its like a restore disk but much much more comprehensive.

    If you could be bothered with Ghost then you would save yourself and others all this grief the next time :lol:

    if you download the free software called Belarc Advisor
    http://www.belarc.com/free_download.html
    it will give you a full report of all your hardware and software and licence serial numbers etc
    It will help you find all the necessary drivers.Its non intrusive .
  • gtvlusso
    gtvlusso Posts: 5,112
    You have an even bigger virus called: Windows.

    Mmm Solaris - smell the unix and live forever.....

    Or if you are really nerdy: FTX - Fault Tolerant Unix on DNCP hardware..

    No gui, no problem! Linux it up baby - nice bit of Ubuntu to start the day.

    Where did my life go wrong?!