Laptop has virus, need help

The Big Cheese

Righto, my laptop has a virus, I don't know how it got on as I run MS Security Essentials, but it did... it has done the usual:

Replaced my desktop with a massive WARNING sign and a load of text saying my PC is infected.

Removed my dock

It has rendered anything useless, ie I cannot run malware bytes/MS Security Essentials/AVG

I booted up in safe mode (which it is on now) and ran MS SE and Malware bytes, it found some Malware etc and removed it (or so I thought)

When I restarted it, it's still there, and it won't let me do a damn thing to get rid of it.

When in safe mode, I downloaded MS SE/Malware Bytes and AVG to re-install when in normal mode (I put them on a memory stick and tried to install them)

.. all to no avail.

Any experts out there that can tell me what to do? Do I need to do something else?

I am running WIndows 7 home premium 64 bit.

Will I need to reinstall the OS/do a wipe (I have backed up my data on memory stick whilst in safe mode)

I am a bit of a luddite, so will need 'an idiots guide' as to how to achieve this.

Thanks in advance.

blister pus

If you can't run updated SuperAntiSpyware and AntiVir at all, then it's going to be easiest for you to just format and reinstall if you're not losing anything. Install those two and update as soon as you've reinstalled. You could be there forever tracking shit down if you've got multiple infections without someone who knows what they're doing physically looking at it.

The Big Cheese

blister pus wrote:

If you can't run updated SuperAntiSpyware and AntiVir at all, then it's going to be easiest for you to just format and reinstall if you're not losing anything. Install those two and update as soon as you've reinstalled. You could be there forever tracking shoot down if you've got multiple infections without someone who knows what they're doing physically looking at it.

Cheers!

I am dowloading the above items now, to see if they work. Will get back to you.

I am normally pretty careful, I really don't know how this happened.. !?!? :?

EDIT: If I run the above searches/Apps in safemode, is that OK? Or do I need to run them in normal mode (which this virus will not let me do)

Andy

Too many naughty sites

The Big Cheese

Andy wrote:

Too many naughty sites

LOL......

Actually this wasn't the case *this time*

blister pus

The Big Cheese wrote:

EDIT: If I run the above searches/Apps in safemode, is that OK? Or do I need to run them in normal mode (which this virus will not let me do)

Run them however you can, if you can, normal mode first then if not, safe. if you can't, you know what to do.

The Big Cheese

blister pus wrote:

The Big Cheese wrote:

EDIT: If I run the above searches/Apps in safemode, is that OK? Or do I need to run them in normal mode (which this virus will not let me do)

Run them however you can, if you can, normal mode first then if not, safe. if you can't, you know what to do.

If I need to reinstall the OS (I have the Windows 7 upgrade disk (from Vista) ) what is the process for reinstallation? And also what about all the drivers needed etc (I should have these somewhere)

Sorry for the luddite questions, although I work with PCs I don't know a lot about how to fix them.

:oops:

blister pus

If it's still a Dell machine then use Dells recovery procedure. If the machine had a windows 7 upgrade slapped on top and still has Dell partitions then you start from scratch and upgrade again same way. If machine was physically wiped of all Dell partitions and is a straight Windows machine then install Vista and then 7 upgrade and hit windows update that should cover you for main drivers.

The Big Cheese

blister pus wrote:

If it's still a Dell machine then use Dells recovery procedure. If the machine had a windows 7 upgrade slapped on top and still has Dell partitions then you start from scratch and upgrade again same way. If machine was physically wiped of all Dell partitions and is a straight Windows machine then install Vista and then 7 upgrade and hit windows update that should cover you for main drivers.[/quote

Cheers.

Its a Dell machine, which came with Vista pre-installed (no actual Vista disk)

they then sent me a windows 7 upgrade disk which I installed myself.

That's pretty much the history of the PC.

What is Dells recovery procedure..... ?

Thanks for your help.

blister pus

Inspiron? Model? Sure no Dell disk?

chedabob

Hitman Pro

Sounds like you've got a rootkit so you'd be better off just backing up what you can and formatting.

The Big Cheese

blister pus wrote:

Inspiron? Model? Sure no Dell disk?

Inspiron 1750

Yep, have some Dell branded disks.. :oops:

I got my wires crossed, are they what I need to reinstall? Then the Windows 7 upgrade disk... ?

blister pus

get all the disks out read what's on them / shove 'em in the hole to spin up. scan through the options and look for format / reinstall. should all be on those dell disks.

alexz

I sometimes run a rescue utility from a CD, such as http://www.avg.com/ca-en/avg-rescue-cd . That site lets you download an ISO file, which can be burned to a CD (using Infrarecorder or other cd burning app) or to make a bootable USB.
Booting from a CD is the easier option, as booting from USB sometimes requires changing stuff in BIOS to allow boot from USB.. and sometimes isn't possible.


I'd give the AVG rescue CD a shot, let it run, do a scan, and let it clean things up.

After that, you should be able to reinstall the MS Security Essentials again.

If you want to use a USB stick to boot a rescue solution, I'd use unetbootin ( http://unetbootin.sourceforge.net/ )to make a USB stick bootable, and let it install something user friendly like the F-Secure, AVG, or Bitdefender rescue CD's.

Once your pc is up and running again, I'd suggest reinstalling your MS Security Essentials, or try installing the new Adaware from www.Lavasoft.de (it has virus scanning ability)

The Big Cheese

All Sorted BP!!!

I used and ran the SuperAntiSpyware and it got rid!!!!

Phew - thanks a lot fella!

blister pus

Cool beans baby! Now make sure you do a full system scan with AntiVir (making sure you're fully up to date) and do the same again with SAS (superantispyware) full system scan, fully up to date. And keep an eye on it. Report back

Anonymous

The Big Cheese wrote:

Andy wrote:

Too many naughty sites

LOL......

Actually this wasn't the case *this time*

It's pretty much the only way. Drive by downloads. You would have got a thingummy asking if you want to download or install something, and you said yes.
Or you're using firefox.

nicklouse

for fun i downloaded SuperAntiSpyware and did a scan. clean except for the odd tracing cookie.

yeehaamcgee
and that is with FF

Anonymous

There's a currently active exploit for firefox which remains largely unpatched, allowing remote code to be executed.
I'm sure it will be patched soon.

blister pus

yeehaamcgee wrote:

There's a currently active exploit for firefox which remains largely unpatched, allowing remote code to be executed.
I'm sure it will be patched soon.

Let's have a look at the security report for that exploit.

Will Snow

how the hell did the whole conversation go without getting some smug git appearing and saying "buy a mac"??

Anonymous

Sure, I'll see if I can find the site, I was reading it on Friday. There was some anger towards Mozilla, because they seemed a little unclear as to what platforms the issue was present on. Turns out it was everything, including Unix/Linux OSX and Windows, although it was only being exploited on windows - so far.

(It might have been patched by now, but there was definitely a period of time when there was a security risk)

The Big Cheese

Yehaa, I am indeed running FireFox. I didn't click on anything, just went all crazy on me... very odd.

I must admit, I am impressed with the SuperAntiSpyware download.

blister pus

The Big Cheese wrote:

Yehaa, I am indeed running FireFox. I didn't click on anything, just went all crazy on me... very odd.

I must admit, I am impressed with the SuperAntiSpyware download.

If you haven't run an updated AntiVir full system scan and then re-run SAS full system scan the initial scan won't be worth a crap, Cheesey. How far did you get with that?

The only new alleged exploit I know of is a Zero day flaw but that's been shown to be bollocks as the researcher claiming to have found it won't provide any detail at all to anyone least of all mozilla

Anonymous

Nah, this one was acknowledged by Mozilla. Firefox 4 wasn't affected, but most of the version 3.x were iirc.

blister pus

http://www.mozilla.org/security/known-v ... fox36.html

That's the current Security Advisories for Firefox 3.6.13 and they're just vulnerabilities (ie, not exploited). You'd expect another point release imminent.

The Big Cheese

blister pus wrote:

The Big Cheese wrote:

Yehaa, I am indeed running FireFox. I didn't click on anything, just went all crazy on me... very odd.

I must admit, I am impressed with the SuperAntiSpyware download.

If you haven't run an updated AntiVir full system scan and then re-run SAS full system scan the initial scan won't be worth a crap, Cheesey. How far did you get with that?

The only new alleged exploit I know of is a Zero day flaw but that's been shown to be bollocks as the researcher claiming to have found it won't provide any detail at all to anyone least of all mozilla

I ran a full SAS scan and Fulll AntiVir scan, and nothing was found, everything is now superfast.

I did a disk defrag, ran CC cleaner, and ran the above tests, all is good in the hood.

jrduquemin

The Big Cheese wrote:

Andy wrote:

Too many naughty sites

LOL......

Actually this wasn't the case *this time*

Riiiiiight, that's what they all say ;-)

If you run msconfig whilst in safe mode and go to the Startup tab, you will see all the programs that are loaded into memory when you log in. You will need to look for anything that you don't recognise i.e. random named files and disable them. When you restart into safe mode again, they will be disabled and should then allow you to install spybot or whichever software you need.

Anonymous

blister pus wrote:

http://www.mozilla.org/security/known-vulnerabilities/firefox36.html

That's the current Security Advisories for Firefox 3.6.13 and they're just vulnerabilities (ie, not exploited). You'd expect another point release imminent.

Nah, it's not the one I read. I cannot for the life of me remember where the hell it was though :?
It wasn't just 3.6.13, it was pretty much all 3.x versions.

blister pus

I can't track it down either and it's not at the security centre and they're usually on the pulse and it's not the 'talk of the town' but if it does manifest itself as a real threat it'll be dealt with accordingly, a patch on it's own, or as part of a rolling point release, depending on deemed severity.

Anonymous

I am very confused. I must have been tripping balls or something :?