Laptop has virus, need help

The Big Cheese
The Big Cheese Posts: 8,651
edited February 2011 in The hub
Righto, my laptop has a virus, I don't know how it got on as I run MS Security Essentials, but it did... it has done the usual:

Replaced my desktop with a massive WARNING sign and a load of text saying my PC is infected.

Removed my dock

It has rendered anything useless, ie I cannot run malware bytes/MS Security Essentials/AVG

I booted up in safe mode (which it is on now) and ran MS SE and Malware bytes, it found some Malware etc and removed it (or so I thought)

When I restarted it, it's still there, and it won't let me do a damn thing to get rid of it.

When in safe mode, I downloaded MS SE/Malware Bytes and AVG to re-install when in normal mode (I put them on a memory stick and tried to install them)

.. all to no avail.

Any experts out there that can tell me what to do? Do I need to do something else?

I am running WIndows 7 home premium 64 bit.

Will I need to reinstall the OS/do a wipe (I have backed up my data on memory stick whilst in safe mode)

I am a bit of a luddite, so will need 'an idiots guide' as to how to achieve this.

Thanks in advance.

Comments

  • blister pus
    blister pus Posts: 5,780
    If you can't run updated SuperAntiSpyware and AntiVir at all, then it's going to be easiest for you to just format and reinstall if you're not losing anything. Install those two and update as soon as you've reinstalled. You could be there forever tracking shit down if you've got multiple infections without someone who knows what they're doing physically looking at it.
  • The Big Cheese
    The Big Cheese Posts: 8,651
    edited February 2011
    If you can't run updated SuperAntiSpyware and AntiVir at all, then it's going to be easiest for you to just format and reinstall if you're not losing anything. Install those two and update as soon as you've reinstalled. You could be there forever tracking shoot down if you've got multiple infections without someone who knows what they're doing physically looking at it.

    Cheers!

    I am dowloading the above items now, to see if they work. Will get back to you.

    I am normally pretty careful, I really don't know how this happened.. !?!? :?

    EDIT: If I run the above searches/Apps in safemode, is that OK? Or do I need to run them in normal mode (which this virus will not let me do)
  • Andy
    Andy Posts: 8,207
    Too many naughty sites ;)
  • Andy wrote:
    Too many naughty sites ;)

    LOL...... :lol:

    Actually this wasn't the case *this time* :lol:
  • blister pus
    blister pus Posts: 5,780

    EDIT: If I run the above searches/Apps in safemode, is that OK? Or do I need to run them in normal mode (which this virus will not let me do)

    Run them however you can, if you can, normal mode first then if not, safe. if you can't, you know what to do.

  • EDIT: If I run the above searches/Apps in safemode, is that OK? Or do I need to run them in normal mode (which this virus will not let me do)

    Run them however you can, if you can, normal mode first then if not, safe. if you can't, you know what to do.

    If I need to reinstall the OS (I have the Windows 7 upgrade disk (from Vista) ) what is the process for reinstallation? And also what about all the drivers needed etc (I should have these somewhere)

    Sorry for the luddite questions, although I work with PCs I don't know a lot about how to fix them.

    :oops:
  • blister pus
    blister pus Posts: 5,780
    If it's still a Dell machine then use Dells recovery procedure. If the machine had a windows 7 upgrade slapped on top and still has Dell partitions then you start from scratch and upgrade again same way. If machine was physically wiped of all Dell partitions and is a straight Windows machine then install Vista and then 7 upgrade and hit windows update that should cover you for main drivers.
  • If it's still a Dell machine then use Dells recovery procedure. If the machine had a windows 7 upgrade slapped on top and still has Dell partitions then you start from scratch and upgrade again same way. If machine was physically wiped of all Dell partitions and is a straight Windows machine then install Vista and then 7 upgrade and hit windows update that should cover you for main drivers.[/quote

    Cheers.

    Its a Dell machine, which came with Vista pre-installed (no actual Vista disk)

    they then sent me a windows 7 upgrade disk which I installed myself.

    That's pretty much the history of the PC.

    What is Dells recovery procedure..... ?

    Thanks for your help.
  • blister pus
    blister pus Posts: 5,780
    Inspiron? Model? Sure no Dell disk?
  • chedabob
    chedabob Posts: 1,133
    Hitman Pro

    Sounds like you've got a rootkit so you'd be better off just backing up what you can and formatting.
  • Inspiron? Model? Sure no Dell disk?

    Inspiron 1750

    Yep, have some Dell branded disks.. :oops:

    I got my wires crossed, are they what I need to reinstall? Then the Windows 7 upgrade disk... ?
  • blister pus
    blister pus Posts: 5,780
    get all the disks out read what's on them / shove 'em in the hole to spin up. scan through the options and look for format / reinstall. should all be on those dell disks.
  • alexz
    alexz Posts: 13
    I sometimes run a rescue utility from a CD, such as http://www.avg.com/ca-en/avg-rescue-cd . That site lets you download an ISO file, which can be burned to a CD (using Infrarecorder or other cd burning app) or to make a bootable USB.
    Booting from a CD is the easier option, as booting from USB sometimes requires changing stuff in BIOS to allow boot from USB.. and sometimes isn't possible.


    I'd give the AVG rescue CD a shot, let it run, do a scan, and let it clean things up.

    After that, you should be able to reinstall the MS Security Essentials again.

    If you want to use a USB stick to boot a rescue solution, I'd use unetbootin ( http://unetbootin.sourceforge.net/ )to make a USB stick bootable, and let it install something user friendly like the F-Secure, AVG, or Bitdefender rescue CD's.

    Once your pc is up and running again, I'd suggest reinstalling your MS Security Essentials, or try installing the new Adaware from www.Lavasoft.de (it has virus scanning ability)
  • All Sorted BP!!! :D

    I used and ran the SuperAntiSpyware and it got rid!!!!

    Phew - thanks a lot fella! :D
  • blister pus
    blister pus Posts: 5,780
    Cool beans baby! Now make sure you do a full system scan with AntiVir (making sure you're fully up to date) and do the same again with SAS (superantispyware) full system scan, fully up to date. And keep an eye on it. Report back
  • Anonymous
    Anonymous Posts: 79,667
    Andy wrote:
    Too many naughty sites ;)

    LOL...... :lol:

    Actually this wasn't the case *this time* :lol:
    It's pretty much the only way. Drive by downloads. You would have got a thingummy asking if you want to download or install something, and you said yes.
    Or you're using firefox.
  • nicklouse
    nicklouse Posts: 50,675
    for fun i downloaded SuperAntiSpyware and did a scan. clean except for the odd tracing cookie.

    yeehaamcgee
    and that is with FF
    "Do not follow where the path may lead, Go instead where there is no path, and Leave a Trail."
    Parktools :?:SheldonBrown
  • Anonymous
    Anonymous Posts: 79,667
    There's a currently active exploit for firefox which remains largely unpatched, allowing remote code to be executed.
    I'm sure it will be patched soon.
  • blister pus
    blister pus Posts: 5,780
    There's a currently active exploit for firefox which remains largely unpatched, allowing remote code to be executed.
    I'm sure it will be patched soon.

    Let's have a look at the security report for that exploit.
  • Will Snow
    Will Snow Posts: 1,154
    how the hell did the whole conversation go without getting some smug git appearing and saying "buy a mac"??
    i ride a hardtail
  • Anonymous
    Anonymous Posts: 79,667
    Sure, I'll see if I can find the site, I was reading it on Friday. There was some anger towards Mozilla, because they seemed a little unclear as to what platforms the issue was present on. Turns out it was everything, including Unix/Linux OSX and Windows, although it was only being exploited on windows - so far.

    (It might have been patched by now, but there was definitely a period of time when there was a security risk)
  • Yehaa, I am indeed running FireFox. I didn't click on anything, just went all crazy on me... very odd.

    I must admit, I am impressed with the SuperAntiSpyware download.
  • blister pus
    blister pus Posts: 5,780
    Yehaa, I am indeed running FireFox. I didn't click on anything, just went all crazy on me... very odd.

    I must admit, I am impressed with the SuperAntiSpyware download.

    If you haven't run an updated AntiVir full system scan and then re-run SAS full system scan the initial scan won't be worth a crap, Cheesey. How far did you get with that?

    The only new alleged exploit I know of is a Zero day flaw but that's been shown to be bollocks as the researcher claiming to have found it won't provide any detail at all to anyone least of all mozilla
  • Anonymous
    Anonymous Posts: 79,667
    Nah, this one was acknowledged by Mozilla. Firefox 4 wasn't affected, but most of the version 3.x were iirc.
  • blister pus
    blister pus Posts: 5,780
    http://www.mozilla.org/security/known-v ... fox36.html

    That's the current Security Advisories for Firefox 3.6.13 and they're just vulnerabilities (ie, not exploited). You'd expect another point release imminent.
  • Yehaa, I am indeed running FireFox. I didn't click on anything, just went all crazy on me... very odd.

    I must admit, I am impressed with the SuperAntiSpyware download.

    If you haven't run an updated AntiVir full system scan and then re-run SAS full system scan the initial scan won't be worth a crap, Cheesey. How far did you get with that?

    The only new alleged exploit I know of is a Zero day flaw but that's been shown to be bollocks as the researcher claiming to have found it won't provide any detail at all to anyone least of all mozilla

    I ran a full SAS scan and Fulll AntiVir scan, and nothing was found, everything is now superfast.

    I did a disk defrag, ran CC cleaner, and ran the above tests, all is good in the hood.
  • Andy wrote:
    Too many naughty sites ;)

    LOL...... :lol:

    Actually this wasn't the case *this time* :lol:

    Riiiiiight, that's what they all say ;-)

    If you run msconfig whilst in safe mode and go to the Startup tab, you will see all the programs that are loaded into memory when you log in. You will need to look for anything that you don't recognise i.e. random named files and disable them. When you restart into safe mode again, they will be disabled and should then allow you to install spybot or whichever software you need.
    2010 Lynskey R230
    2013 Yeti SB66
  • Anonymous
    Anonymous Posts: 79,667
    http://www.mozilla.org/security/known-vulnerabilities/firefox36.html

    That's the current Security Advisories for Firefox 3.6.13 and they're just vulnerabilities (ie, not exploited). You'd expect another point release imminent.
    Nah, it's not the one I read. I cannot for the life of me remember where the hell it was though :?
    It wasn't just 3.6.13, it was pretty much all 3.x versions.
  • blister pus
    blister pus Posts: 5,780
    I can't track it down either and it's not at the security centre and they're usually on the pulse and it's not the 'talk of the town' but if it does manifest itself as a real threat it'll be dealt with accordingly, a patch on it's own, or as part of a rolling point release, depending on deemed severity.
  • Anonymous
    Anonymous Posts: 79,667
    I am very confused. I must have been tripping balls or something :?