Computer woes- yech!

Well, I wish I didn't have to go into to work today. When I left yesterday, my computer had been attacked by a virus or trojan or something like that. Whatever it was kept trying to install some sort of fake anti-virus app and it has also screwed things up so that the computer won't fully boot anymore.

It gets all the way to the point where the desktop is up, all my icons are there, but when the icons down next to the clock start appearing it keeps starting over. Everything disappears but my wallpaper and then it tries again, only to have the same thing happen over and over.

I'm self-employed so there's no IT department to call.

I'd like to be able to fix this myself if I can, but am not sure of the best way to approach it. Any suggestions?

My favorite way is Fdisk, format, reinstall the OS, and update the OS, then take a snapshot of the system onto a uSB hard drive using R-Drive Image.

I then install everyday applications and take another image.

Be sure to store your data files on a separate partition and back them up. I just bought a 16 GB USB Thumb drive at Fry's for $39. Great for data backup.

This way, I can restore my computer to pristine condition any time in a matter of minutes.

if it will allow you to get onto the web, download the free version of AVG

or IT kid doesn't believe in Anti-Virus software and when my computer caught a virus, he had me "restore" the computer to when my last restore point was....

see if you can restore it, if not try to download AVG, if that doesn't work then I'm out of suggestions.

Dip it Star-san!


I would bet this is the time to reformat. If you have the operating system disk, you can put it in the CD drive and reboot. It SHOULD autostart, unless the malicious ware has disabled that.

This means you will lose all of your data.

2nd thought. Reboot and press F keys until you get into a start up menu that has the option of Start in Safe Mode. If this works, you could try to run a virus scan of the harddrive and try to remove the virus.

Edit: Wow quick responses today !

Brew-Happy said:

Dip it Star-san!


I would bet this is the time to reformat. If you have the operating system disk, you can put it in the CD drive and reboot. It SHOULD autostart, unless the malicious ware has disabled that.

This means you will lose all of your data.

2nd thought. Reboot and press F keys until you get into a start up menu that has the option of Start in Safe Mode. If this works, you could try to run a virus scan of the harddrive and try to remove the virus.

Edit: Wow quick responses today !

Click to expand...

Dunkin Donuts coffee, got it free today so I'm ready to go.

Dude, we had the same problem. Download and run ComboFix. That fixed it for us.

McCall St. Brewer said:

Well, I wish I didn't have to go into to work today. When I left yesterday, my computer had been attacked by a virus or trojan or something like that. Whatever it was kept trying to install some sort of fake anti-virus app and it has also screwed things up so that the computer won't fully boot anymore.

It gets all the way to the point where the desktop is up, all my icons are there, but when the icons down next to the clock start appearing it keeps starting over. Everything disappears but my wallpaper and then it tries again, only to have the same thing happen over and over.

I'm self-employed so there's no IT department to call.

I'd like to be able to fix this myself if I can, but am not sure of the best way to approach it. Any suggestions?

Click to expand...

F8 at boot up and then select "Safe Mode with Networking"

That should at the least get you to your Destop and out of the loop. From there you should be able to download the softwares everyone speaks of or maybe just find a fix online for the virus you have.

Ditch Windows, install Linux. It's the best virus protection you can get.

You can try some virus/spyware apps, but sometimes they don't get rid of everything. If they don't, you're left with what EdWort suggested. Blow the thing out and start over.

hit F8 before windows starts and select safe mode
when windows starts.. you have a few things to try
1st update your antivirus/spyware program if it exists, and run a full scan
What Windows version do you have? XP or Vista?

it's probably Anti-spyware 2008 or Antivirus 2008 **** I saw at my last job.

Do a google for it and you'll find the removal tool, works pretty good.

I think it's classified as Malware.

Normal anti-virus scans and spyware (spybot S&D and Adaware) tools detect and remove it but not completely. At reboot you'll still have it along with the active desktop background wallpaper it likes to toss in on occasion. Safe mode will do the same thing with your spyware and anti-virus tools and you'll have it, yes... at bootup.

you won't get rid of it any other way.. it embeds itself pretty good.

I spent an entire day trying to get rid of a similar problem on my work pc the other week and just ended up formatting a reloading. Had the same problem with another workers computer just Monday and didn't even try just wiped and reloaded. It only takes a few hours.

my solution, and you might not like this but it can be cost effective if you rely on this PC for work, is to get a second harddrive and install windows, drivers, and basic software on it. keep the drive disconnected until your pc gets a virus then hook up the drive as the primary disk and boot from it. you will have an emergency copy of windows ready to go whenever you need it and still have access to all your files on the old drive plus you can run a virus scan on the old disk and maybe remove the virus.

GilaMinumBeer said:

F8 at boot up and then select "Safe Mode with Networking"

.

Click to expand...

Thats the way !!! Also once your in ... you may look to see what is loading on start up in the registry and delete anything that doesnt come up as OK on a google search. This is fairly easy but if your too bold ... you will screw up your machine. A google search will explain how to explore your "run" and "run once" registry settings. This is where a lot of evil can get launched from

brauhaus said:

if it will allow you to get onto the web, download the free version of AVG

or IT kid doesn't believe in Anti-Virus software and when my computer caught a virus, he had me "restore" the computer to when my last restore point was....

see if you can restore it, if not try to download AVG, if that doesn't work then I'm out of suggestions.

Click to expand...

Word of warning: MS restore points only rewind your configuration files. Any infected programs/scripts/etc remain and will reactivate upon use. It's handy when you installed a new app and windows gets unstable, but it should never be used to combat a virus/malware/spyware infection.

You can fight it, and likely win. But unless you are skilled at the process, you will spend far more time fighting than you would just rebuilding it. Save your data files (data only), format, reinstall. Be sure to scan your data files before opening or reloading them.

In the future, follow EdWorts advice. Image to an external drive periodically and whenever disaster strikes, just restore the last good image.

pldoolittle said:

Word of warning: MS restore points only rewind your configuration files. Any infected programs/scripts/etc remain and will reactivate upon use. It's handy when you installed a new app and windows gets unstable, but it should never be used to combat a virus/malware/spyware infection.

You can fight it, and likely win. But unless you are skilled at the process, you will spend far more time fighting than you would just rebuilding it. Save your data files (data only), format, reinstall. Be sure to scan your data files before opening or reloading them.

In the future, follow EdWorts advice. Image to an external drive periodically and whenever disaster strikes, just restore the last good image.

Click to expand...

yeah, I was never fond of our IT kids method, I knew that it wasn't a "failsafe" approach.

billtzk said:

Ditch Windows, install Linux. It's the best virus protection you can get.

Click to expand...

very true, however the only thing keeping me from switching is AutoCAD, 3Ds Max and a few other apps that I've only heard horror stories about.

Looks like someone is using IE!

Linux with FF3 and you will never have that problem

k1v1116 said:

my solution, and you might not like this but it can be cost effective if you rely on this PC for work, is to get a second harddrive and install windows, drivers, and basic software on it. keep the drive disconnected until your pc gets a virus then hook up the drive as the primary disk and boot from it. you will have an emergency copy of windows ready to go whenever you need it and still have access to all your files on the old drive plus you can run a virus scan on the old disk and maybe remove the virus.

Click to expand...

I'm wondering if this is my best solution now. A lot of the other things people suggested I can't do because I can't get it to boot up all the way. So I don't know how to back up any data or anything at this point.

Maybe I just need to put in a new hard drive, install Windows and then re-install all of my applications. Then I can put the hard drive in an external case and see about getting the data off of it.

If you go that route check out the IDE - SATA drive to USB adapter at Fry's for 15 bucks.

http://shop4.frys.com/product/5437099?site=sr:SEARCH:MAIN_RSLT_PG

I bought one specifically to get data off systems that won't boot. It's cheaper than an enclosure and you can even connect 2.5" notebook drives to it. A great tool for data recovery.

F8 on boot up and go to safemode with networking

go download this and run it. It will find various things and and remove them.

Then download Spybot search and destroy and run that to verify its clean.

If you find some files that it cannot delete you can get killbox here.

You will also want to run combofix depending on the level of infection.

You can also check out this guide for more info.

I'm a repair tech, and I refuse to "fix" spyware. Others in the office do it, I don't. When an infection occurs, the ONLY option I offer people is to backup files, zero-level format, reinstall Windows and antivirus and all security updates, and then to manually put back all of the user's data.

I'd either buy a new HD and put the old one in an enclosure (but go scan it for viruses on a coworker's protected computer BEFORE accidentally infecting your nice new clean one) or I'd buy an external HD to copy the drive to.

You can use the "Ultimate Boot CD for Windows" often called UBCD, to use a Ghost-like program to make a clone image of the drive.

Good luck to ya. Spyware sucks. It's making me consider a different career. I hate fixing this **** every day.

prevention, prevention, prevention.

make sure you're running

spybot search and distroy
ad-aware
avg

then hold F8 while you boot. boot into 'safe mode' and run all scans. when you're done reboot and enjoy the clean living.

option two: Quit downloading porn.

B

bad coffee said:

option two: Quit downloading porn.

Click to expand...

If only it were that simple. A recent google analysis shows that approx 1:10 websites today are hosting malware. I'll grant you that 90% of those are "free porn", and "warez", and "cheat codes", but there are a good many sites that have been hacked to push malware and the owners are clueless because the site isn't "broken"

Ok, here's the plan, then. I have a brand new hard drive and an XP cd. I'm going to put the new HD in the computer and install Windows on it. Then I'll put the old HD in a enclosure and scan it on another computer.

After that, try to figure out how to manually get as much of my non-backed-up data over to the new drive.

Then... and I think this is perhaps the most important thing, I'm going to put Linnux on a partition on the new drive so that I can boot either to it or Windows. I'll use Linnux for most of my time on the internet. I did that on a laptop a couple of months ago and it is amazingly stable. Some of the websites I frequent, such as a photography forum, aren't rendered perfectly by Firefox on Linnux, but at least I don't worry there about picking up all sorts of crud every time I go on the internet.

bad coffee said:

prevention, prevention, prevention.

option two: Quit downloading porn.

B

Click to expand...

I wish that were the case for me. I got it from a file in an ISO of a Lance Armstrong book I downloaded. AVG missed it when I scanned the ISO.

I'm a UNIX admin in real life, and have used linux at home for over 10 years. I am FORCED to use M$ at work on a workstation and I am very concerned with some of the new attacks and mal-ware coming out.
There are some that can be scanned 4 times by different tools and show up on the 5th. As the everyday tools we use become more complex, the security holes just exponentially grow.
I truly believe there are two types of computer users, those that have lost data, and those who will. AV, Intrusion detection, mirrored systems with hashed comparisions do not really prevent. They let you know when your screwed. Backups on a rotated basis will help, recover data after you wipe the drive and re-install, but it does not fix the problem that allowed you to be taken over. Have no doubt about it, on a networked system, if a file can be installed on your system and run, you no longer own that system, and all of your data now belongs to someone else.
Encryption is the answer to everything except the users bad habits, there is no cure for that. You know you just can't fix stupid, ignorant, etc.
With DNS cache poisoning, you may think your going to www.whitehouse.gov and end up anywhere. Personally, yea I think it might be nicer doing construction work if I could find it.

Word of warning: MS restore points only rewind your configuration files. Any infected programs/scripts/etc remain and will reactivate upon use. It's handy when you installed a new app and windows gets unstable, but it should never be used to combat a virus/malware/spyware infection.

Click to expand...

Actually it can be used to combat the virus if it puts you back to the point before the virus/malware installed itself, allowing you to actually boot and hunt it down...
Depending on the value of the data, there is no malware or virus that can't be stopped or cleaned, it depends on how much time you are willing to spend on it.

Once you get it up and running, you might want to back everything up, partition the HD (or get another one) and only run the OS on one small partition and store all your files on the other (as well as a thumb drive) Partition Magic lets you create a new partition without needing to reload the OS

Then get a non intrusive real time virus program (I use PREVX http://www.prevx.com ) to prevent future instances

budbo said:

Actually it can be used to combat the virus if it puts you back to the point before the virus/malware installed itself, allowing you to actually boot and hunt it down...

Click to expand...

No, because the viruses don't always create new/altered entries in the config files. The can/will replace legitimate system files with infected copies and since executable files are not replaced by a restore point, any calls to those files will perpetuate the virus.

Furthermore, since many viruses install hooks to hide themselves from virus detection tools (or modify the tools themselves), you could restore to a point where the system would boot again and then scan clean despite being infected.

The best way to eradicate a virus in situ is to boot from another media and scan/clean the system without executing ANY of the code present on the system itself. Even that isn't 100% certain, so I keep my data backed up and just "nuke & pave" it.

I keep my data backed up and just "nuke & pave" it.

Click to expand...

That's the way we get back into systems after being caught during security assesments.. inevitably the same exploit or vulnerability can be used after the "re-paved" box comes back on line.

I approach it from the standpoint of a security engineer (by trade) if we just "nuke & pave" we lose valuable information on the code, its source, and signature. Nuke and pave is the easy way to recover, but keeping the crap off your box in the first place is the goal. If you don't know where it came from and how you got it, nothing to stop you from putting it right back unless you slick all your files (then you would cry if it came from the web and you go back to that site).

By going to a roll back, if it lets you boot, you can track down the virus with a full system scan, or the process of elimination, a virus can hide anywhere it wants, but they can't remain hidden forever, so unless you know where it came from, slicking and reloading may or may not work, since it could be hiding in one of the files you backed up. even successfully installed root kits can be found if you know how to look for them.

you could restore to a point where the system would boot again and then scan clean despite being infected.

Click to expand...

Not likely for a virus that causes the system to constantly reboot during start up.

If the roll back didn't allow me in I'd boot off a Linux CD and scan from there.

Either way it's faster than reloading everything.

Is it antivirusXP 2008? I just removed that from two users' computers at work this week. It's not too bad to get rid of, and doesn't permanently screw anything up.

If you can get into safe mode, download HijackThis

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Run a scan, and post your log file. I can tell you what you need to have it fix.

Setup proper user isolation. A "regular" user doesn't need the ability to install software or alter system files. When users run their entire system as "admin" (or root!) the virii they download has admin permissions to mess with user files. Running a virus as a restricted user who does NOT have premission to alter system files does very little damage.