Loading ...
Sorry, an error occurred while loading the content.

Re: [multimachine] Re: Serious virus question

Expand Messages
  • Reid
    My family computer got virus. I did not want to reinstall. What is best way to get rid of virus. My kids use facebook. I did not like it. I have my own
    Message 1 of 11 , Jul 31, 2010
    • 0 Attachment
      My family computer got virus. I did not want to reinstall. What is best way to get rid of virus. My kids use facebook.  I did not like it. I have my own laptop. My wife use family computer and 
      she kind of complaint the computer is slow. I don't know where to start and what kind of virus did this family computer got. It is Win xp.

      Reid

      On Sat, Jul 31, 2010 at 8:55 PM, Pat <rigmatch@...> wrote:
       


      Thanks Ron

      Pat


      --- In multimachine@yahoogroups.com, "Ron Moore" <ron@...> wrote:
      >
      > Pat,
      > MRT will be in the \Windows\System32 folder
      > Respectfully,
      > Ron Moore
      >
      > ----- Original Message -----
      > From: Pat
      > To: multimachine@yahoogroups.com
      > Sent: Saturday, July 31, 2010 4:26 PM
      > Subject: [multimachine] Re: Serious virus question
      >
      >
      >
      > Thanks Dave
      >
      > You always come through!
      > Safestart got it to run well enough for CC to work. Windows Malicious Software Removal Tool downloads but then I can't find it! It is not where other downloads go. At least everything works.
      >
      > Thanks again
      >
      > Pat
      >
      > --- In multimachine@yahoogroups.com, "David G. LeVine" <dlevine@> wrote:
      > >
      > > On 07/31/2010 10:16 AM, Pat wrote:
      > > > The main MM computer (running AVG) got hit by a virus last night. I got a supposed Facebook message about one of our long time overseas members wanting to link to my (unused)Facebook page. As soon as I clicked on the link it downloaded a "security warning" virus (that got past AVG) that stops the computer from doing anything except click OK to accept the software.
      > > >
      > > > Any idea what to do?
      > > >
      > > > Pat
      > > >
      > >
      > > Yes,
      > >
      > > 1. Don't click on something unless you know what it is (since you
      > > don't use Facebook, why would you click on the link?)
      > > 2. Reboot the machine in SAFE mode, rescan then. That might catch it.
      > > 3. Try tools like CC (Crap Cleaner), Windows Malicious Software
      > > Removal Tool, Malware Bytes, etc. Some of then may find the
      > > source. _/*DONOT use "anti-malware", at least 1 version, in the
      > > wild, is a Trojan Horse!*/_
      > > 4. Never assume a file is what it claims to be (e.g. there are .EXE
      > > files named *.GIF.EXE which will do a lot of damage.) Trust, but
      > > verify!
      > > 5. If you want viri, use Grouply to expose your passwords, etc. on
      > > the Internet.
      > > 6. You were not hit with a virus, technically what got you is a
      > > Trojan Horse, a program masquerading as a different program.
      > >
      > > Of course, if all else fails, revert to an earlier snapshot of the OS
      > > (Windows XP or later Micro$oft OSes) using the recovery tool. If that
      > > doesn't work, it is OS RELOAD time and backup restore time. You have
      > > been keeping backups, haven't you?
      > >
      >


    • David G. LeVine
      ... While really a better topic for Simply Computers, the simplest way is IF it will still connect to the Internet, Panda Security has a tool called Active
      Message 2 of 11 , Aug 1, 2010
      • 0 Attachment
        On 08/01/2010 01:18 AM, Reid wrote: My family computer got virus. I did not want to reinstall. What is best way to get rid of virus. My kids use facebook.  I did not like it. I have my own laptop. My wife use family computer and 
        she kind of complaint the computer is slow. I don't know where to start and what kind of virus did this family computer got. It is Win xp.

        Reid

        While really a better topic for Simply Computers, the simplest way is IF it will still connect to the Internet, Panda Security has a tool called Active Scan which is pretty good at getting viri.  It is the right price (FREE), but will not get all malware.

        Once you have cleaned out viri, look at things like CrapCleaner, Malware Bytes, Lavasoft, etc. to remove other malware.  There are some Trojan Horses (like AntiMalware) which are really bad, but the biggies are okay.

        This will (hopefully) get you to a state where the desired programs will either be there or can be reinstalled.  Then do a "restore point" for Windows System Restore.  It won't always work, but it generally will save you a lot of work.
      • Joe Veazey
        One of the machines here at my home got hit by this yesterday. It was my son s girlfriend s machine, and had no antivirus protect of any kind. I did a Safe
        Message 3 of 11 , Aug 1, 2010
        • 0 Attachment

          One of the machines here at my home got hit by this yesterday. It was my son’s girlfriend’s machine, and had no antivirus protect of any kind.

           

          I did a Safe Boot, and then checked to see if it had any recent System Restore Checkpoints. Luckily, the automatic checkpoint process had taken one just that morning. I restored from that System Restore checkpoint, and rebooted, and all was good.

           

          I then installed Spybot Search and Destroy (SpyBotSD) and did complete scans and immunization. That should prevent any reinfections. I’ve been using SpyBotSD for several years on my own machines.

           

           

          The Trojan Horse software does its best to try and prevent you from removing it. It disables the Internet Options app in the Control Panel, it points all Internet communications to itself, so you can’t download anything to remove the Trojan, it disables the Alt-Cntl-Del functions, messes with the registry, the Start folder, and other things.

           

          The only way to reboot is to physically cut power to the machine. Wait a few seconds, plug it back in, and start hitting the F8 key to get to Windows Safe Boot. Your boot process will be a lot slower and take a lot longer than usual, both because of the Safe Boot process, and the Trojan. When the Safe Boot finishes and goes to the Starting Windows screen, be very very patient. The Trojan does its best to convince you the system is locked up, but give it 15 minutes or longer and eventually you can get to the Safe Boot Windows Desktop.

           

          Immediately do the Restore from System Checkpoint via the Help and Support function in the Start menu. Pick the most recent System Restore point, and restore it.

           

          Again, this will take a very long time because the Trojan is slowing things down. Eventually, with luck, the restore will complete and will automatically reboot Windows. If it reboots at a normal speed, then the Trojan has been vanquished.

           

          At this point I suggest installing some good anti-spyware software, above and beyond your virus protection.

           

        • Pat
          Thanks Guys To put it mildly, your help was wonderful!
          Message 4 of 11 , Aug 1, 2010
          • 0 Attachment
            Thanks Guys
            To put it mildly, your help was wonderful!

            --- In multimachine@yahoogroups.com, "David G. LeVine" <dlevine@...> wrote:
            >
            > On 08/01/2010 01:18 AM, Reid wrote:
            > >
            > >
            > > My family computer got virus. I did not want to reinstall. What is
            > > best way to get rid of virus. My kids use facebook. I did not like
            > > it. I have my own laptop. My wife use family computer and
            > > she kind of complaint the computer is slow. I don't know where to
            > > start and what kind of virus did this family computer got. It is Win xp.
            > >
            > > Reid
            >
            > While really a better topic for Simply Computers, the simplest way is IF
            > it will still connect to the Internet, Panda Security has a tool called
            > Active Scan <http://www.pandasecurity.com/activescan/index/> which is
            > pretty good at getting viri. It is the right price (FREE), but will not
            > get all malware.
            >
            > Once you have cleaned out viri, look at things like CrapCleaner, Malware
            > Bytes, Lavasoft, etc. to remove other malware. There are some Trojan
            > Horses (like AntiMalware
            > <http://www.2-spyware.com/remove-antimalware.html>) which are really
            > bad, but the biggies are okay.
            >
            > This will (hopefully) get you to a state where the desired programs will
            > either be there or can be reinstalled. Then do a "restore point" for
            > Windows System Restore. It won't always work, but it generally will
            > save you a lot of work.
            >
          Your message has been successfully submitted and would be delivered to recipients shortly.