Jump to content
Washington Football Team Logo
Extremeskins

Potential Virus download.... any help guys?


Cskin

Recommended Posts

Hey guys... buddy at work here hit a porn banner that has effed up his system. It boots up... but then comes up with a memory window and then a new window saying the system is shutting down due to NT AUTHORITY. Anyone know what this is?

Also... how can I boot up his system in safe mode and try to get this thing off.... any ideas?

All Computer ESers to the rescue....

Link to comment
Share on other sites

At work? Do you work for a pornography company? ;)

Anyways, booting into safe mode usually requires you to keep tapping F8 during the boot process. If you tap too soon, it may say something like "keyboard error", so keep that in mind.

Select safe mode.

Find out if its something that can simply be removed from msconfig (Start menu -> run -> "msconfig" -> check to see if anything looks suspect like boobies.exe . be very careful though, especially when workin' on a work computer)

Your best bet would probably be to download HiJackThis and send us the log ( http://www.merijn.org/downloads.html ) and from there we might be able to deterine the malware, assuming it can be detected in safemode.

Link to comment
Share on other sites

I'd second the recomendation: Download HijackThis to a clean computer. Burn a CD, and use that CD to load the program on the infected computer.

(Potential drawback: IIR, most computers, in safe mode, don't have drivers for the CD drive.)

One question: If there isn't any important information on the computer, and the computer has a "recovery" cd or capability, then simply wiping it clean is a quick easy, and very reliable solution. (Unfortunately, most people have information on their system. But if you're the exception, then it's a quick and easy fix.)

If your system can't use the CD in safe mode, (and if you can't access the net in safe mode), and you feel like being a tech, you can

  • Pull the hard drive.
  • Install it as the second hard drive in a clean computer.
  • Use the clean computer to copy HijackThis to the infected drive.
  • (While you're at it, this would be a cood time, if there's important information on the drive, to use the clean system to copy the important data. Like, to a CD.)
  • Then put the infected drive back in the infected system, and boot in safe mode, and run HijackThis.

Link to comment
Share on other sites

Download the following programs:

Ad-Aware

SpyBot Search and Destroy

CCleaner

HijackThis

Run Ad-Aware (update patches before running)

Run SpyBot (update patches)

Reboot to safe mode:

Run Ad-Aware again

Run SpyBot again

Run CCleaner

Run Hijack This

This may be overkill for your current situation, but I use this formula whenever I get spyware, and it works everytime. Also, might want to download Windows Defender Beta (microsoft has it on their site). And tell your co-worker to stop surfing porn at work!

Link to comment
Share on other sites

The thing about HijackThis is: It doesn't do a thing on it's own, and it has no "brains" whatsoever.

All it does is give you a dump of every single thing that's in every single place that viruses, hijackers, and spyware like to install.

For example, it will show you every single program that's configured to run automatically when your computer starts up. This is where a lot of spyware installs. It's also where your anti-virus installs. HijackThis will list both of them.

It takes a person with judgement to decide which things to get rid of and what's safe.

It's a really powerfull tool, and because it doesn't rely on "threat lists" (or what I refer to as "wanted posters") you don't have to download updated lists every week. (And you're not at the mercy of things that haven't made it on the list, yet.)

OTOH, get rid of the wrong things, and you may render your system completely un-bootable.

Link to comment
Share on other sites

The thing about HijackThis is: It doesn't do a thing on it's own, and it has no "brains" whatsoever.

All it does is give you a dump of every single thing that's in every single place that viruses, hijackers, and spyware like to install.

For example, it will show you every single program that's configured to run automatically when your computer starts up. This is where a lot of spyware installs. It's also where your anti-virus installs. HijackThis will list both of them.

It takes a person with judgement to decide which things to get rid of and what's safe.

It's a really powerfull tool, and because it doesn't rely on "threat lists" (or what I refer to as "wanted posters") you don't have to download updated lists every week. (And you're not at the mercy of things that haven't made it on the list, yet.)

OTOH, get rid of the wrong things, and you may render your system completely un-bootable.

Good point about HijackThis. It gives you a warning about certain types of files that are safe but might wind up on the list given you after you run the program. If you look online, there are guides telling you what you should and shouldn't have removed.

Link to comment
Share on other sites

Well... I did a system recovery back to the last date before the virus attack.. which was yesterday. Downloaded Avast home edition and ran a thorough scan. I can't believe this... but he's got nearly 10 viruses, 5 trojans, and a couple of worms on his computer. I've got them all in the Virus "chest" from Avast.... but thats just identifies them.... doesn't get rid of them. What programs would I use to get rid of them from the computer?

He wishes now he'd taken my advice and downloaded Trend Micro's Pc-Cillin when he got the computer. I highly recommend it for Firewall, Antivirus, Spyware, Phishing protection.

Link to comment
Share on other sites

You don't have a REAL commercial anti-virus suite installed on your work computers, or did you pay for the commercial version? You need a more powerful software app......Or, you could research each infection and see how to remove them manually.

Link to comment
Share on other sites

I'm still a big fan of Norton.

Although I'll admit, the 2006 version is a real resource pig. You don't want to run it with less than 512MB RAM. (And even then, it'll slow your system down.)

But it finds lots of stuff. And it can spot a lot of threats before they get in to your system.

Link to comment
Share on other sites

I'm still a big fan of Norton.

Although I'll admit, the 2006 version is a real resource pig. You don't want to run it with less than 512MB RAM. (And even then, it'll slow your system down.)

But it finds lots of stuff. And it can spot a lot of threats before they get in to your system.

I agree with you on that, to an extent. But, I've found that if I'm going to do anything processor intensive (hardcore intensive like graphic design, etc.), Norton generally bogs down my system. However, I still use it. But, if I'm going to do anything processor intensive, I simply unplug my network cable and turn off Norton. Everything has a cost/benefit to it. Norton is quality, no matter what anyone says, but it is, like Larry said, a resource hog.

Link to comment
Share on other sites

I wrote a post on Avast!, which should remove the infections. The trial version allows for such removal in addition to ID'ing the viruses. Keep in mind that it may take several tools, such as Avast!, AVG, etc., to remove all the viruses. I would also recommend a registry cleaner (if you are technically comfortable) such as Abexo Registry Cleaner which can help clear some loose ends. For some viruses, such as SpySheriff, you may need a program written specifically for that virus or malware.

I have never been a fan of Norton's, which becomes helpless against certain virues.

Link to comment
Share on other sites

Alright, so Avast has a component capable of removing the viruses, worms, and trojans and not just identifying them. I see the icon for deleting.... but I thought that was just to delete the identifcation of a virus found. Will that also go in and remove the virus and it's components from it's various hiding places?

Link to comment
Share on other sites

Here's the thing, I think you are conveying things wrong to those that know, If it is in the Avast Chest(I think you said that before) I believe that is how Avast quarantines things, Usually now a days when a file goes to quarantine it is because it is the infecting file itself and not some random file infected with the virus, the only way of riding yourself of these files is to delete them.

Try deleteing them and running another scan to see if the virus comes back...

OH, VERY IMPORTANT, before you remove any virus from your computer make sure to turn off system restore, you can turn it back on when you are done but if you don't then it is possible that the virus will wind up right back where it was.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...