[ARCHIVED THREAD] - PC virus....need help (Page 1 of 2)
Posted: 1/23/2012 7:47:20 AM EDT
|
I've picked up some kind of virus on my desktop, and it seems to be wreaking all kinds of havoc. So far, its removed all of my desktop icons with the exception of IE and the Recyle Bin. I am not sure if these are simply being hidden or what, but all other icons are gone. Also, when I click "start", everything there is hidden as well. It seems that all my background programs are running, such as uTorrent, wireless modem, etc...its just I can't access anything from the desktop. I restarted the computer, and now have "Boxoft Toolbox" running, which of course wants me to run a PC Cleaner to fix my problem. I've never downloaded Boxoft, so I believe this is part of the virus.
Any suggestions? Is this a new scam/virus, and how do I fix it? I had one of these hit my laptop last year, but wasn't Boxoft. Thanks! |
|
You can try running system restore and/or MBAM from safe mode command prompt but neither are guaranteed to completely remove this malware. Another option is using one of several popular bootup toolkits for shit like this but again it's not a guaranteed complete removal. Just reformat and put some preventative measures in place to keep it from happening again. |
|
Just format and install Linux, then you won't have these issues. Or stop running your insecure operating system with administrative rights.
Download malwarebytes, update the definitions, reboot into safe mode and run it. You may get lucky and it gets clened up. You may need other tools as well, depending on the level of infection. |
|
Quoted: Just format and install Linux, then you won't have these issues. Or stop running your insecure operating system with administrative rights. Download malwarebytes, update the definitions, reboot into safe mode and run it. You may get lucky and it gets clened up. You may need other tools as well, depending on the level of infection. Rarely works with today's malware. Today's malware likes to rewrite the registry key for how executables run and makes them all open up the malware instead. Some just do a scan on every bootup for popular anti-virus/malware executables and deletes them. Most of it does this same shit in safe mode. His best bet is safe mode cmd prompt but even then it's not a guaranteed fix. |
|
Quoted: <–– long-time IT professionalQuoted: Just format and install Linux, then you won't have these issues. Or stop running your insecure operating system with administrative rights. Download malwarebytes, update the definitions, reboot into safe mode and run it. You may get lucky and it gets clened up. You may need other tools as well, depending on the level of infection. Rarely works with today's malware. Today's malware likes to rewrite the registry key for how executables run and makes them all open up the malware instead. Some just do a scan on every bootup for popular anti-virus/malware executables and deletes them. Most of it does this same shit in safe mode. His best bet is safe mode cmd prompt but even then it's not a guaranteed fix. Malwarebytes saved my bacon a few weeks ago. Symptoms of the infestation were similar - Pretty much all files on my boot drive were hidden. Links in search engines were being redirected to dubious sites. It was a major hassle. |
|
It's worth one MalWareBytes scan in safe mode. If that doesn't work, wipe it. Save your files off to another drive (assuming you weren't already running backups) and reformat. It really is the best way. By the time you get through banging your head against a wall trying to get rid of the thing and maybe coming out of it with the virus removed, you could spend the same amount of time reformatting and have a crisp, new installation that is guaranteed to be virus-free. |
|
Quoted:
Quoted:
Just format and install Linux, then you won't have these issues. Or stop running your insecure operating system with administrative rights. Download malwarebytes, update the definitions, reboot into safe mode and run it. You may get lucky and it gets clened up. You may need other tools as well, depending on the level of infection. Rarely works with today's malware. Today's malware likes to rewrite the registry key for how executables run and makes them all open up the malware instead. Some just do a scan on every bootup for popular anti-virus/malware executables and deletes them. Most of it does this same shit in safe mode. His best bet is safe mode cmd prompt but even then it's not a guaranteed fix. As an IT professional who works on at LEAST 2 malware infected computers a week, I would respectfully disagree with your assessment. |
|
Quoted: Quoted: Quoted: Just format and install Linux, then you won't have these issues. Or stop running your insecure operating system with administrative rights. Download malwarebytes, update the definitions, reboot into safe mode and run it. You may get lucky and it gets clened up. You may need other tools as well, depending on the level of infection. Rarely works with today's malware. Today's malware likes to rewrite the registry key for how executables run and makes them all open up the malware instead. Some just do a scan on every bootup for popular anti-virus/malware executables and deletes them. Most of it does this same shit in safe mode. His best bet is safe mode cmd prompt but even then it's not a guaranteed fix. Malwarebytes saved my bacon a few weeks ago. Symptoms of the infestation were similar - Pretty much all files on my boot drive were hidden. Links in search engines were being redirected to dubious sites. It was a major hassle. Which is why I always start off my advice with running MBAM from safe mode command prompt after running system restore from command prompt because this method does work sometimes and it doesn't take much effort to perform. After that you're pretty much only left with the option to reformat. Quoted: Quoted: Quoted: Just format and install Linux, then you won't have these issues. Or stop running your insecure operating system with administrative rights. Download malwarebytes, update the definitions, reboot into safe mode and run it. You may get lucky and it gets clened up. You may need other tools as well, depending on the level of infection. Rarely works with today's malware. Today's malware likes to rewrite the registry key for how executables run and makes them all open up the malware instead. Some just do a scan on every bootup for popular anti-virus/malware executables and deletes them. Most of it does this same shit in safe mode. His best bet is safe mode cmd prompt but even then it's not a guaranteed fix. As an IT professional who works on at LEAST 2 malware infected computers a week, I would respectfully disagree with your assessment. What part do you disagree with? I've had malware that deletes popular anti-virus/malware executable, I've had malware that rewrites executable rules so that any program executed results in the malware window popping up, I've had malware that can't be found in normal safe mode MBAM scans, I've had malware that can't be found in safe mode command prompt MBAM scans, I've had malware that showed up in safe mode & safe mode cmd prompt MBAM scans and looked as if it was removed but really wasn't, and so on. Eta: If it matters...15+ years self-taught experience and currently working on several comptia certs. I've been dealing with virus/malware infected rigs for years and have seen it all. The"mbam in safe mode" sometimes works and sometimes doesn't, and sometimes it doesn't remove the threat completely. |
|
Quoted:
Quoted:
Just format and install Linux, then you won't have these issues. Or stop running your insecure operating system with administrative rights. Download malwarebytes, update the definitions, reboot into safe mode and run it. You may get lucky and it gets clened up. You may need other tools as well, depending on the level of infection. Rarely works with today's malware. Today's malware likes to rewrite the registry key for how executables run and makes them all open up the malware instead. Some just do a scan on every bootup for popular anti-virus/malware executables and deletes them. Most of it does this same shit in safe mode. His best bet is safe mode cmd prompt but even then it's not a guaranteed fix. It will work boot in Safe Mode command prompt and start the program via command line. The Shell program is messd up but doing it this way will work been there done that. I don't have my flash drive handy but there's a reg fix you can import in order to get your executables running again. |
|
Quoted: Yo 're g ing t need to vis t a we site to get t at co put r lo ked at. I w uld recomm nd usi g Ma wareb tes or som thing sim lar. Th re are way to ma y viru es o t there for my tas e. G od luc , OP. Are you having a little trouble with your keyboard, L2Free? |
|
"Unhide" has brought back most of my icons, but not all of them. Its still working, so I'll give it a little while longer. Two icons I notice are still missing are Firefox and Chrome, but I am not sure which others are still hidden. Only one program has shown up under Start, so this may take a while.
What is a good antivirus to install afterwards to prevent this in the future? |
| Reboot in safe mode, run a registry cleaner like CCleaner. Run malwarebytes. As for the desktop and folders and things, after doing the other two, you will probably have to go into their properties, select hide items, then unhide them and they should pop back up. |
|
Quoted:
Quoted:
Quoted:
Quoted:
Just format and install Linux, then you won't have these issues. Or stop running your insecure operating system with administrative rights. Download malwarebytes, update the definitions, reboot into safe mode and run it. You may get lucky and it gets clened up. You may need other tools as well, depending on the level of infection. Rarely works with today's malware. Today's malware likes to rewrite the registry key for how executables run and makes them all open up the malware instead. Some just do a scan on every bootup for popular anti-virus/malware executables and deletes them. Most of it does this same shit in safe mode. His best bet is safe mode cmd prompt but even then it's not a guaranteed fix. Malwarebytes saved my bacon a few weeks ago. Symptoms of the infestation were similar - Pretty much all files on my boot drive were hidden. Links in search engines were being redirected to dubious sites. It was a major hassle. Which is why I always start off my advice with running MBAM from safe mode command prompt after running system restore from command prompt because this method does work sometimes and it doesn't take much effort to perform. After that you're pretty much only left with the option to reformat. Quoted:
Quoted:
Quoted:
Just format and install Linux, then you won't have these issues. Or stop running your insecure operating system with administrative rights. Download malwarebytes, update the definitions, reboot into safe mode and run it. You may get lucky and it gets clened up. You may need other tools as well, depending on the level of infection. Rarely works with today's malware. Today's malware likes to rewrite the registry key for how executables run and makes them all open up the malware instead. Some just do a scan on every bootup for popular anti-virus/malware executables and deletes them. Most of it does this same shit in safe mode. His best bet is safe mode cmd prompt but even then it's not a guaranteed fix. As an IT professional who works on at LEAST 2 malware infected computers a week, I would respectfully disagree with your assessment. What part do you disagree with? I've had malware that deletes popular anti-virus/malware executable, I've had malware that rewrites executable rules so that any program executed results in the malware window popping up, I've had malware that can't be found in normal safe mode MBAM scans, I've had malware that can't be found in safe mode command prompt MBAM scans, I've had malware that showed up in safe mode & safe mode cmd prompt MBAM scans and looked as if it was removed but really wasn't, and so on. The part in Red. Rarely is not the word I would use. I, too, have had some nasty malware that MBAM didn't clean or clean up properly but, they have been the vast minority of cases. |
|
Quoted: Quoted: Quoted: Quoted: Quoted: Just format and install Linux, then you won't have these issues. Or stop running your insecure operating system with administrative rights. Download malwarebytes, update the definitions, reboot into safe mode and run it. You may get lucky and it gets clened up. You may need other tools as well, depending on the level of infection. Rarely works with today's malware. Today's malware likes to rewrite the registry key for how executables run and makes them all open up the malware instead. Some just do a scan on every bootup for popular anti-virus/malware executables and deletes them. Most of it does this same shit in safe mode. His best bet is safe mode cmd prompt but even then it's not a guaranteed fix. Malwarebytes saved my bacon a few weeks ago. Symptoms of the infestation were similar - Pretty much all files on my boot drive were hidden. Links in search engines were being redirected to dubious sites. It was a major hassle. Which is why I always start off my advice with running MBAM from safe mode command prompt after running system restore from command prompt because this method does work sometimes and it doesn't take much effort to perform. After that you're pretty much only left with the option to reformat. Quoted: Quoted: Quoted: Just format and install Linux, then you won't have these issues. Or stop running your insecure operating system with administrative rights. Download malwarebytes, update the definitions, reboot into safe mode and run it. You may get lucky and it gets clened up. You may need other tools as well, depending on the level of infection. Rarely works with today's malware. Today's malware likes to rewrite the registry key for how executables run and makes them all open up the malware instead. Some just do a scan on every bootup for popular anti-virus/malware executables and deletes them. Most of it does this same shit in safe mode. His best bet is safe mode cmd prompt but even then it's not a guaranteed fix. As an IT professional who works on at LEAST 2 malware infected computers a week, I would respectfully disagree with your assessment. What part do you disagree with? I've had malware that deletes popular anti-virus/malware executable, I've had malware that rewrites executable rules so that any program executed results in the malware window popping up, I've had malware that can't be found in normal safe mode MBAM scans, I've had malware that can't be found in safe mode command prompt MBAM scans, I've had malware that showed up in safe mode & safe mode cmd prompt MBAM scans and looked as if it was removed but really wasn't, and so on. The part in Red. Rarely is not the word I would use. I, too, have had some nasty malware that MBAM didn't clean or clean up properly but, they have been the vast minority of cases. Ah, I see what you're getting at now, won't argue with you there. Definitely picked the wrong word to go with.  |
|
Quoted: "Unhide" has brought back most of my icons, but not all of them. Its still working, so I'll give it a little while longer. Two icons I notice are still missing are Firefox and Chrome, but I am not sure which others are still hidden. Only one program has shown up under Start, so this may take a while. What is a good antivirus to install afterwards to prevent this in the future? I recommend using NoScript on Firefox(or Waterfox if you have a 64bit rig). This heavily cuts down on this type of thing happening but is not a substitute for anti-virus/malware. At the least you should also have MBAM for the occasional scans. Avira is a decent/free anti-virus. Quoted: I just noticed CCleaner is also still hidden, so I won't be able to use it if I reboot in safe mode. I have Malwarebytes saved to a thumb drive, will it work as well? Is it just the shortcuts that are hidden or the actual files in the program's folder? If it's the former, then just navigate to the program folder for the software you want to run and double-click the executable for it. You can install and run MBAM from the flash drive in safe mode or safe mode command prompt, although the latter requires a little more effort but we can walk you through that if you need a hand. |
|
Quoted: Is it just the shortcuts that are hidden or the actual files in the program's folder? It appears that the shortcuts and actual files are hidden. I can find them under "All Programs", but they simply read "(Empty)" when I highlight them with the mouse. Just had a Toshiba the other day with this same issue and I couldn't get the files to show up with "show all hidden and system files" which brings me back to what I said earlier about malware scanning for and deleting popular anti-virus/malware software(or CCleaner in your case) in an attempt to keep the end-user from removing the threat. What I had to do was a mobile install + update of MBAM to a flash drive using another rig then ran it from the flash drive via cmd prompt on the infected rig. If you have no other rig available and can't do this with the infected rig then you'll be stuck with an outdated MBAM install which may or may not help you depending on how outdated the definitions are. Eta: If you already have MBAM installed on the infected rig and it is still present and working then you can just download the updated definitions executable from malwarebytes and install it from the flash drive via cmd prompt then you can run your scan via cmd prompt. |
|
Quoted: I'm doing a Malwarebytes scan in safe mode, so we'll so how well it works. It should be current, as I just downloaded it from my laptop to a thumb drive to run on the infected desktop. If that doesn't work then try safe mode command prompt before giving up. I've had a normal safe mode scan not find anything or not find it all and a safe more cmd prompt scan did the trick. You'll need to know commands to navigate to where the MBAM install is and run it, but it's easy stuff. |
|
Quoted:
What is a good antivirus to install afterwards to prevent this in the future? Microsoft Security Essentials. My daughter's computer caught something a few months ago that wouldn't let anything open or run, basically it hijacked the OS and would pop itself up no matter what you clicked. It even changed the desktop wall paper to some crap. Anyway, I ended up doing a system restore to fix it, then installed MSE and no problems since. This was with Windows XP. |
|
My old man got the same virus I think, he's a fucking magnet for that kinda stuff. AVG didn't catch it, but malwarebytes did. System restore wouldn't bring all of the documents and icons back to the desktop or any of his folders, so I live booted linux and grabbed all of his documents and stuff.
|
|
Quoted: Thanks for the help. If you don't mind, go ahead and post the method for running MBAM through the command prompt. I'm not sure how long the scan will take now, but I have a few things to finish up outside while this runs. If you're on Windows 64bit... CD C:\Program Files (x86)\Malwarebytes’ Anti-Malware then mbam.exe /fullscan If you're on Windows 32bit... CD C:\Program Files\Malwarebytes’ Anti-Malware then mbam.exe /fullscan That's if MBAM is installed normally on the C: drive of the infected computer. Change the drive letter and path accordingly if it's being run from the flash drive. It'll be something like... E: then CD \Malwarebytes’ Anti-Malware then mbam.exe /fullscan If you mistype anything then just hit the up arrow key to bring the last command back and hit the left arrow key to navigate back to the mistake to fix it, this saves you the trouble of typing the whole command out again. |
|
Jason, You may also have a rootkit that takes control of the machine before Windows starts. This will manifest itself as the infection coming back. On my home machine, I had one that had taken over the small unformatted slack space at the end of the boot volume. I could see the alien partition under Manage my computer, Disk management. I got a freebie app from Symantec that took care of it. |
|
Don't use AVG or McAfee, it wont catch this malware.
I suggest Microsoft Security Essentials. It's free and works best. Odds are good that most of the things you tried to fix it were broke. Most folks that get this virus cannot even boot into safe mode. Also, most security sites get blocked as well. As soon as you are able, run a full scan using security essentials Microsoft Security Essentials good luck speaking of rootkits, TDSS is one of the worst and most sneaky ones there is, here's a removal tool TDSSKiller eta again - everyone forgets the restore points. It is imperative that you delete all your restore point by simply turning system restore off then back on. Malware almost ALWAYS hangs out in restore points. |
| I got something similar once telling me that my hard drive was crashing and it made all my icons disappear but thankfully it was on my guest account. I used unhide and Rkill as an experiment to remove it but I also deleted the account to make sure it was gone. It did not affect the admistrator account or any other accounts. |
|
It's always an arms race with this shit.
When all else fails, I've had some luck with a product called Combofix. It's a freebie and comes with all kinds of "watch yo' ass" warnings, but it's fixed a few machines for me with no damage, when nothing else would. YMMV. |
|
You're much better off starting from scratch, OP.
Anyhow, Microsoft has a tool for removing "rootkits and other advanced malware:" http://connect.microsoft.com/systemsweeper __________________________________________________________________ Cross-platform gun database/electronic bound book (v1.3.2) (and the original thread). «nolite confidere in principibus, in filiis hominum quibus non est salus» |
|
Quoted: You're much better off starting from scratch, OP. Anyhow, Microsoft has a tool for removing "rootkits and other advanced malware:" http://connect.microsoft.com/systemsweeper __________________________________________________________________ Cross-platform gun database/electronic bound book (v1.3.2) (and the original thread). «nolite confidere in principibus, in filiis hominum quibus non est salus» I agree with the starting from scratch. grab whatever documents and stuff you need, and nuke the site from orbit.
|
|
1. Rkill to kill the malware process. 2. aswMBR to check for and fix the Master Boot Record if infected. 3. TDSSKiller to scan for and remove any rootkits. 4. Malwarebytes to clean up any remaining infections. Or, you can gamble with ComboFix, but I rarely recommend it for non IT people. |
|
Quoted: Quoted: You're much better off starting from scratch, OP. Anyhow, Microsoft has a tool for removing "rootkits and other advanced malware:" http://connect.microsoft.com/systemsweeper __________________________________________________________________ Cross-platform gun database/electronic bound book (v1.3.2) (and the original thread). «nolite confidere in principibus, in filiis hominum quibus non est salus» I agree with the starting from scratch. grab whatever documents and stuff you need, and nuke the site from orbit. Way overkill. These things aren't really that hard to clean off if you know what you're doing. Wipes, reinstalls or system recovery is for the amateur or for those with nothing of any importance. By the time you've reinstalled all your software and brought Windows current and put restored your backups, I could have fixed a half dozen infected computers. |
|
Quoted: Quoted: Quoted: You're much better off starting from scratch, OP. Anyhow, Microsoft has a tool for removing "rootkits and other advanced malware:" http://connect.microsoft.com/systemsweeper __________________________________________________________________ Cross-platform gun database/electronic bound book (v1.3.2) (and the original thread). «nolite confidere in principibus, in filiis hominum quibus non est salus» I agree with the starting from scratch. grab whatever documents and stuff you need, and nuke the site from orbit. Way overkill. These things aren't really that hard to clean off if you know what you're doing. Wipes, reinstalls or system recovery is for the amateur or for those with nothing of any importance. By the time you've reinstalled all your software and brought Windows current and put restored your backups, I could have fixed a half dozen infected computers. It takes a similar amount of time for malwarebytes to run a full scan as it does to format and install windows 7. |
|
For my part, I always keep important documents backed up.
If I even get a hint of a malware infection, I nuke my drive and reinstall everything. That might seem excessive, but once someone has made an attempt to jack your credit card you'll be singing a different tune. The only way to ever be 100% sure that an infection is removed is with this method. I've seen so many partial removals that I can't trust anti-malware suites to actually secure a system anymore. As it is, however, I have had good results using Avira, Windows7FirewallControl, and avoiding questionable websites to keep the nasties out. |
|
OK, similar situation. I have a Google Redirect virus on an older laptop which contains nothing valuable that needs saving. So I want to nuke it.
Problem being that I bought it used a while ago and have no way to reinstall the OS. Is it possible to make a CD before I wipe the hard drive from which I can reinstall my copy of XP? |
|
I had one that wouldn't let me run Malwarebytes. I had to download a fresh copy and re-name the program file and .exe file it before installing. Apparently it knew to block mbam.exe Between that and TDSSKiller, I finally got rid of it. Whoever creates these should be strung up and beaten to death on live TV. |
| I restarted, and its till hiding some of the programs. A few have returned, but its still not 100%. I just ran TDSSKiller, and its restarting now. On another note, Unhide keeps prompting me to disable any security/antivirus programs I am running, but I am not sure how to do this. Any suggestions? I believe I have Norton and AVG on the computer, but not sure how to temporarily disable them for Unhide. |