Help with computer virus

couchscout · Feb 18, 2012

If you have a second computer, or can go somewhere that has an extra computer, download the combofix there and put it on a flash drive. Then boot up the infected computer in safe mode, and run combofix off the flash drive. I've gotten rid of several viruses this way. Mcafee stringer is another good program you can run off of a flash drive that gets rid of most viruses, and it's free.

CATCH17 · Feb 18, 2012

Jenky;4422049 said:
Combo fix won't download for you? Something is blocking it then. I am to download it. Can you put it on a USB stick from another computer?

Good idea. I can do it but not till monday

.

Would trying to download it in firefox help?

Jenky · Feb 18, 2012

CATCH17;4422053 said:
Good idea. I can do it but not till monday .

Would trying to download it in firefox help?

Yes, you can try that but you said you got to the blue screen where it's supposedly running.

Usually, when I am doing virus remediation I'll have process explorer running in the background so that I can see what the hell is running.

http://technet.microsoft.com/en-us/sysinternals/bb896653

You can sort by a variety of fields. I do it by process and cpu utilization to see what is happening LIVE. I bet there's something running on startup too. If you click on start -> run -> msconfig you can see what's loading on startup.

tupperware · Feb 18, 2012

Also be sure that your hosts file is clean.

http://helpdeskgeek.com/windows-7/windows-7-hosts-file/

I could also email you combofix if you PM me your email address.

Normally you wouldn't just accept it from any person on a forum but I'd like to think I've been around here long enough to be somewhat trustworthy.

Jenky · Feb 18, 2012

tupperware;4422066 said:
Also be sure that your hosts file is clean.

http://helpdeskgeek.com/windows-7/windows-7-hosts-file/

I could also email you combofix if you PM me your email address.

Normally you wouldn't just accept it from any person on a forum but I'd like to think I've been around here long enough to be somewhat trustworthy.

I had this posted but took it down after he saw it.

http://img252.*************/img252/7767/sbot.jpg

But yeah, you can check the host file manually too if you haven't done it.

CATCH17 · Feb 18, 2012

tupperware;4422066 said:
Also be sure that your hosts file is clean.

http://helpdeskgeek.com/windows-7/windows-7-hosts-file/

I could also email you combofix if you PM me your email address.

Normally you wouldn't just accept it from any person on a forum but I'd like to think I've been around here long enough to be somewhat trustworthy.

Yeah I trust you tupperware.

I actually did get it to run and it just left me with a txt log.

Jenky · Feb 18, 2012

What's the txt.log say? And do you get redirected in firefox?

Wimbo · Feb 18, 2012

Combofix is the best solution, usually. YOu may need to download it on another computer and run it of USB (as mentioned above) or CD. It takes a while to run, and does not give a lot of feedback. However, it is effective. There are instructions for how to use it on that link given above.

CATCH17 · Feb 18, 2012

Jenky;4422083 said:
What's the txt.log say? And do you get redirected in firefox?

I can't even read this text log. It's just showing a bunch of file name.

It opened it up in a Notepad file so it's not like I can delete it or anything.

The antirootkit is still scanning though...

CATCH17 · Feb 18, 2012

Ok the Rootkit scan is complete. Now what do I do?

Jenky · Feb 18, 2012

CATCH17;4422110 said:
Ok the Rootkit scan is complete. Now what do I do?

What do you see in the dialog box? Unknown hidden files? Anything else? A lot of it is going to be cached internet stuff. You'll be able to see the full file path of detected items if you maximize the root kit program and expand the location bar.

Look at the file locations and endings. Look for .exe or any suspicious registry keys (if found).

Highlight it. It should say if it recommends you removing it.

Jenky · Feb 18, 2012

CATCH17;4422103 said:
I can't even read this text log. It's just showing a bunch of file name.

It opened it up in a Notepad file so it's not like I can delete it or anything.

The antirootkit is still scanning though...

Yeah that txt file should open in notepad and you should a log of what Combofix did.

Also, do you get redirected in firefox? It better not be some simple tool bar...or your home page better not be set to that url. Open up control panel -> internet options. Click the general tab and make sure you have the correct home page set. Clear everything in your browsing history, go to the advance tab and reset the internet explorer settings.

CATCH17 · Feb 18, 2012

It's fixed!

Thank you guys for all of your help!

JonJon · Feb 18, 2012

Glad you got it fixed. I was just about to post because I had a similar virus last week. When you get redirect viruses like those, its good to run the scan with your internet turned off. Some viruses use backdoor hacks with changes in your registry to re-download the same virus you are trying to rid yourself of if the internet is connected. Also, I would get AVG Anti-Virus 2012 free edition along with Malwarebytes. They work well together, and if one program lets a virus slip through the cracks during a scan, the other usually catches it.

Wimbo · Feb 18, 2012

Help with computer virus

couchscout

Active Member

CATCH17

1st Round Pick

Jenky

Well-Known Member

tupperware

A Plastic Container

Jenky

Well-Known Member

CATCH17

1st Round Pick

Jenky

Well-Known Member

Wimbo

Active Member

CATCH17

1st Round Pick

CATCH17

1st Round Pick

Jenky

Well-Known Member

Jenky

Well-Known Member

CATCH17

1st Round Pick

JonJon

Injured Reserve

Wimbo

Active Member