Snake virus?

Discussion in 'malware problems & news' started by razorboy, Jan 14, 2011.

Thread Status:
Not open for further replies.
  1. razorboy
    Offline

    razorboy Registered Member

    A client of mine has a virus which won't let her access the www, and she speaks of a snake popup, so I guess it's the Snake virus. She uses McAfee.
    I want to assist, so I think I will try the safe-mode>>Malwarebytes thing. However, if I can't get online in safe mode, is it possible to scan it with Malwarebytes from a flash drive? Would snake frustrate the flash drive? Should I vaccinate the flash drive with Panda first?

    Thanks
  2. nikanthpromod
    Offline

    nikanthpromod Registered Member

  3. razorboy
    Offline

    razorboy Registered Member

    I have not seen it yet, but I think this one:
    -http://www.exterminate-it.com/malpedia/remove-snake-
    Last edited by a moderator: Jan 15, 2011
  4. TheKid7
    Offline

    TheKid7 Registered Member

  5. razorboy
    Offline

    razorboy Registered Member

    Thanks.

    I know that the virus will not let her access the CD drive while in WIndows [XP], but perhaps booting from CD will work. Will it boot from a flash drive just as easily?
  6. TheKid7
    Offline

    TheKid7 Registered Member

    No, the AVIRA Rescue CD will only boot from the CD/DVD drive. However, since you will boot from the CD before Windows XP loads, you will be allowed to access your hard drives, scan and clean them without the Malware being able to "fight back".

    You can make bootable flash drives for cleaning malware with Kaspersky or DrWeb. I would just use the AVIRA Rescue CD first. If that does clean the PC up enough to run scans while in Windows XP, then maybe use the Kaspersky Rescue Disk 10 (bootable CD) or the Kaspersky Rescue Disk 10 (bootable USB flash drive):

    Kaspersky Rescue Disk 10:

    http://support.kaspersky.com/faq/?qid=208282173

    The following is a detailed tutorial for making and using the AVIRA Rescue CD:

    http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163
    Last edited: Jan 15, 2011
  7. TheKid7
    Offline

    TheKid7 Registered Member

    Another idea (ONLY if you are familiar with the use of Linux Distros):

    Boot a Linux Live CD. Use its file manager to copy Anti-Malware scanner exe files from a CD or USB flash drive to the Windows System Partition (i.e., Windows Desktop). Then boot into Windows Safe Mode and run the Anti-Malware scanners. I suggest DrWeb Cureit (use its self-protection mode to do the scan), SuperAntiSpyware Portable and MalwareBytes Anti-Malware (Use in the order shown.).

    My favorite Linux Distro is Puppy Linux.
  8. razorboy
    Offline

    razorboy Registered Member

    Thank you, but why is it that the Kaspersky Rescue Disk will boot from a USB flash drive but the Avira Rescue disk will not? Or is the Avira just better?
  9. TheKid7
    Offline

    TheKid7 Registered Member

    You have to make a Kaspersky Rescue Disk 10 USB from the Kaspersky Rescue Disk 10 ISO Image using a Kaspersky Utility. Instructions are given here:

    http://support.kaspersky.com/viruses/rescuedisk/main?qid=208282163

    I like the AVIRA Rescue CD because of the quick scan times.
  10. razorboy
    Offline

    razorboy Registered Member

    Do these disks have to be updated with a malware database from time to time? If so, it that easily done?
  11. TheKid7
    Offline

    TheKid7 Registered Member

    AVIRA Rescue CD - Malware Signatures are Up-To-Date at the time of download. The Malware Signatures may also be updated later, as necessary.

    Kaspersky Rescue Disk 10 - Malware Signatures are somewhat Out-Of-Date at the time of download. The Malware Signatures may be updated, as necessary.
  12. razorboy
    Offline

    razorboy Registered Member

    Right.

    1) Avira wants to know if I want the ISO or SFX version. o_O?

    2) Should I vaccinate the drive with Panda vaccine, or will that prevent the thing from booting?
  13. TheKid7
    Offline

    TheKid7 Registered Member

    1) I use the SFX which is an executable file which contains the ISO. You download the SFX (exe) and run it. When you execute the SFX (exe), you will be "walked through" the ISO burn process. Using the SFX (exe) is easier than downloading the ISO file and burning it to CD/DVD with your own burn software.

    2) I would not vaccinate the flash drive because it may prevent the it from booting.
  14. razorboy
    Offline

    razorboy Registered Member

    Well dang, I forgot to make the rescue disk before leaving my gal's house, :mad:
    so I am stuck with a netbook and USB 4 gb. flash drive, so for now, I have to try Kapersky first.
  15. razorboy
    Offline

    razorboy Registered Member

    Kid, is there any reason why I would not put Malwarebytes and Spybot on the flash drive as well? That won't affectt he boot, willit? [Methinks not, but...]
  16. TheKid7
    Offline

    TheKid7 Registered Member

    I don't know if it would affect the boot. I "think" that when you make an Antivirus Rescue USB flash drive that the flash drive is formatted for Linux (i.e., ext3, ext4).

    Even if you were able to get the flash drive to boot, Windows XP will not recognize a Linux formatted flash drive. So if the Antivirus Rescue Disc/USB flash drive cleans the PC enough to be able to copy from the flash drive, Windows XP will most likely not recognize the flash drive.
  17. razorboy
    Offline

    razorboy Registered Member

    OK, Kid, I've built the Kapersky flash drive boot unit; but why is it in Linux? Is that to avoid counter measures by The Enemy?
  18. TheKid7
    Offline

    TheKid7 Registered Member

    I "think" that the reason they use Linux for the Operating System is because Linux is 'typically' Open Source and Free. If they used Windows for the Operating System, they would have to pay money to Microsoft.
  19. razorboy
    Offline

    razorboy Registered Member

    Right. Thanks for all the help.
  20. DVD+R
    Offline

    DVD+R Registered Member

  21. TheKid7
    Offline

    TheKid7 Registered Member

    Razorboy,

    Did you successfully clean the Snake Virus?

    Thanks in Advance.
  22. razorboy
    Offline

    razorboy Registered Member

    Thanks for the posts, y'all. I just go to the computer last night with Kaspersky Rescue on a flash drive. It booted, got to the point where it had checked hardware, fiund the MAD CPU, and then the drive glowed on and off orange for 10 hours, as we left it overnight. For some reason, it jammed at that point. So, tonight I will try safe mood and Malarebytes, which is how I recently cleaned a trojan, as discussed on another thread here, with the help of y'all friendly posters. I will post the results. Thanks again.
  23. razorboy
    Offline

    razorboy Registered Member

    I got it done. The %#$&#~@ thing was Vista, and I had a bit of trouble getting into safe mode, but did get there, ran a quick Malwarebytes scan from the flash drive, found 785 files infected, got internet access back, installed NOD32 and scanned fully and found 2 sleeper files which would have reinstalled on boot. I also put Firefox and Spywareblaster on and did Windows security updates. When the NOD trial is over, she will buy a license. So, it was not the world's most sophisticated virus, and it got cleaned up nicely and tweaked a bit.
    Thanks very much to all for the help. :)
Thread Status:
Not open for further replies.