Question about a virused machine

Discussion in 'malware problems & news' started by Chuck57, Feb 25, 2004.

Thread Status:
Not open for further replies.
  1. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    A friend just contacted me. He has some kind of virus on his machine keeping him off the Internet, from running his antivirus program (Norton), or opening files.

    I advised him to go into safe mode and try to remove the virus with Norton (which probably wouldn't work since it didn't catch it in the first place). If that didn't work, I told him to try to get online in safe mode and run an online antivirus program such as housecall or Mcafee online.

    He can't do any of that. Even in safe mode, he can't make anything work.

    I said about the only thing left was to format his hard drive and reload everything and chalk it up to experience.

    Now, someone else told me that he might not be able to format and reinstall because the hard drive might be trashed by the virus. Is that possible? Can a virus infected operating system destroy the hard drive?
     
  2. Valkyri001

    Valkyri001 Registered Member

    Joined:
    Feb 15, 2004
    Posts:
    300
    Location:
    Friendswood Tx. 77546
    :)As you can see on the left of your screen, I'm no expert. Wait for them!
    :doubt:If he can boot into safe mode, it's been my experiece that the virus wasn't that bad. He can start up in safe and then drop to dos to do his work, he will need a clean local media of windows to fix things though. If you don't get any easier fixes from the pro's I can walk you through it the way I just did one of my machines, get all the latest updates of AV's you can find, these will help you find the little bugger as they sometimes like to hide out in the darkest places.
    Don't dispair, help is on the way I'm sure.

    :DI'll Second that Amendment :D
     
  3. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Chuck,

    Just see if he has hijackthis... or if he has not just send him by some file transfers... ofcourse if its possible though...
    now tell him to run hijackthis and just post the log in adware , hijacking forum.
    either if he can or thru you...
    the hijackthis log will help for a better understanding about what happened

    regarding virus on hard disk... some information

    Virus authors have decided to exploit the confusion around the Year 2000 problem and are now releasing virus programs with trigger date around the start of the new millennium. Many of these viruses even simulate a Year 2000 problem. Unsuspecting computer users will concentrate their defence on known Year 2000 problems instead of virus. Different viruses are already on their way, and the first one was triggered on the 1st of December. Most of them spread as so-called "worms" via e-mail. Some of them carry personal messages, which make you believe that the mail is sent by a friend. If you open the attached file your hard disk will be infected. When the virus is activated at a later date it can delete files, format your disk and do other seemingly irrepairable damage to your data. Furthermore the virus will spread by transmitting a copy of itself to persons on your mailing list.
     
  4. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Hmm no experts here so far.
     
  5. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    I would (have someone) download the bitdefender bootable cd and use that to fight the virus. If it is a virus.
     
  6. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Okay, I am going to take a shot at this one since I just cleaned out a similar scenario for a friend's neighbor. This computer was so bad that it was completely taken over as I sat back watching things happen on the screen without ever touching the mouse or keyboard. It was really weird. It took mega hours but I got it done. :)

    1. Get someone to download on to a diskette from Panda in order to do a computer scan of the infected computer. Then run the scan. If there are any critters that cannot be removed, then they will have to hunted down one by one after they have been identified. Panda will also repair any infected files and identify suspected files.
    http://www.pandasoftware.com/products/activescan/#e3

    2. Download SpyBot, SpywareBlaster, Ad-Aware on to diskettes and have them installed into the infected computer, immediately check for updates, and then do scans. SpywareBlaster does not scan a computer but one should have it installed to prevent spyware but that can be done later.
    Ad-Aware: http://www.lavasoftusa.com/support/download/
    SpyBot: http://www.safer-networking.org/index.php?lang=en&page=download
    SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

    3. If the infected computer runs WinXP or ME, be sure to disable the System Restore feature before scanning. Often a worm or virus will hide there and simply restore itself just when you think you have it all cleaned up. When system restore is disabled, reboot the computer, then scan and after you have the computer completely clean, enable the System Restore and reboot again.

    4. Now if you have any critters that have a write protect and cannot be removed and of course, you know the names, click on START, then SEARCH, then FILES & FOLDERS, then type in the name of the files that could not be removed. They will be listed and if you cannot remove them manually with a simple delete, then insert a diskette into your CPU, and right click on that item and choose either MOVE TO or SEND TO and choose the floppy drive. Do that for each item that will not remove with a simple delete. Presto, write protect or not, it is gone right out of your computer. Do a full system scan again as well as another Search in case something was missed and if everything comes out clean that should just about do it.

    After gaining control of th computer, you can download HijackThis and post a log on the appropriate forum here and someone will read it & give you a final analysis.

    Hope I have helped and Good luck. Peaches
     
  7. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Okay, thanks everyone, and especially Peaches4U. After several long phone calls (my friend lives in Kansas and me in New Mexico, he got the machine cleaned and back running. Unfortunately, he didn't or couldn't tell me what he was infected with.

    He used his wife's computer to download the Panda AV to disc. Whatever the viruses, trojans, or worms were, Panda caught and removed them. He said there were several but never bothered to list them although I asked him to. He's also uninstalled Norton and replaced it with Panda Platinum Security and will be downloading Adaware (my favorite) and Spywareblaster onto his computer.

    Again, thank you everyone
     
  8. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Everytime I read this statement (NAV user cursing NAV not protecting them and switching) I wonder.

    Almost every test (I mean indepedent test not mag reviews) I have seen NAV ranks highly in terms of accuracy. It also tends to do well on detecting malware in general and the wider the test set (zoo, exploits,adware etc), the better it seems to do. Even in terms of trojans it does very well usually, only behind KAV.

    Yet, I keep reading about users not being protected by Norton and switching in droves to things from AVG (which always has much poor detection rates than almost everything) to Panda/Sophos etc

    Why is this so?

    Either..

    1) Users of NAV are incompetent and don't update their AV signatures (but doesn't NAv have autoupdate by default)

    2) The tests don't tell us everything. Perhaps, by trying to cover everything, NAV tends to miss out in detecting really critical viruses that are more often encountere by typical users

    3) There are more NAV users out there, hence more of them tend to get problems. Perhaps by % the number of such users who get zapped by viruses are about number, but in terms of actual numbers they may be large because of NAV's popularity.
     
  9. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Hi
    I think the probs users get with NAV is more than likely due to the way its been configured,I haven't used any Norton product in ages,w95 machine years ago,but even then I thought the user interface confusing,and I imagine as the "tools" have got more complicated,configuring to give optimal protection has probably got more complicated:-bet most users leave everything set at default!(stopped using Norton cos found systemworks/win doctor,whatever it was called at the time,a real pain to get rid of,I hope things have improved on that front!)
     
Loading...
Thread Status:
Not open for further replies.