User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » System Fix Virus Page [1]  
ClassicMixup
All American
3877 Posts
user info
edit post

GF's laptop seems to be smitten...all files/folders have been hidden/moved...ransomware system fix pops up with a pay for fix type thing...might be bundled with some form of TDSS rootkit...here are the steps I've tried so far...

Rkill - Blocked with an Access Denied in the cmd but it still spits out a log saying it's ended the two system fix .exes

TDSSkiller- Doesn't pick up anything

Malwarebytes Anti-Malware- Ran it once early on but it didn't find anything...realized that the virus definitions haven't been updated (system fix is blocking those updates). Tried reinstalling in Safe Mode...gets to the last step in Setup before saying "Access is Denied" and then the setup fails. I've tried running Rkill right before with no luck.

McAfee Total Protection- Obtained a legit license through gf's family...ran it...picked up some of the files associated with system fix virus but didn't do jack to the .exes sitting in ProgramData.



PCTools' Spyware Doctor seems to pick up all of the virus but it's $40 to remove.

Any other free options out there to get rid of this thing? My time has been very limited as of late due to work so I'm trying to fix it with as little research as possible.


Gracias

12/5/2011 6:17:52 AM

LickHer
All American
1580 Posts
user info
edit post

antivirus livecd?

12/5/2011 6:44:35 AM

KillaB
All American
1652 Posts
user info
edit post

Hiren's Boot CD -> Mini Windows XP -> Update/Scan with one or more of the various tools it has preinstalled

12/5/2011 7:13:55 AM

lewisje
All American
9196 Posts
user info
edit post

You can also try a Linux LiveCD if you have one; it should be able to mount that NTFS drive and pluck those .exes right out

then again Hiren's Boot CD is prolly better: http://hirensbootcd.info/

12/5/2011 7:18:51 AM

synapse
play so hard
60940 Posts
user info
edit post

1 - remove hard drive
2 - plug into another system via dock/adapter/internal cable
3 - run shitload of scans using the host computer
4 - replace hard drive
5 - run unhide to get all your files/icons/start menu back - details:http://www.bleepingcomputer.com/forums/topic405109.html

12/5/2011 8:44:49 AM

Jeepin4x4
#Pack9
35776 Posts
user info
edit post

have you tried ComboFix?

12/5/2011 10:48:11 AM

FenderFreek
All American
2805 Posts
user info
edit post

Best bet when you are in this deep is to use a Linux LiveCD or another Windows machine to unlock/unhide and pull important data off. Once the important stuff is out, reformat, reinstall, and put your personal data back on the fresh install.

What's most annoying is that this shit just gets to be more and more of a pain in the ass every time I see it. You can't even effectively clean half the crap anymore. These days, you can spend hours doing the ol' cat and mouse game with some scareware coder, or you can copy your shit off and nuke it. I prefer the option that has the PC back up and running in the same day.

12/5/2011 12:05:06 PM

ViolentMAW
All American
4127 Posts
user info
edit post

I've had a rogue virus twice now. I got it again last night. That mother fucker does not play. I can't remember if it still got to me in safe mode last time but this time it did. I tried malwarebytes and another virus scanner but they didn't do shit. Had to run them in safe mode from the command line because it blocked them from running. The only thing that worked was system restore and it tried to block that too.

12/5/2011 5:33:40 PM

Novicane
All American
15416 Posts
user info
edit post

HAwk-PE

12/5/2011 7:30:22 PM

stevedude
hello
4763 Posts
user info
edit post

if you do decide to format & reinstall, make an image

12/5/2011 7:49:39 PM

neodata686
All American
11577 Posts
user info
edit post

Do you guys really look at that much porn? I don't think I've had a virus that wasn't caught/dealt with by MSE since college.

12/5/2011 8:13:45 PM

ClassicMixup
All American
3877 Posts
user info
edit post

Update: I manually edited the registry to get rid of the faulty shit so that I could run Malwarebytes...deleted the .exes and used McAfee to clean up the rest.

Let my gf use my personal laptop today...she managed to contract it on my laptop as well


I'm fairly convinced it's stemming from her trying to view a video on a friend's church site...but her friend claims this can't be the case because her other friends didn't have a problem. Her friend's "tech savy" peeps said it's coming from a group powerpoint she has made for a class which was transfered to my laptop via a USB drive AFTER I had fixed her's...

What's the best way to trace where the .exe was downloaded/transmitted?

[Edited on December 5, 2011 at 9:42 PM. Reason : ibt that'll teach her to go to a church site]

12/5/2011 9:41:50 PM

Punter16
All American
2021 Posts
user info
edit post

ComboFix knocks this virus out in about 10 minutes if you run it under safe mode, you still have to go back in and manually unhide the folders in the user profile folder but the whole process takes about 15-20 minutes

12/5/2011 10:02:05 PM

FenderFreek
All American
2805 Posts
user info
edit post

Repeat everything she did with the machine in a VM instance. See what breaks.

12/6/2011 7:48:57 AM

 Message Boards » Tech Talk » System Fix Virus Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.