Recommended Posts

Ok, I'm fixing a pc for a friend. When I turned on the computer I was blocked out by some dumb message about copyrights and wanting to pay $200. Finally was able remove some of the files, delete from start up, etc. installed spy bot search and destroy, ran the scan and removed all entries. Used the pc on and off for a few days. No issues. Gave the pc back... Within 2 days...it's back. Is there a better freeware scanner/remover for this. I'm at my wits end with this.

Link to comment
https://www.neowin.net/forum/topic/1120426-need-help-removing-virusmalware/
Share on other sites

1. Boot in safemode

2. Empty ALL temp folders, including user temp folders, not just windows

3. Reset IE, checking the box to delete everything

4. Open regedit:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

and

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete any suspicious looking entries

Also delete anything in HKEY_CURRENT_USER\Software and HKEY_LOCAL_MACHINE\SOFTWARE that look malware related

Open MSCONFIG and disable anything that looks suspicious in there too

----------

Reboot in normal mode, and run a full scan with a fully updated malwarebytes

You have already scanned with spybot but do it again anyway

Another good thing is installing Avast Free, and do a "Boot Time Scan" this will be able to remove malware that can not be killed inside of windows

Download and run a scan with "Hijack This" remove any suspicious entries in there too

Scan a couple of times with all the above programs until they all return a clean result

If you still have a problem after all that, wipe > reinstall windows

  • Like 3
  On 18/11/2012 at 16:34, jerzdawg said:

What exactly would be considered suspicious? I'd assume they would label anything that would set off red flags..

Well just anything you don't recognise as being installed on the machine as a genuine app, a lot of malware will have registry keys with weird symbols, such as !"?$%^&*&()_) or the name of the fake AV that pops up

Normally pretty easy to spot, the first 2 keys I mentioned are what windows calls to startup with windows, so if you don't want anything starting up with windows, delete those keys, and in MSCONFIG

  On 18/11/2012 at 17:27, sc302 said:

where you live? I am in warren county. I could get it fixed up for you. also don't use that old pos hijackthis...use olt

http://www.geekstogo...ldtimer-listit/

What is wrong with HijackThis ? Its a great piece of software

Latest version is 2.04....It doesn't work properly with 64bit oses. It also doesn't dig as deep as otl.

Compare a hjt log with a otl log.

sample otl log

http://www.bleepingc...opic313328.html

sample hjt log

http://www.techsuppo...down-14837.html

which do you think is more thorough and can help you better find the cause?

  On 18/11/2012 at 17:53, sc302 said:

Latest version is 2.04....It doesn't work properly with 64bit oses. It also doesn't dig as deep as otl.

Compare a hjt log with a otl log.

Ok, never used OTL, still HijackThis is a decent app, using both would be better than not using HJT, never had a problem with HJT and 64bit OSs though

read about hjt and 64 bit, while this isn't necessarily a problem people unfamiliar with it will go to disable critical processes and screw their computers up more. I don't recommend running this as a novice, nor do I recommend running it over the internet being that people can be tempted to try to fix it themselves causing more issues. bottom line, it doesn't work well with 64 bit oses and otl produces the similar findings as hjt with many more pieces to the os puzzle (more files, more reg entries, more points of infection, etc). Running otl with a good rootkit detection software, like gmer, will allow you, the tech, to actually find something useful and be able to repair the computer.

http://www.experts-e...it-Systems.html

That being said, it may take a few hours to go through and verify a otl report.

  On 18/11/2012 at 18:02, sc302 said:

read about hjt and 64 bit

http://www.experts-e...it-Systems.html

Well that doesn't render HJT useless on 64bit systems, we're not looking for missing file entries, we're looking for malware entries, make no difference if HJT can't find 64bit files

And more to the point, I don't know many 64bit versions of malware

  On 18/11/2012 at 18:06, Detection said:

Well that doesn't render HJT useless on 64bit systems, we're not looking for missing file entries, we're looking for malware entries, make no difference if HJT can't find 64bit files

And more to the point, I don't know many 64bit versions of malware

not exactly useful either. if it is not useful, it is useless IMO.

you could do what others said and waste your time, or do what will be the easiest. Download a 10 meg file mawarebytes.com from here (filehippo link) on to a usb key. Boot into safe mode, install, run a scan, let it remove it. Done. If you want to do it the hard way, follow the other posts above.

Secret....malware bytes doesn't remove everything. Their root kit detection piece is still in beta last time I checked. Malware bytes is not the end all be all.

I have been around a lot of malware, and I can tell you with 100% certainty that malware bytes doesn't remove all of it. Just a good portion. I run a min of three different removal utilities mwb being one of them when cleaning computers. Mwb isnt the first thing i run, it is the last. I do know its limitations.

  On 18/11/2012 at 18:22, sc302 said:

Secret....malware bytes doesn't remove everything. Their root kit detection piece is still in beta last time I checked. Malware bytes is not the end all be all.

I have been around a lot of malware, and I can tell you with 100% certainty that malware bytes doesn't remove all of it. Just a good portion. I run a min of three different removal utilities mwb being one of them when cleaning computers. I do know its limitations.

after servicing a couple thousand machines over the last couple years , i have had a 100% success ratio with malwarebytes when scanning in safe mode. Could you give me an example of malware that it can't remove? I would like to download it and see for myself.

note: i LOVE getting new stuff to test virus removal techniques. being serious.

Pick any root kit. The Remote Desktop attack 6months ago it couldn't detect (MSE was the first that did). Had problems finding, file name was close to a windows file name and I kept overlooking it.

I have been doing manual virus removal since late 90s. I have thousands over you. Hell, the hospital I was working at had a whole site infection over 10000 computers and hundreds of servers. Nightmare.

  On 18/11/2012 at 18:33, sc302 said:

Pick any root kit. The Remote Desktop attack 6months ago it couldn't detect (MSE was the first that did). Had problems finding, file name was close to a windows file name and I kept overlooking it.

I have been doing manual virus removal since late 90s. I have thousands over you. Hell, the hospital I was working at had a whole site infection over 10000 computers and hundreds of servers. Nightmare.

could you give me even just 1 name of a rootkit that you could not remove with it? the worst one in your mind/experiance
  On 18/11/2012 at 18:20, rippleman said:

you could do what others said and waste your time, or do what will be the easiest. Download a 10 meg file mawarebytes.com from here (filehippo link) on to a usb key. Boot into safe mode, install, run a scan, let it remove it. Done. If you want to do it the hard way, follow the other posts above.

This. Why make the removal process difficult?

  On 18/11/2012 at 18:40, rippleman said:

could you give me even just 1 name of a rootkit that you could not remove with it? the worst one in your mind/experiance

Is it that hard to google root kit names, like I said pick one any one. Pull any one out of a google search. Malware bytes is 100% ineffective against any root kit. It doesn't have the scan engine for it, therefore it can't detect or repair against this type of infection. Google redirect is one.

Here you go read through and you will see that the user running malware bytes has no effect against it. http://www.bleepingcomputer.com/forums/topic434638.html

  On 18/11/2012 at 18:46, Detection said:

Huh? How is it not useful ?

What do you have against HJT ? It works, what more do you want ?

I don't like doing things twice and skimming through information I have been through before.

  On 18/11/2012 at 18:53, sc302 said:
Is it that hard to google root kit names, like I said pick one any one. Pull any one out of a google search. Malware bytes is 100% ineffective against any root kit. It doesn't have the scan engine for it, therefore it can't detect or repair against this type of infection. Google redirect is one. Here you go read through and you will see that the user running malware bytes has no effect against it. http://www.bleepingcomputer.com/forums/topic434638.html I don't like doing things twice and skimming through information I have been through before.

Ok, well each to their own, lets not hijackthis thread with our differences ;)

  On 18/11/2012 at 18:53, sc302 said:

Is it that hard to google root kit names, like I said pick one any one. Pull any one out of a google search. Google redirect is one.

Surprised you could not give one from your own extensive experiences and instead saying Google one. I am having no luck finding an .exe for the google redirect to infect myself with. Google is full of solution links and no actual download links (of course and expected). Do you know where i can get the .exe file? Or maybe a website that does give the infection?

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I love space RPGs, and this one will no doubt scratch that itch. Im still modding the crap out of Starfiled. Can't wait.
    • Nah, the problem is still Windows. If you install Linux on a gaming PC, you will get better performance in games.
    • You could just do it now yourself with all the tools out there or the right Powershell scripts. Nothing stops you from tinkering away at it like the Tiny11 dev(s) do. It's easier to remove and turn off stuff when you're targeting a specific device like a gaming handheld. All the work/office bits alone are probably 60-70% of the code anyway.
    • hah, not for long. Microsoft will add copilot, video recording, social media integration, Microsoft 365 outlook, cdrom support, printer drivers, xbox memory card manager for zune music players, dedicated film and tv app for several providers that don't actually support it, and windows media centre for backward compatibility for anyone still using a sling tv box.... then they'll decide that it also need the start menu so they can provide a nice place to show your recent blank space that takes up half the screen while showing you full screen ads asking you to setup your Microsoft account for xbox. Then the only good thing it actually did, they'll let the new intern show their coding skills and the ABXY buttons will be changed around to 1256 because its better for international support or something, but ... at the end of it all, this time next year because Microsoft loves supporting software and hardware, the Asus oem won't get any more updates for it's Ally and it'll be forgotten faster than the Xbox Samsung TVs
    • Grounded 2 out next month, bringing fans a new miniaturized survival adventure by Pulasthi Ariyasinghe Alongside Avowed and The Outer Worlds 2, Obsidian Entertainment will officially be releasing three games in 2025. The first-party Xbox studio surprise revealed Grounded 2 during the Xbox Games Showcase event today. The same four kids from the original survival game are returning for this new adventure, and this time, they are miniaturized in a park. Check out the trailer above. Grounded 2 is set two years after the events of the first game, and this time, it's Brookhollow Park that will become the playground for players. Obsidian is getting help from Eidos Montréal as well, saying that the collaboration is adding more depth, danger, and discovery to the experience. In addition to building on the first game's features, Grounded 2 is introducing Buggies as one of its biggest features. Essentially bug mounts, these will let you ride ally bugs and use them across various operations in the game, including combat and building. Mounts had been one of the biggest requests by fans in the first game, and Obsidian says it has delivered with plenty of deep integrations Just like the original, Grounded 2 will be an early access title at launch, aiming to build out the game, story, and features with the community. Here are the key features of the Early Access/Game Preview launch: Omni-Tool introduced: A major quality of life upgrade that combines the hammer, axe, shovel, and wrench into one all-purpose tool, saving precious backpack space and streamlining your survival experience.  Story: In Grounded 2, we won’t tell you the whole story at the launch of Game Preview, but there’ll be enough there for you to start uncovering mysteries, chasing clues, and sharing your wildest theories right away (yes, we’re watching).  Expanded world-building brands: Expect the return of in-world favorites like Punch-O and Minotaurs & Myrmidons, alongside new brands and scenery that don’t just look cool—they tell a story (if you know where to look)—all coming together to bring Brookhollow Park to life with that signature Grounded charm.  New and returning bugs: Face off against familiar foes and never-before-seen creepy crawlies like the graceful cockroach, which adds new challenges and combat dynamics, such as having the ability to block your attacks.  Larger world, richer biomes: More spaces to build, explore, and survive in— Brookhollow Park is nearly as big as the entire backyard from the first game, packed with new secrets around every corner, from snack bars and toppled ice cream carts to long-forgotten edges of the park.  Community driven evolution: We’re building with you, and every update will be more meaningful and shaped by player feedback, with a public roadmap to keep you in the loop that we will share when Game Preview launches on July 29.  Combat 2.0 – Whether you’re flying solo or in full squad mode, new combat mechanics like dodging and smarter enemy behavior make every fight more intense—and more satisfying to survive.  Grounded 2 is launching on July 29 across PC and Xbox Series X|S consoles in early access on July 29, 2025, with a $29.99 price tag. Xbox Game Pass subscribers will be gaining the title at launch for no extra cost as well.
  • Recent Achievements

    • Reacting Well
      BlakeBringer earned a badge
      Reacting Well
    • Reacting Well
      Lazy_Placeholder earned a badge
      Reacting Well
    • Dedicated
      Epaminombas earned a badge
      Dedicated
    • Veteran
      Yonah went up a rank
      Veteran
    • First Post
      viraltui earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      472
    2. 2
      +FloatingFatMan
      265
    3. 3
      ATLien_0
      234
    4. 4
      snowy owl
      224
    5. 5
      Edouard
      174
  • Tell a friend

    Love Neowin? Tell a friend!