I have never seen a more infected computer in my life

By f0rk_b0mb
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

Som

Posted
Posted

boot into safe mode with command prompt.... its an exe usually located in C:\Users\<username>\ or C:\Users\<username>\appdata

sometimes its under C:\ProgramData too, deleted the exes reboot and run malwarebytes, its not that hard really ... all these malwares are the same

Grand Master

farmeunit

Posted
Posted

I offered to fix one of my teacher's daughter's laptops and she has this virus (don't worry link is safe): http://blog.yoocare....fine-to-unlock/

Along with a ton of other viruses/malware/crapware/etc. She is running Windows 7 and has a ton of personal data on it (so she says). I'm doing the job tomorrow. I'm here to tell my plan of attack and take suggestions.

1. I'm going to boot into safe mode with networking and remove those registry entries as shown in the tutorial in the link above.

--I'll take 2 Advil before doing this... :argh:

2. I'm going to remove the crapware

--So I can get some f***ing work done. It's slowing down her machine and clogging up the computer. I will use:

* Revo Uninstaller

* CCleaner

3. Go ham on the malware

- Get all the other crap off. I will use:

* Malwarebytes

* Spybot

* Install MSE when all is said and done. (It's my antivirus of choice)

4. General System maintenance

* Update Drivers

* Update Programs

* Do Windows Updates

What Do ya think?

Boot LiveCD. Copy files. Reformat. Reinstall files. Done.

Grand Master

spacer

Posted
Posted

4. If you're doing your job correctly you're not going to miss something. That's my point. If you're so worried that you're going to miss something, then you're not as confident in your abilities as you should be.

The only problem with that, is that there are no tools or practices that will fully identify, quarantine, and clean a computer with 100% accuracy and guarantee. No anti-virus or malware tool will catch everything. A multi-pass reformat of the drive and its boot sectors is the only way to be sure you have cleaned the infection.

Grand Master

Astra.Xtreme

Posted
Posted

/Facepalm...

LIke I said...we're going in circles. You want to spend your time not learning how to properly clean an infection...cool.

Make sure the next time you hear a knock in your engine that you just drop the whole thing out and replace it then...after all...proper diagnosis and repair is worthless.

Yeah because cars problems have the same principle as PC problems...

FYI, you're just going to lose people's respect if you start demeaning yourself to trolling... Just saying.

Veteran

Shane Nokes

Posted
Posted

Settle down... There's no reason to flip out just because people don't agree with you.

Perhaps for starters, you have to understand the context of the OP's situation. He's saying this is a severely infected machine, so that probably means it's not going to be an easy fix via a virus scan or combo fix. If the infection regenerates, then you'll just be wasting your time trying to get rid of every trace of it.

I still stand by my belief that a backup and reinstall is much quicker. I do it all the time for my client, and it makes both of us feel better knowing that it's a clean slate. Backing up files takes a few minutes to an hour or two, unless they have multiple GBs in media. Then reinstalling Windows takes maybe 30 min via USB. Copy back the files, and you're done in a couple hours and will have full performance.

I'm not saying you're lying, but if it only takes you 3 hours tops to fix any sort of infected machine, then you must not have seen anything severe. Running a full virus scan alone takes an hour or more depending on how fast the PC is. Then anything additional just tacks on more time. The biggest problem I see on PCs is that it's either not fully updated or there's too much crapware installed. A fresh install solves every single one of these problems in minimal time. But again, look at the context of this thread. If the PC is not clearly crippled, then yeah a reinstall probably isn't the best answer.

Flip out? Wow...lol. Dude I'm sitting drinking Game Fuel laughing my ass off. If you think an internet forum makes me flip out...you should see what I've done for the past several years as my day job. :p

The virus cannot replicate if the code isn't running. If the hard drive is scanned offline and handled properly you can clean ANYTHING off it.

As regards severity...I've seen everything man. You do this long enough and work on thousands and thousands of machines...you end up seeing it all. I've seen machines with literally hundreds of infections.

I once had to kick the primary IT guy out of a server room (ends up he's the one who infected the machine by sneaking to view porn in the first place) so that I could clean a machine that we couldn't afford to actually flatten. He hadn't been doing his job and making backups...and our job required that things stay up and running. It was a mission critical type of business (emergency response and such).

Now that one was fun...and the longest case I've ever had to deal with since there wasn't a way to take this system offline without taking the whole place down...

Grand Master

f0rk_b0mb

Posted
  • Author
Posted
The only problem with that, is that there are no tools or practices that will fully identify, quarantine, and clean a computer with 100% accuracy and guarantee. No anti-virus or malware tool will catch everything. A multi-pass reformat of the drive and its boot sectors is the only way to be sure you have cleaned the infection.

Whoa! Hold up! You mean to tell me this crap can jump from the main partition to the hidden recovery partition? In my situation is this a possibility?

Veteran

Shane Nokes

Posted
Posted

Yeah because cars problems have the same principle as PC problems...

FYI, you're just going to lose people's respect if you start demeaning yourself to trolling... Just saying.

It's called a comparison. If you were knowledgable about how vehicles work these days you would understand that it's an apt comparison.

That said I'm not trolling, but you can keep claiming that all you want. Feel free to add me to your ignore list...it's pretty easy to do on here, and I won't mind. :)

Veteran

xWhiplash

Posted
Posted

And you say a full scan takes around an hour? Yeah right, I had old computers that a full scan took 3 hours to complete because A) it was a slower drive and B) they had so much stuff on it.

I have seen a full scan (even from Malwarebytes) take longer than a format and install would take. Even the quick scan on somebodies machine took 35 minutes!

Veteran

Shane Nokes

Posted
Posted

Whoa! Hold up! You mean to tell me this crap can jump from the main partition to the hidden recovery partition? In my situation is this a possibility?

Infections can hit any point on a system in order to hide. They can even create their own small hidden partitions.

That's what we were talking about earlier with rootkits and MBR infections and such. Those can still be cleaned...but for those who aren't certain they are 100% capable of doing so the best option is to back up and do a low-level format as those can be nasty.

And you say a full scan takes around an hour? Yeah right, I had old computers that a full scan took 3 hours to complete because A) it was a slower drive and B) they had so much stuff on it.

I have seen a full scan (even from Malwarebytes) take longer than a format and install would take. Even the quick scan on somebodies machine took 35 minutes!

As I said...going in circles....

If you don't want to see my posts or deal with what I say...just add me to your ignore list...it's easy and I won't mind. ;)

Oh and btw...show me where I said that a full scan takes an hour...show me a single place where I stated that.

I said the longest an infection has taken me to clean is a total of about 4 hours...the scan is usually the longest part of things. It's the cleanup where I'm extremely efficient.

Grand Master

f0rk_b0mb

Posted
  • Author
Posted

Infections can hit any point on a system in order to hide. They can even create their own small hidden partitions.

That's what we were talking about earlier with rootkits and MBR infections and such. Those can still be cleaned...but for those who aren't certain they are 100% capable of doing so the best option is to back up and do a low-level format as those can be nasty.

If this machine does have a rootkit, I can remove it by opening up gparted in a Kubuntu live CD, deleting the small partition (it'll probobly be a few megs. right?), merging it with the big partition and if it doesn't boot, boot into a 7 install CD, open up CMD and type /fixmbr and /fixboot. Right?

Grand Master

Brandon H Supervisor

Posted
  • Supervisor
Posted

Infections can hit any point on a system in order to hide. They can even create their own small hidden partitions.

That's what we were talking about earlier with rootkits and MBR infections and such. Those can still be cleaned...but for those who aren't certain they are 100% capable of doing so the best option is to back up and do a low-level format as those can be nasty.

As I said...going in circles....

If you don't want to see my posts or deal with what I say...just add me to your ignore list...it's easy and I won't mind. ;)

Oh and btw...show me where I said that a full scan takes an hour...show me a single place where I stated that.

I said the longest an infection has taken me to clean is a total of about 4 hours...the scan is usually the longest part of things. It's the cleanup where I'm extremely efficient.

you didn't and that's actually why a few people including me were confused at why you were able to clean so fast

i've had the experience of waiting 3 hours for a scan too

Veteran

xWhiplash

Posted
Posted

Infections can hit any point on a system in order to hide. They can even create their own small hidden partitions.

That's what we were talking about earlier with rootkits and MBR infections and such. Those can still be cleaned...but for those who aren't certain they are 100% capable of doing so the best option is to back up and do a low-level format as those can be nasty.

As I said...going in circles....

If you don't want to see my posts or deal with what I say...just add me to your ignore list...it's easy and I won't mind. ;)

Oh and btw...show me where I said that a full scan takes an hour...show me a single place where I stated that.

I said the longest an infection has taken me to clean is a total of about 4 hours...the scan is usually the longest part of things. It's the cleanup where I'm extremely efficient.

I thought you did somewhere, maybe it was somebody else. My apologies. But, you said yourself that you can fix ANY computer within only a couple of hours.

A regular PC repair shop though...you can take the time to properly clean the machine. I can be done with that even in the worst of cases within a couple hours.

If it takes you longer, you obviously do not know what you are doing and need to change professions. I just told you from experience, ONE SCAN took 3 hours. That is all I mean, is that from my own experience, just one scan took longer than a format and install would have taken.

Grand Master

Brandon H Supervisor

Posted
  • Supervisor
Posted

If this machine does have a rootkit, I can remove it by opening up gparted in a Kubuntu live CD, deleting the small partition (it'll probobly be a few megs. right?), merging it with the big partition and if it doesn't boot, boot into a 7 install CD, open up CMD and type /fixmbr and /fixboot. Right?

naw, you don't even need to do that much, kaspersky and Norton both have a couple great rootkit removers (about the only thing norton is good for :p) that will do that for you
Veteran

Shane Nokes

Posted
Posted

If this machine does have a rootkit, I can remove it by opening up gparted in a Kubuntu live CD, deleting the small partition (it'll probobly be a few megs. right?), merging it with the big partition and if it doesn't boot, boot into a 7 install CD, open up CMD and type /fixmbr and /fixboot. Right?

For rootkits it depends. Generally TDSSKiller is the best way to go, but it doesn't get everything. There are a few other tools that can be used.

When it comes to rootkits though...those can be a pain. That's why I said if it's the case where the person doesn't care so much and you're not 100% sure you can get it...then there is nothing wrong with doing a low-level format and reinstall once everything is backed up.

It took me a while to figure out rootkits and the best ways to clean them. I have a system that I infect on purpose on a regular basis with new stuff as it comes out so I can work on manual cleans.

Grand Master

majortom1981

Posted
Posted

With an infection this bad I find it the easiest to go into safemode first and go through the registry by hand and scan the registry for unneeded entries. Then go into services and make sure you didn't miss anything. Then I go and delete the files manually. Then I use ccleaner and an antivirus.

Veteran

Shane Nokes

Posted
Posted

you didn't and that's actually why a few people including me were confused at why you were able to clean so fast

i've had the experience of waiting 3 hours for a scan too

Indeed, and that's why I've said that the scan is usually the longest part. Once I know everything that's on the system I can go in and do a very quick clean since once I know what it is I know what to get rid of. :)

After that I do another scan of the system and make sure it's all good.

I think one thing I do differently is that I always handle the scans offline. I don't bother with scans when the system is up and running unless there's absolutely no other option...which has only happened once.

Veteran

Shane Nokes

Posted
Posted

I thought you did somewhere, maybe it was somebody else. My apologies. But, you said yourself that you can fix ANY computer within only a couple of hours.

If it takes you longer, you obviously do not know what you are doing and need to change professions. I just told you from experience, ONE SCAN took 3 hours. That is all I mean, is that from my own experience, just one scan took longer than a format and install would have taken.

Indeed. I should have said few instead of couple. The max for me is about 4 hours. That's to scan and clean, and scan again.

As I mentioned above...it might have to do with how often I infect my test machine, and the fact that I do my scans offline. That cuts out a lot of time.

I do agree that it's faster than a format and install...but only a format and install. That ignores putting all of the data back on the machine exactly as it was when you got it.

Maybe it's just my work ethic, but I want my customer to walk out with their machine exactly as they gave it to me...just minus the infections.

Grand Master

Astra.Xtreme

Posted
Posted

Flip out? Wow...lol. Dude I'm sitting drinking Game Fuel laughing my ass off. If you think an internet forum makes me flip out...you should see what I've done for the past several years as my day job. :p

The virus cannot replicate if the code isn't running. If the hard drive is scanned offline and handled properly you can clean ANYTHING off it.

As regards severity...I've seen everything man. You do this long enough and work on thousands and thousands of machines...you end up seeing it all. I've seen machines with literally hundreds of infections.

I once had to kick the primary IT guy out of a server room (ends up he's the one who infected the machine by sneaking to view porn in the first place) so that I could clean a machine that we couldn't afford to actually flatten. He hadn't been doing his job and making backups...and our job required that things stay up and running. It was a mission critical type of business (emergency response and such).

Now that one was fun...and the longest case I've ever had to deal with since there wasn't a way to take this system offline without taking the whole place down...

I'd classify post #38 as a mild flip-out, but whatever.

If you've seen it all, then there's no way you can fix any sort of scenario in the short duration of a few hours.

Unless you have a single app that will fix everything, running scans alone and actually diagnosing the problem kills hours and hours.

Scanning/diagnosing, fixing, and updating takes a lot of time and there is no way around it in even the best case.

The right way to fix a system is the method with a combination of the lowest time spent (customer cost) and the best future reliability. All I, and a few others, have been saying is that it doesn't take much for a backup and reinstall to be the fastest and most reliable choice.

Veteran

Shane Nokes

Posted
Posted

I'd classify post #38 as a mild flip-out, but whatever.

If you've seen it all, then there's no way you can fix any sort of scenario in the short duration of a few hours.

Unless you have a single app that will fix everything, running scans alone and actually diagnosing the problem kills hours and hours.

Scanning/diagnosing, fixing, and updating takes a lot of time and there is no way around it in even the best case.

The right way to fix a system is the method with a combination of the lowest time spent (customer cost) and the best future reliability. All I, and a few others, have been saying is that it doesn't take much for a backup and reinstall to be the fastest and most reliable choice.

So saying that I'm baffled and stepping back because I don't want to **** people off is flipping out?

Man I'd hate to see what you'd call someone actually flipping out. ;)

You can try to tell me the same thing over and over again...and it doesn't change what I've been doing for years...without an issue.

The way I do things is the reason why I've worked for the government, and why places like MS have me consult on things and even contract my work at points.

I'm good at what I do, and security happens to be one of my specialties.

Personally if you don't know what to do and you have to question yourself you might not want to take someones personals things and do the work.

This ^^

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • U.S. partially reverses Anthropic AI ban for Mythos but keeps Fable 5 off the market

      By Karthik Mudaliar · Posted

      U.S. partially reverses Anthropic AI ban for Mythos but keeps Fable 5 off the market by Karthik Mudaliar Anthropic says that the U.S. government has finally allowed it to restore Claude Mythos 5. But of course, there's a catch. The rollout is again for a limited set of U.S. organizations that operate and defend critical infrastructure. The company announced this in a post on X (formerly Twitter). This does not mean that Anthropic's latest frontier models are back to normal availability. Fable 5, which was a tuned version of Mythos 5 for public release, remains unavailable. Anthropic said that it is still working with the government to expand Mythos 5 access and make Fable 5 available again, but there's no timeline. Reports from Bloomberg and Reuters say that this decision actually came through a letter from the U.S. Commerce Department. According to Reuters, this would allow more than 100 companies and institutions access to Mythos 5. Reuters also reported that Commerce Secretary Howard Lutnick’s letter removes the need for export licenses for approved companies’ non-US citizen employees, as well as Anthropic’s own non-US citizen employees, while restrictions remain for organizations outside the approved list. Anthropic isn't alone with this kind of controlled rollout. OpenAI's newest model family, GPT 5.6, was announced just yesterday, but isn't available for everyone yet. In its announcement, OpenAI also said that access to these models is initially limited to a select group of trusted partners and organizations, with broader access planned later this year. Both of these cases show that frontier AI launches are no longer just ordinary product releases and more like slow and vetted deployments shaped heavily by the U.S. government.
    • OpenAI announces GPT‑5.6 Sol, its next-generation flagship model beating Claude Mythos 5

      By monterxz · Posted

      Sol, Terra, Luna - aren't those the names of failed crypto coins? 🤣🤣🤣
    • Microsoft Weekly: 5 years of Windows 11, more support for Windows 10, and expensive Xbox

      By TarasBuria · Posted

      Microsoft Weekly: 5 years of Windows 11, more support for Windows 10, and expensive Xbox by Taras Buria This week's news recap is here, with Microsoft giving Windows 10 one more year of support, Windows 11 getting new taskbar settings in preview updates, Steam Machine prices, higher XBOX prices, and many more. Quick links: Windows 10 and 11 Windows Insider Program Updates are available Reviews are in Gaming news Great deals to check Windows 11 and Windows 10 Here, we talk about everything happening around Microsoft's latest operating system in the Stable channel and preview builds: new features, removed features, controversies, bugs, interesting findings, and more. And, of course, you may find a word or two about older versions. On June 24, 2026, Windows 11 turned five. The controversial operating system was released half a decade ago, and during these years, it received a fair share of criticism (such as poor Windows Search and its web results), which Microsoft is now actively addressing with regular preview updates that deliver missing, long-requested features. With Windows 12 nowhere to be seen on the horizon, it will be interesting to see if Windows 11 can stay on the market for as long as Windows 10 did. Speaking of Windows 10 and staying on the market, this week, Microsoft quietly prolonged the Extended Security Updates program for Windows 10, allowing users to get one more year of security updates if they do not want or cannot upgrade to Windows 11. Finally, Microsoft released this month's non-security update for Windows 11. KB5095093 arrived with a traditionally long list of new features, including point-in-time restore, new Windows Update settings, quieter Windows Widgets, new accessibility features, File Explorer updates and performance improvements, and more. Windows Insider Program Here is what Microsoft released for Windows Insiders this week: Builds Canary Channel Build 29617.1000 and build 28120.2374 These builds bring new accessibility features, new Windows Update controls, audio improvements, and more. Dev Channel Build 26300.8758 This build includes redesigned taskbar settings, File Explorer improvements, and more. Beta Channel Build 26220.8754 and build 28020.2366 This small update fixes the OneDrive bug in File Explorer, tweaks system sounds in dark mode, and more. Updates are available This section covers software, firmware, and other notable updates (released and coming soon) delivering new features, security fixes, improvements, patches, and more from Microsoft and third parties. If you use AI-powered browsing history search in Microsoft Edge, the company has bad news. A new update on the Microsoft 365 Roadmap revealed that Microsoft is discontinuing the feature. Despite using on-device models for natural search, some users found it creepy, claiming that Microsoft lacks trust in features like this. While the ability to find pages without using 100% precise words may sound cool, customers argued that it was nothing but another feature to bloat the browser with more AI. Good riddance? PowerToys received several updates this week. For one, Microsoft released version 0.100.1 with several improvements and bug fixes for the recently arrived version 0.100. A couple of days later, Microsoft dropped another update, this time fixing memory leaks in Command Palette Dock. In addition, the company is working on a new module that will make it easier to switch between windows within one application using the Alt + ` shortcut. The new module should make it to the stable release somewhere soon. Here are other updates and releases you may find interesting: New Ventoy update adds Windows 11's mandatory update support and more Microsoft updates Visual Studio Code with chat cost tracking and multi-agent chats Microsoft is building an AI datacenter that "uses less water than a fast food restaurant" Microsoft adds new AI study and teaching tools for free to Microsoft 365 Education Researchers claim Microsoft's quantum breakthrough is flawed by basic Python errors Microsoft is bringing a much-needed Recap app to Teams Microsoft's fast coding model, MAI-Code-1-Flash, comes to Copilot Business and Enterprise Here are the latest drivers and firmware updates released this week: AMD Radeon Software 26.6.2 with FSR 4.1 support for RDNA 3 graphics card. However, the driver contained a bug, which prevented installations on Windows 10 PCs. AMD fixed that with a quick hotfix update. Reviews are in Here is the hardware and software we reviewed this week This week, Steven Parker published several reviews. He shared his experience with the Creative Sound Blaster AE-X PCIe, a high-quality sound card with a headphone amp, low-latency communications, great build quality, and DSD256. However, it is on the pricier side of the spectrum, and it lacks EMI shielding. Check out the full review here. The second review is about the TerraMaster F4-425 Pro, an octa-core Intel NAS with a stand-out feature: built-in AI (OpenClaw). We also published a few Hands On reviews, which you can view below: We check out the SKG PS700 Neck Massager SKG Hand Massager with Heat OS500 hands on Hands-on with BOOX Tappy: cute little reading accessory Hands on with the ProtoArc EM25 affordable ergonomic mouse On the gaming side Learn about upcoming game releases, Xbox rumors, new hardware, software updates, freebies, deals, discounts, and more. If you plan to purchase a new Xbox, it's time to act now. This week, Microsoft announced yet another Xbox price increase. Starting August 1, 2026, all Xbox Series X|S models with 512 GB of storage will cost $100 more. As for the 1TB models, they are going up in price by a whopping $150. Finally, Microsoft is discontinuing the 2TB Xbox Series X. To make up for that, Microsoft announced a few programs to make its consoles more accessible. Those include BNPL, interest-free financing, pre-owned consoles, certified refurbished consoles, and more. Valve also shared some not-so-welcome news. The company has finally announced prices of the upcoming Steam Machine console, and if you plan to buy one, get ready to spend a whopping $1,049 on the 512GB configuration. The Steam Machine is now available for preorder, with shipments scheduled for June 29, 2026. Grand Theft Auto VI also received its official price tag. Rockstar Games announced that the long-anticipated game will launch at $79.99 for the base edition and $99.99 for the ultimate edition. The latter includes an exclusive collection of premium vehicles, weapons, apparel, and action threaded across all aspects of Jason and Lucia’s story." Those who preorder the game will get extra bonuses, including a Vintage Vice City Pack of cosmetic items as well as a free month of GTA+. NVIDIA announced new games for its GeForce NOW streaming service. Those include Dark Scrolls, SAND: Raiders of Sophie, Deer & Boy, EMPULSE, and more. Steam is running its annual Summer Sale, during which you can purchase plenty of various games with big discounts. It runs until July 9, so in case you missed it, you can still get some games at a lower price. Also, you can get two games for free in the Epic Games Store, plus more deals are available in this week's Weekend PC Game Deals issue. This link will take you to other issues of the Microsoft Weekly series. You can also support Neowin by registering for a free member account or subscribing for extra member benefits, along with an ad-free tier option.
    • New PowerToys update fixes memory leaks and other issues

      By Steven P. · Posted

      Text extractor hasn't been working great on 0.99.1 but I am now updating to this version, hopefully it's better!
    • The Trump administration doesn't want you to use OpenAI's GPT-5.6 without its approval

      By monterxz · Posted

      Yet you did exactly what they wanted you to do - is it better now without "Europrats"? BTW, UK had joined EU (EEC back then) and was one of the leading member states, it never joined Schengen Zone though 😉

  • Recent Achievements

    • Week One Done
      flexorcist earned a badge
      Week One Done
    • One Month Later
      Woland13 earned a badge
      One Month Later
    • Week One Done
      Woland13 earned a badge
      Week One Done
    • One Year In
      bernmeister earned a badge
      One Year In
    • Week One Done
      Scoobystu earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      502
    2. 2
      +Edouard
      226
    3. 3
      PsYcHoKiLLa
      156
    4. 4
      Steven P.
      75
    5. 5
      FloatingFatMan
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!