I have never seen a more infected computer in my life

By f0rk_b0mb
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

Som

Posted
Posted

boot into safe mode with command prompt.... its an exe usually located in C:\Users\<username>\ or C:\Users\<username>\appdata

sometimes its under C:\ProgramData too, deleted the exes reboot and run malwarebytes, its not that hard really ... all these malwares are the same

Grand Master

farmeunit

Posted
Posted

I offered to fix one of my teacher's daughter's laptops and she has this virus (don't worry link is safe): http://blog.yoocare....fine-to-unlock/

Along with a ton of other viruses/malware/crapware/etc. She is running Windows 7 and has a ton of personal data on it (so she says). I'm doing the job tomorrow. I'm here to tell my plan of attack and take suggestions.

1. I'm going to boot into safe mode with networking and remove those registry entries as shown in the tutorial in the link above.

--I'll take 2 Advil before doing this... :argh:

2. I'm going to remove the crapware

--So I can get some f***ing work done. It's slowing down her machine and clogging up the computer. I will use:

* Revo Uninstaller

* CCleaner

3. Go ham on the malware

- Get all the other crap off. I will use:

* Malwarebytes

* Spybot

* Install MSE when all is said and done. (It's my antivirus of choice)

4. General System maintenance

* Update Drivers

* Update Programs

* Do Windows Updates

What Do ya think?

Boot LiveCD. Copy files. Reformat. Reinstall files. Done.

Grand Master

spacer

Posted
Posted

4. If you're doing your job correctly you're not going to miss something. That's my point. If you're so worried that you're going to miss something, then you're not as confident in your abilities as you should be.

The only problem with that, is that there are no tools or practices that will fully identify, quarantine, and clean a computer with 100% accuracy and guarantee. No anti-virus or malware tool will catch everything. A multi-pass reformat of the drive and its boot sectors is the only way to be sure you have cleaned the infection.

Grand Master

Astra.Xtreme

Posted
Posted

/Facepalm...

LIke I said...we're going in circles. You want to spend your time not learning how to properly clean an infection...cool.

Make sure the next time you hear a knock in your engine that you just drop the whole thing out and replace it then...after all...proper diagnosis and repair is worthless.

Yeah because cars problems have the same principle as PC problems...

FYI, you're just going to lose people's respect if you start demeaning yourself to trolling... Just saying.

Veteran

Shane Nokes

Posted
Posted

Settle down... There's no reason to flip out just because people don't agree with you.

Perhaps for starters, you have to understand the context of the OP's situation. He's saying this is a severely infected machine, so that probably means it's not going to be an easy fix via a virus scan or combo fix. If the infection regenerates, then you'll just be wasting your time trying to get rid of every trace of it.

I still stand by my belief that a backup and reinstall is much quicker. I do it all the time for my client, and it makes both of us feel better knowing that it's a clean slate. Backing up files takes a few minutes to an hour or two, unless they have multiple GBs in media. Then reinstalling Windows takes maybe 30 min via USB. Copy back the files, and you're done in a couple hours and will have full performance.

I'm not saying you're lying, but if it only takes you 3 hours tops to fix any sort of infected machine, then you must not have seen anything severe. Running a full virus scan alone takes an hour or more depending on how fast the PC is. Then anything additional just tacks on more time. The biggest problem I see on PCs is that it's either not fully updated or there's too much crapware installed. A fresh install solves every single one of these problems in minimal time. But again, look at the context of this thread. If the PC is not clearly crippled, then yeah a reinstall probably isn't the best answer.

Flip out? Wow...lol. Dude I'm sitting drinking Game Fuel laughing my ass off. If you think an internet forum makes me flip out...you should see what I've done for the past several years as my day job. :p

The virus cannot replicate if the code isn't running. If the hard drive is scanned offline and handled properly you can clean ANYTHING off it.

As regards severity...I've seen everything man. You do this long enough and work on thousands and thousands of machines...you end up seeing it all. I've seen machines with literally hundreds of infections.

I once had to kick the primary IT guy out of a server room (ends up he's the one who infected the machine by sneaking to view porn in the first place) so that I could clean a machine that we couldn't afford to actually flatten. He hadn't been doing his job and making backups...and our job required that things stay up and running. It was a mission critical type of business (emergency response and such).

Now that one was fun...and the longest case I've ever had to deal with since there wasn't a way to take this system offline without taking the whole place down...

Grand Master

f0rk_b0mb

Posted
  • Author
Posted
The only problem with that, is that there are no tools or practices that will fully identify, quarantine, and clean a computer with 100% accuracy and guarantee. No anti-virus or malware tool will catch everything. A multi-pass reformat of the drive and its boot sectors is the only way to be sure you have cleaned the infection.

Whoa! Hold up! You mean to tell me this crap can jump from the main partition to the hidden recovery partition? In my situation is this a possibility?

Veteran

Shane Nokes

Posted
Posted

Yeah because cars problems have the same principle as PC problems...

FYI, you're just going to lose people's respect if you start demeaning yourself to trolling... Just saying.

It's called a comparison. If you were knowledgable about how vehicles work these days you would understand that it's an apt comparison.

That said I'm not trolling, but you can keep claiming that all you want. Feel free to add me to your ignore list...it's pretty easy to do on here, and I won't mind. :)

Veteran

xWhiplash

Posted
Posted

And you say a full scan takes around an hour? Yeah right, I had old computers that a full scan took 3 hours to complete because A) it was a slower drive and B) they had so much stuff on it.

I have seen a full scan (even from Malwarebytes) take longer than a format and install would take. Even the quick scan on somebodies machine took 35 minutes!

Veteran

Shane Nokes

Posted
Posted

Whoa! Hold up! You mean to tell me this crap can jump from the main partition to the hidden recovery partition? In my situation is this a possibility?

Infections can hit any point on a system in order to hide. They can even create their own small hidden partitions.

That's what we were talking about earlier with rootkits and MBR infections and such. Those can still be cleaned...but for those who aren't certain they are 100% capable of doing so the best option is to back up and do a low-level format as those can be nasty.

And you say a full scan takes around an hour? Yeah right, I had old computers that a full scan took 3 hours to complete because A) it was a slower drive and B) they had so much stuff on it.

I have seen a full scan (even from Malwarebytes) take longer than a format and install would take. Even the quick scan on somebodies machine took 35 minutes!

As I said...going in circles....

If you don't want to see my posts or deal with what I say...just add me to your ignore list...it's easy and I won't mind. ;)

Oh and btw...show me where I said that a full scan takes an hour...show me a single place where I stated that.

I said the longest an infection has taken me to clean is a total of about 4 hours...the scan is usually the longest part of things. It's the cleanup where I'm extremely efficient.

Grand Master

f0rk_b0mb

Posted
  • Author
Posted

Infections can hit any point on a system in order to hide. They can even create their own small hidden partitions.

That's what we were talking about earlier with rootkits and MBR infections and such. Those can still be cleaned...but for those who aren't certain they are 100% capable of doing so the best option is to back up and do a low-level format as those can be nasty.

If this machine does have a rootkit, I can remove it by opening up gparted in a Kubuntu live CD, deleting the small partition (it'll probobly be a few megs. right?), merging it with the big partition and if it doesn't boot, boot into a 7 install CD, open up CMD and type /fixmbr and /fixboot. Right?

Grand Master

Brandon H Supervisor

Posted
  • Supervisor
Posted

Infections can hit any point on a system in order to hide. They can even create their own small hidden partitions.

That's what we were talking about earlier with rootkits and MBR infections and such. Those can still be cleaned...but for those who aren't certain they are 100% capable of doing so the best option is to back up and do a low-level format as those can be nasty.

As I said...going in circles....

If you don't want to see my posts or deal with what I say...just add me to your ignore list...it's easy and I won't mind. ;)

Oh and btw...show me where I said that a full scan takes an hour...show me a single place where I stated that.

I said the longest an infection has taken me to clean is a total of about 4 hours...the scan is usually the longest part of things. It's the cleanup where I'm extremely efficient.

you didn't and that's actually why a few people including me were confused at why you were able to clean so fast

i've had the experience of waiting 3 hours for a scan too

Veteran

xWhiplash

Posted
Posted

Infections can hit any point on a system in order to hide. They can even create their own small hidden partitions.

That's what we were talking about earlier with rootkits and MBR infections and such. Those can still be cleaned...but for those who aren't certain they are 100% capable of doing so the best option is to back up and do a low-level format as those can be nasty.

As I said...going in circles....

If you don't want to see my posts or deal with what I say...just add me to your ignore list...it's easy and I won't mind. ;)

Oh and btw...show me where I said that a full scan takes an hour...show me a single place where I stated that.

I said the longest an infection has taken me to clean is a total of about 4 hours...the scan is usually the longest part of things. It's the cleanup where I'm extremely efficient.

I thought you did somewhere, maybe it was somebody else. My apologies. But, you said yourself that you can fix ANY computer within only a couple of hours.

A regular PC repair shop though...you can take the time to properly clean the machine. I can be done with that even in the worst of cases within a couple hours.

If it takes you longer, you obviously do not know what you are doing and need to change professions. I just told you from experience, ONE SCAN took 3 hours. That is all I mean, is that from my own experience, just one scan took longer than a format and install would have taken.

Grand Master

Brandon H Supervisor

Posted
  • Supervisor
Posted

If this machine does have a rootkit, I can remove it by opening up gparted in a Kubuntu live CD, deleting the small partition (it'll probobly be a few megs. right?), merging it with the big partition and if it doesn't boot, boot into a 7 install CD, open up CMD and type /fixmbr and /fixboot. Right?

naw, you don't even need to do that much, kaspersky and Norton both have a couple great rootkit removers (about the only thing norton is good for :p) that will do that for you
Veteran

Shane Nokes

Posted
Posted

If this machine does have a rootkit, I can remove it by opening up gparted in a Kubuntu live CD, deleting the small partition (it'll probobly be a few megs. right?), merging it with the big partition and if it doesn't boot, boot into a 7 install CD, open up CMD and type /fixmbr and /fixboot. Right?

For rootkits it depends. Generally TDSSKiller is the best way to go, but it doesn't get everything. There are a few other tools that can be used.

When it comes to rootkits though...those can be a pain. That's why I said if it's the case where the person doesn't care so much and you're not 100% sure you can get it...then there is nothing wrong with doing a low-level format and reinstall once everything is backed up.

It took me a while to figure out rootkits and the best ways to clean them. I have a system that I infect on purpose on a regular basis with new stuff as it comes out so I can work on manual cleans.

Grand Master

majortom1981

Posted
Posted

With an infection this bad I find it the easiest to go into safemode first and go through the registry by hand and scan the registry for unneeded entries. Then go into services and make sure you didn't miss anything. Then I go and delete the files manually. Then I use ccleaner and an antivirus.

Veteran

Shane Nokes

Posted
Posted

you didn't and that's actually why a few people including me were confused at why you were able to clean so fast

i've had the experience of waiting 3 hours for a scan too

Indeed, and that's why I've said that the scan is usually the longest part. Once I know everything that's on the system I can go in and do a very quick clean since once I know what it is I know what to get rid of. :)

After that I do another scan of the system and make sure it's all good.

I think one thing I do differently is that I always handle the scans offline. I don't bother with scans when the system is up and running unless there's absolutely no other option...which has only happened once.

Veteran

Shane Nokes

Posted
Posted

I thought you did somewhere, maybe it was somebody else. My apologies. But, you said yourself that you can fix ANY computer within only a couple of hours.

If it takes you longer, you obviously do not know what you are doing and need to change professions. I just told you from experience, ONE SCAN took 3 hours. That is all I mean, is that from my own experience, just one scan took longer than a format and install would have taken.

Indeed. I should have said few instead of couple. The max for me is about 4 hours. That's to scan and clean, and scan again.

As I mentioned above...it might have to do with how often I infect my test machine, and the fact that I do my scans offline. That cuts out a lot of time.

I do agree that it's faster than a format and install...but only a format and install. That ignores putting all of the data back on the machine exactly as it was when you got it.

Maybe it's just my work ethic, but I want my customer to walk out with their machine exactly as they gave it to me...just minus the infections.

Grand Master

Astra.Xtreme

Posted
Posted

Flip out? Wow...lol. Dude I'm sitting drinking Game Fuel laughing my ass off. If you think an internet forum makes me flip out...you should see what I've done for the past several years as my day job. :p

The virus cannot replicate if the code isn't running. If the hard drive is scanned offline and handled properly you can clean ANYTHING off it.

As regards severity...I've seen everything man. You do this long enough and work on thousands and thousands of machines...you end up seeing it all. I've seen machines with literally hundreds of infections.

I once had to kick the primary IT guy out of a server room (ends up he's the one who infected the machine by sneaking to view porn in the first place) so that I could clean a machine that we couldn't afford to actually flatten. He hadn't been doing his job and making backups...and our job required that things stay up and running. It was a mission critical type of business (emergency response and such).

Now that one was fun...and the longest case I've ever had to deal with since there wasn't a way to take this system offline without taking the whole place down...

I'd classify post #38 as a mild flip-out, but whatever.

If you've seen it all, then there's no way you can fix any sort of scenario in the short duration of a few hours.

Unless you have a single app that will fix everything, running scans alone and actually diagnosing the problem kills hours and hours.

Scanning/diagnosing, fixing, and updating takes a lot of time and there is no way around it in even the best case.

The right way to fix a system is the method with a combination of the lowest time spent (customer cost) and the best future reliability. All I, and a few others, have been saying is that it doesn't take much for a backup and reinstall to be the fastest and most reliable choice.

Veteran

Shane Nokes

Posted
Posted

I'd classify post #38 as a mild flip-out, but whatever.

If you've seen it all, then there's no way you can fix any sort of scenario in the short duration of a few hours.

Unless you have a single app that will fix everything, running scans alone and actually diagnosing the problem kills hours and hours.

Scanning/diagnosing, fixing, and updating takes a lot of time and there is no way around it in even the best case.

The right way to fix a system is the method with a combination of the lowest time spent (customer cost) and the best future reliability. All I, and a few others, have been saying is that it doesn't take much for a backup and reinstall to be the fastest and most reliable choice.

So saying that I'm baffled and stepping back because I don't want to **** people off is flipping out?

Man I'd hate to see what you'd call someone actually flipping out. ;)

You can try to tell me the same thing over and over again...and it doesn't change what I've been doing for years...without an issue.

The way I do things is the reason why I've worked for the government, and why places like MS have me consult on things and even contract my work at points.

I'm good at what I do, and security happens to be one of my specialties.

Personally if you don't know what to do and you have to question yourself you might not want to take someones personals things and do the work.

This ^^

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • The best controller for XBOX and PC is down to the lowest price

      By TarasBuria · Posted

      The best controller for XBOX and PC is down to the lowest price by Taras Buria Image via Neowin The GameSir G7 Pro is a fantastic controller for XBOX and PC. Officially certified, it works with Microsoft's consoles, mobile devices, and PCs, giving you a universal controller for any kind of gaming machine. And right now, you can save 20% on it, thanks to the latest deal during Prime Day 2026 (purchase link below). The G7 Pro has the classic XBOX layout, complemented by a couple of extra elements, such as the M button for changing various settings and four additional remappable buttons. It also has trigger locks and TMR sticks that eliminate drifting issues, giving you a reliable, long-lasting gamepad. The controller is powered by a built-in battery, which charges via a USB Type-C cable or the bundled dock station. The G7 Pro supports wireless (XBOX Wireless, proprietary dongle, or Bluetooth) and wired connectivity. In addition to software customization (you can remap multiple buttons to different actions), it lets you personalize the look by swapping the faceplate or grips, enabling multiple design combinations. Other features include a 1,000Hz polling rate, an audio jack for your headphones, Hall Effect triggers, and a swappable D-pad (two extra are included). The controller is also available in four color variants, and all of them are now discounted. Thanks to quality materials, reliable components, rich customization, universal compatibility, and an affordable price tag, the G7 Pro received very high praise in our review. It is certainly among the best controllers you can buy. GameSir G7 Pro - $63.99 | 20% off with Prime Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.
    • Politically funny images of the World

      By +primortal · Posted

    • Microsoft further improving Windows 11 Taskbar with latest builds

      By hellowalkman · Posted

      Microsoft further improving Windows 11 Taskbar with latest builds by Sayan Sen Microsoft has released new Windows 11 builds for users flighting the Experimental channels. The new builds are 26300.8758 for Windows 11 26H2, 28120.2374 for 26H1, and 29617.1000 for future platforms. There are improvements related to the Taskbar, File Explorer and more with the new update. The full changelogs are given below: First we have the build 26300.8758: Changes and improvements gradually being rolled out [Taskbar] Taskbar customization just got easier. As we continue to make improvements to the Taskbar experience mentioned last month, we've introduced a dedicated Taskbar Size setting, making it simpler to find, understand, and personalize your ideal taskbar experience. UI showing the new Taskbar Size setting in Settings. We've also made refinements to the transitions between taskbar sizes for a smoother overall experience. [File Explorer] We've improved the reliability of thumbnail previews for cloud files in the Details pane. The pane has also been reorganized so file properties are easier to find and review at a glance. Fixed an issue where the OneDrive shortcut in File Explorer stops working when File Explorer is run in administrative mode. Fixed an issue where the confirmation dialog might display an internal Recycle Bin file name instead of the original file name when permanently deleting a file. [Sounds] Improved system sounds when using Windows in dark mode. Up next we have build 28120.2374: Changes and improvements gradually being rolled out This update includes a small set of general improvements and fixes [Mobile Device Settings] You can add and manage your mobile devices in Settings under Bluetooth & Devices > Mobile Devices. On this page, you can manage features such as using your device as a connected camera or accessing your device's files in File Explorer. [Remote Recovery Management] Added a recovery remote management plug-in to extend WinRE management capabilities for MDM providers. [Input] The emoji panel (Windows key + period (.)) now uses GIPHY as the GIF provider, delivering a smoother GIF browsing and sharing experience following the deprecation of the Tenor API. Finally we have the changelog for Windows 11 build 29617.1000: Changes and improvements gradually being rolled out [Windows Update] As announced in the Windows Update announce blog, we are now bringing a new unified update experience to reduce the number of reboots you see per month. We are starting by coordinating driver, .NET, and firmware updates to align with the monthly quality update, reducing the update experience to a single monthly restart. See the blog for more information. [Windows Magnifier] Magnifier now gives you more control over how you zoom. You can type an exact zoom percentage directly in the magnifier toolbar to land on precisely the level you need. We've also added preset step increments (5%, 10%, 25%, 50%, 100%, 150%, 200%, and 400%) to the Settings dropdown, so you can jump to common levels in a single click. Whether you need a subtle boost or a dramatic close-up, Magnifier adapts to how you want to zoom. Enter an exact percentage or jump to preset steps —5% up to 400%. Feedback: Share your thoughts in Feedback Hub (WIN + F) under Accessibility > Magnifier. [Accessibility] We're introducing screen tint, a new accessibility setting that applies a color overlay across your entire display, softening its intensity so it's easier on your eyes throughout the day. If bright, saturated screens leave you with tired or sensitive eyes by the end of a long session, screen tint can help. Screenshot showing UI for screen tint in Accessibility, with color presets and a strength slider. To get started, open Settings > Accessibility (or press WIN + U) and look for screen tint under the Vision section. From there, you can: Pick from six preset colors or choose a custom color of your own. Adjust the tint strength slider from a subtle wash to full intensity. Night light warms your display to reduce blue light that can interfere with sleep. Screen tint reduces overall screen intensity to ease eye fatigue and light sensitivity during the day. They tackle different problems and you can use both at the same time, one working on warmth and the other on intensity. Note that turning on screen tint will disable color filters, and vice versa. If you currently rely on color filters, you might need to keep screen tint turned off. Feedback: Share your thoughts in Feedback Hub (WIN + F) under Accessibility > Narrator. [Voice Access] Voice Access now supports Portuguese (Portugal), Portuguese (Brazil), and Korean (South Korea). [Audio] Continuing our work on improving Sound Settings, we've made a few more updates in this build: We've adjusted the description text for the Allow option in properties for audio devices to include the current state of the device, to improve the clarity of the text and the purpose of the button actions. "Listen to this device" is now available in properties for audio devices, so you don't need to enter Control Panel for this functionality. [Multiple Desktops] Improved explorer reliability when switching between multiple desktops. [Storage] We've updated the dialog when creating a Dev Drive to now support specifying the size in GB instead of only MB. This has also been added when changing the size of volumes under Settings > System > Storage. [Personalization] This update improves color selection accuracy when adjusting your accent color to match your wallpaper when automatic accent color selection is enabled in Personalization settings. This update improves wallpaper persistence reliability across restarts and upgrades, including better support for large-resolution wallpapers and other scenarios to prevent solid color wallpaper fallback. [Display and Graphics] Improves the reliability and persistence of applying color profiles. You can view the official blog posts here (link1, link2, link3) on Microsoft's site.
    • Windows 11 is getting redesigned taskbar settings in new build

      By TarasBuria · Posted

      Windows 11 is getting redesigned taskbar settings in new build by Taras Buria Microsoft is rolling out new Windows 11 preview builds in the Insider program, offering users new features and changes to try ahead of public release. In the Experimental channel (formerly Dev), Microsoft is shipping build 26300.8758, while in the Beta channel, users can download build 26220.8754. The changelogs do not contain much, but there is an important update to taskbar settings. Here is what is new in build 26220.8754: [Taskbar] Taskbar customization just got easier. As we continue to make improvements to the Taskbar experience mentioned last month, we've introduced a dedicated Taskbar Size setting, making it simpler to find, understand, and personalize your ideal taskbar experience. We've also made refinements to the transitions between taskbar sizes for a smoother overall experience. [File Explorer] We've improved the reliability of thumbnail previews for cloud files in the Details pane. The pane has also been reorganized so file properties are easier to find and review at a glance. Fixed an issue where the OneDrive shortcut in File Explorer stops working when File Explorer is run in administrative mode. Fixed an issue where the confirmation dialog might display an internal Recycle Bin file name instead of the original file name when permanently deleting a file. [Sounds] Improved system sounds when using Windows in dark mode. And here is what is new in build 26220.8754: [Smart card removal policy] Administrators can now configure Azure Virtual Desktop (AVD) and Windows 365 sessions that use Microsoft Entra ID (RDS AAD Auth) authentication to automatically disconnect when a redirected smart card is removed. This extends smart card removal policy enforcement to Microsoft Entra authenticated remote sessions, helping organizations meet security and compliance requirements. [File Explorer] Fixed an issue where the OneDrive shortcut in File Explorer stops working when File Explorer is run in administrator mode. [Taskbar] Improved reliability of loading the system tray area of the taskbar. [Sounds] Improved system sounds when using Windows in dark mode. You can find release notes for build 26300.8758 here and for build 26220.8754 here.
    • Apple reportedly has a second-generation iPhone Fold planned for 2027

      By +Random Stranger · Posted

      Correct. Thank you unfortunately commenting on this stupid article we bring a possible more crap like that. If it gets click they post it

  • Recent Achievements

    • Week One Done
      Scoobystu earned a badge
      Week One Done
    • Week One Done
      tuben earned a badge
      Week One Done
    • First Post
      OffsetAbs earned a badge
      First Post
    • Reacting Well
      OffsetAbs earned a badge
      Reacting Well
    • First Post
      Kolakid60 earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      440
    2. 2
      +Edouard
      197
    3. 3
      PsYcHoKiLLa
      156
    4. 4
      FloatingFatMan
      71
    5. 5
      Steven P.
      67
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!