Nasty viruses

[espfutbol98]

I have some extremely sophisticated viruses that have downloaded themselves on my computer. Whenever I run my 3rd party anti-spyware, I get a blue shutdown screen. Windows defender cannot update definitions, not even manually. When I go to updated.windows.com or any other anti-virus website, I see google (but the url is still the same). I tried to get Windows Malware Removal Tool but when I run it, it says "... is not a valid Win32 program". That's not even to mention the constant pop-ups, banner adds, and webpage redirection.hnoes:

Oh wait, this is about where I was until my f*cking computer shut down!

As you can see, I really need some help but I'm not really expecting much. I'm considering wiping my hard drive and re-installing vista.

If somebody could give me a virus name or something, I might be able to remove it manually.
Edit:
I went through the entire task manager and found one thing that seemed to be suspicious, it was called System (without the .exe extension) I googled it and it said it was Trojan.Mitglieder.B so I'm gonna try to remove it. When I right-clicked properties and open file location, nothing happened so this might prove to be difficult. If anyone has any suggestions, I dont think system.exe is responsible for everything.

 

[changc]

Re: Nasty *ss viruses

!!I had a virus problem very similar to that. It corrupted my anti-spyware programs, crashed when I tried installing/reinstalling, and blocked the DNS of any security websites. I got obnoxious audio ads in the background, and when I tried system restore it forced a crash/memory dump.

Unfortunately I couldn't figure out how to fix it, so I had to do a factory reset. Best of luck to you.

 

[zen-r]

Re: Nasty *ss viruses

If you don't want to do a complete re-install, it sounds like you need an anti-virus boot disk.

You insert it in your CD drive (or USB socket) & restart your PC, which then boots from your disk. That way, the virus/trojan doesn't get a chance to load into memory.

Then you use the software on your disk to scan & remove the infection.

Most good anti-virus software products either come with such a disk, or allow you to make one, once their software is installed (doing it this way also allows the software to copy any drivers you will need from your system onto the disk at the same time it is being made).

If you haven't got such a disk, you could try using a different computer to make one (providing you have the software, or find something on the web first).

Please click my Reputation button

(at the corner of this post) & make me -it costs you nothing!

If I've traded services/credits with you, please remember to leave iTrader Feedback. Thanks.​

 

[TechAsh]

Re: Nasty *ss viruses

Have you tried booting into 'safe mode' (Hit "F8" just after you see the BIOS/POST boot screen, it may take a couple of tries to get it)? This may allow you to run your anti-virus software (Unless the virus is very sneaky and runs in safe mode.)

 

[Smith6612]

Re: Nasty *ss viruses

If you can, try visiting malwarebytes.org and downloading that program. If you can't, download it from download.com or Softpedia and then update it when you run the installer. If you can't run that program and it spits up the same error, it sounds like you're going to need to DBAN your drive and start aclean, as your Windows Installation will never be the same even if we were to remove every single bit of every nasty out of the computer. I've worked with viruses this nasty before, and after everything was cleaned up, parts of Windows were missing or corrupted, and I had to wind up backing up the user's files with a Bootable Linux disk and a flash drive, DBAN the drive, and reinstall Windows and their software, updating everything, and installing Avast! Anti-virus to their system with Spybot Search and Destroy, and a custom HOSTS file created by Spybot. I also install Firefox with Adblock Plus and IE8 with IE7Pro on it.

But with infections like these, I highly doubt you're going to be able to run in Safe Mode, as pretty much every modern virus these days will reboot you if you even go into Safe Mode via a BSOD or a restart message sent to the motherboard before seeing the login screen.

But whatever path you go down, let us know. If you have other PCs on the network if you have one, you better make sure you run MalwareBytes and Avast! anti-virus on those machines to make sure those are clean, and you aren't ignoring updating Windows and your software (which so many people do because they don't have the time to bother with the updates). Personally, to me it sounds like you got a nice little installation of Vundo on your machine. It's probably the most common piece of Malware I've had to clean out, and it does cause things like this. If it sits in the system for a while, it's extremely hard to remove. I've always found it to come in via Peer to Peer software from a poisoned seed or from advertisements.

Once your PC is online, come back here and I'll tell you what you need to install and not to do in order to keep something like this from happening again.

@ChangC: It sounds like you got something in your system that hijacked your HOSTS file and/or DNS Server settings. Those kinds of things are super easy to fix. All you need is Notepad for the hosts file and some knowledge on how it works, and where your DNS settings are located for the system. A smart thing to do after changing the HOSTS file would be to lock it pernamently with a program such as Spybot.

@zen-r: His PC is going to need a reformat. It's never going to be the same as it used to be before this happened ever again.

 

[garrettroyce]

Re: Nasty *ss viruses

I agree, even if you save your windows installation, it'll never work quite right.

When I worked as a PC repairman for my college, I used a couple of the methods listed already. I also downloaded and created an Ubuntu linux install disk. It's a complete operating system on a CD-R. Then, you can then run utilities on the hard drive. There is a great potential that you will screw up your windows installation beyond repair using this or any method, so be careful!
Edit:
Also, if you have AVG anti-virus installed and you can boot to a DOS prompt, you can run the avg scan. Try googling a windows 98 boot disk download and burn it to a floppy/cd/usb disk.

 

[Smith6612]

Re: Nasty *ss viruses

I agree, even if you save your windows installation, it'll never work quite right.

When I worked as a PC repairman for my college, I used a couple of the methods listed already. I also downloaded and created an Ubuntu linux install disk. It's a complete operating system on a CD-R. Then, you can then run utilities on the hard drive. There is a great potential that you will screw up your windows installation beyond repair using this or any method, so be careful!
Edit:
Also, if you have AVG anti-virus installed and you can boot to a DOS prompt, you can run the avg scan. Try googling a windows 98 boot disk download and burn it to a floppy/cd/usb disk.

The Ultimate Boot CD is a wonderful tool for booting things and for a DOS prompt from a CD http://www.ultimatebootcd.com/

Also with Linux, you can't really mess anything up UNLESS you mount the file system as read and write. Linux has full NTFS capabilities, however due to people having to reverse engineer Microsoft's file system, Linux can easilly corrupt an NTFS drive if you were to write to it. Read only however, you're safe. Knoppix is a Distro that I use for PC recovery and repair. It's easy to use and is basically a Linux distro designed to be ran from the CD, so it's very quick even on slower computers. Much quicker than Ubuntu is honestly running from a CD.

 

[merrillmck]

Re: Nasty *ss viruses

While I'm typically a Windows/Visual Studio/C# guy ... Windows Defender really sucks. There is a thread around here with people commenting on the anti-virus programs they use. Another good freeware program that runs fast scans and finds a whole lot (and has never caused me any problems like some anti-virus/spyware programs) is Spybot Search & Destroy. I used it after it received high marks on one of those independent sites (maybe cnet.com).

It also runs in the background using a small amount of RAM and CPU power. Some anti-virus programs slow down your computer making them almost virus-like themselves.

Another Microsoft product that sucks is Microsoft Live One or something like that ... I think they're actually migrating Windows Defender to Windows Live One. Both are Microsoft's half-hearted efforts at anti-virus and anti-spyware software.

Finally, once you get your system back up and running, use Microsoft Update to get all the latest patches. This is one thing Microsoft does really really really well. It took them about 10 years to finally leverage the Internet for updates but they've got it down. Keep all the latest updates and you're unlikely to have much trojan/virus trouble.

And as someone else said, boot in safe mode if the virus/trojan is fighting your installation of anti-virus/spyware software. Most virus/trojan programs will turn off your firewall, delete any anti-virus/spyware files they can touch, turn off as many security services as they can touch, etc.

 

[taha116]

Re: Nasty *ss viruses

I only just read the topic. Basically ive had similar problems before.

If the following are possible try them out now, download AVG, or AVAST (they are anti viruses)

Note* i used AVG

Right away change their installer names to something like 123pie or like chicken21 and then attempt to install them. During the instillation do not schedule any scans. And install the link scanner and stuff. When you run AVG try running update manager right away. Once your done AVG may or may not pick up stuff with resident shield. If you really can take the pain of risking damage to your windows remove them with force (I didnt care i removed and it worked, note that i hav a copy of vista on a cd i got from future shop to restore stuff) wait 5 minutes, if it pick up like the same virus 50 times just start ignoring it. Then restart your computer in safe mode and run AVG full scan and go smash your head against the wall untill its done and force removal of anything it finds, restart and see if it works fine or atleast better.

If all problems are solved by this point then whatever if not then do the same steps with Ad-Aware by lavasoft and it should remove a lot of crap too.

I did this repetedly and on the first day alot of issues were resolved and i could use my PC fairly easily, next day some more were resolved and i did this in total for maybe 4 days, just once each. My computer is back to complete normal.

when did this happen to me? Like 5 days ago! serisoly Thats why i wasnt online as much is i would have hoped.


Recommended free softwares (Recomended to keep on of each type)

Anti-virus : AVG or AVAST

Anti-Malware : Ad-Aware or Malwarebytes

Ive tried all except AVAST, not cause i dont trust it but cause i solved my problem with AVG first so never needed it. Still ive been recomeded to use it many times

 

[Livewire]

Re: Nasty *ss viruses

I'll vouch for AVAST if only because one particular version of AVG ran absolutely horrid (I've been told a later version repaired the bad performance), but swapping it for AVAST worked for me.


I'd still nuke-and-go if it's an option though. I already spent a few hours trying to fix Mediabox just to reboot it and have it re-infect from 1 file I didn't even get a warning had been created.

If it's possible, just nuke it and know the virus is gone. If that's not an option, I'd snag BOTH AVG and AVAST, but don't run them at the exact same time. Run one, close it, then run the other - AVG and AVAST are both antiviruses, but from what I've seen there's a few things AVAST considers viruses that it picks up that AVG won't, and vice versa (although it seems to be spyware/malware instead of viruses they're fighting over )




I'm always aggro though - ever since that, I dun wrestle with viruses that manage to get past Avast. If one does, the windows drive is being nuked and restarted.

 

[espfutbol98]

Re: Nasty *ss viruses

Thanks everybody for your help.:biggrin:
I'll try to make a boot disk.
Also, the HOST file was the first thing that I looked at. I commented almost everything out but the list of protocols but I still get redirected.

 

[taha116]

Re: Nasty *ss viruses

give my post a shot before you do something like re-install windows and lose all your data

 

[espfutbol98]

Re: Nasty *ss viruses

I tried installing AVG but it failed when it couldn't start avgmfx86.sys service. Error code 0x8007013d.

 

[garrettroyce]

Re: Nasty *ss viruses

Yeah, the virus probably won't let you run the service. You need to boot to a command line and run:

c:\progra~1\AVG\AVG8\avgscanx.exe /comp /heur /arc /clean /reg /pup

 

[espfutbol98]

Re: Nasty *ss viruses

I tried that but it said /comp was an invalid command. I then tried that without /comp and it said /heur was invalid.
If I wipe the disk clean and re-install the OS, can I still save word documents, music, and pictures to the wiped computer?

 

[Smith6612]

Re: Nasty *ss viruses

I tried that but it said /comp was an invalid command. I then tried that without /comp and it said /heur was invalid.
If I wipe the disk clean and re-install the OS, can I still save word documents, music, and pictures to the wiped computer?

A wiped and reinstalled PC is basically a PC from the factory, minus the pre-installed drivers. You can use the PC normally. Now, if you're talking about backing up your files, you should boot up a Linux CD, grab whatever you can off of the hard drive using Linux and move it onto a Flash Drive/external hard drive, and then once your Operating System is reinstalled and an Anti-Virus program such as Avast! or AVG is installed, and an Anti-Spy program such as Spybot: Search and Destroy is installed, with a fully updated system, UAC on if you have Vista and the HOSTS file edited and locked by Spybot, you can copy your backed up files back onto your drive. Scan the drive you used to back up your files before you start copying anything to the system.

Also, make sure you know what hardware your PC has on it. Should it need drivers according to the Device Manager, you'll need to know that info.

 

[garrettroyce]

Re: Nasty *ss viruses

I'm guessing the virus is blocking avg in some way or the file has been corrupted by the virus. You should be able to copy all the files from a good installation of avg and run it from a flash drive or CD.

 

[espfutbol98]

Re: Nasty *ss viruses

I guess that is what I will have to do. :tear:

Thanks everybody for your help!:grouphug:

 

[merrillmck]

Re: Nasty *ss viruses

I guess that is what I will have to do. :tear:

Thanks everybody for your help!:grouphug:

Are you booting in safe mode?

 

[espfutbol98]

Yes, I boot in safe mode and the virus is named Trojan.Mitglieder.B or "System.exe". I try to delete it but first I must end the process. As soon as that happens, I get a shutdown.exe popup saying that the computer will shutdown in less than a minuite so I keep typing shutdown.exe -a in the command prompt while trying to delete System.exe. I have found even when the process is terminated, it cannot be deleted and the computer still shuts down no mater how many times I enter the command.