real bad computer infection

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello ng, I'm Steve! How are you?

For a few, something disabled AntiVir Guard. Also, the Avira.com homepage was
blocked.

This must be some sort of malware or virus, therefore. Right?

I scanned with Avira AntiVir Personal and Search & Destroy. Avira AntiVir found
two
infections but the probs still persist.

Now I'm scanning with TrendMicro HouseCall. Nor sure what the results will be.

Can someone please help?

Steve



Re: real bad computer infection


Quoted text here. Click to load it


Yes, disabling anti virus applications as well as blocking access to anti
mawlare web
sites is indicative to being infected with malware.

Have you tried installing, updating and running Malwarebytes' Anti Malware
(MBAM) ?



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: real bad computer infection


Quoted text here. Click to load it

Hello David,

no not yet. When HouseCall was finished scanning the pc, I will try to rename
the actual
AntiVir exe file. Avgnt.exe, to make sure it was not replaced by some malicious
one.

I will remove and reinstall the software package basically.

Steve



Re: real bad computer infection


Quoted text here. Click to load it

Do NOT rename the file!

It is a fully installed application, not a runtime utility.  It should be LEFT
ALONE
as-is.

If you want to scan using Avira AntiVir, you can use my Multi-AV Scanning Tool's
Avira
module.  It also includes scanners from;  Emsisoft, Sophos and Trend Micro.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: real bad computer infection

On Fri, 29 Jul 2011 16:34:19 +0200, "Steve Miller"

Quoted text here. Click to load it

I have no solution to your problem, but I do have one that will
prevent such nonsense in the future.  Get yourself an imaging program
such as Acronis True Image, Macrium Reflect, etc.,   There are a
number of them out there.  With one of those, you merely reload the
last saved image of your C: drive and your back in business in no
time.  It is beyond me why more people don't have such software.

Re: real bad computer infection

marvt@sdla;fj.com wrote in

<snip>

Quoted text here. Click to load it

For the same reason approximately 50% of PC's worldwide run
Vista or Win7, less than 40% XP, and most of all those also run
Internet Explorer and MS "Security" software.

BTW, there are some free imaging programs as well, although a
little harder to use.

Re: real bad computer infection

On Fri, 29 Jul 2011 21:43:44 +0000 (UTC), thanatoid

Quoted text here. Click to load it

Macrium Reflect Free
http://www.macrium.com/reflectfree.aspx

I use this freeware for my weekly backup (Windows 7).
I would know what is "harder to use" at this very simple imaging.

And the restore (don't forget to make your start-up CD/USB) is just as
simple and works fine (proven in practice).

--
Fred W. (NL)

Re: real bad computer infection

wrote:

Quoted text here. Click to load it

I would NOT know what is ...........
(sorry)

--
Fred W. (NL)

Re: real bad computer infection


Quoted text here. Click to load it

I saw it but got it.

Few people have used the free imagers, so it's hard to say
what's easy and what isn't. But Acronis is designed to be pretty
idiot-proof. And I got it FREE in a UK computer magazine in
2002. When I even THINK of ALL the damn utilities I had to rely
on before... The BEST gift I ever got. (Yes, I don't have much
of a life...)


Re: real bad computer infection

On Fri, 29 Jul 2011 23:56:37 +0000 (UTC), thanatoid
Quoted text here. Click to load it

I also used paid software from Paragon, once free with a German computer
magazine.
It worked very well on my WindowsXP.
But when I switched to Windows 7 64-bit, I found out that the Paragon
software wouldn't work on 64-bit Windows.
According to the website Macrium would work on 64-bit, but Easus was not
ready for 64-bit Windows.

I started using Macrium Reflect Free and found that the creation of the
Back-up (image) went faster and that the restore went faster.
And after a restore I could continue without any problem from an earlier
date.
So in the end I was happy I found Macrium Reflect Free.

--
Fred W. (NL)

Re: real bad computer infection

wrote:

Quoted text here. Click to load it

Macrium Reflect does take a bit more understanding.  The fact of
having to choose between the PE or the UNIX  method for your backup CD
is not as clear to a non techie like myself as is the ultra simple
method of creating and using the rescue CD for Acronis True Image.
Also, I have no idea about the XML method Macrium can also use.  I
have both of them.  The Macrium I have  is the paid version.  I prefer
True Image for simplicity.  

I had a major disaster some months back.  Some damn piece of  software
that looked like a simple program totally shot my system on C:  I
couldn't even use the Acronis rescue disk.  I had to use my Windows
install CD.  I installed Windows without all the extra drivers, etc.
Just the bare minimum.  I then reinstalled Acronis True Image and was
able to access the backup image on the Safe Zone partition which
Acronis previously had installed.  I was back up and running in just
the time it took to reload the image - about 1 1/2 hours.  Never had
something that disastrous happened before.  All the times before I
simply used the rescue disk.  That time, however, something totally
screwed my Windows System.  Despite that, it was still simple to get
at the Save Zone again with just the bare reinstall of Windows.  I
have well over a hundred programs in my Program Files folder.  I have
tons of all kinds of drivers for a ton of different types of video and
audio files.  Just thinking of how long - and how absolutely nerve
wracking it would been to spend literally days reinstalling everything
scares the bleep out of me.   And would I have remembered everything,
every setting, etc.?  NOT!   Acronis saved my butt big time.

Re: real bad computer infection

marvt@sdla;fj.com wrote:

Quoted text here. Click to load it

I use Casper, and my setup takes 1.5 SECONDS to get to full recovery,
not 1.5 hours (well, maybe a few seconds more than 1.5!!). I always
have a second internal hard disk in all my computers, and use Casper to
make a complete clone of C: to D:. Casper is then scheduled to update
the clone every week. If disaster strikes and the main C drive goes
down (as it did not long ago) it is the work of SECONDS to just switch
the cables and boot from the backup. No boot CDs or copying back of
images (although you can create a boot CD from Casper should you
want/need one). Also, all files are individually readable/copyable from
the clone at all times.

Just to be paranoid I also do a weekly clone to an external disk that
is only plugged in when I'm about to do that.

JIP


Re: real bad computer infection

On Fri, 29 Jul 2011 20:10:30 -0500, marvt@sdla;fj.com wrote:
Quoted text here. Click to load it

BartPE is for WindowsXP only.
As I have Windows 7, I can only use the Linux version.
(and Linux is the default choice.)

Weekly I make an image of my C:\-partition.
The image is stored on an other partition.
And I copy the image to an external Hard disc.

For recovery purposes I have a "recovery" USB stick lying beside my
monitor.
Whenever something happens, I can use the USB stick to restart the
computer and do a restore.
http://kb.macrium.com/KnowledgebaseArticle50047.aspx?Keywords=usb+stick+bootable
http://kb.macrium.com/KnowledgebaseArticle50025.aspx?Keywords=usb+stick+bootable

The XML-thing is just a way to save the name of the backup.
You can manually delete names of backups you deleted.

Weekly I make a complete copy (nothing incremental, not possible?)
and it take less than 10 minutes.
A restore takes less than 20 minutes and thereafter everything is again
in working order.

On the C:\-partiton I only have Windows and other software installed.
All data are on other partitions and are no part of image and restore.
For backup of data I use different software (Karen).

--
Fred W. (NL)

Re: real bad computer infection


Quoted text here. Click to load it

No it's not. I've used it on windows 7 systems numerous times to do
console/malware hunting. You do have to edit the cmos and change the
way the machine treats the sata drives so you don't get the black
screen of death booting Bart, but it will certainly boot a windows 7
formatted box!

I can send you a torrent iso of my modded bart pe disc sometime if you
need it fred.


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

Re: real bad computer infection

wrote:
Quoted text here. Click to load it

Well, if I am told so by Macrium Reflect, why would I say otherwise?

"BartPE - Select this option to copy a PE-Builder plug-in for Macrium
Reflect.
For XP or Server 2003 installations only. A Macrium Reflect PE-Builder
plug-in will be copied to your existing PE-Builder installation.
PE-Builder creates a rescue disc from your existing Windows XP system
files and drivers."


Quoted text here. Click to load it

And why would I want to do all that, when I have a USB "recovery" stick
that functions just the way I expect and restores any back-up I want?


Quoted text here. Click to load it

I know you mean very well, but I have no desire whatsoever to change my
CMOS or whatever mysterious things you suggest me to do.
I am just an average user (or just a little bit more) and your offer is
way over my head.

Thanks anyway.
 ;-)

--
Fred W. (NL)

Re: real bad computer infection


Quoted text here. Click to load it

I haven't the foggiest. :)
 
Quoted text here. Click to load it

Alrighty then. :)


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

Re: real bad computer infection


Quoted text here. Click to load it

Dustin, I am willing to take you up on that .ISO image.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: real bad computer infection


Quoted text here. Click to load it

I'm still a ghost user.. :) I've recently added ghost v11.5 to my modded
bartpe disc.


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

Re: real bad computer infection


Quoted text here. Click to load it

Me too.
Symantec Ghost v11.5


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: real bad computer infection

thanatoid wrote:
Quoted text here. Click to load it

True, I use "MaxBlast" and it suits my purposes just fine.

Site Timeline