real bad computer infection - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: real bad computer infection

I'm not a fan of imaging software at all. Well, you had loose the one file that
you but need to keep.

And now? Leave the PC off, writing letters as it used to be? I have my backup
file by file. And I not gonna change something there.

Well HouseCall found a Recycler Bin folder in C:\ and some config.bin it,
which I removed and deleted manually.

Lets see!

Steve.



Re: real bad computer infection

Steve Miller wrote:
Quoted text here. Click to load it

I make several, and keep them in different places.

Quoted text here. Click to load it

Yeah, MaxBlast doesn't allow the browsing of the image as if it were
just another disk, but the full version of Acronis that it is based on
does. This would allow you to pick and choose what specific file you
want to restore. I'm only using it as an entire disk backup so that is
no problem for me. I *also* do regular backups of system and incremental
backups of data.

Quoted text here. Click to load it

Good luck.


Re: real bad computer infection

Hello,

the prob still persists. Please could someone advise to delete all the cookies?

That would be fun. :)

Steve



Re: real bad computer infection

On 8/2/2011 4:26 AM, Steve Miller wrote:
Quoted text here. Click to load it


  Why? That's of no use whatsoever. In your situation however, you might
consider trying:


Kaspersky's TDSSKiller
http://support.kaspersky.com/faq/?qid=208283363

GMER
http://www.gmer.net /

and Avira's RescueCD:
http://www.avira.com/en/support-download-avira-antivir-rescue-system


  Another poster (Tired) also suggested Combofix which is a good idea,
but I would try the above three first.



--
Are we having fun yet?

Re: real bad computer infection


Quoted text here. Click to load it

Cookies are NOT an issue.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: real bad computer infection

Quoted text here. Click to load it

Well, I removed and reinstalled the program by now. The guard is running again.

Steve



Re: real bad computer infection


Quoted text here. Click to load it

However, the avira.com website still was blocked. I searched regedit for some
telling
entries. Seems not to be there. Temp file s I deleted as well?

What else could I try?

Steve



Re: real bad computer infection

On 8/6/2011 12:08 PM, Steve Miller wrote:
Quoted text here. Click to load it


  Is it just the web site or is it the domain name that is blocked? Try
opening a command line window, do a "ping avira.com" and see if you get
any replies. If you can successfully ping avira.com then your browser
has been tampered with. Go to the Control Panel, Internet Options,
Advanced tab and click on the "Restore advanced settings" and "Reset"
buttons. Then try getting to their web site again.

  If you cannot successfully ping avira.com then you probably have a DNS
hijack. Open a command line window, do a "ipconfig /all" and note the
reported DNS servers. Look up their IP addresses and see if they look
like they belong to your ISP.



--
Are we having fun yet?

Re: real bad computer infection

Whoever wrote:
Quoted text here. Click to load it

Or, he could check his "hosts" file I suppose.


Re: real bad computer infection

On 8/6/2011 8:20 PM, FromTheRafters wrote:
Quoted text here. Click to load it


  It's possible, though I haven't seen too many bugs lately that are
still using that method. Perhaps its just the particular ones that I've
been running into?



--
Are we having fun yet?

Re: real bad computer infection


Quoted text here. Click to load it

Just got back from a sunday call; had a modded hosts. file. Even set
file permissions on the damn thing. Used unlocker to remove the
offensive beastie; They had it redirecting google,yahoo,bing, avast and
a slew of other legit sites to localhost. I removed the offending
rootkit to find the machine still not going to various sites. Found a
13k hosts file, with permissions present. Removed the file, verified
it's not coming back.. :)


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

Re: real bad computer infection

On 8/7/2011 8:06 PM, Dustin wrote:
Quoted text here. Click to load it


  Guess it's just the luck of the draw for me then. I just haven't been
seeing many of them lately.


--
Are we having fun yet?

Re: real bad computer infection



Quoted text here. Click to load it

Macrium Reflect Free also allows you to retrieve individual files from
its image archive.



Re: real bad computer infection

Steve Miller wrote:
Quoted text here. Click to load it

Possibly some kind of rootkit. Combofix has a good success rate with these
kind of things.



Re: real bad computer infection

Steve Miller wrote:
Quoted text here. Click to load it

Most likely malware, but a virus is a distinct type of program
associated with malware. Malware is the 'umbrella' term for all kinds of
MALicious softWARE.
Quoted text here. Click to load it

It likely only found something else, not the problem. Can you boot the
machine from some media cleaner than the (possibly infested) harddrive?

CD, DVD, or USB?

Sometimes even 'safe mode' is clean enough.

Quoted text here. Click to load it

Scanning from within the affected environment can be problematic.

Quoted text here. Click to load it

Follow David H. Lipman's advice. His Multi-AV tool coupled with MBAM is
quite good at finding most malware.

Re: real bad computer infection

Quoted text here. Click to load it

Help with what?  Seems you are on the right track.  I use the free
Windows firewall and the free Microsoft Security Essentials, and it
seems to get the job done. On some other machines like a laptop I use
Comodo, though I typically do not check the "use Comodo DNS servers"
option, as that option, while sound, might complicate things since I
travel all over the world and don't like to rely on just Comodos DNS
servers.  I also use Avira.

These programs are roughly the same, some slightly better than
others.  It's like different brands of cigarettes, they all pretty
much get the job done, which is to deliver nicotine into your system.

RL

Site Timeline