Posted on 08/11/2010 2:55:05 AM PDT by Yosemitest
I tried to block it and delete the infected files, but that just set off an attack against my computer, which caused me to reload from backup several times.
How do I get rid of this nightmare, and prevent it from coming back?
sounds like a trojan virus that unloads a bunch of them at once.
I was able to delete the ones I got from a packet even though at startup I still get a message that something can’t be found.
I just used Malware Bytes
You can boot from a Linux Cd and then save all the files you want on Memory sticks. Then do a Windows recovery.
I googled it and found a few sources saying it was a false positive.
Its a valid trojan so never mind about the false positive. Manual removal instructions here http://www.spywareremove.com/removePackedWin32Krapag.html
It will log key strokes and download other software.
Do a boot time scan and your AV should remove it.
On a non-infected box,
Grind it to cd... It is in ISO format, so you need to know how to grind a CD from a file.
BitDefender.com: "How to create a BitDefender Rescue CD"
Boot to the disk, and scan the affected computer.
kb.BitDefender.com:"Using the BitDefender Rescue CD"
BitDefender's clean up engine is pretty effective. It is Linux, but the AV pops up when the boot is done, so all you really need to do is press it's start button...
This is just like in the old days... One needs the native OS to be off-line to kill the bugger, so one must use a boot disk.
I have other solutions if this one doesn't work, but they all require a miniaturized Windows platform to run from - Something Joe-user would have a hard time putting together... Lemme know.
1. for surfing the net, make another account w/o administrative permission. Only use this account to surf with. IF I get any malware, I delete that account and make a new one.
2. I have a separate little laptop that is used for banking only. NOTHING ELSE.
I have turned off all anti-virus and firewalls on the surfing computer. It is lightning fast :)
sfl
One other thing you should do before you run a scan.Before you boot your computer, unplug your modem cable. Some of these malware viruses download things on startup and you wind up like a dog chasing its own tail. When you are clean, plug in your cable.
malwarebytes will get rid of it, but you also need to download rkill.com. It kills the process so you can safely use malwarebytes.
If you can’t get the programs downloaded onto your computer, download them onto a clean computer and copy to a flash drive or cd-rom and then install them through safe mode.
Do the following:
1. Restart your computer, while restarting, press and hold down the F8 key. If you hear a clicking sound, release the key and immediately press it down again. Repeat until you get to a screen that lists a number of options.
2. Select start in Safe Mode with networking,
3. Select the account named administrator if possible.
4. After startup, go online and download the following programs to your desktop: RKILL http://download.bleepingcomputer.com/grinler/rkill.exe”;
MALWAREBYTES: http://www.malwarebytes.org/mbam.php
5. Run RKILL it will stop the processes
6. Run Combofix, it will install the recovery console and update itself, and then run a full scan – let it complete.
7 After that install and run Malwarebytes in quickscan. That should remove the problem and fix the registry.
8. That evening run a complete scan with Malwarebytes
If you can’t get into the administrator account, download these files from another computer and copy them to the desktop. If you can, start in safe mode, log in to the computer and as soon as you can, run rkill, continue to try running it as soon as you see your desktop. It will kill the process and you can proceed from there.
I still get a message that something can’t be found.
ping
And once you get rid of it, how do you keep it from coming back?
How did the Bitdefender boot disk go?
From inside the Native OS (these are not bootable solutions):
Kaspersky AVPTool is a cleanup engine (manual scanner, limited-time use). DLD and install per normal settings. Run the scanner (if you next'd through the install, it will be on your desktop) After completion it will ask to uninstall.
**NOTE** If you say NO, it will remain... One can run it again from within it's folder on your desktop. But it MUST, MUST, MUST be run again/quit, w/ ask uninstall... Choose YES to uninstall. OTHERWISE, if the uninstaller isn't used, it will leave a low-level driver running in your box. DO NOT just delete it's folder.
ELSE, just choose "YES" to uninstall in the first place.
Each time it is installed, it will have a different and unique name... This is normal, so that bugs can't detect it by it's name. Not to worry.
REF: http://avptool.virusinfo.info/en/
NEXT Option:
WebDoctor Cureit is similar in function to KAV's AVPTool, in that it is a single DLD package. But it is simpler to use - Just DLD the executable and run it to fire up the scanner... Delete the executable when done.
WebDr Cureit is a pretty good scanner, but it is usually my last resort... It detects brilliantly, but very aggressively, and can come up with false positives. Be careful if it is giving you "generic" or "maybe" labeled names... It's a crapshoot as to whether they are really infected IMHO.
Try those and see. Best to run them from safe mode if you have it. Then see what is next...
And once you get rid of it, how do you keep it from coming back?
Windows: SP-3. Newest IE (whether you use it or not, PS: Don't use it, see below), Newest Media Player (whether you use it or not). ***ALWAYS ALL UPDATES***.
Firewall: Meh. At LEAST Windows Firewall running. More than that is questionable, especially if you are behind a router.
AV (Choose ONE from below):
Norton, Mcaffee, Trend... All are POO. Discard, slap upside head for being a dumba$$.
NOTE: McAffee and Norton do not uninstall cleanly, and you must find their respective uninstallers and run them AFTER normal uninstall/restart. Otherwise, many other AV's will not install due to their vestiges.
Everything below (except F-Protect) can be found at http://www.filehippo.com, mostly in the "Anti-malware" section.
For $$, the very BEST is Kaspersky Anti-Virus (Don't need the full Internet Security version) For multiple machines, find a local dealer that can set you up with corporate KAV (way cheaper). Extremely effective, but can be heavy (fat) on older machines.
Next best, NOD32 by Eset - Though if multiple machines, this gets spendy fast... Very effective, but it is very light-weight
Next best: F-Protect: Just about as good as above, but killer good deal for multiple boxes... $30 per year buys 5 seats. Very effective, pretty light-weight. This is my house brand, though I use Kaspersky on my server and test-benches.
Honorable mention: Sophos, BitDefender.
ALL of the above have 15-30 day trials, so try them and see which you prefer. ONLY ONE AV running on the box at a time
If $$ is a problem, FREEWARE:
Microsoft Security Essentials - Excellent protection, and probably the best AV at finding Rootkits. I run this on my laptop. NOTE: Requires Activated/Genuine Microsoft, so if you are running bandit, nevermind.
Avira Antivir (personal free): Excellent, but does not include an e-mail scanner. If you use only web mail (Yahoo, Gmail, hotmail, etc) this is a fine solution.
SPYWARE:
MUST HAVE Spybot Search and Destroy. Doesn't detect everything, but what it does, it does very well. Also has good adv. tools for start-up management, HOSTS file, etc. Note: turn off "tea-timer" on install.
AND
SuperAntiSpyware; Super all-around at spyware detection. If you are a malwarebytes fan, this could be skipped - But I think SuperAntiSpyware is better.
CLEANER:
CCleaner dumps all caches and trash with the push of a button. MUST HAVE.
Operation:
Only the AV runs in background. all others are manual scanners. So you have to run them once a week or so.
Running CCleaner first removes cookies and temp stuff, so any hits with the anti-spyware/anti-virus will be serious ones... So pay attention:
1.CCleaner
2.Spybot S&D (Update, immunize, scan, fix)
3.Superantispyware (Update, scan, fix)
4.Antivirus, (manual update, manual scan, fix)
Finally, for web browser, use Firefox, or Opera. Do not use IE for surfing, though it is fine for sites you know are safe. Preference is Firefox.
For Mail, use Thunderbird, Eudora, or Pegasus. Avoid OE and Outlook, UNLESS you have a PIM that you sync to your box. Preference is Thunderbird.
Browser and mail are important. IE and OE/Outlook use ActiveX, which is a sorry way to go. Install Sun Java, and most sites will use it instead, but even displaying a message in a preview pane in OE\Outlook can get you infected (Preview uses ActiveX), and most drive-by scripts use ActiveX code to infect.
Ancillary:
Newest Adobe Flash (two installers, one for IE, one for Firefox/Opera.
Newest Adobe Shockwave (if Shockwave is installed)
Newest/update Java
I have been using the following two programs for years now. Zero problems and my computer runs like day one. I have had my computer for 8 years now and it is extremely fast.
Just get CC Cleaner which is free.
http://www.piriform.com/ccleaner
and
Advance System Care. It will be the best $18 you ever spent.
http://download.cnet.com/Advanced-SystemCare-Free/3000-2086_4-10407614.html
I'll check out what you suggested, but Online Armor++ 4.0 is my current firewall. I use CCleaner to help me get rid of bad system loads.
Spyware Terminator Advanced Mode and don't trust but a few select programs has help me keep them at bay, but they're still on my computer.
Advanced SystemCare Pro also helps, but I found a autosweep program loaded in an obscure location that was deleting most of my security programs after a certain time limit.
I believe I've stopped that little nasty job, but I'm not confident.
I heard on Fox news that there's a new virus that's wiping out allot of on-line banking accounts, and that's my biggest concern.
I'm seriously considering going to the pay version of Malywarebytes' Anti-Malware, but their free version, even with manual updates before I scan, didn't detect this problem.
Only Online Armor++ caught it.
I use CCleaner, and keep it updated, and I like it, but it was attacked by the "autosweep" program that this virus installed.
It took me three reloads from backup before I figured it out.
That seems highly unlikely. I do a gazillion installations a year, and I have never seen SP-3 unable to go on... In fact, my install disks are made from an XP SP-3 master.
Now, it IS possible on upgraded systems - I have seen that - Where a retail upgrade was used to install WinXP with... But if you are using a stock, OEM installation disk, Just find someone with an SP-3 OEM installation disk and use it instead.
It seems more likely that some configuration is preventing a clean load from the SP-3 distributable, rather than hardware. Maybe something BIOS related (you should have the newest BIOS available).
SP-3, and updates following, are pretty critical to security. Many exploits that worked on SP-2 are no longer functional in SP-3. The same is true of Windows Media Player and Internet Explorer, to include DirectX... All of these subsystems are where your vulnerability lies.
I would highly recommend befriending a local guru to figure out what/why. Even if you had to start from a clean rub, it would be to your advantage.
Otherwise, chuck it, and get a newer used system. 2600+ to 3g boxes are readily available under $100 (or at least they are around here). One way or another, your system has to receive critical updates. There really isn't any good prevention (in Windows) without that solid base.
I'll check out what you suggested, but Online Armor++ 4.0 is my current firewall.
I am unfamiliar with OA++. I know the firewall, which is good, and I believe the AV component is by Ikarus, which is no terrible slouch, but I am not in favor of "one-step wonder suites." I MUCH prefer a layered defense - Due to that, I haven't tried it.
I DO know Ikarus, though, and I would suggest that there are better solutions available.
I want an "Apple Laptop" and I'm trying to make this one last until I can afford a new one.
I'm sick of "Windows" and the virus headaches.
I can take it back to factor specks and load SP2 from a disk and then get my firewall up and running, and then get the updates from windows.
But I still worry about getting viruses the first time I get on the internet, while I'm updating Windows XP.
It may be time to buy a new computer.
load your present laptop with Linux - Ubuntu is as easy as it gets, providing it will run everything from the Live! disk. Go dld the Ubuntu Live! ISO, grind it, and boot to it. Try it out. If everything works, then shove it on there. Why pay for the Apple, when you can get the tree for free? *snicker*
I can take it back to factor specks and load SP2 from a disk and then get my firewall up and running, and then get the updates from windows.
But I still worry about getting viruses the first time I get on the internet, while I'm updating Windows XP.
THERE's the problem. Screw "factory specs." Get ahold of an OEM XP SP3 disk
*ahem* *mumbles "torrent"* *cough*
Pardon me... something in my throat...
As I was saying, find an OEM SP-3 Installation disk (make sure Home vs. Pro)
Go to toshiba's site, dld the drivers for your box, unpack them and grind them to a second disk.
Boot up the OEM Install disk, rub off the system partition, and install.
After it is up and running, install the drivers, starting with the chipset drivers, then video, and whatever after that.
It will work. If it doesn't, you can always restore it to factory again
**NOTE** Do not remove the recovery partition (if it has one) when installing Windows, or the restore/factory function will not work.
**NOTE SOMMORE** Be sure your windows key is legible on the bottom of the box, ELSE use this to suck it out of the current installation before you rub it off... Similar problems exist for MS Office, etc...
***NOTE SOMMORE EVEN, YET*** Only a total moron wouldn't understand that this process will result in the loss of all data on the box. Get all important files off the box before you begin... Not sayin', just sayin' :D
OR, if your box is clean now (viruses gone):
You can try loading SP-3 from the IT distributable version. These work better than Win Update.
It may be time to buy a new computer.
It is ALWAYS time to get a new box. :D
If this is your excuse, it is as good as any...
But as far as laptops go, A Win7 64bit is the cat's a$$. With back 2 skewl going on, you should be happening in $450-$600 (think Acer).
Disclaimer: I am not a Win fanboi. Just don't like spending heavy bucks for fruit.
If you can get it running SP-3+, I would stuff a big drive (250+) and big ram in it, and drive it into the ground.
Befriend a good service tech in your area (back alley, not bow-tie)... good used parts are cheap.
BTW sommore,
You say you are loading your AV before allowing update to SP-3 - Some AV’s screw with installation. try disabling it, or use a different AV.
SP-3 update can look like it is totally froze up... it will sit there looking at you for 10 minutes. Let_it_finish.
A service tech in am area is at least 30 miles away,and it's not really doable. I really do live in the sticks.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.