Skip to comments.Win XP Virus got me. Not Sure how/where
Posted on 01/30/2012 5:07:43 PM PST by Don@VB
Booted up my Acer Aspire One with Win XP and found this Win XP virus. Have Microsoft Security Essentials running and up to date and it got thru. Don't know how but it disabled most applications so could not run virus scan. Everything backed up but still a hassel. Its out there, any tips on avoiding this appreciated.
I consider myself an expert in computer science. Here is my advice:
Steps to better computing:
1. Ram your fist through your computer monitor.
2. Go to hospital.
3. Buy a new computer.
Do you have ‘Malwarebytes’ anti-virus?
Boot your machine in Safe Mode. Run MalwareBytes, full scan. You may need to right click and run this as administrator. Should take care of it.
Three easy letters that will change your life forever.
(full disclosure, I own Apple stock that has paid for all my devices. YMMV)
MS Essentials? (sigh) Another “it’s a free AV! what could possibly go wrong?” moment.
Do you have a second online computer to download a program on to a flash drive with?
There is more and more Mac specific malware out there, and more coming every day.
Something to check out is Sophos software’s anti-malware. It’s free to home users.
While most people have never heard of Sophos, it’s been quietly protecting corporate networks for decades, and doing a terrific job too.
Post Script to story. I reformatted back to factory settings and had most stuff backed up. Thought MS Essentials would at least flag it.
“Boot your machine in Safe Mode. Run MalwareBytes, full scan. You may need to right click and run this as administrator. Should take care of it.”
I used to work for Norton and Cyberdefender in a past life. One thing I witnessed was a TLD4 rootkit knockout Malwarebytes (PRO version), the customer’s AVG paid version (he insisted AVG was better), and locked the system for no system restore. Amazing piece of work who made it..but there was a solution without throwing the laptop out the window.
There, I fixed it...
1) Use Avast (free) for anti-virus
2) Use MalWareBytes (free) for spyware
3) Stay away from porn sites (caught ya, didn’t I?)
Yeah, nobody's ever gonna pick on Apple. /s
Romney porn will get you every time. It’s nasty stuff!
For next time:
-Hit F8 and boot into safe mode with networking
-Once up, go to System Restore - Start | Programs | Accessories | System Tools | System Restore
-Follow the prompts, and choose a restore point on a date before the infestation.
-System will restore and reboot normally. You should be rid of the virus/malware.
I have a few Windows boxes at the office out of necessity (US Gov’t EAC and DPS wont run on Linux or Unix). I installed Sophos and Spybot and have had no problems. I like that Spybot comes with a clone file already intact to allow it to run even when Spybot and AV is blocked by the virus or worm or trojan. But at the end of the day, I retire to my trusty Linux box and smile..
Avast and Malware bytes are great, I also use Advanced system care too.
The best thing to try is to reboot the computer into safe mode with networking, so you’ll have access to the Internet.
Next, disable “System Restore.” This is the option that lets you restore the system to the last believed good configuration. The problem is that quite a bit of malware infects this system, so when you do a “restore” your computer is automatically reinfected.
Go to http://www.malwarebytes.org . Download the free edition, install it, then make sure it’s up to date. The next step is to run a full scan.
Hopefully that will take care of you. If not, something else you might try is going to another computer and downloading the Kaspersky rescue disk and burn it to a CD. Then boot the computer from that CD and follow the instructions. It’s the best way to go, since (other than a root kit) there’s no way for the malware to hide... The Kaspersky disk actually boots to a version of linux. Then buy a copy of the software - IMHO Kaspersky is as good as it gets.
I agree on the Avast and Malwarebytes if you’re running MS.Have had many corporate clients lately getting a nasty bug that masquerades as an antivirus. If you’re using Norton or McCFee, do not trust the automatic updates...do it manually at least once a week.
Yes, its free and yes I’m a cheapskate, however, I followed advice from Freepers. Quite a few think/thought MSE was #1. Hope they can chime in!
I got one of those on a borrowed computer.. it had to be reinstalled... I was in trouble..
The strongest and best antivirus software is called Prevx, www.prevx.com.
+1 Sophos. Been on my MacBook for 2 years... caught a grand total of 2 things, both recently.
That may be more than some can handle psychologically but no question it works. Ubuntu LINUX for people with complex software needs, Puppy LINUX for people who need the internet, word processing, and spreadsheets or who have older computers.
There are a great number of malware infections that actually install itself into the "system restore." One of the first things I always do is disable the system restore to protect against the possibility.
I've also seen some that installs itself onto the hidden partition restore files, so when you tell the system to reset itself back to the factory default installation, the system will still be infected.
Yes - Linux is great these days. Distrowatch.com is a great website for trying out various Linux distributions and it’s always a good idea to have a Linux liveCD around so you can at least boot your virus infected Windows computer and save all of your important files.
1. Push f8 repeatedly during startup before boot up
2. if you have adequate antivirus protection, select “safe mode”
if not, pick “safe mode with networking,” and download some.
3. get a program called “startup mechanic” this will instantly allow you to remove startup processes and thus keep viruses/trojans from starting up
4. you might need a rootkit virus detector and these new viruses hide in vital windows .sys and .dll processes and are difficult to detect.
5. KILL KILL KILL
>>3) Stay away from porn sites (caught ya, didnt I?)
Porn sights arent the only thing that spread this anymore.
Try typing in goggle.com in your address bar sometime.
Ubuntu has actually become very complete, as of 11.0. It installs nearly flawlessly on almost anything - ready to go with all drivers and all essential software (accepting a few third party drivers along the way, but it finds and installs them with permissions). I think presently, Ubuntu would be an easy transition for any Windows user. For me, Ubuntu server is indispensible and rock solid. Linux rocks!
There has been a nasty popup that claims your system is infected, and includes a dialog box. Even clicking the close (x) box on the popup loads the malware. Next thing you know you try to go to any site, either by CTRL-O or typing the URL, you get directed somewhere else, and the sites get progressively offensive. The popup continues to show up, and asks for a credit card number to “renew your coverage”, so it’s a fishing scam as well. So if a popup shows up, don’t click on anything. SHUT DOWN YOU SYSTEM IMMEDIATELY! Reboot in the safe mode, scan your system, including with Malwarebytes. As for McAfee, I have found it to be useless. I have been using Kaspersky, with updates released daily.
If it is really bad, boot in the safe mode, DOS prompt, and run Malwarebytes from the DOS prompt.
Part of the problem is likely that there are just too many known vulnerabilities in older OS’s.. It may help to make sure you’re fully patched up to the last patches for XP. But the end is the end... And there won’t be more. There will always be risks for such machines, and they’ll need to really strictly firewalled and locked down.
Boot to F8 safemode
run system restore, pick last week
It was a nasty rootkit virus, too, but now it’s dead. It’s just amazing the crap they make nowadays.
A word of caution: I tried that with System Restore a few weeks ago and afterward Thunderbird mail would not even start. Search disclosed that System Restore has been known to corrupt the mail database. I recomment backing up your profile first.
Linux is great! When running in a VM on a Mac!
I'll take that. You've gotta start somewhere - baby steps....
YUP...That’s the one!....by the time I get to them, either malwarebytes kills it or I reload the system.
that will teach them to save work to the shared drive and stay off those funky web sites.
Avast caught it, why doesn’t google take it down?
Through the advice of my son, I downloaded Microsoft security essentials.
My advice - never use MSE again! Within 1 week I had a complete system meltdown! It was to the point that I had to lock myself out of the internet to prevent anymore intrusions onto my computer. The only way I was able to save my computer was by booting into safe mode and doing a system restore to the point before I downloaded that security software.
It doesn’t work worth crap. Seriously I was unable to boot up my computer at all. Everything was missing! I had viruses and trojans totally reeking havoc on my computer.
Get a different security software - if looking for free, my oldest son uses Avast and says its great. I use Norton since it’s free through my internet provider.
Mark, didn’t know that. Thanx for tip!
There is a very, very nasty thing out there now. File name VKNT.EXE Heur. Agent/ Gen-Whitebox. Apparently origin in Vietnam. My Super Anti-Spyware picked it up the other day. Trashed it before any damage to PC. I hope...
I hear ya..
ALL of my rootkit and malware removers are free (OTL/OTS, DDS, Avenger, Combofix etc). I get my AV free from Avast in exchange for volunteering on the Avast forums as an “evangelist”. AV’s, even the paid ones are not foolproof that’s why but having a free version is like having a one night stand with a hot chick who might have the clap.
Heuristics are part of the full scan features of most paid AV’s. Everyone of these bastards are unique. TDSS types can easily be killed by TDSSkiller, but TDSSk is useless against HJ or hijack types, which can be neutralized by GMER. GMER is useless against SSDT rootkits but Combofix can destroy it. I wish I can strangle the creators of these malwares..
Hey Don,just my two cents’ worth...I loaded Avast! a few years ago and I just love it. Also, I gave up using IE in any capacity and stick strictly to Firefox as a browser. I’m a happy camper!
Very true. Win XP is a virus.
And you will be happier still tomorrow when Firefox 10 is released.
Go to where the executable file for your virus software lives....that is, navigate to the directory where it is installed...then rename it "explorer.exe". (The virus usually needs explorer.exe to be left untouched) Then double click on your newly named program file and run a virus scan.
I used avast and got a virus there too, but I might couple it with Firefox.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.