It Guys Question Experience With windows 7 security 2012 virus???

[mustangman2011]

I can run Malware and get rid of it, but it comes back in a few days. Any other ideas? To get rid of it for good. TIA

[KillJoy]

Yup. Stopping looking at bad sites.

 

This can get through any A/V currently out there. I see it often.

 

:thumbup:

 

KillJoy

[dakotart]

Yup. Stopping looking at bad sites.

 

This can get through any A/V currently out there. I see it often.

 

:thumbup:

 

KillJoy

 

Same here. We have to format and install from scratch.

[KillJoy]

Same here. We have to format and install from scratch.

 

 

Nah.... no reason to do that.

 

Boot into Safe Mode onto an Admin Account.

 

Display hidden and system files.

 

Browse to the User Account that has the malware.

 

Look in Local Setting > Application Data

 

There is a random name .exe

 

Delete it and reboot.

 

:thumbup:

 

KillJoy

[jeffro]

Id suggest reformatting as well. Had a staff member here get it a few days ago. Id get rid of it and it would come back. Is this your personal PC? I love having an image server and imaging a pc in just a few minutes.

[jeffro]

Nah.... no reason to do that.

 

Boot into Safe Mode onto an Admin Account.

 

Display hidden and system files.

 

Browse to the User Account that has the malware.

 

Look in Local Setting > Application Data

 

There is a random name .exe

 

Delete it and reboot.

 

:thumbup:

 

KillJoy

 

this does not fix all the registry problems it creates.

[KillJoy]

this does not fix all the registry problems it creates.

 

Oh yeah, forgot about that.

 

It modifies the EXEFILE to not allow programs to run correctly. I made backups of the HKCR > EXEFILE > SHELL > OPEN > COMMAND for all OS'. This can be ran once the file is deleted and it will restore the EXEFILE to it correct parameters.

 

:thumbup:

 

KillJoy

[87GT]

Boot into safe mode. Do a system restore back in the past. If that doesn't fix go back another week or whatever.

[dakotart]

Nah.... no reason to do that.

 

Boot into Safe Mode onto an Admin Account.

 

Display hidden and system files.

 

Browse to the User Account that has the malware.

 

Look in Local Setting > Application Data

 

There is a random name .exe

 

Delete it and reboot.

 

:thumbup:

 

KillJoy

 

Yeah we go through all of that and then in a few days, our network monitoring team sends us a reimage ticket. With some viruses that we have been getting, there is still something that isn't detected and it is generating malware like network activity.

[KillJoy]

Yeah we go through all of that and then in a few days, our network monitoring team sends us a reimage ticket. With some viruses that we have been getting, there is still something that isn't detected and it is generating malware like network activity.

 

 

SUS then. Lock down the machines then.

 

:gabe:

 

KillJoy

[RyM3rC]

Are you sure that's the only virus you've got? The 2012 virus should be fixed after fixing the reg files, running rkill, running MBAM in safe mode and rebooting.

[KillJoy]

Are you sure that's the only virus you've got? The 2012 virus should be fixed after fixing the reg files, running rkill, running MBAM in safe mode and rebooting.

 

 

This.

 

Usually, if you get one, you might have others as well...

 

 

KillJoy

[dakotart]

SUS then. Lock down the machines then.

 

:gabe:

 

KillJoy

 

I'm hoping that they do that when they life cycle them next year.

[AWW$HEEET]

i would run malware bytes, look at what it remediates in the report. if it keeps happening, i would reformat. digging through the registry to find something may take longer than an actual rebuild of the machine. not to mention, its a not a bad idea to rebuild your machine every so often.

[mrs.cos]

What programs are you using to "clean" the machine?

[jeffro]

i would run malware bytes, look at what it remediates in the report. if it keeps happening, i would reformat. digging through the registry to find something may take longer than an actual rebuild of the machine. not to mention, its a not a bad idea to rebuild your machine every so often.

 

and there you have it folks. srsly

[mustangman2011]

Malwarebytes Anti Malware and Mcafee Virus

[mrs.cos]

McAfee is a waste of your money, just an FYI..

 

Add Super AntiSpyware to your list of cleaners and throw in CCleaner as well

 

Virus cleaner wise, check out Microsofts Securty Essentials.. Incoming Wall of information..

 

 

*I've added/removed/adjusted some stuff 11/21/10

Lately I've been using the following trio of software for protection with good results:

Microsoft Security Essentials

Web of Trust (aka WOT, available for Firefox, IE & Chrome)

Immunet

 

The 3 of these running together form a pretty good malware shield. Install Malwarebytes for good measure though.

 

 

This thread is for help removing spyware, malware, adware, scamware & viruses. Threads about this stuff pop up daily, so I thought having a master containment thread would be a good idea.

 

Below are some helpful tools for getting rid of malware and keeping it off your computer. I've divided them into sections for ease of finding what you need.

 

Tools for Getting Rid of Existing Infections

If you've already got a bad malware infection and are seeing random popups, phony 'antivirus' messages, and slow performance, these tools will help you get that junk cleaned off. Most of these tools work best when run from Safe Mode.

 

1. Malwarebytes Anti-Malware - http://www.malwarebytes.org/

This is an essential one. Even if you have other software installed, install this as well. It gets rid of most of the worst malware, though it does miss some of the minor stuff. Running this should be step one of killing a nasty infection.

UPDATE: Advanced users- Here's a list of some command line switches to help you automate Malwarebytes: http://forums.nasioc.com/forums/showpost.php?p=27997189&postcount=219

 

2. Combofix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Download the most recent copy of this and run it in safemode. It executes a series of scripts designed to kill all the worst crapware.

 

3. Hijackthis - http://filehippo.com/download_hijackthis/

If you don't know what you are doing, use this with the guidance of experts either here or on a tech forum. It lets you kill items that attempt to start up from oddball locations when your system boots.

4. Spybot Search & Destroy - http://filehippo.com/download_spybot_search_destroy/

This program is awesome at removing a lot of crapware. It isn't as good as Malwarebytes at getting the really tricky stuff, but it is better than Malwarebytes when it comes to detecting and removing the smaller less annoying stuff. It also comes with realtime behavoural spyware blocking (Tea Timer) and an immunization feature to block known threats at the browser level.

 

5. Ad-Aware - http://filehippo.com/download_ad-aware/

I don't use this a whole lot anymore as it is a bit redundant, but it does catch some minor items that might slip past Spybot-S&D and Malwarebytes.

 

6. SDFix - http://forums.majorgeeks.com/showthread.php?p=869653

Rootkits are the most annoying malware of all. Malwarebytes and Combofix can remove many, but if after running them your computer is still acting crazy download the latest SDFix and run it in safe mode. (Thanks Malfrag for reminding me )

 

7. Dr.Web CureIt - http://www.freedrweb.com/

This app is a lifesaver. Nuff said. It kills a lot of nasty stuff, and you can use it for free. When all else fails, try this.

 

8. SuperAntispyware - http://filehippo.com/download_superantispyware/

Much like CureIt, it has a great on-demand scanner that is free to use. You only pay for real-time scanning.

 

9. HitmanPro - http://www.surfright.nl/en/downloads

Heuristics based malware detector/killer. Catches stuff that might slip past the rest!

 

 

Tools for Browsing the Intarwebz Safely

The following will protect you at the most likely point of attack- the web browser.

 

1. Common Sense - Not Yet Available for Download

Don't click isht you don't need. Don't download every peer-to-peer app, screensaver, wallpaper rotator, flash game and cute little widget you see. If something looks fishy, it probably is.

 

2. Don't use IE! Use an alternative like Firefox - http://mozilla.com

Once you have Firefox, install the following add-ons through the 'Tools' menu to help keep your browsing safe:

a) Adblock Plus - blocks almost all ads, including ones poisoned with malicious scripts. After you install it you will be prompted to subscribe to a list- just choose the default 'Easy List' and hit ok.

b) Web Of Trust (aka: WOT) - warns you about possible dangers on a page before you click it. If you MUST use Internet Explorer, you can download a version of WOT that works with it. Go to http://www.mywot.com to get it

c) NoScript - INSTALL ONLY IF YOU ARE HARDCORE- blocks all scripts, which keeps you incredibly safe but can also make some websites unusable.

 

3. Use Better DNS Servers! - Use the OpenDNS.org servers, which are fast as hell and filter out a lot of known evil sites. Go into your Network Connection properties and under TCP/IP set the following as your DNS Servers: 208.67.222.222 and 208.67.220.220

*Don't do this at your office without approval from your IT dept

 

4. Use a Better HOSTS File! - Use the one from mvps.org. It's pretty easy to do and there are instructions on their site for replacing your current HOSTS file with their's. This blocks a ton of known bad hosts quickly and easily. http://www.mvps.org/winhelp2002/hosts.htm

 

5. Don't use an Administrator account - Create a limited user account and use it. Only log in with an administrator account when you need to administrate (adding/removing software, drivers, etc).

 

Protecting Your Computer from Viruses

There are commercial and freeware products available. If you are going to pay for antivirus, I recommend NOD32 (http://www.eset.com) or Kaspersky (http://www.kaspersky.com). Norton and McAfee are bloated memory hogs. I'd rather have a virus than either of those.

 

**There are also lots of great freeware choices, but if you are going to go the free route I highly recommend reading this:

 

http://freesoftwarecomparison.wordpress.com/2007/07/16/free-antivirus-comparison/

 

^Based on research such as this and on personal experience, if going with a free solution I would recommend using one of the following:

 

1. Microsoft Security Essentials (Better than most commercial AV software)

For Windows XP - http://filehippo.com/download_security_essentials_xp/

For Windows 7 & Vista 32bit - http://filehippo.com/download_security_essentials_vista/

For Windows 7 & Vista 64bit - http://filehippo.com/download_security_essentials_vista_64/

 

2. AntiVIR - http://filehippo.com/download_antivir/

 

3. BitDefender - http://filehippo.com/download_bitdefender/

 

4. Comodo Antivirus/Firewall (Internet Security) - http://comodo.com

*See EDIT below

 

5. Spyware Terminator + ClamWin AV - http://filehippo.com/download_spyware_terminator/

*WARNING: The Windows Security Center may not recognize this as an antivirus program and so will warn you with a popup baloon that says "antivirus software not found yada yada yada"... you can turn off this warning in the Security Center options.

 

6. Avast! - http://filehippo.com/download_avast_antivirus/

*downgraded because of annoying renewal procedure

 

^All of these offer a small footprint and good detection. AVG Free Edition is okay, but each new version of it seems slower and bulkier than the prior.

 

*EDIT: I now include Comodo in this list because I've been testing it on several computers and it appears to be pretty damn good. The only nuance is that the firewall and application inspector insist on notifying you of too much crap no matter how you set it- but the firewall is optional in the installation so if you don't like it you can scrap it. The cool thing is that Comodo is completely free, even for businesses and servers (AVG, Avast!, and AntiVir are free only for private use). You can get it at http://www.comodo.com

 

 

Protecting your Computer from SPYWARE, MALWARE, ETC.

A lot of these I've mentioned above, but just for review:

 

- Malwarebytes Anti-Malware (you must pay for realtime scanning!)

http://filehippo.com/download_hijackthis/

 

- Spybot Search and Destroy (realtime scanning is FREE ftw)

http://filehippo.com/download_spybot_search_destroy/

 

- Spyware Terminator (realtime scanning for FREE AND ClamWin integration ftw)

http://filehippo.com/download_spyware_terminator/ <<< This program is one of my favorites, though it is sometimes a bit too aggressive in blocking IE downloads (to err on the side of caution is fine with me)

 

- Ad-Aware (you must pay for realtime scanning!)

http://filehippo.com/download_ad-aware/

 

- Windows Defender - (comes with Windows Vista, free download for XP. I've had problems with it, and it seems like a bit of a slowpoke, but it works. Mostly.)

http://filehippo.com/download_windows_defender/

 

- SuperAntispyware - (Great anti-malware package, but you must pay for realtime scanning.)

http://filehippo.com/download_superantispyware/

 

Other tools

CCleaner - Essential for cleaning up temp files and your registry.

http://filehippo.com/download_ccleaner/

 

ProcessExplorer - Track down pesky crapware hiding behind svchosts or just being sneaky.

http://filehippo.com/download_process_explorer/

 

HiJackthis - see description above

http://filehippo.com/download_hijackthis/

 

Peer Guardian - "PeerGuardian 2 is Phoenix Labs’ premier IP blocker for Windows. PeerGuardian 2 integrates support for multiple lists, list editing, automatic updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc), making it the safest and easiest way to protect your privacy on P2P."

http://phoenixlabs.org/pg2/

 

If anybody has more to contribute, please do so! There's a gajillion tools out there and these are just a few good ones. Post specific problems or questions here in this thread as well so that others can benefit from whatever solution helps you.

Other thoughts:

 

HELP! Malwarebytes and ComboFix won't run!

 

Some smart spyware can recognize software that can potentially kill it and will try to stop them from running. In these cases, the solution is to rename the executable. For malwarebytes, go into the folder where it is installed (usually c:\Program Files\Malwarebytes\) and make a copy of mbam.exe- name it somethingelse.exe. Run that file and it should work! The same goes for combofix- just rename it or make a copy with a different name.

 

Also, in these cases it helps to run CoolWebShredder (aka CWShredder)

http://filehippo.com/download_cwshredder/

 

HELP! Spyware has disabled my Registry Editor (regedit/regedit32)

Use this to fix it: http://www.taskmanagerfix.com/enable-disabled-regedit

 

HELP! Spyware has disabled my Task Manager!!1!

Use this to fix it: http://www.taskmanagerfix.com/

 

HELP! I removed a bunch of malware and now I can't get on teh internetz!!

Try running WinsockFix: http://majorgeeks.com/download4372.html

 

HELP! I have a Malware infection that has crippled my computer and disabled safe mode! I can't run anything! Even a "repair" Windows install didn't fix it!

This one can be overcome without a format & reload (assuming the system restore service isn't disabled). But this is not for a computer n00b! Leave this to the pros if you are not confident in your command line skills.

 

1. Use a windows setup cd to boot to the recovery console, (or use a boot CD like Hiren's or UBCD to load NTFS4DOS

2. Once booted to a command prompt, restore a previous copy of your registry (from before the infection) using this method: http://support.microsoft.com/kb/307545

3. System should now boot after completing step 2; next download and immediately run combofix to destroy the infection.

4. When combofix completes it's tasks, run your regular antivirus/antimalware software to clean up any scraps left behind. Running CCleaners registry cleaner a few times is a good idea also.

 

Beware of Phony Antispyware Software!

A lot of malware will install or prompt you to install supposed remedies for your problems. Running these programs will only dig you deeper in your hole! Here is a list of known legitimate software (lifted from another site):

 

^If it's not on this list, stay far far away from it.

[AWW$HEEET]

i do nothing but administrate mcafee for work, and their scan engine is notoriously weak, as is their product support.

[BIGGU]

create a new user account and see if it goes away. if it does just transfer your personal settings to that account and then delete the old one.

[AC66Bronco]

I just went through all of this. Was a fuggin headach.

[Stallion Motorsports1647545491]

I just went through all of this. Was a fuggin headach.

 

+1

 

Malwarebytes fixed half the problem. I still had browser redirects in firefox. I finally did a system restore, and installed mse...no more issues...fingers crossed.

 

Tom