02-21-2009, 05:56 PM | #21 |
Nomadic Tribesman
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
|
I recommend that you set hings up to try and mitigate this sort of thing, in future. Install Microsoft Defender and Spybot Search and Destroy. Run Spybot's "immunization"; it blocks known bad websites, which can infect your system. Make sure that you install a good antivirus and, most importantly, keep it updated.
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising" http://www.morallyambiguous.net/ |
02-21-2009, 09:02 PM | #22 | ||
CMDLINE
Join Date: Feb 2008
Location: Huntsville, AL
Moto: 2008 Black/Grey Hayabusa
Posts: 1,406
|
Quote:
bwahahha. but seriously, keep your sensitive data on another drive, it's probably one of the easiest things to do to mitigate the risk of getting "free stuff" Hey, i'm not passing judgement, I myself have gone for free stuff too.... just in different ways. Anyways, seriously one of the biggest things that people DONT do is keep their shit up to date. Do your updates, they're there for a reason. Douche. Quote:
Seriously, if you're gonna go try to get "free stuff" like that, look into the VMware option. |
||
02-21-2009, 10:16 PM | #23 |
Serious Business
Join Date: Nov 2008
Location: New York
Moto: 1993 ZX-11 2008 CBR1000rr
Posts: 9,723
|
Malwarebytes should take care of AV2009 and it's variants
|
02-22-2009, 12:44 AM | #24 |
Bring on the Zombies!
Join Date: Feb 2008
Location: Cleveland
Moto: 2000 Yamaha YZF600R
Posts: 2,691
|
Everything I had on this comp was saved since I dont have much on it. I only had a few job related things and those are all on my jump drive. And honestly I didnt have all that much music on here. Maybe 3-400 songs and about 5 movies. Now that Im done with school I pretty much only use my laptop for playing online. And now it is protected with a few different things. I was one of those that would only run programs to check for viruses every once in a while, but even though I didnt lose much, it was still enough of a hassle that Im keeping it protected now.
|
02-22-2009, 01:11 AM | #25 |
Swollen Member
Join Date: Nov 2008
Posts: 558
|
|
02-22-2009, 08:45 AM | #26 |
CMDLINE
Join Date: Feb 2008
Location: Huntsville, AL
Moto: 2008 Black/Grey Hayabusa
Posts: 1,406
|
Yeah thats how it typically works.... even though you don't loose much, you still loose stuff (time, mostly) and it's a hassle.
|
02-22-2009, 10:33 AM | #27 |
Dutch's PITA
Join Date: Nov 2008
Location: Back in Nashville!
Moto: I ride Dutch...and an 09 Kawi 250
Posts: 735
|
Keep a copy of MalWareBytes on you computer. I've had that virus (more like Trojan) and you have to remove it MULTIPLE times in safe mode, the again in regular mode, then safe mode agin. AVG CAN NOT CATCH THIS ONE, NOR CAN ADAWARE! We have all kinds of "tech tools" here and none of them worked except the MWB. Bitch is, it keeps replicating itself, which is why you have to do it in safe mode and on every profile on your computer. AVG is the best I've found for antivirus, but it's not infallible. MWB Rocks!
Oh, and don't try to remove a virus while you're drunk...that popup is how it blew up on me...I was in Nashville and it was 4am and we were drunk... |
02-22-2009, 12:42 PM | #28 |
Nomadic Tribesman
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
|
Unless your system has already been added to the bot-net. At that point I haven't found anything short of reinstallation that can guarantee a clean system.
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising" http://www.morallyambiguous.net/ |
02-22-2009, 01:35 PM | #29 | |
Nomadic Tribesman
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
|
Quote:
In regedit Go to HKLM\Software\Microsoft\WindowsNT\CurrentVersion\W inlogon\Notify and in there you'll see at least one of the randomly named files being called at boot. Kill that key. It's the reinfect vector and why you couldn't kill it without multiple attempts. It starts as soon as Windows does. While you're in there, look for processes in HKLM\System\CurrentControlSet\Services that don't belong. I realize that it's hard to sort through that mess, but there may well be a service running that allows the system to be controlled externally, as part of the bot-net. It's gotta go. There may even be more than one. In one case I found two separate services and four items in Notify. While in ERD, use a memory key to copy your tools to the hard drive. I use Spybot and HijackThis. Once you've done your cleaning in ERD, reboot into safe mode and run HIjackThis. You'll find several BHO, toobar, autorun entries that don't belong. Keep an eye open for entries that say "file missing." Since you deleted a ton of stuff already in the previous steps, a lot of the bad stuff will show up this way. If so, kill it. Also keep an eye open for browser hijacks and other stuff that doesn't belong. If you miss it, then the system will reinfect when you reboot it. Now reboot and restart in Safe Mode with Networking. Install Spybot, update it, and run it. Try running your antivirus at this point too, if it isn't too broken. Once all of this has been done either the system is clean, or it isn't. If it isn't, then it will never be, because you haven't managed to find all of the infection vectors. This is why I have just been reinstalling Windows lately, rather than trying to clean them. **EDIT** I should add that none of this is necessary if the user doesn't click on that damned "antivirus" pop-up in the first place. If they don't, then AVG, McAfee, likely any reasonable anti-virus will get rid of the basic infection. Even Spybot will kill it as "Fake-AV" when you run it. The problem is that nothing can stop it, once someone has actually TOLD Windows to install something.
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising" http://www.morallyambiguous.net/ Last edited by Papa_Complex; 02-22-2009 at 01:44 PM.. |
|
02-22-2009, 04:49 PM | #30 |
CMDLINE
Join Date: Feb 2008
Location: Huntsville, AL
Moto: 2008 Black/Grey Hayabusa
Posts: 1,406
|
^____ be careful when going in and mucking with your system directories and the registry....
|
Bookmarks |
Thread Tools | |
Display Modes | |
|
|