Virus - need some serious help!
#1
Virus - need some serious help!
Went over a mates house tonight and he showed me his desktop PC thats having issues. I think its fair to say it has more than one virus and some other problems.
He doesnt have any av software or any malware software. So i started by trying to download Adaware and Spybot. Both programs couldnt be downloaded giving error message and i suspect the virus has made some changes to the registry to prevent them being downloaded.
I then downloaded Adaware and Spybot on his laptop to a memory stick and tried running them in SAFE MODE. Again, the virus had disabled running of these programs, registry again?
So basically, i need to know where in the registry the changes would have been made so that i can atleast start to get it back to normal.
From my limited knowledge, would the registry changes be as simple as changing a 1 to 0 or vice versa?
Any ideas?
He doesnt have any av software or any malware software. So i started by trying to download Adaware and Spybot. Both programs couldnt be downloaded giving error message and i suspect the virus has made some changes to the registry to prevent them being downloaded.
I then downloaded Adaware and Spybot on his laptop to a memory stick and tried running them in SAFE MODE. Again, the virus had disabled running of these programs, registry again?
So basically, i need to know where in the registry the changes would have been made so that i can atleast start to get it back to normal.
From my limited knowledge, would the registry changes be as simple as changing a 1 to 0 or vice versa?
Any ideas?
#2
Don't know if this would be much help to you but I've used it in the past as an aid to removing spyware and browser hijackers, but you have to know what you're doing so you don't delete legitimate entries:
Trend Micro HijackThis - Free software downloads and reviews - CNET Download.com
theres a tutorial here:
HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware
Trend Micro HijackThis - Free software downloads and reviews - CNET Download.com
theres a tutorial here:
HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware
#4
Scooby Regular
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
If the PC really is buggered it may be quicker to do a re-build on it.
Hard to tell how badly it's infected but if its been running without AV and the like (it is behind a router?)
Hijack this as above is good also have a look at this
UBCD for Windows
could run the tools on that and try to improve it but installing AV and the like now is kinda like closing a gate after the horse has bolted if you get my drift
It may be fixable but if it's beyond the point of no return I'd rebuild it from scratch.
Use Nod32 for anti-virus (Avira if you don't want to pay), CCcleaner is also useful and make sure a firewall is present, be it router or software or both.
Then tell him some do and dont's i.e. close popups dont install what they tell you, stay away from virus ridden programs (Kazaa etc)
Hard to tell how badly it's infected but if its been running without AV and the like (it is behind a router?)
Hijack this as above is good also have a look at this
UBCD for Windows
could run the tools on that and try to improve it but installing AV and the like now is kinda like closing a gate after the horse has bolted if you get my drift
It may be fixable but if it's beyond the point of no return I'd rebuild it from scratch.
Use Nod32 for anti-virus (Avira if you don't want to pay), CCcleaner is also useful and make sure a firewall is present, be it router or software or both.
Then tell him some do and dont's i.e. close popups dont install what they tell you, stay away from virus ridden programs (Kazaa etc)
#5
Scooby Regular
iTrader: (1)
Join Date: Aug 2005
Location: Manchester ish
Posts: 18,547
Likes: 0
Received 0 Likes
on
0 Posts
if he can access the web then go to the mcafee website as they do an online virus checker
alternatively, boot into safemode and log on as the administrator and hopefully it will let you install whatever needs installing.
I would also boot into windows normally and have a look at the processes that are running, and also do msconfig from the start menu then run
alternatively, boot into safemode and log on as the administrator and hopefully it will let you install whatever needs installing.
I would also boot into windows normally and have a look at the processes that are running, and also do msconfig from the start menu then run
#7
Will try the restore points tonight as im going back over there to have another look.
Ive already tried booting in safe mode logged on as admin and still no joy in running any programs, just keep getting declined.
Does anyone have any understanding of which registry keys would have been changed to deny permissions?
Ive already tried booting in safe mode logged on as admin and still no joy in running any programs, just keep getting declined.
Does anyone have any understanding of which registry keys would have been changed to deny permissions?
Trending Topics
#10
Scooby Regular
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Fixing lecturers machines over the years, msconfig may help but some will re-enable themselves and come back on at startup with all options unticked without doing serious diggin into the registry and other system files
#12
Scooby Regular
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
dont get me wrong msconfig is a good idea, but things may re-eanble on boot, you may be able to see which ones by checking msconfig again on re-boot seeing which things are ticked and looking at the reg location of that entry. As above check running processes and google dubious ones, if a nasty program has been installed google for a removal tool. I've used a few over the years which were great. Not sure off the of my head why all progs wouldnt run (gota shoot off for a curry) but sounds like it's boogered from that
#19
Being Brutally honest: Stop pissing around.
If they had no AV or Malware protection then just wipe the whole thing and re-install. It's the only way you can be sure you've removed the virus.
You'll probably want to move the documents to another location. Just make sure you scan them thoroughly when moving them back!
If they had no AV or Malware protection then just wipe the whole thing and re-install. It's the only way you can be sure you've removed the virus.
You'll probably want to move the documents to another location. Just make sure you scan them thoroughly when moving them back!
#21
Scooby Regular
Join Date: Sep 1999
Location: Swindon, Wiltshire Xbox Gamertag: Gutgouger
Posts: 6,956
Likes: 0
Received 0 Likes
on
0 Posts
Yes, and you are very unlikely to be able to fix anything by manually hacking it, especially without a lot of experience. You can easily do a lot more damage than good. I'd recommend formatting and a re-install as well...
#22
Just to add, this MSCONFIG talk will never work if its a virus, because ultimately its not a process but a service, a hidden one at that and has been said, once a computer has been compromised by a virus, it is not wise to continue using the same computer without completely reinstalling the operating system.
Thread
Thread Starter
Forum
Replies
Last Post
Blue by You
Non Scooby Related
48
30 September 2015 01:27 PM