Two Whole Days of BS

Discussion in 'Security' started by Meteora, Oct 8, 2009.

  1. Meteora

    Meteora

    Joined:
    Oct 3, 2009
    Messages:
    9
    Likes Received:
    0
    Got infected by pretty much a virus that was probably made the day of the infection. I predict this because I couldn't find even one google result about the malware that I had, which is "windows smart security" that somehow changes itself to Registry Defender 2009 and Antivirus 2010, or both, randomly etc.

    It wasn't until this morning someone on the net made a topic about it on CNET and even the suggestions someone gave on it to prevent the virus from disabling virus fighting programs like malwarebytes failed in my case. It didn't do anything (especially when he says to end the processes in task manager under the username that "doesn't make sense" http://forums.cnet.com/5208-6122_102-0.html?threadID=362760) However what if I don't have this one weird username on my task manager? This is why this method fails.

    This piece'o **** trojan has been disabling every possible attempt to remove it. EVERY single anti-malware program, even Stopzilla which claims to be uber in erasing viruses can't do anything to this thing.

    However when I installed Avast (which deleted the last trojan I had and I had the trojan for probably 5 minutes as opposed to 2 whole days of this bs) it asked me if I wanted it to do a scan after it reboots. Obviously I clicked yes, and this was the very method that got rid of the virus last time.

    However more bs, somehow my computer keyboard gets disabled (AND ALL OTHER USB DEVICES DON'T?!) so I can't even freaking delete the trojan when Avast detects it! What kind of garbage is this?

    Any help would be appreciated.
     
    Meteora, Oct 8, 2009
    #1
    1. Advertisements

  2. Meteora

    WAW8

    Joined:
    Jan 27, 2007
    Messages:
    3,541
    Likes Received:
    2
    Location:
    Northern Virginia, USA
    Don't know what you tried or how, but if you haven't already done this, Google for and download either the Avira Rescue CD or the Kasperky equivalent. Burning the former to a CD creates a Linux CD that runs the AV tool OUTSIDE of Windows, thereby, bypassing any limitations that the virus/trojan has imposed. I haven't tried the Kaspersky product (since Avira has worked well for me), but it's supposed to be essentially the same king of setup.



    You could also see if you can get the new Microsoft Security Essentials download from MS to install. It's relatively new, so the malware might not be able to block it just yet.
     
    WAW8, Oct 13, 2009
    #2
    1. Advertisements

  3. Meteora

    Meteora

    Joined:
    Oct 3, 2009
    Messages:
    9
    Likes Received:
    0
    1. Disc Drive has not been functioning for a year.



    2. Yeah, it owned that too. The virus is unstoppable. Maybe a Lebanese guy I know can destroy it though, probably will have to remove it manually dealing with registry keys and what not.
     
    Meteora, Oct 14, 2009
    #3
  4. Meteora

    WAW8

    Joined:
    Jan 27, 2007
    Messages:
    3,541
    Likes Received:
    2
    Location:
    Northern Virginia, USA
    Well, if you have no way to boot the machine from a disk (to prevent Windows from launching), the only other option would be to remove the drive, connect it to another machine via a USB cable, boot that other machine to a AV disk, and run the analysis from there.



    It's going to be really, really difficult to clean this up inside Windows because it may have cloned countless copies of itself all over the place. You really need to be OUTSIDE Windows when you attempt to find and remove this.



    If your machine can boot from USB, you can google for creating bootable USB sticks and see if there's a way to boot from that and run an AV program. I know that Ubuntu v9.04 provides a means of creating a bootable version on a USB stick. If you can do that, you would only then have to copy the AV files onto the stick and boot it.
     
    WAW8, Oct 14, 2009
    #4
  5. Meteora

    Meteora

    Joined:
    Oct 3, 2009
    Messages:
    9
    Likes Received:
    0
    How do I figure out if my comp can boot from a USB? Also removing the drive means disassembling my computer, which is a no-no.

    Finally, I understand how a comp can boot from a CD, especially when a CD starts to run when you put it in. It runs something.

    However I do not recall USB drives running and instead they just open, that is open the folder that comprises them. They do not run, so can comps still boot from them? What will the screen look like?
     
    Meteora, Oct 14, 2009
    #5
  6. Meteora

    WAW8

    Joined:
    Jan 27, 2007
    Messages:
    3,541
    Likes Received:
    2
    Location:
    Northern Virginia, USA
    Your computer will provide that option in the BOOT section of the BIOS setup screens. You will have to check your screens and/or user manual to see what your machine provides. Only the most recent machines provide this.



    Then, the only way you'll be able to clean malware from your drive will be to boot into an OS other than Windows and run an antivirus app from a CD.



    If you're talking about from inside Windows, that's not booting, that's something called autorun which launches the CD when you insert it. To boot from a CD, you would have to go into your BIOS setup screens and change the boot order to select the optical drive first. Then, when the machine starts, you typically get a line of text on the screen that says something like "press any key to boot from CD". You then press a key and the machine boots using that CD.



    Yes -- some machines can boot from USB, but that's because (1) the machine supports it and (2) the USB drive has been formatted as bootable and an OS has been installed to it. A regular "data" USB will not boot, it just opens a set of folders.
     
    WAW8, Oct 15, 2009
    #6
  7. Meteora

    Meteora

    Joined:
    Oct 3, 2009
    Messages:
    9
    Likes Received:
    0
    Your computer will provide that option in the BOOT section of the BIOS setup screens. You will have to check your screens and/or user manual to see what your machine provides. Only the most recent machines provide this.

    Is this F12 or F8? I think it's 12 but I'm not sure.


    Then, the only way you'll be able to clean malware from your drive will be to boot into an OS other than Windows and run an antivirus app from a CD.

    CD drive has long since been unsuable, way before the virus. Does not read discs.


    If you're talking about from inside Windows, that's not booting, that's something called autorun which launches the CD when you insert it. To boot from a CD, you would have to go into your BIOS setup screens and change the boot order to select the optical drive first. Then, when the machine starts, you typically get a line of text on the screen that says something like "press any key to boot from CD". You then press a key and the machine boots using that CD.

    I was recently taught what this is, and done it myself. This was on another pc, a laptop running vista. My infected is my XP desktop.


    Yes -- some machines can boot from USB, but that's because (1) the machine supports it and (2) the USB drive has been formatted as bootable and an OS has been installed to it. A regular "data" USB will not boot, it just opens a set of folders.

    How do I install an OS on a USB and format it as bootable?
     
    Meteora, Oct 15, 2009
    #7
  8. Meteora

    WAW8

    Joined:
    Jan 27, 2007
    Messages:
    3,541
    Likes Received:
    2
    Location:
    Northern Virginia, USA
    I would have no way of knowing as all machines are different. You will need to consult some documentation on your machine to find out.



    Don't know where you live, but recently, my DVD writer bit the dust (don't want to say how much I paid for it!), and I went down to the local PC store and bought a Samsung replacement for $20 -- has been working great since. If you have access to drives at this price, strongly suggest you get one.



    That's a complicated process and depends on the particular OS you want to install.



    You will need OS installation media (DVD or CD) and a large USB stick.



    Suggest you Google for it as we have no tutorials that will walk you through the process.
     
    WAW8, Oct 15, 2009
    #8
  9. Meteora

    Meteora

    Joined:
    Oct 3, 2009
    Messages:
    9
    Likes Received:
    0


    Oh it's 12.







    Does it involve unscrewing bolts in the PC? Just asking. Btw, my may be working but might just be a b**** and the person I'm seeing may be able to do something about it, especially since XP reads it as "fully functional" in device manager even though it only blinks when a disc is put in then just decides not to do anything.







    Eventually I'll do this...if the guy fails.
     
    Meteora, Oct 16, 2009
    #9
  10. Meteora

    WAW8

    Joined:
    Jan 27, 2007
    Messages:
    3,541
    Likes Received:
    2
    Location:
    Northern Virginia, USA
    That depends entirely on the PC case in use. Some require screwing peripherals into the case; others have different kinds of tray mounts that require screwing the device into the tray mount and then sliding the mount into the case. Either way, you'll have to unscrew/screw something to change the device.



    Device Manager doesn't run any complicated diagnostics on the devices in the PC; it only checks to see if the appropriate device drivers are installed. If they are, it reports the device as working properly -- even if it isn't.



    It sounds like the device is actually defective. If it just blinks on all media, that could be a broken laser, or a dirty laser lens. You can buy lens cleaner CDs that can fix the latter problem.
     
    WAW8, Oct 18, 2009
    #10
  11. Meteora

    Meteora

    Joined:
    Oct 3, 2009
    Messages:
    9
    Likes Received:
    0
    What the...? Lens cleaner CD? I guess it is a CD that cleans lenses...but that doesn't sound like it's making sense. I thought cleaning lenses was physical.
     
    Meteora, Oct 21, 2009
    #11
  12. Meteora

    WAW8

    Joined:
    Jan 27, 2007
    Messages:
    3,541
    Likes Received:
    2
    Location:
    Northern Virginia, USA
    Yes, leans cleaning is physical. But if the lens is dirty, that can interfere with reading CD/DVD media. You said it blinks and doesn't appear to do anything. If it's having problems actually reading the disk, it will eventually give up.



    If the lens cleaning doesn't fix it, the laser may be bad or the alignment defective.
     
    WAW8, Oct 21, 2009
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.