Malware has control of everything

Help and Discussion

Moderator: The Mod Squad

Malware has control of everything

Postby oneof5 » Sun Dec 26, 2010 5:07 pm

I have been inundated with malware last several days and have been able to remove them even though they have controlled some things, with Malwarebytes and ran Adaware even scanned with Avast. I am thinking now that it is due to a toolbar that I don't know how it got there. Toolbar is Elf. I tried to research this and remove it, there is a virus that is a fake security scan called System Tool that has everything locked up. I am running Windows XP Professional. I can not get any commands to work on the >Start >run, etc, I can not delete ANY programs on the Control Panel >add/remove, can not uninstall from the >Start >programs, can not run Malwarebytes, Adaware, or get on the internet. I can run Avast but then I get a blue screen and it says it is dumping Physical memory. I have down loaded off of this computer, Hijack this and put it on an removable memory card and tried to run it that way, no go. It doesn't even respond or it gives me the blue screen with Physical memory dump. I get a pop up from this program every few seconds giving me a warning of a virus attack and it is constantly trying to scan my computer. Ctrl >Alt >Del is a big blank when I can get it to come up.
oneof5
Pilgrim
Pilgrim
 
Posts: 14
Joined: Wed Sep 10, 2008 6:55 pm

Postby Mr T » Mon Dec 27, 2010 1:21 am

Yeah, had this one.... What you need is malwarebytes fully updated and run it in SAFE MODE... It won't always remove it but it tells you where it is so you can search and manually delete it.... Other free virus scans (AVG etc) DO NOT remove any traces left or even come close to removing it - Norton doesn't either... However Microsoft security essentials does... So steps on removal...

1) boot into SAFE MODE
2) Create an account which is Administrative and password protected
3) Set your account to Standard or General user
4) boot into the new administrative account in normal mode and download, install and update
A) Malwarebytes Anti malware
B) MS Security Essentials
Both can be found at Filehippo.com
5) reboot into SAFE MODE and use the new admin account to run malwarebytes - if it roots it out remove it, or search for it manually - it is usually placed in a hidden folder...
6) boot into normal mode and run MS essentials...

If this fails to remove it, you may have to format and do a fresh install - or if it is a branded built system or laptop run recovery to restore it to first boot settings...

Tip....

Windows ALWAYS sets the first user to boot into the system as Administrator... This leaves the system vulnerable to exploits like this, so always set an admin account that you don't use and any other account such as yours as a standard or general user... This means that any nasties like this stop at your account because they have no rights to go further....

Also....

Once you have got rid of the virus, download and install the latest Java and flash from filehippo, these are the usual exploit gateways used to get to your system...
I have been programming on computers since the ZX81.
I am an apprentice trained Electronics Engineer with qualifications to back it up.
I have been repairing computers since 1996.
Yet to some people I still know nothing...
Mr T
Enlightened Master
Enlightened Master
 
Posts: 17093
Joined: Fri Jun 14, 2002 1:03 am
Location: England

Postby oneof5 » Mon Dec 27, 2010 8:46 am

Well it IS a laptop. Plus the other problem is, I can NOT get into safe mode. When starting up and tapping F8 it does't have Safe Mode to select from and I can't get the Start< Run commands to work ie msconfig to get into Safe Mode there. Am I just going to have to reformat the Hard Drive?
oneof5
Pilgrim
Pilgrim
 
Posts: 14
Joined: Wed Sep 10, 2008 6:55 pm

Postby Mr T » Mon Dec 27, 2010 11:06 am

If you can use the laptops recovery to factory settings, that is probably the quickest way... However, if you cannot do that, a format and clean install is the way...

I would suggest taking the hard drive out of the laptop and plugging it into another system (if it is SATA) as a slave and running what I said in the previous post....
I have been programming on computers since the ZX81.
I am an apprentice trained Electronics Engineer with qualifications to back it up.
I have been repairing computers since 1996.
Yet to some people I still know nothing...
Mr T
Enlightened Master
Enlightened Master
 
Posts: 17093
Joined: Fri Jun 14, 2002 1:03 am
Location: England

Postby oneof5 » Mon Dec 27, 2010 6:15 pm

Will the factory settings erase all my files or if I can back them up, do I need to do that before recovery. I know I certainly need to try to do that before a reformat. I do have another profile on the laptop that I have run the malwarebytes on and quarantined some stuff, ran Adaware and quarantined one malware and tried to run Hijack this on and it found a bunch of stuff but it never deleted it when I checked them to delete. I guess because it isn't an administrator profile. It gave me a direction on how to type in "Run" notepad C:WINDOWS\System32\drivers\etc\hosts and then delete what it lists and save it as a 'host' file but since it isn't an administrator profile it would only save it in Documents. Any suggestions since I can get in a standard profile while it has the Administrator profile hijacked. I guess I am grasping at straws.
oneof5
Pilgrim
Pilgrim
 
Posts: 14
Joined: Wed Sep 10, 2008 6:55 pm

Postby Hardware Junkie » Tue Dec 28, 2010 10:48 am

Malwarebytes and SuperAntispyware. If those two fail, reformat and reinstall windows. Not worth the hassle.
"Imagination is the only weapon in the war against reality." -Jules de Gautier

Image
Hardware Junkie
Mobo-fu Master
Mobo-fu Master
 
Posts: 19405
Joined: Thu Jan 25, 2001 1:01 am
Location: 00000h - 0000Fh

Postby oneof5 » Thu Dec 30, 2010 8:42 pm

Well, after running MalwareBytes on the other profile and logging back on to my profile, I still had the virus. I did a ctl alt delete and was able to "end task" of this "thing" that was the fake virus remover, called system tool. Then I chose >new task and was able to type >msconfig and boot up the safe mode. I ran MalwareBytes and Hijack This. It got rid of it and I am back up and running. I have made my new Administrator account and made my account as a non Administrator. Thanks for the help.
oneof5
Pilgrim
Pilgrim
 
Posts: 14
Joined: Wed Sep 10, 2008 6:55 pm

I had the same problem meny times

Postby braydenalex » Sat May 14, 2011 11:34 am

I had the same problem many times , I now use a good protection application , however I recommend for expert to always make a clone (image) of first partition , this clone image file can save allot of time , I personally make a safe clone image to all my clients computers , and every time they have a problem I immediately restore the image.
braydenalex
Pilgrim
Pilgrim
 
Posts: 7
Joined: Sat May 14, 2011 11:16 am


Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 1 guest