• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Malware

Kaspersky said I had some malware, but they are not a threat now. I do not understand why starting in safe mode once fixed my problems, but everything seems good for now.

Ranb
 
shandyjan said:
I use Avari anti virus, windows own firewall, and malwarebytes for the malware. I also have spywareblaster which so long as you check for updates every week, then enable them, its like a vaccination, and doesnt interfere with your other programmes. I havnt had any virus or malware since I started using this combo! (I did use zone alarm firewall but after reformatting recently just clicked on the windows one for now. until I make my mind up)
Click to expand...

I like Comodo firewall
 
The Norseman said:
The thing that makes me feel better about this is that browsers are more and more being installed in their own sandboxes, though I tend to be somewhat of a software purist and dislike the trend of a single point of failure like a browser to do everything like open documents and pdf's, etc.
Click to expand...

Good point, unfortunately it is the nut behind the wheel that usually fails. Personally I hate toolbars.
 
Skeptic Ginger said:
That same malware killed my computer more than a few months ago. I went out and bought a Mac.

I can open my old computer in safe mode to copy the files, but otherwise I've just abandoned it. Fortunately I was considering a new computer at the time anyway, so it wasn't a huge loss.
Click to expand...

It might be easy to recover the data and then reinstall the OS, then you have two machines.
 
Ranb said:
Kaspersky said I had some malware, but they are not a threat now. I do not understand why starting in safe mode once fixed my problems, but everything seems good for now.

Ranb
Click to expand...

You might want to download malwarebytes and give it a scan too. No anti virus program is 100% reliable in detecting all threats, I'd give it a scan with another program just to be on the safe side.

If Kasperskey found the malware and cleaned it, it was most likely due to your OS being booted up in Safe Mode. All Safe Mode really does is allow Windows to start with only a minimum amount of the usual resources it uses. If a computer is infected, then Safe Mode usually lets you get into Windows without "waking up" the malware like it normally would. Since it's not actively running in safe mode, your anti virus program would then probably have a much better chance of cleaning the inactive files.

Glad to hear it's working now though! Hopefully it's all taken care of.
 
Last edited:
Skeptic Ginger said:
Can you tell me what your son did? If I open in safe mode, I can't install anything to fix the problem and if I just boot up, the I have no control over the computer.
This makes me chuckle because I'll probably have to get my son to fix my PC also.
Click to expand...

It really depends, some malware does some things, some malware does other things. If you can boot into safe mode with networking, I would start with Malwarebytes, which you can install in safe mode. But you have to let the machine reboot in normal mode.

I think you can run Dr. Web Cure It in safe mode but I don't remember.
 
Ranb said:
I tried safe mode yesterday and it did not start up. I downloaded TDSSKiller and extracted it today, but it failed to open.

I tried safe mode again today and it worked. Updating Kaspersky now. :)

Ranb
Click to expand...

:( Bummer. You may need multiple scanners to remove the infection, Bleeping Computer and many other sites can help if scanners don't work.
 
bozman said:
You might want to download malwarebytes and give it a scan too. No anti virus program is 100% reliable in detecting all threats, I'd give it a scan with another program just to be on the safe side.

If Kasperskey found the malware and cleaned it, it was most likely due to your OS being booted up in Safe Mode. All Safe Mode really does is allow Windows to start with only a minimum amount of the usual resources it uses. If a computer is infected, then Safe Mode usually lets you get into Windows without "waking up" the malware like it normally would. Since it's not actively running in safe mode, your anti virus program would then probably have a much better chance of cleaning the inactive files.

Glad to hear it's working now though! Hopefully it's all taken care of.
Click to expand...

I agree , run another scanner to be sure, and back up your data to an outside source. Rootkits are very hard to scan away.
 
Hey Ginger, is your infected computer running Windows? What version is it?
 
bozman said:
It depends on the malware infection. Some are designed start up every time you log on to Windows and run in the background. By doing that, the nastier ones might be able to prevent you from taking steps to get rid of it (not letting you run a program like Malwarebytes, for example). That's when Safe Mode might come in handy.
Click to expand...
OK, that's what my computer does. If you boot it up it goes straight to the malware screen and no commands work.

In safe mode I can find and copy files. I haven't tried to open any programs except Word. So how would I install a program to a flash drive and enable the program to clean my computer?
 
Dancing David said:
It might be easy to recover the data and then reinstall the OS, then you have two machines.
Click to expand...

Yeah, I'm putting that off. I've been using the stored files as I need them. I didn't want to copy all the files because it seemed like a good opportunity to clean out the old files I no longer need. But that means going through hundreds and hundreds of files one by one and deciding to keep or save them. It's like wanting to do a major house cleaning but getting sidetracked sorting through boxes of stuff that have been accumulating. So the major cleaning never gets done.



... Come to think of it, I have two older computers upstairs that I've kept for the same reason, never sure I have all the old files I want to save off them. One is actually still on a desk and connected to everything but the net, the other one doesn't have a monitor. :p
 
Sounds like I didn't really understand how safe mode was working. I thought it blocked new program installation but it doesn't sound like that's the case.
 
Skeptic Ginger said:
OK, that's what my computer does. If you boot it up it goes straight to the malware screen and no commands work.

In safe mode I can find and copy files. I haven't tried to open any programs except Word. So how would I install a program to a flash drive and enable the program to clean my computer?
Click to expand...

If the scan and anti-malware software does not work, what you can do is a technique I’ve used to clean some of the computers at work when they’ve had malware. If you know the approximate time of the infection you can search (in safe mode without networking) for files created at that time. A lot of the latest variants I’ve encountered name the files as random number strings like ‘178345687’. It helps to have another wed enabled computer so any files that you find created at that time that you’re not sure about you can search the web for information. Bleeping Computer is a good resource for that. Also information about the specific variant you have may also be available but be prepared to improvise as the information on the new variants can only be available after some one has resolved such an infection and posted that information. Most of the files I’ve encountered recently have been stored in the directory “C:\Documents and Settings\All Users\Application Data\” or similar under a specific user (what you call your computer). You may need to be sure the “search hidden files and folders” option is clicked in the “More advanced options” portion of the search tool. Once you have identified the files you can remove them and then search the registry for entries calling those files. Sometimes you have to reboot in normal mode in order to find the registry entries. If unsuccessful attempts have been made to remove the malware it can often install another copy of itself so there may be multiple files with different random names to remove as well as the registry entries. It is best to disable (physically if needed) any network connections before returning to normal mode so the system can not access the internet and reload the malware before cleaning is complete.
 
Dancing David said:
It might be easy to recover the data and then reinstall the OS, then you have two machines.
Click to expand...

Dancing David said:
I agree , run another scanner to be sure, and back up your data to an outside source. Rootkits are very hard to scan away.
Click to expand...


For the love of all that's holy, everyone, please back up your personal data.

Sometimes (and I stress the sometimes) it's far better to completely raze the OS and start from scratch and the only way you can realistically do that is to FIRST have your important files backed up on separate media. An external hard drive or flash drive is better than nothing, though not Best Practices. A burned DVD is probably better.


Skeptic Ginger,

If you have someone who is computer savvy, ask them to make a boot CD for you with a live Linux or Windows image. You'll be bypassing the installed OS and all the headaches involved with what could possibly be a difficult and time-consuming issue to resolve.

Once you boot up with a live CD, you can browse the file folders and then begin to sort through your files to decide which you want to keep.

Once that's done, you can reformat the hard drive and install a fresh OS and use it for a media server in your home, an extra desktop for your kid(s) or even donate it to families whose children may need a basic computer for school.
 
(sorry, didn't see this post)

Skeptic Ginger said:
Will just deleting the files if I find them be sufficient to remove them?
Click to expand...


Deleting malware-type files? In most instances I'm aware of, no, just deleting the malware files will not be enough because the malware will write itself to the registry, make deeper backups of itself or even attempt to write data to the boot sector so that it'll load at a basic level before the operating system even starts to run.

Many malware files are even created in a such a way as to be write-protected (can't delete or write over the top of them). This is why many computer dudes recommend booting with a Linux OS -- Windows and Linux operate with some fundamentally different rules and it helps to be able to access malware with an operating system that is able to ignore the other OS's rules.
 
You must log in or register to reply here.

Back
Top Bottom