Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: S.M.A.R.T. HDD Program: Who Are These Jokers ?

03 Apr 2012   #11
Thornton

windows 7 Professional
 
 

Quote   Quote: Originally Posted by DeaconFrost View Post
Nothing should have been corrupted. Those "programs" hold your system hostage, making you think you need to pay for something. As long as people out there continue to be fooled by it and pay...they will exist.

The easiest way to remove this type of malware is to pull the drive an attach it to another system. Scan the drive and clean it...then return it to the original system and run another scan to be sure.
i got ridof it without having to attatch it to another drive. its just a gazillian steps to go through though, i will poset here my updated steps.

1. download sys internals
2. use process explorer from sysint, to delete anything using excessive memory with a random numeric value
3. search for you browser in the start menu, because things are hidden it wont show up unless searched or if you view hidden files
4. download loaris trojan remover, and malwarebytes
5. run malwarebytes first, then run loaris trojan remover
6. run unhide.exe, OR what i would recomend is to open elevated command prompt, and type in "attrib /d /s -h [directory name]" if that doesnt work try -h -s instead of just -h
7. reset your background
8. right click on start menu, properties, customize, and place everything back in your start menu
9. refil task bar... tada

to be safe i would run your primary anti virus 1 more time before restarting incase remence of the virus are still there, also i would clear your temp file... for EVERYTHING POSSIBLE, this will ensure that the download it came in through is not still lingering.


My System SpecsSystem Spec
.
03 Apr 2012   #12
DeaconFrost

Windows 7 Ultimate x64 SP1
 
 

Quote   Quote: Originally Posted by Thornton View Post
i got ridof it without having to attatch it to another drive. its just a gazillian steps to go through though, i will poset here my updated steps.
I didn't mean it as the only method. It's just the easiest and most straight-forward....especially if someone isn't compfrtable with downloading more programs and running those commands. On top of that, the infections I've had to clean...you couldn't perform those steps on the system anyway, as all .exes are normally blocked.
Quote   Quote: Originally Posted by bbearren View Post
That's one of the main reasons I dual boot from a second drive. I can boot to the other OS if necessary and perform all necessary cleanup/de-lousing.
I've helped a number of folks with difficult infections in XP by walking them through a parallel installation and doing all the scrubbing from there.
Dual-booting requires a second license, which most people don't have. Setting up a parallel install also takes quite a bit longer than just removing the infection. For people who aren't physically located around me, I just send them a bootable AV rescue disc and walk them through booting from that disc.
My System SpecsSystem Spec
03 Apr 2012   #13
Thornton

windows 7 Professional
 
 

Quote   Quote: Originally Posted by DeaconFrost View Post
Quote   Quote: Originally Posted by Thornton View Post
i got ridof it without having to attatch it to another drive. its just a gazillian steps to go through though, i will poset here my updated steps.
I didn't mean it as the only method. It's just the easiest and most straight-forward....especially if someone isn't compfrtable with downloading more programs and running those commands. On top of that, the infections I've had to clean...you couldn't perform those steps on the system anyway, as all .exes are normally blocked.
Quote   Quote: Originally Posted by bbearren View Post
That's one of the main reasons I dual boot from a second drive. I can boot to the other OS if necessary and perform all necessary cleanup/de-lousing.
I've helped a number of folks with difficult infections in XP by walking them through a parallel installation and doing all the scrubbing from there.
Dual-booting requires a second license, which most people don't have. Setting up a parallel install also takes quite a bit longer than just removing the infection. For people who aren't physically located around me, I just send them a bootable AV rescue disc and walk them through booting from that disc.
but just deleting the virus doesnt fix much, doing it manually would still be easier, becose its the same steps minus attatching it to another computer, you still have to remove it from the regestry, delete the files which hide, mind i say, EXTREEMLY WELL, there are a number of random numeric exes and dlls and no extension files that are needed for windows operations that you do not want to accidently delete, then you still have to run virus scan again to be safe, and you still have to unhide files, fix theme, fix task bar and start menu etc, its not saving you steps, if anything its adding a step that you could achieve by just entering safe mode with networking. ive spent the last couple days looking into this, and ive thought the same thing you did, but just deleting the virus isnt going to fix the damage its done, so you can run 3 virus checks, or , spend 2 hours looking for files you dont even know the names of... im not saying your method doesnt work, especially if its about just being malicious, but in this case, it is easier to use my method, but if someone else knows of an even faster method, im sure sharing would be appreciated by all.
My System SpecsSystem Spec
.

03 Apr 2012   #14
Thornton

windows 7 Professional
 
 

Quote   Quote: Originally Posted by Robert11 View Post
Hi,

Any simpler way than pulling the internal HD ?

Bob
1. download sys internals
2. use process explorer from sysint, to delete anything using excessive memory with a random numeric value
3. search for you browser in the start menu, because things are hidden it wont show up unless searched or if you view hidden files
4. download loaris trojan remover, and malwarebytes
5. run malwarebytes first, then run loaris trojan remover
6. run unhide.exe, OR what i would recomend is to open elevated command prompt, and type in "attrib /d /s -h [directory name]" if that doesnt work try -h -s instead of just -h
7. reset your background
8. right click on start menu, properties, customize, and place everything back in your start menu
9. refil task bar... tada

i also use security essentials, and i would do this after all these steps to run one final check of your machine before rebooting and finalizing most of these settings

edit: incase you are wondering why i chose sys internals, this virus prevents you from using task manager, also you may find you like sys internals more. the latest stable release on msdn should work nicely
My System SpecsSystem Spec
03 Apr 2012   #15
bbearren

7 Ultimate x64/7 Home Premium x64
 
 

Quote   Quote: Originally Posted by DeaconFrost View Post
Quote   Quote: Originally Posted by Thornton View Post
i got ridof it without having to attatch it to another drive. its just a gazillian steps to go through though, i will poset here my updated steps.
I didn't mean it as the only method. It's just the easiest and most straight-forward....especially if someone isn't compfrtable with downloading more programs and running those commands. On top of that, the infections I've had to clean...you couldn't perform those steps on the system anyway, as all .exes are normally blocked.
Quote   Quote: Originally Posted by bbearren View Post
I've helped a number of folks with difficult infections in XP by walking them through a parallel installation and doing all the scrubbing from there.
Dual-booting requires a second license, which most people don't have. Setting up a parallel install also takes quite a bit longer than just removing the infection. For people who aren't physically located around me, I just send them a bootable AV rescue disc and walk them through booting from that disc.
I've assisted in complete malware removal via parallel installation in instances where so-called "Malware Experts" (not on these forums, mind you) had instructed the OP, after numerous and unsuccessful attempts at using various AM tools, insisted that the only recourse was to reformat/reinstall, the infection was too deep to be removed.
Here is an example. We had to finish via email - the Admins closed the thread.
My System SpecsSystem Spec
03 Apr 2012   #16
FliGi7

XP / Win7 x64 Pro
 
 

As an aside, if malware appears to persistently return, even though you've removed all traces of it on the system, you need to consider that it may have copied itself to the MBR and is restoring itself upon boot. The only way to get rid of that is to re-write the MBR or do a full format (which will obviously re-write the MBR then).
My System SpecsSystem Spec
03 Apr 2012   #17
DeaconFrost

Windows 7 Ultimate x64 SP1
 
 

Quote   Quote: Originally Posted by bbearren View Post
I've assisted in complete malware removal via parallel installation in instances where so-called "Malware Experts" (not on these forums, mind you) had instructed the OP, after numerous and unsuccessful attempts at using various AM tools, insisted that the only recourse was to reformat/reinstall, the infection was too deep to be removed.
That doesn't change the caveats of the parallel install I mentioned above. Pulling the drive is an easier, much more simple method..and allows cleaning of the MBR as well. If a person suggests a reformat before pulling the drive...they aren't a malware expert in any sense of the term. Why do you think the "docks" have been so popular to purchase? I use mine religiously at home and at work for backing up drives, recovering data, and cleaning persistent malware infections.
My System SpecsSystem Spec
03 Apr 2012   #18
bbearren

7 Ultimate x64/7 Home Premium x64
 
 

RE: Docks, I have two that I use for drive imaging, and they are certainly useful for other purposes, as well.

But when helping folks through forums like this, there may well be limitations on their end. One good thing about a parallel install is that it is free if the person needing the help has the installation media available, or a friend/relative from whom they can borrow it temporarily.
My System SpecsSystem Spec
03 Apr 2012   #19
bbearren

7 Ultimate x64/7 Home Premium x64
 
 

Quote   Quote: Originally Posted by FliGi7 View Post
As an aside, if malware appears to persistently return, even though you've removed all traces of it on the system, you need to consider that it may have copied itself to the MBR and is restoring itself upon boot. The only way to get rid of that is to re-write the MBR or do a full format (which will obviously re-write the MBR then).
I recall one persistently nasty one that would replicate itself from two innocent-looking text files over the course of 4 reboots of the PC. It's been a few years and I can't remember the name of the variant, but the two text files (once found) proved to be its Achilles heel.
It also involved a bunch of registry work, too.
My System SpecsSystem Spec
03 Apr 2012   #20
DeaconFrost

Windows 7 Ultimate x64 SP1
 
 

It's been a while since I've had to do a parallel OS install, but it usually leaves the system in a temporary state. At least that's how it used to be. A parallel install would always allow the person in to backup their data, but then they'd be doing a clean install afterwards. Doing so also wouldn't get to any boot viruses that remain and would only reinfect the new install.

I understand your point about doing what's easiest and best for people on the forums...and that's why I am recommending the drive pull. You don't need a dock to do so. For example, given your post. If you were to head over to a friend or relative's house for the media...you could just bring your drive and pop it in their case. Anyone who would be a "go to person" for cleaning malware would be equipped for this. Most mom and pop shops would clean the virus in this method for a very small fee as well. Aside from being easier, it guarantees a clean drive...as the drive isn't running or boot any OSes.
Quote   Quote: Originally Posted by bbearren View Post
innocent-looking text files over the course of 4 reboots of the PC.
Not to sound like I am hounding on the same point...but those kinds of malware are easily removed when the drive is connected to another system. That was the point I was trying to make from the beginning. Instead of poking around with a system and trying different scans and apps...I go right to the solution.
My System SpecsSystem Spec
Reply

 S.M.A.R.T. HDD Program: Who Are These Jokers ?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Program refusing to install in standard program files folder
I have an Advent (PC World brand) Laptop that comes with its own custom On-Screen Display software. The software is made for 32 bit Windows with no 64 bit version available as far as I'm aware. I have upgraded to 64 bit Windows recently and everything seems to work great except the OSD. ...
Software
Sounds works except for one program, but that program shows activity
Sound generally works perfectly fine on my computer, I can watch movies, play games, etc.... Except, I recently installed the slingplayer desktop program. I do not hear any sound. However, the mixer is showing that it is generating audio. This works perfectly fine on a different computer. ...
Sound & Audio
Creating an Elevated Program Shortcut for Search Everything Program.
I`ve done this successfully for SpeedFan, but I`m having a problem with doing the same for the Search Everything program. I`ve been through the tutorial steps several times now, the task executes successfully,( I checked it with command prompt box) but nothing happens. /c start "SpeedFan"...
Software
Can't install program - Program Data folder permissions?
I'm trying to instal Skype on my PC and I keep getting this error message: 'An error occured while attempting to create the directory: c:\ProgramData\Microsoft\Windows\StartMenu. This is what I've done to try and remedy it: 1. Right clicked the installer file and tried to run as...
Software
Program icon pinned to taskbar not replaced by active program button
Until recently, whenever I opened a program by clicking on the program icon pinned to the taskbar, that icon was replaced by the active program button. This is the behavior I want in order to keep the taskbar uncluttered. However, I recently mistakenly unpinned an icon for Mozilla Thunderbird and...
General Discussion
What wrong with microsoft (jokers)
My Question: Whats happened to the send feedback shortcuts...? Im running the windows 7 RC 7600 (ultimate)(standard build) After fully testing hyper-V 64 / XPmode(vpc2009) I am sorely dissapointed... Both lovely products BUT, Why have microsoft Trimmed down The Virtual PC Technology... New...
Virtualization


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:56.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App