I have picked up a virus that shows itself as a virus protection program. It will not allow me to into msconfig and it has shut down Essentials. I have shut down the system and removed it from my network and online capabilities.
How can I delete this issue without reinstalling Windows? And I will reinstall if necessary.
Have you tried starting your computer in safe mode without networking and then running a virus scan?
You can also use the tools (and the virus detection is decent, too) in SuperAntiSpyware
This program has a collection of tools that you can use to perform repairs, such as re-enabling msconfig, system restore, and other windows tools. If you can get to the net, you can try downloading a copy of malwarebytes, going into safe mode, and running a full scan.
However, because you have a virus written by a programmer who is diligent enough to disable MSE, I would bet money that in his code (malware code), he has probably spent the extra time to write functions to disable, or hide from, the majority of AV vendors (kapersky, malwarebytes, hitman, ESET, etc.) The more popular your Anti Virus program is, the more likely a malware writter has written code to look for it, and disable it. They are, after all, aware of these AV tools
The best method of scanning is to use a Live Boot CD. With these, you pop a cd in your cd-rom, an operating system is loaded into memory (from the cd-rom) and you scan your hard drive while it is off. Since windows isn't loaded, it's very hard for the viruses to hide. In fact, it's darn near impossible for them to hide. And since the windows os is off, the virus can't do anything to regenerate itself when its deleted, since it is unaware that it is being deleted.
If you're feeling frisky, you can read about Manually Cleaning Up a Virus Infestation
Pretty much, go into "Safe Mode" then click "Run" in "Start Menu". Then type "MSConfig".
Go to "Startup" tab, then look for names of start up programs that stand out, no manufacturer or a very odd name like "ssjsufgg" etc.
This usually works, also you can go to "Services" tab, and do the same thing you did for "Startup".
If you find the virus listed, you can see the directory of it, just follow it and delete it, after that run a scan.
Hi there.
I personally would NEVER trust a computer that had an infection on it that was "ostensibly" removed by AV software.
I might be in total disagreement with 99.99% of other members on the Forum -- but relying on an Infected OS to clean itself up is a bit like asking the Fox to guard the chickens in the henhouse.
If you have a decent UNINFECTED backup image of the OS -- restore that. If you don't then IMO the only SAFE option is to re-install the OS.
ALWAYS TAKE REGULAR BACKUPS and you can avoid these types of problems.
This also shows the need for REGULAR BACKUPS - which you can easily scan to ensure they are virus free.
Even a 70 GB Windows installation doesn't take more than around 25 mins to backup or restore on a modest laptop using good backup software -- I use Acronis but there are others.
Cheers
jimbo
+ 1 to everything you said Jimbo! I would NEVER trust an installation after an infestation... Thats why I'm so anal about imaging my drive (with Acronis).. Its so much easier to restore a clean image, than spending hours reinstalling the OS along with my programs....... +rep to you!!
I agree with dranfu, you should try running a rescue boot up disk, which loads before the OS does.
There are several out there, I have all of them in my arsenal but I usually start with this one.
AVG Rescue Disk – Free AVG Bootable Antivirus CD
You have others boot disks to choose from also - Avira, Kaspersky, Bitdefender, etc. The links for these are also listed on the page
Quote