Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: A Nasty Virus

27 May 2009   #1
Copyright

Windows 7 x64 7229
 
 
A Nasty Virus

I have a nasty virus, and I need some advice of what to do. First of all, it won't go away, I've scanned with malwarebytes, and like 5 different AV scanners. For this reason I'm thinking it was more of a physical prank then a virus. Basically my user account got turned into a guest. The administrator account is disabled, I can't enable it, or do anything which requires administrator privileges. In safe mode, I can only login to my (guest) account. I'm not sure what to do, and I can't even backup my files, make a new partition, etc.


My System SpecsSystem Spec
.
27 May 2009   #2
Captain Zero

Windows 7 Home Premium x64
 
 

Clean install? Barring that, you might need to create a boot disk. McAfee, Norton and others allow you to do this online.
My System SpecsSystem Spec
27 May 2009   #3
Copyright

Windows 7 x64 7229
 
 

I really don't think it's a virus, as this computer isn't even connected to the internet. What other options can I try?
My System SpecsSystem Spec
.

27 May 2009   #4
slithernet

Windows 7 Ultimate x64 Retail RTM, Ubuntu 9.10
 
 

Is admin account disabled by default (vista)?
I dont know if it will work from guest accnt but u can anable it by running a cmd window as admin and typing this:

net user administrator /active:yes

If you have another account with admin privledges u can use Offline NT Password & Registry Editor
to change the password on it.

Other than that...... Clean Load.
My System SpecsSystem Spec
27 May 2009   #5
Copyright

Windows 7 x64 7229
 
 

Quote   Quote: Originally Posted by slithernet View Post
Is admin account disabled by default (vista)?
I dont know if it will work from guest accnt but u can anable it by running a cmd window as admin and typing this:

net user administrator /active:yes

If you have another account with admin privledges u can use Offline NT Password & Registry Editor
to change the password on it.

Other than that...... Clean Load.
I've tried both of those, I can't do anything, the only admin account is disabled.
My System SpecsSystem Spec
27 May 2009   #6
Captain Zero

Windows 7 Home Premium x64
 
 

This is sounding like a potential rootkit based on some of the symptoms you've describe. You can try Sysinternal's Rootkit Revealer, in either free download or online scan modes. I'd run it live, especially if you can't get in as admin. Let us know how that works for you.
My System SpecsSystem Spec
27 May 2009   #7
Uber Philf

W7 RTM Ultimate x64
 
 

Or if you can connect to the internet, try using housecall : Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro Australia

That should pick it up, or try stinger : McAfee Threat Center

either of them should help

Enzo.
My System SpecsSystem Spec
28 May 2009   #8
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

What was the last item that you downloaded and installed? Did you use a flash drive?
My System SpecsSystem Spec
30 May 2009   #9
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Hi there
I don't know HOW your machine got infected or even what the virus is but there is only one decent way you can get this computer clean again.

1) Download from the net a LIVE CD of any OS that has a proper hard disk erase utility. You need a Live CD since the OS can't be written to by any infections lurking in specific Disk sectors when you launch a program.

2) Run the erase utility. This should erase THE ENTIRE DISK (if you've partitioned it erase ALL partitions / logical drives). This ERASE should do a physical write to EVERY SECTOR ON THE DISK of binary zeros and preferably set to run for 3 or 4 passes. This should flush out ANY virus lurking in "un-erased" areas of your Disk.

Note a Windows or an Operating system delete doesn't actually physically delete data - it just marks that area on the disk is available for use again - and it could be a LONG time before new data overwites what was on the disk before. That's how these "Undelete" and "Unformat" type of utilities work.

3) Now re-install your OS from a KNOWN VIRUS FREE COPY. Install your AV software and then your applications checking carefully that they are all clean.

NOTE NOTE NOTE it's 100% important you run the Secure Erase type utility on your ENTIRE DISK(S). This - apart from buying a totally new set of disks is the only reasonably certain way of cleaning an infected machine.

Any other method that doesn't completely erase the disks via a "destructive write" i.e writes binary zeros to every sector on the disk can't be guaranteed to be effective these days -- there's some really clever stuff out there.



Note also that the advice above is for when a computer is actually infected. Normal AV protection hopefully should stop your machine getting infected in the first place but once you have an infection getting rid of it is not as simple as a lot of the AV software seems to think it is.

Trojans etc don't need the drastic action that I've specified above but the best safety mechanism is to do all your downloads on to a specific stand alone machine and only when it's passed the av scan check should you copy the data to the machine you want to use it on. Something like a network switch should enable you to switch the disks from the stand alone machine to the applicatopn machine.

If you can only use one machine then download say to an external device like a usb disk and scan it completely before allowing the data to be moved to a directory where you want to use it.

Cheers
jimbo
My System SpecsSystem Spec
30 May 2009   #10
BlitzKing10

Windows Vista Ult. x86/Windows 7 Ult. x86 RC1
 
 

Maybe what you should do is to use HiJackThis: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis, and after post the log file that way we can see if anything truly is messed up.
Also I am good with virus removal and crap like that, so what products have you used other than Malwarebyte's Anti-Malware? I might be able to provide you with assistance.
Do you have an MSN,AIM, or Yahoo messenger account? If so PM me, so we don't spam the forums.
My System SpecsSystem Spec
Reply

 A Nasty Virus




Thread Tools




Similar help and support threads
Thread Forum
Hidden Nasty
I have had a thread running for a few days now regarding this issue but I thought it pertinent to post this: This is a copy of a report I have just sent to PayPal: I appreciate that the problem is with my computer and not your organisation but this Phishing Trojan is targeting your site so it...
System Security
One Nasty Virus (Several Issues occuring)
Well, I've always considered myself as someone who would never have to ask for help, I've always had a great understanding of computers, however I am stumped as to where to go now. I cannot find any solutions or help on Google, so that's why I'm here now. I have a fairly odd virus that's been...
System Security
Need help restoring lost data after nasty virus. Everything hidden.
I got a nasty virus a few days ago and my MSE and Malwarebytes kept taking care of it but it kept coming back. Finally my computer crashed and upon reboot, EVERYTHING was gone. By gone my computer would still boot but it was loading a default desktop with ALL my icons gone and when I would try...
General Discussion
Never had one this nasty!!
A friend gave me his Dell laptop to try and repair. His McAffee died a week ago and somehow he picked up a virus (duh!). McAffee goes nuts saying it's infected but will not remove the virus. Any program that starts sets off the warning that it is infected. The taskbar fills with warnings. In safe...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 17:45.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App