Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: A Nasty Virus

27 May 2009   #1

Windows 7 x64 7229
 
 
A Nasty Virus

I have a nasty virus, and I need some advice of what to do. First of all, it won't go away, I've scanned with malwarebytes, and like 5 different AV scanners. For this reason I'm thinking it was more of a physical prank then a virus. Basically my user account got turned into a guest. The administrator account is disabled, I can't enable it, or do anything which requires administrator privileges. In safe mode, I can only login to my (guest) account. I'm not sure what to do, and I can't even backup my files, make a new partition, etc.

My System SpecsSystem Spec
27 May 2009   #2

Windows 7 Home Premium x64
 
 

Clean install? Barring that, you might need to create a boot disk. McAfee, Norton and others allow you to do this online.
My System SpecsSystem Spec
27 May 2009   #3

Windows 7 x64 7229
 
 

I really don't think it's a virus, as this computer isn't even connected to the internet. What other options can I try?
My System SpecsSystem Spec
.


27 May 2009   #4

Windows 7 Ultimate x64 Retail RTM, Ubuntu 9.10
 
 

Is admin account disabled by default (vista)?
I dont know if it will work from guest accnt but u can anable it by running a cmd window as admin and typing this:

net user administrator /active:yes

If you have another account with admin privledges u can use Offline NT Password & Registry Editor
to change the password on it.

Other than that...... Clean Load.
My System SpecsSystem Spec
27 May 2009   #5

Windows 7 x64 7229
 
 

Quote   Quote: Originally Posted by slithernet View Post
Is admin account disabled by default (vista)?
I dont know if it will work from guest accnt but u can anable it by running a cmd window as admin and typing this:

net user administrator /active:yes

If you have another account with admin privledges u can use Offline NT Password & Registry Editor
to change the password on it.

Other than that...... Clean Load.
I've tried both of those, I can't do anything, the only admin account is disabled.
My System SpecsSystem Spec
27 May 2009   #6

Windows 7 Home Premium x64
 
 

This is sounding like a potential rootkit based on some of the symptoms you've describe. You can try Sysinternal's Rootkit Revealer, in either free download or online scan modes. I'd run it live, especially if you can't get in as admin. Let us know how that works for you.
My System SpecsSystem Spec
27 May 2009   #7

W7 RTM Ultimate x64
 
 

Or if you can connect to the internet, try using housecall : Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro Australia

That should pick it up, or try stinger : McAfee Threat Center

either of them should help

Enzo.
My System SpecsSystem Spec
28 May 2009   #8
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

What was the last item that you downloaded and installed? Did you use a flash drive?
My System SpecsSystem Spec
30 May 2009   #9

W7 X-64 RTM,SUSE 11.1, XP PRO SP3 as a VM, VMware ESXi
 
 

Hi there
I don't know HOW your machine got infected or even what the virus is but there is only one decent way you can get this computer clean again.

1) Download from the net a LIVE CD of any OS that has a proper hard disk erase utility. You need a Live CD since the OS can't be written to by any infections lurking in specific Disk sectors when you launch a program.

2) Run the erase utility. This should erase THE ENTIRE DISK (if you've partitioned it erase ALL partitions / logical drives). This ERASE should do a physical write to EVERY SECTOR ON THE DISK of binary zeros and preferably set to run for 3 or 4 passes. This should flush out ANY virus lurking in "un-erased" areas of your Disk.

Note a Windows or an Operating system delete doesn't actually physically delete data - it just marks that area on the disk is available for use again - and it could be a LONG time before new data overwites what was on the disk before. That's how these "Undelete" and "Unformat" type of utilities work.

3) Now re-install your OS from a KNOWN VIRUS FREE COPY. Install your AV software and then your applications checking carefully that they are all clean.

NOTE NOTE NOTE it's 100% important you run the Secure Erase type utility on your ENTIRE DISK(S). This - apart from buying a totally new set of disks is the only reasonably certain way of cleaning an infected machine.

Any other method that doesn't completely erase the disks via a "destructive write" i.e writes binary zeros to every sector on the disk can't be guaranteed to be effective these days -- there's some really clever stuff out there.



Note also that the advice above is for when a computer is actually infected. Normal AV protection hopefully should stop your machine getting infected in the first place but once you have an infection getting rid of it is not as simple as a lot of the AV software seems to think it is.

Trojans etc don't need the drastic action that I've specified above but the best safety mechanism is to do all your downloads on to a specific stand alone machine and only when it's passed the av scan check should you copy the data to the machine you want to use it on. Something like a network switch should enable you to switch the disks from the stand alone machine to the applicatopn machine.

If you can only use one machine then download say to an external device like a usb disk and scan it completely before allowing the data to be moved to a directory where you want to use it.

Cheers
jimbo
My System SpecsSystem Spec
30 May 2009   #10

Windows Vista Ult. x86/Windows 7 Ult. x86 RC1
 
 

Maybe what you should do is to use HiJackThis: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis, and after post the log file that way we can see if anything truly is messed up.
Also I am good with virus removal and crap like that, so what products have you used other than Malwarebyte's Anti-Malware? I might be able to provide you with assistance.
Do you have an MSN,AIM, or Yahoo messenger account? If so PM me, so we don't spam the forums.
My System SpecsSystem Spec
Reply

 A Nasty Virus





Thread Tools



Similar help and support threads for2: A Nasty Virus
Thread Forum
Solved Hidden Nasty System Security
One Nasty Virus (Several Issues occuring) System Security
Nasty little app Security News
Need help restoring lost data after nasty virus. Everything hidden. General Discussion
Nasty problem with bootload manager General Discussion
Never had one this nasty!! System Security
Is this a REAL Update or something nasty? General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:48 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33