Is it gone?

indianacarnie · 04 Jan 2011

While surfing....... I messed up....... anyway. I got a screen pop-up from Microsoft Security Essentials saying I had just tried to download a trojan/malware. As my hand was going automatically to hit the "clean my computer" button I thought waaaaiiiiiiiitttttttt a minute, I havent had M.S.E. on my computer from at least two re-installs ago.
Hit Malwarebytes and it started and closed. Ran it as an admin. , it started and ran long enough to show me that there was at least two infections before it was closed again. (All this time the "M.S.E." was popping up as fast as I could close it) Tried running Advanced System Care, same thing. Opened then closed. Could not bring up either task manager or process explorer at all. Could actually run Avast but it said nothing was wrong (fast scan), I knew better than that, soooooo hit system restore. It did it's thing and when re-booted I ran Malwarebytes (full scan),Avast (fast scan again), Advanced System Care, and SuperAntispyware (found 1 tracking cookie). All the rest found nothing.

so my question is...... Is whatever tried to get into my system gone? Would the system restore have rid my system of the trojanwhatever or should I do something else to root it out?

whs · 04 Jan 2011

Looks like you are OK. Fortunately you had a restore point that worked. I don't trust these restore points because they often fail. The safe method is frequent imaging.

PS: that M.S.E. is a known trap. Was reported a few times.

zigzag3143 · 04 Jan 2011

indianacarnie said:

While surfing....... I messed up....... anyway. I got a screen pop-up from Microsoft Security Essentials saying I had just tried to download a trojan/malware. As my hand was going automatically to hit the "clean my computer" button I thought waaaaiiiiiiiitttttttt a minute, I havent had M.S.E. on my computer from at least two re-installs ago.
Hit Malwarebytes and it started and closed. Ran it as an admin. , it started and ran long enough to show me that there was at least two infections before it was closed again. (All this time the "M.S.E." was popping up as fast as I could close it) Tried running Advanced System Care, same thing. Opened then closed. Could not bring up either task manager or process explorer at all. Could actually run Avast but it said nothing was wrong (fast scan), I knew better than that, soooooo hit system restore. It did it's thing and when re-booted I ran Malwarebytes (full scan),Avast (fast scan again), Advanced System Care, and SuperAntispyware (found 1 tracking cookie). All the rest found nothing.

so my question is...... Is whatever tried to get into my system gone? Would the system restore have rid my system of the trojan whatever or should I do something else to root it out?

There is only one way to be absolutely certain and that is to format and re-install. Even that isnt 100%.

I would run malwarebytes and at least one other AV from safe mode just to be sure.

Ken J

Borg 386 · 04 Jan 2011

Some malware will embed itself in the last restore point and still be running in the background or eventually re-appear in the system.

Usually it's a good idea to go back to the second restore point after the point where the infection occurred.

Also would recommend doing a full system scan with all utilities while disconnected from the net.

If you want to try Norton Power Eraser, just be sure to make backups or research anything it may want to remove

http://security.symantec.com/nbrt/npe.asp?lcid=1033

indianacarnie · 04 Jan 2011

whs said:

Looks like you are OK. Fortunately you had a restore point that worked. I don't trust these restore points because they often fail. The safe method is frequent imaging.

PS: that M.S.E. is a known trap. Was reported a few times.

Have not seen it but assumed it was bad. Not totally a noob even if I tried something dumb

Do have a system image, from yesterday in fact, you think I ought to go ahead and use it?

whs · 04 Jan 2011

indianacarnie said:

whs said:

Looks like you are OK. Fortunately you had a restore point that worked. I don't trust these restore points because they often fail. The safe method is frequent imaging.

PS: that M.S.E. is a known trap. Was reported a few times.

Have not seen it but assumed it was bad. Not totally a noob even if I tried something dumb

Do have a system image, from yesterday in fact, you think I ought to go ahead and use it?

A system image is the safest recovery. It is unlikely to be infected, especially if it was parked on an external disk.

indianacarnie · 04 Jan 2011

Is on an external, will be doing that as soon as I log off.

Am not able to give you a "rep" click, says i have to spread it around some. Sorry, but thank you!

whs · 04 Jan 2011

No problem. A thank you suffices.

Jacee · 04 Jan 2011

Sounds like you picked up a 'fake' MSE alert ... carp to do with 'thinkpoint'
See this blog by S!Ri S!Ri.URZ: Fake MSE Alert

Bobby72 · 07 Jan 2011

It is important to keep all your 3rd party applications and Windows fully patched because lots of people got stung because of unpatched vulnerabilities which allows malware such as rogues and exploit kits to be installed.

Even if malware is found in system restore folder it cannot harm your computer because the files in the folder is inactive unless you use it.

But using system restore to remove malware is not ideal and should be used for troubleshooting and reverting the damage caused during malware removal.

You did say you had two infections in which MBAM found and malware was hindering the cleaning process. If you get some trouble opening and running MBAM, then there are very useful removal guides from bleepingcomputer and there is a tool called rkill which is designed to end the processes of malware and allowing you to run MBAM without difficulty.

Virus, Spyware, & Malware Removal Guides

There is an extra guide from bleepingcomputer telling you how to get round difficulties of using MBAM. See Troubleshoot Malwarebytes' Anti-Malware.

How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer