Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Is it gone?


04 Jan 2011   #1

Windows 7 Home Premium x64
 
 
Is it gone?

While surfing....... I messed up....... anyway. I got a screen pop-up from Microsoft Security Essentials saying I had just tried to download a trojan/malware. As my hand was going automatically to hit the "clean my computer" button I thought waaaaiiiiiiiitttttttt a minute, I havent had M.S.E. on my computer from at least two re-installs ago.
Hit Malwarebytes and it started and closed. Ran it as an admin. , it started and ran long enough to show me that there was at least two infections before it was closed again. (All this time the "M.S.E." was popping up as fast as I could close it) Tried running Advanced System Care, same thing. Opened then closed. Could not bring up either task manager or process explorer at all. Could actually run Avast but it said nothing was wrong (fast scan), I knew better than that, soooooo hit system restore. It did it's thing and when re-booted I ran Malwarebytes (full scan),Avast (fast scan again), Advanced System Care, and SuperAntispyware (found 1 tracking cookie). All the rest found nothing.

so my question is...... Is whatever tried to get into my system gone? Would the system restore have rid my system of the trojanwhatever or should I do something else to root it out?

My System SpecsSystem Spec
.

04 Jan 2011   #2
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

Looks like you are OK. Fortunately you had a restore point that worked. I don't trust these restore points because they often fail. The safe method is frequent imaging.

PS: that M.S.E. is a known trap. Was reported a few times.
My System SpecsSystem Spec
04 Jan 2011   #3

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by indianacarnie View Post
While surfing....... I messed up....... anyway. I got a screen pop-up from Microsoft Security Essentials saying I had just tried to download a trojan/malware. As my hand was going automatically to hit the "clean my computer" button I thought waaaaiiiiiiiitttttttt a minute, I havent had M.S.E. on my computer from at least two re-installs ago.
Hit Malwarebytes and it started and closed. Ran it as an admin. , it started and ran long enough to show me that there was at least two infections before it was closed again. (All this time the "M.S.E." was popping up as fast as I could close it) Tried running Advanced System Care, same thing. Opened then closed. Could not bring up either task manager or process explorer at all. Could actually run Avast but it said nothing was wrong (fast scan), I knew better than that, soooooo hit system restore. It did it's thing and when re-booted I ran Malwarebytes (full scan),Avast (fast scan again), Advanced System Care, and SuperAntispyware (found 1 tracking cookie). All the rest found nothing.

so my question is...... Is whatever tried to get into my system gone? Would the system restore have rid my system of the trojan whatever or should I do something else to root it out?
There is only one way to be absolutely certain and that is to format and re-install. Even that isnt 100%.

I would run malwarebytes and at least one other AV from safe mode just to be sure.

Ken J
My System SpecsSystem Spec
.


04 Jan 2011   #4

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Some malware will embed itself in the last restore point and still be running in the background or eventually re-appear in the system.

Usually it's a good idea to go back to the second restore point after the point where the infection occurred.

Also would recommend doing a full system scan with all utilities while disconnected from the net.

If you want to try Norton Power Eraser, just be sure to make backups or research anything it may want to remove

http://security.symantec.com/nbrt/npe.asp?lcid=1033
My System SpecsSystem Spec
04 Jan 2011   #5

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by whs View Post
Looks like you are OK. Fortunately you had a restore point that worked. I don't trust these restore points because they often fail. The safe method is frequent imaging.

PS: that M.S.E. is a known trap. Was reported a few times.
Have not seen it but assumed it was bad. Not totally a noob even if I tried something dumb

Do have a system image, from yesterday in fact, you think I ought to go ahead and use it?
My System SpecsSystem Spec
04 Jan 2011   #6
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

Quote   Quote: Originally Posted by indianacarnie View Post
Quote   Quote: Originally Posted by whs View Post
Looks like you are OK. Fortunately you had a restore point that worked. I don't trust these restore points because they often fail. The safe method is frequent imaging.

PS: that M.S.E. is a known trap. Was reported a few times.
Have not seen it but assumed it was bad. Not totally a noob even if I tried something dumb

Do have a system image, from yesterday in fact, you think I ought to go ahead and use it?
A system image is the safest recovery. It is unlikely to be infected, especially if it was parked on an external disk.
My System SpecsSystem Spec
04 Jan 2011   #7

Windows 7 Home Premium x64
 
 

Is on an external, will be doing that as soon as I log off.

Am not able to give you a "rep" click, says i have to spread it around some. Sorry, but thank you!
My System SpecsSystem Spec
04 Jan 2011   #8
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

No problem. A thank you suffices.
My System SpecsSystem Spec
04 Jan 2011   #9
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Sounds like you picked up a 'fake' MSE alert ... carp to do with 'thinkpoint'
See this blog by S!Ri S!Ri.URZ: Fake MSE Alert
My System SpecsSystem Spec
07 Jan 2011   #10

Windows 7 Home Premium 64bit
 
 

It is important to keep all your 3rd party applications and Windows fully patched because lots of people got stung because of unpatched vulnerabilities which allows malware such as rogues and exploit kits to be installed.

Even if malware is found in system restore folder it cannot harm your computer because the files in the folder is inactive unless you use it.

But using system restore to remove malware is not ideal and should be used for troubleshooting and reverting the damage caused during malware removal.

You did say you had two infections in which MBAM found and malware was hindering the cleaning process. If you get some trouble opening and running MBAM, then there are very useful removal guides from bleepingcomputer and there is a tool called rkill which is designed to end the processes of malware and allowing you to run MBAM without difficulty.

Virus, Spyware, & Malware Removal Guides

There is an extra guide from bleepingcomputer telling you how to get round difficulties of using MBAM. See Troubleshoot Malwarebytes' Anti-Malware.

How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer
My System SpecsSystem Spec
Reply

 Is it gone?




Thread Tools



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:50 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33