Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: When faced with malware attack in progress how do you handle it?


06 Apr 2012   #1

win 7 home premium 64 bit
 
 
When faced with malware attack in progress how do you handle it?

I really haven't seen a really good all encompassing thread on this anywhere that I can think of.

For example you go to visit what you think is a secure website, upon loading you notice that your browser starts to hiccup and freeze, perhaps you see the dreaded PHONY 2012 Security boxes pop up.

How do you handle it?

Pull the power cord IMMEDIATELY?
Try to kill browser .exe in the task manager
Turn the system off with the power button?
Other approach?

Also when you go to restart the PC what line of attack do you use after booting in safe mode?

Really like to hear from the gurus on this too.

Thanks.


My System SpecsSystem Spec
.

06 Apr 2012   #2
Microsoft MVP

 

I would shut down and run Malwarebytes in Safe Mode or Windows Defender in Boot mode, or one of the other free AV rescue disks.

Then after repeat disinfection comes up clean, if necessary repair System Files.

You may have to do more repairs, System Restore, or even copy out your files to quarantine and then run Factory Recovery or Clean Reinstall.

All of the above steps have tutorials collected here: Troubleshooting Windows 7 Failure to Boot - Windows 7 Forums
My System SpecsSystem Spec
06 Apr 2012   #3

win 7 home premium 64 bit
 
 

@gregrocker:

But what would your preferred method of shut down be?

My logic tells me that although it is not great to pull the power cord, it is the fastest way you can stop the infection..because the moment the power is lost no more damage can be done. Correct?

Usually even pressing the power button the system takes a few seconds extra to react.
My System SpecsSystem Spec
.


06 Apr 2012   #4
Microsoft MVP

 

You can do a hard shut down by holding the power button so no more damage can be done if it's taking forever to Shut Down.

If this is a frequent thing I'd want to know why you're getting infected. Are you using MSE with Windows Firewall keeping Updates current? Running free Malwarebytes and perhaps SuperAntiSpyware scans monthly? If that's not enough I'd add Malwarebytes Real Time paid protection, and perhaps SAS as well.
My System SpecsSystem Spec
06 Apr 2012   #5

win 7 home premium 64 bit
 
 

Quote   Quote: Originally Posted by gregrocker View Post
You can do a hard shut down by holding the power button so no more damage can be done if it's taking forever to Shut Down.

If this is a frequent thing I'd want to know why you're getting infected. Are you using MSE with Windows Firewall keeping Updates current? Running free Malwarebytes and perhaps SuperAntiSpyware scans monthly? If that's not enough I'd add Malwarebytes Real Time paid protection, and perhaps SAS as well.

Greg:

Just to let you know, I haven't been infected YET. I just want to refresh my recollection of what to do if, and when something like I mentioned above might happen.

I actually think that because I have been so diligent and cautious about preventing infection that I've have forgotten about specifics when it might occur.
My System SpecsSystem Spec
06 Apr 2012   #6

Windows 7 Pro with SP1 32bit
 
 

Everyone has different ways of handling a virus attacks of the type that you have described. As for me, I am paranoid about viruses. I shall do the following.

01. I shall shut down the PC any which way. Perhaps by first disconnecting it from the Net, but it is not really important.

02. As I work with back-up images, I shall reboot the PC with the imaging boot CD and restore the immediately previous image. I should be up and running in about 10 to 15 minutes with all traces of the attacking virus gone.

03. I would then avoid the web-site that did me in like the plague.

04. I shall look into the possibility of changing my Anti-Virus Program that was not able to prevent the attack in the first place. Normally all good A-V Programs should have been able to do it.

If however I had not been working with images then I would still reformat the drive and do a clean re-install of Windows 7 and immediately create am image of it. After that I shall install all my third party programs like A-V, Word Processor etc and when done create another image. This may take up to 6 hours or more depending upon how many third party programs one would have to install once again. With that done I would feel secure enough from any virus attack in the future that should most likely not have occurred if I was using a good A-V Program.
My System SpecsSystem Spec
06 Apr 2012   #7

Main - Windows 7 Pro SP1 64-Bit; 2nd - Windows Server 2008 R2
 
 

Depending on the type of attack (and you may not have the luxury of taking the time to figure it out unless it's obvious), I might be tempted to go for the network cable first. If you're on a wireless connection and are right next to the router I'd pull the power plug on that.
My System SpecsSystem Spec
06 Apr 2012   #8
Microsoft MVP

 

Most serious infections can require a Clean Reinstall, Factory Recovery or Reimaging - hopefully you have your latest data set backed up externally, since resueing it from an infected install is risky in itself.

Wanchoo has a good reminder that the modern way to do reinstalls or recovery is to keep a System image of your installation so it can be back up and running in 20 minutes - then adding in the latest data set, or having it on another HD is even better.

Backup Complete Computer - Create an Image Backup
Macrium - Image your system
System Image Recovery
User Folders - Change Default Location
Library - Include a Folder - Windows 7 Forums
My System SpecsSystem Spec
06 Apr 2012   #9

Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by legacy7955 View Post
I really haven't seen a really good all encompassing thread on this anywhere that I can think of.

For example you go to visit what you think is a secure website, upon loading you notice that your browser starts to hiccup and freeze, perhaps you see the dreaded PHONY 2012 Security boxes pop up.

How do you handle it?

Pull the power cord IMMEDIATELY?
Try to kill browser .exe in the task manager
Turn the system off with the power button?
Other approach?

Also when you go to restart the PC what line of attack do you use after booting in safe mode?

Really like to hear from the gurus on this too.

Thanks.
Using the keystroke combination "Alt+F4" will immediately close the window that has mouse focus. The benefit of using the keystorke combo is, it will not cause any background applications to close unexpectedly while processing data. The process of pullling the plug, and forcing all applications to close without properly shutting down, can create problems of its own.
My System SpecsSystem Spec
06 Apr 2012   #10
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

I also recommend the ALT+F4 method, it has saved me from a fake AV scan. Sometimes using the X to close a window not only won't work but will "allow" the fake scan to keep on going. Physically disconnecting from the outside world anyway you can is also a great idea.

After wards there are the previous good steps to follow, especially the scans in Safe Mode then in Windows normally.
My System SpecsSystem Spec
Reply

 When faced with malware attack in progress how do you handle it?




Thread Tools



Similar help and support threads for2: When faced with malware attack in progress how do you handle it?
Thread Forum
Windows 7 upgrade taking over 48 hours, no progress in progress bar Installation & Setup
DDoS Attack, Changed IPs Still Under Attack System Security
Recently conquered Virus/Malware attack, now BSOD returns! BSOD Help and Support
Flame malware collision attack explained Security News
Chinese using malware to attack US DoD smart card security Security News
Linux repository hit by malware attack Chillout Room
McAfee warns of new Mac malware attack. System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:08 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33