Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virus issue, need help ASAP.

01 Mar 2016   #1
Laith

Windows 10 Professional x64
 
 
Virus issue, need help ASAP.

So, I've had this virus for a couple of weeks now and it has annoyed me, I've tried running Malwarebytes around 10 times now with no success, it detects the file, deletes it but it re-creates. It's until today the virus really scared the living soul out of me. It started to do some VERY weird noises, i thought that was in-game noise, but no. I believe that this is the viruses noise. I'm currently in safe mode writing this, I'll attach a picture of what Malwarebytes detected, I'm gonna install and run an antivirus aswell, I'll download ESET and check. Gonna edit this post when MBAM is done.
These are the symptoms i've been getting:
Taskmgr being disabled
regedit being disabled
Security Center being disabled.
I hope i can fix this ASAP because this is scaring the living crap out of me.


My System SpecsSystem Spec
.
01 Mar 2016   #2
Laith

Windows 10 Professional x64
 
 

So i found out a little more about the virus, it does infact recreate itself. I have no idea if the sounds were coming from the virus or not, but i believe so. dioqaw.pif is the file that it recreates each time you remove it. Should i give this virus to someone to analyze? I'll attach what MBAM gave me. But seriously, what should i do? I'm too scared to go back to normal mode, but if i don't go back to normal mode i won't be able to install any antivirus. I'm desperate.


Attached Thumbnails
Virus issue, need help ASAP.-0oprnoe.png  
My System SpecsSystem Spec
01 Mar 2016   #3
MoxieMomma

OEM Windows 7 Ult (x64) SP1
 
 

Hi, @Laith:

Without seeing the full scan log, it's hard to say for sure.
But that appears to be a non-viral trojan in your recycle bin (so have you tried to empty your recycle bin??)/

For the record, MBAM should be run in Normal Windows mode whenever possible, in order to work best.
Safe Mode scanning is not routinely recommended, as MBAM cannot work fully.
If you cannot scan in Normal mode, a better choice than scanning in Safe Mode would be to use the Chameleon technology.
There are many helpful articles about Chameleon here: Chameleon Knowledge Base

That said, some malware (especially certain rootkits) require the use of multiple, specialized tools (and often, customized scripts), in the correct sequence, for full removal.

If @jacee or someone else with malware removal expertise doesn't come along, you might want to head over to one of the reputable computer disinfection fora for a bit of free, expert help.

HTH,

MM
My System SpecsSystem Spec
.

01 Mar 2016   #4
Laith

Windows 10 Professional x64
 
 

Hey Moxie, I've run Malwarebytes many times in normal mode, this is the first time i do it in safemode, it all returns the same result. If i have to i'll consider reinstalling Windows.
My System SpecsSystem Spec
01 Mar 2016   #5
MoxieMomma

OEM Windows 7 Ult (x64) SP1
 
 

Hi:

Thanks for the update.
My point, however, was that if MBAM cannot fully remove it in Normal mode, it's unlikely to be able to do so in Safe mode, either. MBAM needs full access to the system and drivers to work to full capacity.
The Chameleon technology assists MBAM in running on a heavily infected system, and is preferred to Safe Mode scanning.

Reinstalling Windows seems like overkill for what might be malware that can be removed with a bit of expert help and perhaps other tools (such as anti-rootkit specialty scanners).
And if the malware has created hidden partitions or is respawning (e.g. from Google sync), then reinstalling Windows on the OS partition might not cure the problem.

But it's certainly up to you.

Good luck!

Cheers,
MM
My System SpecsSystem Spec
01 Mar 2016   #6
Laith

Windows 10 Professional x64
 
 

Hey Moxie, i will run Chameleon. But i had plans to move over to Linux once i fully got my Ubuntu set up, so it wouldn't hurt to re-install if needed. I will try to run an anti-rootkit. I don't think the malware has created a hidden partition though, i installed Ubuntu about 4 days ago when the virus was still active in 7 but every partition i had was normal.
My System SpecsSystem Spec
01 Mar 2016   #7
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi Laith,
MBam pro is not an Antivirus.
I would suggest you do an Eset on-line scan, might take a while.

Roy
My System SpecsSystem Spec
02 Mar 2016   #8
Laith

Windows 10 Professional x64
 
 

Yeah, i know it isn't an antivirus and okay I'll do that. Also the virus recreated itself.


Attached Images
Virus issue, need help ASAP.-zapxyfz.png 
My System SpecsSystem Spec
02 Mar 2016   #9
Laith

Windows 10 Professional x64
 
 

Right off the bat ESET online scanner detects Win32/Sality.NBA, I'll close this if everything is OK after ESET did it's job. Also for those wondering why i didn't get an antivirus: I can protect myself from viruses, but i can screw up aswell.
My System SpecsSystem Spec
02 Mar 2016   #10
MoxieMomma

OEM Windows 7 Ult (x64) SP1
 
 

Quote   Quote: Originally Posted by Laith View Post
Right off the bat ESET online scanner detects Win32/Sality.NBA, I'll close this if everything is OK after ESET did it's job. Also for those wondering why i didn't get an antivirus: I can protect myself from viruses, but i can screw up aswell.
If that's a true detection, then, yep, you will need to do a bare metal reinstall -- Sality is a true, file-infecting virus and AFAIK I don't think any tool will be able to fully remove it from the system.

I hope you get your system fixed,

MM
My System SpecsSystem Spec
Reply

 Virus issue, need help ASAP.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Sound Issue - Help ASAP!! :(
Today all sound stopped working for this computer quite randomly. The last thing I was doing was browsing facebook and I did click a rather suspicious link by accident. Things I have tried so far: Checked For Mute Rebooted Multiple Times Checked All Wires Full Virus and Malware Scan Correct...
Sound & Audio
GTX 460 Kernel 41 power issue need help ASAP
Hello guys im new in here i just got an problem with my system i was just lunching steam like i do normally and then i open up counter strike GO then my suddenly my computer restarts with no warning and keeps restarting after the windows logo and there pops up blue screen for about 2...
BSOD Help and Support
Help me ASAP Please - JAVA Issue
So I've written a eBay advert that took me 20 minutes. I clicked on 'other postage and packing options' and a Java window popped up. It's not actually loaded the content but is stuck on the loading screen, where you see some grey dots going round in circles. I have tried to cancel, needless...
BSOD Help and Support
Virus issue
hey friends, my friend has got 21 files affected by virus. Was getting an error. These excel & word files which are affected. We want to know how can we recover/back-up these files as they are really important without losing them forever??? Its a Dell laptop No AV, No Firewall, No external...
System Security
Virus Issue
I have picked up a virus that shows itself as a virus protection program. It will not allow me to into msconfig and it has shut down Essentials. I have shut down the system and removed it from my network and online capabilities. How can I delete this issue without reinstalling Windows? And...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:18.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App