Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virus Issue

02 Sep 2010   #11
Skulblaka

Windows 8 Professional 64-bit
 
 

If he says "reinstalling" then perhaps he has no system image to restore from. Thus, wasting hours to do a clean install.

Hm, still no response on his progress...


My System SpecsSystem Spec
.
02 Sep 2010   #12
Keiichi25

Windows 7 Ultimate x64 and Home Premium x64
 
 

FYI - The 'virus' he is referring to is actually Hijack-ware (A variation of Malware) which I know you all know this.

This particular one, though, doesn't really 'infest', so much as just hold your computer hostage and preys upon the less technically inclined.

It is possible to get it off your system without having to re-image your system (Again, not everyone will image or backup their system or have the ability to do so until this happens the first time to them)

From what I have seen in the past, these things also tend to make themselves hidden, inject Registry morphisms to help keep it 'alive' at times (Via - two hidden files, one executable, one fall back to put back the malware code if it has been removed)

The current, reasonable solution is to reboot into safe mode, access the machine through another, untouched account (As the account that originally got it will be sometimes execute the malware code, even under safe mode due to the registry modification, one of which has put in a .exe execution handling.

Using a program like Malwarebytes Anti-Malware or any good malware removing program should be able to isolate and remove the offending files.

You do, however, have to run it again after a reboot on the affected accounts, as the variants I have seen target the HKCR registry for exe entry to try and run the malware code, thus causing some new errors when you try to run programs. This is easily bypassed by just finding the malware removal program and re-running it, or by manually looking through the registry for the HKCR and I believe removing any other entry that is associated with .exe that isn't the Content Type, PersistentHandler. Although I lean more towards letting Malwarebytes Anti-Malware to clear it out.

For real viruses, I do agree it that trying to clean it off on an infected system is not the best way to go, but hijack-ware like this, it isn't nearly as nasty, just plain annoying.
My System SpecsSystem Spec
02 Sep 2010   #13
Skulblaka

Windows 8 Professional 64-bit
 
 

Then perhaps much easier to remove.
My System SpecsSystem Spec
.

02 Sep 2010   #14
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by Keiichi25 View Post
FYI - The 'virus' he is referring to is actually Hijack-ware (A variation of Malware) which I know you all know this.

This particular one, though, doesn't really 'infest', so much as just hold your computer hostage and preys upon the less technically inclined.
That is true of some of the rogues but not all. Some are "ransom ware", others trojans and some are indeed rootkits. However, in this case, we only have very general information so don't know what it is that is on Gbsnpir's computer.
My System SpecsSystem Spec
02 Sep 2010   #15
brianzion

Operating System : Windows 7 Home Premium Edition 6.01.7600 SP1 (x64)
 
 

i dont no if this will help they have most fake anti virus tool removers on softpedia
Download Red Cross Antivirus Removal Tool 1.0 Free - Remove fake Red Cross antivirus from your computer - Softpedia also have a look at my thread>Microsoft Security Essentials Alert Removal Tool 1.0
My System SpecsSystem Spec
02 Sep 2010   #16
Skulblaka

Windows 8 Professional 64-bit
 
 

Quote   Quote: Originally Posted by brianzion View Post
i dont no if this will help they have most fake anti virus tool removers on softpedia
Download Red Cross Antivirus Removal Tool 1.0 Free - Remove fake Red Cross antivirus from your computer - Softpedia also have a look at my thread>Microsoft Security Essentials Alert Removal Tool 1.0
Hah!

Anyway, we'll get nowhere if the "Thread Starter" doesn't respond.
My System SpecsSystem Spec
02 Sep 2010   #17
Keiichi25

Windows 7 Ultimate x64 and Home Premium x64
 
 

Well, the problem is, the thread starter is probably too busy trying to deal with it and getting into other problems.

Corrine - What you say maybe true. So far, though, most of the ones I have seen that have taken this vector are conflicker type Hijackers or a variant where it takes it a step further, but I haven't seen a rootkit yet, or a trojan where it pushed itself to other computers nearby yet.

The ones posing as an Antivirus one (Under various names, but always saying the rough same thing of your computer having viruses that must be removed) generally sticks with the Hijack/Ransom ware method of rendering your computer unusable until you 'buy' the software. It doesn't go further to spreading to other computers or send trojans to other computers based off any information it gleans from the computer it hijacked.

Furthermore, from what I have seen in the numerous cases of those, they tend to be just a real pain to get rid of if you don't know what you are doing and rarely damage the system other than set you up for identity theft via paying the ransom just so you can use it again. Most true Viruses are self-propegating and detrimental.

I will admit I am not too familiar with rootkits other than a vague understanding that it allows literal universal access to your system.
My System SpecsSystem Spec
02 Sep 2010   #18
Gbsnplr

Windows 7 x64
 
 

Sorry guys my progress is no existent I am out of town. I will be back on Friday. I do have a backup, I currently use WHS and backup everyday. I was thinking about reinstalling windows them restore from my WHS backup
My System SpecsSystem Spec
02 Sep 2010   #19
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Backing up Corrine's post ... Fake-Antivirus (Ransom ware) is now bundled with the latest TDSS Rootkit payload
My System SpecsSystem Spec
02 Sep 2010   #20
Uber Philf

W7 RTM Ultimate x64
 
 

Quote   Quote: Originally Posted by jimbo45 View Post
Hi there.

I personally would NEVER trust a computer that had an infection on it that was "ostensibly" removed by AV software.

I might be in total disagreement with 99.99% of other members on the Forum -- but relying on an Infected OS to clean itself up is a bit like asking the Fox to guard the chickens in the henhouse.

If you have a decent UNINFECTED backup image of the OS -- restore that. If you don't then IMO the only SAFE option is to re-install the OS.

ALWAYS TAKE REGULAR BACKUPS and you can avoid these types of problems.


This also shows the need for REGULAR BACKUPS - which you can easily scan to ensure they are virus free.


Even a 70 GB Windows installation doesn't take more than around 25 mins to backup or restore on a modest laptop using good backup software -- I use Acronis but there are others.

Cheers
jimbo

Also +1, very much in full agreement here.
My System SpecsSystem Spec
Reply

 Virus Issue




Thread Tools




Similar help and support threads
Thread Forum
Anti Virus Pro Security issue
Hello, I've been passed an acer laptop on with the Anti Virus Pro Security ransom ware on. i have removed these before using safe mode but this one seems to be a little more inventive. when i log in in safe mode it boots me back out and restarts the laptop up in standard mode. same with...
System Security
Can't delete a DVIX file. Possible virus issue.
Hi, I turn to you people again, because I had some good suggestions from you in the past, so I hope you will be able to help me again :) Yesterday my friend brought me a movie on a flash drive, I watched it no problem, I turned off my laptop when I went to sleep. The next day when I turned it...
General Discussion
My friend is having a Virus issue - Win32/Sality
Hey, My friend has had this virus that he feels is taking control of his computer. Here's his message. Anyone know a way to solve this Virus? Regards, -TPS
System Security
Virus/Dos condition or performance issue?
Hi, This will be a short question. I recently reinstalled windows 7 for some errors. So after installing everything, windows went on smoothly(that is, performance wise) Now that i am installing every bit of software i need. Im getting DoS like conditions on the computer, when i start up...
System Security
Virus issue
hey friends, my friend has got 21 files affected by virus. Was getting an error. These excel & word files which are affected. We want to know how can we recover/back-up these files as they are really important without losing them forever??? Its a Dell laptop No AV, No Firewall, No external...
System Security
Back up issue after a virus.
I recently had some trouble with a virus. My Norton scanner cleaned the virus out, but it had changed my registry and some other files I do not know how to restore.(I think some of the virus is still present because my computer is slower then before) So I wanted to do a clean re-install of my...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:58.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App