Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: virus removal from within safe mode

02 May 2011   #11
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Hi,

Follow Carolyn's advice and you will be OK.

Regards,
Golden


My System SpecsSystem Spec
.
02 May 2011   #12
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by damien76 View Post
RKill. That's a nice one. Like ComboFix? Will try that out one of these days
RKill is definitely very useful and is updated regularly. It doesn't remove anything, just stops processes that are preventing MBAM from running.

As to trying out ComboFix one of these days, doing so without guidance from someone who has been properly trained is most definitely at your own risk.
My System SpecsSystem Spec
02 May 2011   #13
eduede

Windows 7 Home Ultimate 64-Bit, Ubuntu 10.04 Lucid Lynx, Windows XP
 
 

The RKill solution did the trick! Thank you to everyone who got involved in this issue.
My System SpecsSystem Spec
.

03 May 2011   #14
Noxiide

Windows 7 Home Premium 64-bit
 
 

Quote   Quote: Originally Posted by jimbo45 View Post
Hi there
I keep saying to people -- it is UTTERLY NO POINT in using an INFECTED computer to remove any VIRUS -- how can you be sure that the virus removing software itself hasn't been compromised.

Say you were drilling on an Oil Platform and the drill needed sharpening, You wouldn't use a tool which was already worn out to sharpen / renew the bit would you.

Same with Virus removal -- why trust an INFECTED computer to work properly.

The ONLY IMO safe solution is a COMPLETE restore from a KNOWN Virus free backup or a total W7 re-install.

If you have data copy that to an external HDD and run a virus check against the data ON A SEPARATE MACHINE.

AV software is just that -- should protect against getting a virus -- once you have one then ONLY a RESTORE or Re-INSTALL can be guaranteed to be 100% safe.

Forget ANY AV removal software -- once you've BEEN infected it's TOO LATE. You need to catch any virus in Real time then you can take proper action.

MSE does a reasonable job at this once you've got your computer working properly again.

Cheers
jimbo
You don't need to revert back to an image every time you get a virus, usually, if the AV finds the virus it will get rid of all of it, and if it doesn't, then you revert back.

Plus, I don't even have Acronis True Image or any other image program, and I've heard that some virus's implant themselves into system restore points sometimes, so restoring may not work.

People don't want to reformat and clean install often, so of course they are going to try and get rid of it first with AV's.
My System SpecsSystem Spec
03 May 2011   #15
Carolyn

Windows 7 Ultimate 64 bit
 
 

eduede, please post your malwarebytes' log. We need to do some further checking to determine if your computer is clean.


ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go herehere to run the scan.
    Quote:
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on:
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Please post the ESET log and Malwarebtes' log as part of your next reply (no attachments please).
My System SpecsSystem Spec
03 May 2011   #16
damien76

Win7 Ultimate 64bit
 
 

I was waiting for the RKill result....it was not posted. @Carolyn; Oops sorry there. What I meant was RKill (not ComboFix). Have used ComboFix previously but am not yet quite familiar with it. RKills seems similar to the DDR script at bleepingcomputer.. Think you ought to start a malware removal sub-forum here. You are in fact trained for it. damien
My System SpecsSystem Spec
04 May 2011   #17
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Quote   Quote: Originally Posted by damien76 View Post
I was waiting for the RKill result....it was not posted. @Carolyn; Oops sorry there. What I meant was RKill (not ComboFix). Have used ComboFix previously but am not yet quite familiar with it. RKills seems similar to the DDR script at bleepingcomputer.. Think you ought to start a malware removal sub-forum here. You are in fact trained for it. damien

Hi there
There's ONLY TWO POSSIBLE CORRECT SOLUTIONS for Malware / Virus removal.

TOTAL OS RE-INSTALL. or

RESTORE SAFE BACKUP IMAGE -VIA A BOOT DISK - DO NOT USE THE INFECTED COMPUTER.

Your A/V software needs to prevent infection in REAL TIME. - After the fact analysis is a bit like "Monday Morning Quarter backing" in American Football. In any case by the time you've completed the analysis the stuff is already out of date as new threats can appear almost hourly. Virus and Malware detection is an ever changing target.


Using an Infected machine to do the virus removal itself is a bit like getting the Fox to guard the Chickens.

Cheers
jimbo
My System SpecsSystem Spec
04 May 2011   #18
damien76

Win7 Ultimate 64bit
 
 

Oops again. Sorry Carolyn/Corrine, the previous reply I posted was meant for both of you. Was tired yesterday.

@jimbo;

I was only responding to the inquiry of the OP. Personally, I'd use a system image restore and restore my pc. I'd wipe the hard drive first and restore with MBR but that's just me.

While it seems that the better solution(and the fastest I presume) is what you suggested there are some that wants to know what hit them or what caused the sudden hiccups that broke his/her pc.

Depends on the individual actually on the course of action to take based on the guide/tips that he is given.

On the Rkill, I was curious as to it's nature and performance so I downloaded it and will test it in VirtalBox one of these days. Got curious of "these apps" when I got infected sometime 2007 or 2008 and the mod at MalwareCrypt guided me to the use of an alike app(don't remember what the name was).

AV + HIPS or additional security app should have stopped it but apparently there was a failure there so OP should be making some adjustments to his set-up.

I hope the OP will post the data here.

Cheers
My System SpecsSystem Spec
04 May 2011   #19
Corrine

Windows 7 & Windows Vista Ultimate
 
 

damien76, you may want to see Grinler's post about RKill here: RKill - What it does and What it Doesn't - A brief introduction to the program
My System SpecsSystem Spec
05 May 2011   #20
damien76

Win7 Ultimate 64bit
 
 

Thanks Corrine
My System SpecsSystem Spec
Reply

 virus removal from within safe mode




Thread Tools




Similar help and support threads
Thread Forum
System will only start in Safe mode, Clean virus in safe mode
I recently attempted to clean my brother's computer after he aquired a virus from the torrent file program he uses. Regardless, I cleaned a trojan and a backdoor from his system from safe mode. I can not boot in normal mode. Everytime i try the system gets hung up at the windows loading screen...
General Discussion
Can not remove virus and LT is useless, unless in safe mode
Hello, I am pretty good with computers and have never been able to fix any problem on my own, but this virus has been working circles around me. First it went blue screen memory dump on me. Turned it back on and it worked fine for a few hours, but then crashed again. Every time I tried to run...
System Security
Virus windows 7 no safe mode
Hi their I'm looking for some help, my laptops got a virus and not sure how to fix it. Got a pop up box from user account control and by mistake hit yes. So switched off laptop straight away and tried to restart in safe mode. However when it starts in safe mode computer shuts down and restarts,...
System Security
Slow/freezes even in safe mode, found obfuscator virus
Hello, I downloaded a file yesterday and was alerted by MSE that it was a threat. I deemed it a false positive after scanning it with both malwarebytes and superantispyware and reading the comments of the download. Everything was fine until today when out of the blue the computer restarts and...
System Security
FBI / Bundespolizei virus without Safe mode and system recovery
Hi Gents, I had the "German" version of the virus (Bundespolizei) 2 times in the last 1 year and I managed to get rid of it. But now... One of my biggest problems is BitLocker - my hard drive is encrypted (but I have the codes) I am having the following problem now: 1. The screen after a...
System Security
BSOD happening after virus, having trouble booting into safe mode.
Hello, Recently, while I was browsing the web awhile ago, my computer had randomly begun to shutdown. I hadn't done anything to trigger this, so I simply rebooted my computer, and headed to Symantec to run a quick scan on my system. Without a doubt, multiple Trojans were detected. I removed...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:24.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App