A Nasty Virus

[Copyright]

I have a nasty virus, and I need some advice of what to do. First of all, it won't go away, I've scanned with malwarebytes, and like 5 different AV scanners. For this reason I'm thinking it was more of a physical prank then a virus. Basically my user account got turned into a guest. The administrator account is disabled, I can't enable it, or do anything which requires administrator privileges. In safe mode, I can only login to my (guest) account. I'm not sure what to do, and I can't even backup my files, make a new partition, etc.

 

[Captain Zero]

Clean install? Barring that, you might need to create a boot disk. McAfee, Norton and others allow you to do this online.

 

[Copyright]

I really don't think it's a virus, as this computer isn't even connected to the internet. What other options can I try?

 

[slithernet]

Is admin account disabled by default (vista)?
I dont know if it will work from guest accnt but u can anable it by running a cmd window as admin and typing this:

net user administrator /active:yes

If you have another account with admin privledges u can use Offline NT Password & Registry Editor
to change the password on it.

Other than that...... Clean Load.

 

[Copyright]

Is admin account disabled by default (vista)?
I dont know if it will work from guest accnt but u can anable it by running a cmd window as admin and typing this:

net user administrator /active:yes

If you have another account with admin privledges u can use Offline NT Password & Registry Editor
to change the password on it.

Other than that...... Clean Load.

I've tried both of those, I can't do anything, the only admin account is disabled.

 

[Captain Zero]

This is sounding like a potential rootkit based on some of the symptoms you've describe. You can try Sysinternal's Rootkit Revealer, in either free download or online scan modes. I'd run it live, especially if you can't get in as admin. Let us know how that works for you.

 

[Uber Philf]

Or if you can connect to the internet, try using housecall : Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro Australia

That should pick it up, or try stinger : McAfee Threat Center

either of them should help

Enzo.

 

[Jacee]

What was the last item that you downloaded and installed? Did you use a flash drive?

 

[jimbo45]

Hi there
I don't know HOW your machine got infected or even what the virus is but there is only one decent way you can get this computer clean again.

1) Download from the net a LIVE CD of any OS that has a proper hard disk erase utility. You need a Live CD since the OS can't be written to by any infections lurking in specific Disk sectors when you launch a program.

2) Run the erase utility. This should erase THE ENTIRE DISK (if you've partitioned it erase ALL partitions / logical drives). This ERASE should do a physical write to EVERY SECTOR ON THE DISK of binary zeros and preferably set to run for 3 or 4 passes. This should flush out ANY virus lurking in "un-erased" areas of your Disk.

Note a Windows or an Operating system delete doesn't actually physically delete data - it just marks that area on the disk is available for use again - and it could be a LONG time before new data overwites what was on the disk before. That's how these "Undelete" and "Unformat" type of utilities work.

3) Now re-install your OS from a KNOWN VIRUS FREE COPY. Install your AV software and then your applications checking carefully that they are all clean.

NOTE NOTE NOTE it's 100% important you run the Secure Erase type utility on your ENTIRE DISK(S). This - apart from buying a totally new set of disks is the only reasonably certain way of cleaning an infected machine.

Any other method that doesn't completely erase the disks via a "destructive write" i.e writes binary zeros to every sector on the disk can't be guaranteed to be effective these days -- there's some really clever stuff out there.



Note also that the advice above is for when a computer is actually infected. Normal AV protection hopefully should stop your machine getting infected in the first place but once you have an infection getting rid of it is not as simple as a lot of the AV software seems to think it is.

Trojans etc don't need the drastic action that I've specified above but the best safety mechanism is to do all your downloads on to a specific stand alone machine and only when it's passed the av scan check should you copy the data to the machine you want to use it on. Something like a network switch should enable you to switch the disks from the stand alone machine to the applicatopn machine.

If you can only use one machine then download say to an external device like a usb disk and scan it completely before allowing the data to be moved to a directory where you want to use it.

Cheers
jimbo

 

[BlitzKing10]

Maybe what you should do is to use HiJackThis: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis, and after post the log file that way we can see if anything truly is messed up.
Also I am good with virus removal and crap like that, so what products have you used other than Malwarebyte's Anti-Malware? I might be able to provide you with assistance.
Do you have an MSN,AIM, or Yahoo messenger account? If so PM me, so we don't spam the forums.