How to fix damage done by virus

[XxsoulwolfxX]

Currently i removed virus's my brothers computer
and have checked thoroughly using three types of Antivirus

Avira run in: (safe mode and normal mode)
Malewarebytes run in: (safe mode)
MSERT run in: (normal mode)

So i think i have cleared the trojans and adware that infected his desktop
my question to the forum is

How to fix the damage's leftover by the virus

in a quick and efficeant manner


ps: my brother does not have a windows 7 disk to reainstall the OS
because he lost it

 

[Golden]

Hi,

What do you mean by "damage"? Which malware did you find?

Regards,
Golden

 

[marsmimar]

My usual disclaimer: I'm not an expert in anything!

The first thing you'd need to know is what (if anything) is damaged. If it's a specific program you could uninstall and then reinstall a fresh copy. If it's a system file you'd have to have access to an installation DVD (either your own or borrowed from someone) to extract a clean copy of the damaged file. The DVD should match your operating system exactly. (If your machine is running 7 Pro 32-bit don't use 7 Home Edition 64-bit, etc.)

http://www.sevenforums.com/tutorials/42776-extract-files-windows-7-installation-dvd.html

You might find this CNET article helpful:

Tutorial: How to repair a malware-damaged PC | CNet Analysis

 

[XxsoulwolfxX]

The virus's found (i cant remember there names)

The damage :

The 'C:\' says that there are no files in there despite saying that 244gb of 448 gb is taken some other things are inexesible from the start menu as in there are no icons there that were there before the infection

and windows defender wont start up along with other applications by windows like
eg: updater and firewall

 

[marsmimar]

I'm still not an expert in anything!

I'd try a System Restore to a date/time prior to the malware being installed. (Providing you have a restore point that goes back that far.) If you can restore the machine I'd again run full scans with Malwarebytes, your resident antivirus / antispyware programs, etc. Don't forget to update the data bases for each.

http://www.sevenforums.com/tutorials/700-system-restore.html

I'd also consider using another free tool from Microsoft called Standalone System Sweeper.

http://www.sevenforums.com/tutorials/166445-microsoft-standalone-system-sweeper.html

I'd also try running a System File Checker scan. If it finds any issues run it three times rebooting in between each scan. Ordinarily Windows 7 will not ask you to insert a disc to replace the files since the system files are stored within Windows 7, unlike in XP where you needed to insert the install media. But if the malware damaged or corrupted the system files SFC probably won't work. In that case you may have to do a Repair Install (perhaps having to borrow an identical install DVD.)

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

http://www.sevenforums.com/tutorials/3413-repair-install.html

On a personal note, even if you run a dozen malware scans and they all come back clean, and even if you do a system restore or a repair install and everything seems to be working the way it should, you can't be absolutely sure all traces of the malware have been removed. Sometimes you have to go through the hassle and inconvenience of formatting the hard drive and installing everything from scratch. Or using a manufacturer's hidden recovery partition to restore the machine to factory specs.

 

[Golden]

Good, solid advice from Mars. Seeing as we have no idea of the type/severity of the malware you had, its very difficult to say what fixes you could/should implement and how effective they may be.

Mars suggestions in the last paragraph are spot on : The absolute only sure way to get a clean system is a clean install. If you have lost your Windows installation disk, then you could borrow one of exactly the same type, or you could legitimately download one from a legitimate site - unfortunately the forum rules preclude us from posting a link for that, but some judicious use of Google will help you.

Bear in mind, that depending on what malware you were infected with, any passwords you had stored on your PC should now be considered unsafe - you need to change them on another computer that is safe/clean from malware.

Regards,
Golden

 

[writhziden]

My mom had a similar virus to the one described in this thread. I cleaned out the virus, tried making all her folders visible, etc., and the end result was a Windows startup that still showed no taskbar or desktop. The only fix that worked was restoring to factory settings, the near equivalent to reinstalling Windows. Definitely suggest getting ahold of the proper Windows 7 disc, or legally downloading one as suggested from an official site.

 

[Corrine]

The virus's found (i cant remember there names)

The damage :

The 'C:\' says that there are no files in there despite saying that 244gb of 448 gb is taken some other things are inexesible from the start menu as in there are no icons there that were there before the infection

and windows defender wont start up along with other applications by windows like
eg: updater and firewall

You should be able to locate the name of the removed files in the quarantine log. Guessing that it was one of the family in the FakeHDD type infection that hides startup files, if you didn't delete temp files, Unhide.exe should solve the problem.

There are infections that will hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run.

This program will remove the +H, or hidden, attribute from all the files on your hard drives. It is important to note that if there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

In the event you cleared the temp files, using the appropriate file your your brother's OS should restore the default start menu:

Windows 7 32-bit US English: http://download.bleepingcomputer.com/grinler/fakehdd/win7-32-sm-reset.exe

Windows 7 X64 US English Windows: http://download.bleepingcomputer.com/grinler/fakehdd/win7-x64-sm-reset.exe