i got a virus...HELP!

[Shadowed s0ul]

If you have used a USB flash drive that's been shared with another compromised computer, then I'd toss that one and buy a new one.

hum....very interesting, problem is i don't have the DVD anymore because i lost it, i also don't have any interest in re installing because i have to reinstall the programs i have too, and being that i have near 200 i really have no interest in that either. ill try to do a restore that i created two months ago ( IM JUST NOW NOTICING THIS ). of cource ill wipe my HDD before i do that. Thanks for helping though guys

 

[Keiichi25]

As many have tried to explain the definition of Clean install, I will harp it again but in layman's terms.

Clean install means wiping the disk clean, don't try to reinstall onto the disk without formatting it, don't try to repair it. Blank that disk so it has no data, nothing at all, in fact, delete and make a completely new partition.

Clean installs is basically, "Bring nothing." Don't have anything on the disk you are installing on and it will be brand spankin new.

 

[Shadowed s0ul]

As many have tried to explain the definition of Clean install, I will harp it again but in layman's terms.

Clean install means wiping the disk clean, don't try to reinstall onto the disk without formatting it, don't try to repair it. Blank that disk so it has no data, nothing at all, in fact, delete and make a completely new partition.

Clean installs is basically, "Bring nothing." Don't have anything on the disk you are installing on and it will be brand spankin new.

ok, explain to me why you told me this, i know what it means, i will do it, and then from a backup point on a DVD i will restore it.system files i will have to install but i will then restore

 

[Keiichi25]

As many have tried to explain the definition of Clean install, I will harp it again but in layman's terms.

Clean install means wiping the disk clean, don't try to reinstall onto the disk without formatting it, don't try to repair it. Blank that disk so it has no data, nothing at all, in fact, delete and make a completely new partition.

Clean installs is basically, "Bring nothing." Don't have anything on the disk you are installing on and it will be brand spankin new.

ok, explain to me why you told me this, i know what it means, i will do it, and then from a backup point on a DVD i will restore it.system files i will have to install but i will then restore

Part of it was the comment made about "legal"... It suggested that you misunderstood the point of the 'clean install' part.

Secondly, you don't want to bring back anything. You don't want to restore from a backup point quite just yet, as you have to determine when you got infected, otherwise, you are back at square one, right back where you were. What you should be doing is making an image of your clean install and noting this is your CLEAN install.

Next, you should only be installing an Anti-Virus and Anti-Malware programs suggested here, including an Anti-Rootkit and scan any of the other data drives you are planning on re-introducing to your system. Once those are clean, THEN probably consider restoring your backup points one at a time, rescanning them after each restore to insure that you are good.

Although my recommendation is to:

1) Image the system
2) Install 1 program
3) Rescan the System
4) Repeat Steps 1-3 until you are done with your programs.
5) Take a final good image of your system and save it somewhere.

Then you can resume doing your normal business. The reason for having multiple images is to do a backstep if one of those applications or processes you did to get the program is infected or a trojan. Then you can fall back to the image. You also want to have an isolated, untouched image so that if and when you get reinfected, you have a known good copy of your OS tucked away and safe without having to do this again.

 

[jimbo45]

Hi there
In addition I'd always take an image after the initial Windows install and BEFORE connecting to the internet.

If some drivers are missing at this point so be it -- you've got a REFERENCE KNOWN 100% Clean system from which you can build your final everyday system.

Store this image somewhere safe. Call it SET A.

Now build your new system checking regularly after installing program updates and drivers.

Again IMAGE this as a working system and save it. Call it SET B.

Store these safely -- now every day chck your system and take daily backups -- if infected at any point go back to the previous days backup.

If you get really hosed up restore from SET B. If you still don't trust that then re-format all your disks and restore from SET A and re-build to re-produce SET B.

Designing a safe backup strategy isn't hard and the amount of time it can save when you have to do a restore is well worth it.

Incidentally don't forget to backup your DATA periodically as well. Data can get accdentally deleted or destroyed too.

Always keep user data such as music, photos, email, data base stuff, spreadsheets etc on a different partition than the main OS so you won't lose data when doing an OS restore.

Cheers
jimbo

 

[Shadowed s0ul]

oh wow guys i just found it, instead of clicking full scan i clicked fast scan previously, Sometimes it is the simple stuff that will mess everything up. used full scan and heres MBAM log
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4640

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/21/2010 7:11:23 AM
mbam-log-2010-09-21 (07-11-23).txt

Scan type: Full scan (C:\|)
Objects scanned: 223300
Time elapsed: 47 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Dylans\Documents\Other\ForBlake.exe (HackTool.Wpakill) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KECCI23V\pgaiqxwq[1].htm (Adware.AdRotator) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KECCI23V\pls22[1].exe (Trojan.Downloader) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4K2LGEX\qhysq[1].htm (Trojan.Downloader) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4K2LGEX\vzgbidyje[1].htm (Trojan.Clicker) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPL883J7\mqupjickr[1].htm (Trojan.FakeAlert.Gen) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VESA2AG1\cgbvd[1].htm (Trojan.Agent) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VESA2AG1\nezgb[1].htm (Trojan.Downloader) -> No action taken.

i will remove now

 

[Keiichi25]

oh wow guys i just found it, instead of clicking full scan i clicked fast scan previously, Sometimes it is the simple stuff that will mess everything up. used full scan and heres MBAM log
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4640

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/21/2010 7:11:23 AM
mbam-log-2010-09-21 (07-11-23).txt

Scan type: Full scan (C:\|)
Objects scanned: 223300
Time elapsed: 47 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Dylans\Documents\Other\ForBlake.exe (HackTool.Wpakill) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KECCI23V\pgaiqxwq[1].htm (Adware.AdRotator) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KECCI23V\pls22[1].exe (Trojan.Downloader) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4K2LGEX\qhysq[1].htm (Trojan.Downloader) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4K2LGEX\vzgbidyje[1].htm (Trojan.Clicker) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPL883J7\mqupjickr[1].htm (Trojan.FakeAlert.Gen) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VESA2AG1\cgbvd[1].htm (Trojan.Agent) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VESA2AG1\nezgb[1].htm (Trojan.Downloader) -> No action taken.

i will remove now

You do realize that Malwarebyte's Anti-Malware doesn't really do rootkits all too much and the fact that 7 of those 8 are htm files in your temporary internet folder and 1 of them is in your user folder for dylan in a folder called 'Other' which suggests it was a program that Dylan downloaded and ran.

 

[jimbo45]

Hi there
If INFECTED don't waste your time with removal -- you are using a "Compromised" OS to "repair itself --who knows what the OS is doing.

Restore a CLEAN IMAGE or re-install Windows on a totally newly formatted HDD.


As I say would you trust the Fox to guard your Henhouse.

Cheers
jimbo

 

[Shadowed s0ul]

hey, im writing from the public library because i got a BSOD and everytime i login i got it, took it to Geek squad and they copyed and gave me new HDD, took the rootkit away too, anyways im glad its gone, Thanks for taking the time to help me anyways!

 

[Jacee]

Files Infected:
C:\Users\Dylans\Documents\Other\ForBlake.exe (HackTool.Wpakill)

HackTool.Wpakill is very dangerous and is not something that you want anywhere near your computer.HackTool.Wpakill is a deceptive software crack which is used by malicious people in order to avoid the Windows copy protection on the Microsoft Windows operating system.HackTool.Wpakill will try extremely hard to disable or bypass the Windows product activation code, by modifying your Windows operating system files, without your consent or knowledge.

 

[Shadowed s0ul]

Files Infected:
C:\Users\Dylans\Documents\Other\ForBlake.exe (HackTool.Wpakill)

HackTool.Wpakill is very dangerous and is not something that you want anywhere near your computer.HackTool.Wpakill is a deceptive software crack which is used by malicious people in order to avoid the Windows copy protection on the Microsoft Windows operating system.HackTool.Wpakill will try extremely hard to disable or bypass the Windows product activation code, by modifying your Windows operating system files, without your consent or knowledge.

forblake.exe is something used for hacking windows activation, i checked the code myself. Trust me its not harmful. i had to use it because when i got my computer the installation CD didnt have the activation key, long story

 

[Jacee]

 

[Corrine]

forblake.exe is something used for hacking windows activation, i checked the code myself. Trust me its not harmful. i had to use it because when i got my computer the installation CD didnt have the activation key, long story

Then it sounds like you did not get it from a reputable place and, through the use of that tool, your OS is pirated. If it was reputable, I would have thought that you would have contacted the vendor for a legitimate key.

Microsoft provides several ways that you can report the vendor: Protect Yourself from Piracy

 

[Jacee]

If your copy of Windows 7 is indeed pirated (as it looks from your last post), then I will excuse myself from this topic. You get what you pay for, and in your case you got a dandy Rootkit... enjoy!

 

[tw33k]

This thread needs to be closed because the OP did this to himself! That's the price you pay for using pirated software mate.