Stubborn Viruses

[Tews]

Does your laptop have a recovery partition that you can restore from???

Download the trial version of Enterprise and reinstall it ..

http://technet.microsoft.com/en-us/evalcenter/cc442495.aspx

 

[dranfu]

pre boot found mirc-z PUP in the MIRC folder, and i deleted it , is it a virus?

PUP stands for potentially unwanted program. MIRC is a popular Internet Relay Char (IRC) program. If you use it, then it was probably your folder that it found, but that of course depends on where it was when it found it. IRC is a great way to get hacked and to be flooded with viruses, btw. There are better methods for finding files online. If the MIRC was not yours, then it is a great thing that it was deleted, as the program can be used in 1001 malicious ways.

I visit blogs mostly, and sites I shouldn't. So i'll stop that. lol. I know I risk it when going to those sites so thats whyi'm not giving up because i knew it would happen sooner or later.

You know, you can still visit the entire internet, as long as you take some precautions. Most importantly, u should start using Firefox with No-Script installed. Here is a brief description of No-Script and AdBlock Plus

No-Script: The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.

NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...

You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.

AdBlock Plus: Annoyed by adverts? Troubled by tracking? Bothered by banners? Install Adblock Plus now to regain control of the internet and change the way that you view the web. You can also choose from over forty filter subscriptions to automatically configure the add-on for purposes ranging from removing online advertising to blocking all known malware domains.

 

[heaumanepunk]

Thnx i have firefox on the PC but not on laptop. Why does'nt microsoft fix IE so it can work like firefox? , let me guess...to sell you programs? sounds right.

Avast is doing good, Its still scanning, it showing corrupt files, does it delete them by itself?

so if i download the trial and put in the serial i have it will it install as full verion?

would there be a way to update enterprise to Windows 7 Ultimate or something else?

 

[whs]

would there be a way to update enterprise to Windows 7 Ultimate or something else

Sure, for a price there is always a way. But why do you not reinstall from your recovery partition? Or could you tell us what is the origin of your Windows7.

 

[Tews]

Enterprise is basically the same as Ultimate, so there would be no benefit to "upgrade". As long as you have a legitimate key, all you should need to do is enter it, then activate it...

 

[heaumanepunk]

This is where i got the idea from. Is it even legal

How to upgrade Windows 7 Enterprise to Windows 7 Ultimate — Jas Dhaliwal's Blog

Origin?

 

[whs]

Origin - was it preinstalled on your system when you bought the PC or did you buy it seperately.

 

[Tews]

This is where i got the idea from. Is it even legal

How to upgrade Windows 7 Enterprise to Windows 7 Ultimate — Jas Dhaliwal's Blog

Origin?

Im not sure if this is legal or not, but it requires you to use the Ultimate CD, and you stated that you do not have a cd/dvd drive, so you wouldnt be able to use this method anyway..

 

[dranfu]

So where do viruses hide? DLL.

Viruses hide in all kinds of ways, but many of them, especially those that are not rootkitting, are simply running on your system in plain view, trying to not be detected.

What I mean is, you may have a process (a program running) in taskmanager called Svchosts.exe. Now that may seem legitimate, but the actual windows process that is really from windows is called Svchost.exe. Just by adding that s to the end of the program name, you have hidden yourself from a large number of user's.

Also, it is possible for programs to open all types of handles and hooks into other programs, which makes them difficult to delete (if running the OS or in SafeMode). Handles are data structures that represent open instances of basic operating system objects applications interact with, such as files, registry keys, synchronization primitives, and shared memory ( see Pushing the Limits of Windows: Handles - Mark's Blog - Site Home - TechNet Blogs ). Your anti virus product may or may not be able to close the handle. In cases where it can't, it will likely tell you to restart. But at that point, a virus can detect that a restart is imminent. It can also detect if it has been scheduled to be moved (aka deleted). It can detect if a change was made to the registry, meaning a change to its registry entries, and will respond by just renaming itself and/or moving itself somewhere else--and the infection will just continue.

There are ways to find out what a virus is doing, including where it is hiding, what resources it is hooking into, how it is regenerating, etc. Sys Internals tools and a solid understanding of Windows Internals ( see here is where you would want to start.

With A Live Boot CD, because the OS is not running, the program is also not running, and therefore you can delete a virus and the virus will not be aware of what is going on. This is often the best way to go about getting rid of a virus. However, there are even limitations to this. Namely that, if your Anti Virus may not be aware of (have a signature for ) the virus that infected you. And if that is the case, then it will simply skip by the file.

And of course, the best thing to do is to re-format your PC, if this is not too much of an inconvenience. It is not always necessary, but it almost works

 

[heaumanepunk]

Ty for that info dranfu, i will read all of it after this post. As for the virus, hopefully a Sys Restore will work...I konw im changing the subject but, it would be nice to make my own operating system......like ubuntu or MAC or some other linux OS that starts with an F....Maybe someday......its funny how we all want to do things but only some tend to follow through....well hopefully the virus gets wiped out...ty again for the virus info.

 

[dranfu]

Avast is doing good, Its still scanning, it showing corrupt files, does it delete them by itself?

yes and no. When it first finds a virus, it will present a list to you of choices to you. I don't have that list memorized, but it is similar to this:

1. Delete Virus
2. Delete All Viruses
3. Quarantine Virus
4. Quarantine All Viruses
5. Etc
6. Etc

Notice the 2nd option, to delete all viruses. When you select that option, you are telling Avast to delete every virus it finds, and to not bother asking you for permission to delete when it finds another one. If you select the first option, it will ask you every time if you want to delete a virus.

Hope that made sense

 

[dranfu]

I konw im changing the subject but, it would be nice to make my own operating system......like ubuntu or MAC or some other linux OS that starts with an F....Maybe someday.

Linux From Scratch: Linux From Scratch (LFS) is a project that provides you with step-by-step instructions for building your own custom Linux system, entirely from source code.

enjoy

 

[dranfu]

So............Any updates on the virus?

 

[adverze]

Well It is alway easier to blame Microsoft right?

Can't help but notice that you are not really giving straight answers where you got the windows 7 enterprise. You said it was installed on your lappy but also installed on the desktop? same os, same key?

Since it is distributed only for Business use. I really wonder where you got it. If it is not a legit source, then you are in a deep trouble my friend. Free OS comes with Freebies you might not like

 

[codyw]

Just out of curiosity, what AV product were you using when you got hit with the infections?

I've been trying real hard to get rid of a virus, or should I say a couple. I've manged to find and remove some viruses using Forefron Client Security, Spyware Doctor with Anti-Virus, and Malwarebytes, Ad-Aware has been used to. Full scans.

I've been at it for multiple days but my laptop still has signs of infection, for example not being able to get into Windows Update website, forefront wont Update giving me an error 0X8007efe, and sometimes I get redirected to a website I did not want to visit. I've manually removed some Fake anti virus software but still have problems, I've stopped my computer from crashing by removing the fake AV but like I said still frustratingly getting these problems. I really dont want to do a fresh install since I dont have a CD.

Can anyone help with these problems or maybe one of them. Please and Ty in advance.

-Heau

 

[Tews]

I believe that the OP has abandoned this thread...

 

[whs]

I believe that the OP has abandoned this thread...

Probably for good reason. The whole story was quite mysterious anyhow.

 

[jimbo45]

I believe that the OP has abandoned this thread...

Probably for good reason. The whole story was quite mysterious anyhow.

Even this great website unfortunately gets a few Trolls on it -- however the mods seem to do a great job of keeping it basically clear of these pests.

While the OP might have gone --the answer IMO is still the same -- I DO NOT TRUST ANY AV PRODUCT WHATSOEVER TO BE ABLE TO CLEAN AN INFECTED COMPUTER. - NOTE THIS IS DIFFERENT FROM PROTECTING A COMPUTER.

The only sensible way forward if your computer IS infected is a COMPLETE REFORMAT of the disk(s) and either a new OS install or restore from CLEAN uninfected backups.

Any other solution --well I wouldn't trust a machine since there is no such thing as 100% protection in any case.

Cheers
jimbo

 

[whs]

I believe that the OP has abandoned this thread...

Probably for good reason. The whole story was quite mysterious anyhow.

Even this great website unfortunately gets a few Trolls on it -- however the mods seem to do a great job of keeping it basically clear of these pests.

While the OP might have gone --the answer IMO is still the same -- I DO NOT TRUST ANY AV PRODUCT WHATSOEVER TO BE ABLE TO CLEAN AN INFECTED COMPUTER. - NOTE THIS IS DIFFERENT FROM PROTECTING A COMPUTER.

The only sensible way forward if your computer IS infected is a COMPLETE REFORMAT of the disk(s) and either a new OS install or restore from CLEAN uninfected backups.

Any other solution --well I wouldn't trust a machine since there is no such thing as 100% protection in any case.

Cheers
jimbo

That is a fair comment. The optimal solution is to set back to a prior image - if you do imaging.

 

[jimbo45]

Hi WHS

I'd go a bit further than that --just restoring an image on a single partition might not do the trick if the infection is lurking in data on another partition --which is why I'd recommend wiping the ENTIRE DISK and THEN restoring clean images and data.

Even if you have a SINGLE disk image I'd still do the reformat just to make sure --and I'd do the reformat from either a Windows install disk or from another "Live disk" such as a Linux Live CD / Gparted / etc.

Don't use the infected system's OS to "Cleanse" your disk.

Cheers
jimbo