Who has some good knowledge on virus removal? - Ford Powerstroke Diesel Forum
Computer Geeks Gaming, Servers, Code, everything computer...

Powerstroke.org is the premier Diesel Truck Forum on the internet. Registered Users do not see the above ads.
Reply
 
LinkBack Thread Tools Display Modes
  #1  
Old 03-07-2011, 05:54 PM
Compression Ignition Addict
 

Join Date: Dec 2009
Posts: 1,283
Thanks: 0
Thanked 1 Time in 1 Post
Feedback Score: 0 reviews
Who has some good knowledge on virus removal?

The wife's laptop got a virus the other day...one that tries to get you to buy their BS anti-virus,and actually shows up on the desktop

Any way,I use verizon broad-band wireless air cards ( on a long private road,cable won't come down and too far away from DSL service)and the virus wiped that out,and won't reload.

I use cyber defender and their service is usually good....but this go around I find their service is completely suckish getting back to me to help me get it connected to internet so they can scan and fix the virus.

Any ideas?

Is there anything available that I can load into it to clean it up?
The wife has pics she doesn't want to loose----the ding dong didn't back them up!

Thanks in advance!
Reply With Quote Quick reply to this message
Sponsored Links
Advertisement
 
  #2  
Old 03-07-2011, 07:04 PM
Banned
 

Join Date: Jan 2011
Location: Maine
Posts: 4,240
Thanks: 0
Thanked 0 Times in 0 Posts
Feedback Score: 5 reviews
Send a message via Skype™ to ToMang07
I use the following, all free:

Currently uee:
Avast Anti-virus.
Spybot Search and Destroy

Have used:
Spyware Terminator
Lava Soft Add-Aware

Both work well for me.
Reply With Quote Quick reply to this message
  #3  
Old 03-07-2011, 07:22 PM
Member
 

Join Date: Mar 2011
Posts: 84
Thanks: 0
Thanked 0 Times in 0 Posts
Feedback Score: 0 reviews
I'm an IT Director that came up the ranks. I can and have removed that particular phish.

That particular rip off isn't actually a virus because your wife actually agreed to install it. Don't blame her, it's trickery phishing at its best. The anti-virus software that it say's it installs to clean up your system does nothing.

Now, consider this, how much money is that guy making off people.. It's a huge number.

Anyway, you have to delete the user profile then start the computer in safe mode and edit the registry to remove it from the run-once and default profile registry entries. Then before you restart the computer again you have to edit the default user profile itself and remove it from there.

Judging from your post, that's probably way beyond you. There is no antivirus program out there that can sucessfully remove it because it can't run until after it's already too late.

The guy that wrote it is good and believe it or not, it's technically not illegal.

The only other recourse is to rebuild the computer from scratch using the original CD's. You might be able to get the Geek Squad to fix it for you, I'm sure they've seen it before.
Reply With Quote Quick reply to this message
  #4  
Old 03-08-2011, 12:09 AM
Premium Member
 

Join Date: Sep 2009
Location: Wetaskiwin Alberta
Posts: 39
Thanks: 0
Thanked 0 Times in 0 Posts
Feedback Score: 0 reviews
Quote:
Originally Posted by sschefer View Post
I'm an IT Director that came up the ranks. I can and have removed that particular phish.

That particular rip off isn't actually a virus because your wife actually agreed to install it. Don't blame her, it's trickery phishing at its best. The anti-virus software that it say's it installs to clean up your system does nothing.

Now, consider this, how much money is that guy making off people.. It's a huge number.

Anyway, you have to delete the user profile then start the computer in safe mode and edit the registry to remove it from the run-once and default profile registry entries. Then before you restart the computer again you have to edit the default user profile itself and remove it from there.

Judging from your post, that's probably way beyond you. There is no antivirus program out there that can sucessfully remove it because it can't run until after it's already too late.

The guy that wrote it is good and believe it or not, it's technically not illegal.

The only other recourse is to rebuild the computer from scratch using the original CD's. You might be able to get the Geek Squad to fix it for you, I'm sure they've seen it before.
Or... Go on the internet on another computer, Google "remove 'blankity blank' antivirus".
I'd be willing to bet someone has an effective way of fixing this without resorting to wiping out the Windows partition.
In the future, store all, and I mean all important information on another partition or better yet another hard drive.
Even though a lot of people hate Norton Anti virus, they make some of the best removal tools for viruses as well as programs like this.
Check their website, if this program is as unwanted as I think, they may have a removal program as well as a procedure to follow to make sure that it is removed fully and permanently.
Did you try using System Restore and restoring it back to before the program was installed? Might work, right? What could it hurt?
You could also download (on another computer) SpybotSD as well as updates for it, burn to a CD, install on the laptop and run it. It might be worth a shot.
The people that write/update SpybotSD have been known to mark programs such as this as spyware.
If you have problems, PM me with the name of the program and I will see what I can find.
Reply With Quote Quick reply to this message
  #5  
Old 03-08-2011, 02:26 AM
Almostdunfukinwidit


 

Join Date: Nov 2006
Location: Trempealeau, WI
Posts: 31,182
Thanks: 116
Thanked 106 Times in 97 Posts
Feedback Score: 0 reviews
Send a message via Yahoo to Dave
Google CCleaner install and run it.
Google malwarebytes anti malware. install it and run it.
Google webroot spy sweeper install it and run it.

That should take care of it.

You can use the free versions of all of the above.


Spybot search and destroy is junk. Just about everything gets by it
Reply With Quote Quick reply to this message
  #6  
Old 03-08-2011, 02:29 AM
Compression Ignition Addict
 

Join Date: Nov 2007
Location: Cornwall, PA
Posts: 236
Thanks: 0
Thanked 0 Times in 0 Posts
Feedback Score: 0 reviews
Quote:
Originally Posted by Dave View Post
Google CCleaner install and run it.
Google malwarebytes anti malware. install it and run it.
Google webroot spy sweeper install it and run it.

That should take care of it.

You can use the free versions of all of the above.


Spybot search and destroy is junk. Just about everything gets by it
This is good advice. Just Malwarebytes should take care of that particular adware infection, the others will be a good measure.
Reply With Quote Quick reply to this message
  #7  
Old 03-08-2011, 06:23 AM
Member
 

Join Date: Mar 2011
Posts: 84
Thanks: 0
Thanked 0 Times in 0 Posts
Feedback Score: 0 reviews
Quote:
Originally Posted by Hoytster View Post
This is good advice. Just Malwarebytes should take care of that particular adware infection, the others will be a good measure.
You can try it but my bet is that it will only temporarily remove it. I know this one pretty well. It morphs on the machine making it super tough to locate.

For those of you that don't know - This is a phish attack. It presents you with an animated gif in a popup window that shows a playback of Microsoft defender scanning a computer and finding a hord of viruses and hacks. It offers you a solution that you think is Microsofts but the link requests admin access to your computer and if you're like most, you have that priveledge by default.

Once it has the rights and you agree to let it help you remove the problems it says it found, it installs itself in several areas of your computer and then morphs itself in a random manner making it virtually undetectable by any anitvirus or malware product. It's undetectable because you've told it that it was O.K. to install.

After it installs it say's it cleans your computer and makes it safe but it doesn't do anything other than setup a rpc/http port that communicates with a online payment system. From that day on it will stop programs from executing on your computer until you pay them. Once you pay them everything returns to normal for as long as you've paid for the product. As soon as the "so called" subscription runs out, the software will once again stop programs from running on your computer until you pay them again.

The latest more advance version morphs itself everytime your computer starts. If you know what to look for and how to remove it, you can get rid of it in about 15 minutes but it is, for the most part, a manual process.
Reply With Quote Quick reply to this message
  #8  
Old 03-08-2011, 06:26 AM
Almostdunfukinwidit


 

Join Date: Nov 2006
Location: Trempealeau, WI
Posts: 31,182
Thanks: 116
Thanked 106 Times in 97 Posts
Feedback Score: 0 reviews
Send a message via Yahoo to Dave
Malwarebytes will wipe that one out

Webroot spysweeper will keep it from coming back
Reply With Quote Quick reply to this message
  #9  
Old 03-08-2011, 10:19 AM
Member
 

Join Date: Mar 2011
Posts: 84
Thanks: 0
Thanked 0 Times in 0 Posts
Feedback Score: 0 reviews
Quote:
Originally Posted by Dave View Post
Malwarebytes will wipe that one out

Webroot spysweeper will keep it from coming back
Webroot spysweeper might keep it from comming back but Malwarebytes needs to at least execute once and the way Anti-Vir works effectively is that if you haven't paid the ransom it prevents any exectuable from launching. If Malwarebytes was already on the machine it might have a chance.

I've been able to load previous build versions and get back in just long enough to do a sweep to locate it in all of it's hiding places. It's primary launch location is in the default users profile. From there it spawns to non default profiles as different users logon.

I'm keeping this pretty simplistic since the actual process would probably not be understandable to most. Hope no one takes offense to that, it's not meant that way.

Go ahead and try what ever you want. If you find something that actually works to completely remove it and protect against it in the future, please post that info here.

Regards,
Reply With Quote Quick reply to this message
  #10  
Old 03-08-2011, 10:53 AM
Slacker



 

Join Date: Dec 2006
Location: Surprise, Arizona
Posts: 17,136
Thanks: 13
Thanked 48 Times in 37 Posts
Feedback Score: 4 reviews
Good luck, Steve. Unfortunately, you can only lead a horse to water. The problem that most folks have with this kind of topic is they have NO IDEA what is actually going on with the infection, nor do they have any concept how quickly these are copied by other developers and morphed into new infections.

Signature based programs are ALWAYS behind the times because the infection has to be identified and then added to the signature file. Heuristics are only marginally better.

Some of the new session grabbing applets are the ones to be scared about. They will be responsible for most of the new infections going forward and will change the way we use the web. Browser and computer hijacking is elementary compared to the new stuff and because we allow all our apps to be integrated (Twitter talks to FaceBook, which talks to PhotoBucket, which talks to.....), it only requires a crack in that security shell in order to hijack your entire online persona.

Keep thinking MalwareBytes is the end all-be all...
Reply With Quote Quick reply to this message
Sponsored Links
Advertisement
 
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Ford Powerstroke Diesel Forum forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in

Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools
Display Modes

Posting Rules
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 12:41 AM.


Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.1
Garage Plus, Vendor Tools vBulletin Plugins by Drive Thru Online, Inc.

vB.Sponsors