Need Assistance with Removing a Virus

S

Starguard

Limp Gawd
Joined
Jul 28, 2003
Messages
332
I have a Gateway Tower that's running Windows 8.1 Apparently a virus was downloaded through an infected e-mail and it forces the computer to run very slowly. It takes forever to get the password identified and once inside, none of the icons will open. I have AVG Antivirus 2015, but I can't get the icon to work and the entire screen freezes. I tried unplugging and restarting with the AVG CD in the drive and that doesn't work. I've also tried CONTROL-ALT- DELETE and that doesn't work either. I tried reloading the entire OS from my Scandisk and still had no luck.

Any advice would be both welcomed and appreciated
 
Starguard said:
I have AVG Antivirus 2015, but I can't get the icon to work... I've also tried CONTROL-ALT- DELETE and that doesn't work either.
Click to expand...
That's pretty typical. The virus is "protecting" itself by not allowing you to see/access the processes that are running (including the virus).

Have you tried booting into safe mode and running AV from there?

Edit: You might also try installing autoruns. It's kind of like the task manager on steroids. But be very careful. You don't want to disable anything essential that might cause worse problems. But if you peruse thru it, you might be able to pinpoint the culprit. Look for things that coincide with the timing of your virus woes and that come from untrusted/unknown sources.
 
Last edited:
First thing i would try is doing a regular factory restore...if that didn't work i would try booting up with my own win 8 disk or usb and go to advanced options and see if they left a recovery image so you can redo it. Sometimes its less times consuming just to start over when dealing with virus
 
Reboot into safemode and do a cleanup from there. Instead of logging in, hold down the shift key well selecting restart and go from there.
 
What I normally do is boot up off a bootable copy of Ubuntu Linux (like the installer image) and then run ClamAV on the hard drive(s) of the system. Reboot, uninstall and reinstall the virus software and run that again. That catches most things because they can't protect themselves if they're not even running.

Otherwise format and reinstall works most of the time.
 
Im trying my best to get into safe mode, but for some reason I can't. System keep going thru its normal procedure and keeps taking me back to my log on page
 
Best bet is as others suggest, boot from a usb memory stick or a CD. Kaspersky has utility called "Kaspersky Rescue Disk". Found here: http://support.kaspersky.com/4162
FAQ is here http://support.kaspersky.com/viruses/rescuedisk
I have used this in the past. It is effective when used in conjunction with other Anti-malware tools. A scan using this tool will take several hours.

If you can not do the boot from memory stick or CD then see below.

In regards to getting into safe mood. See the tips on this website http://www.7tutorials.com/5-ways-boot-safe-mode-windows-8-windows-81

Download and install Malwarebytes Antimalware Free version. Found here: https://www.malwarebytes.org/
Update it and run the most thorough scan you can. Remove whatever it finds. Reboot when prompted and then run again after Reboot. Consider buying this. It is only $25 a year subscription and in my opinion does a better job then most of the big name AV software out. A scan should take 1 to 3 hours. May take longer based on the amount of stuff you have.

Download and install Hitman Pro. Found here http://www.surfright.nl/en.
Install, update and scan with this as well. Remove whatever it finds. This would also be a good purchase if your so inclined. It cost about $40 a year. Again a scan take 1 to 3 hours. May take longer based on the amount of stuff you have.

The makers of Hitman Pro and Kaspersky are not American companies. One is based in the Netherlands and one in Russia.

DO NOT RUN HITMAN PRO AND MALWARE AT THE SAME TIME.

After running either or both of the above software open a browser window and scan with a tool called E-Set. http://www.eset.com/us/online-scanner/
Remove whatever it finds. This will also take several hours.

Do all the downloads on a different computer and bring the installs to your computer via a CD or usb stick.

Failing all this take it to a computer shop if your not computer inclined. Tell them to quote you a price on virus removal and a separate quote for clean system install and bios flash. Be prepared if you chose the later option, clean install and bios flash, to loose all your personal files unless you pay the shop to back them up in addition to the clean install. Rough estimate would be about $100 - $150. Much more and you are about a 1/4 of the way to a new computer.
 
ManofGod said:
Reboot into safemode and do a cleanup from there. Instead of logging in, hold down the shift key well selecting restart and go from there.
Click to expand...

Ok I tried it and it worked. Thanks again everyone for coming to the rescue. If I knew you all personally I would buy a round of beer for all of you :)
 
Another example how antiviruses are really useless. People shouldn't open e-mails using windows boxes.

The OP was lucky this one wasn't a rootkit or a bios injector.
 
I am going to say this strait up. I do not think it is wise to remove infections. Except to recover files you absolutely need. Once your computer is compromised anything can happen, many malware download other malware the try to leave traces in places to catch you again, etc.... I full format is highly suggested anytime you system is compromised period. Basically save the files that were not backed up on some removable media, run an antivirus on those files independently and reformat the whole machine.
 
rudy said:
I am going to say this strait up. I do not think it is wise to remove infections. Except to recover files you absolutely need. Once your computer is compromised anything can happen, many malware download other malware the try to leave traces in places to catch you again, etc.... I full format is highly suggested anytime you system is compromised period. Basically save the files that were not backed up on some removable media, run an antivirus on those files independently and reformat the whole machine.
Click to expand...

Except that it takes a considerably longer time. Also, if the customer does not have the software to reinstall, that would not work. Removing infections can be a 100% sure thing but, you need to know what you are doing in order for that to be 100% effective.
 
ManofGod said:
Except that it takes a considerably longer time. Also, if the customer does not have the software to reinstall, that would not work. Removing infections can be a 100% sure thing but, you need to know what you are doing in order for that to be 100% effective.
Click to expand...

Yeah I guess you just wipe the ebola virus off with a tissue without going through biohazard level 3 cleaning process. Surely it's gone, carry on :D
 
Quix said:
What I normally do is boot up off a bootable copy of Ubuntu Linux (like the installer image) and then run ClamAV on the hard drive(s) of the system. Reboot, uninstall and reinstall the virus software and run that again. That catches most things because they can't protect themselves if they're not even running.

Otherwise format and reinstall works most of the time.
Click to expand...



That's my advice too. Works very well since Linux gives fuck all about WIndows issues lol. Not a fan of Linux on a regular use, but I'll be damned if it isn't one of the best tools to have in your belt.
 
B00nie said:
Yeah I guess you just wipe the ebola virus off with a tissue without going through biohazard level 3 cleaning process. Surely it's gone, carry on :D
Click to expand...

So, what you are saying is we should kill the host to kill the virus then, eh? :eek:
 
You shouldn't waste your time with boonie hes a mac troll.

The reality is viruses are a war, an arms race and no one is ever ahead of it and there are many viruses no one is going to detect, and others that even if detectable are not going to easily show themselves. When you get to the point a virus has crippled your system you could very well have many more things on there. Its simply not worth the risk. At the very least if you really are dealing with a customer you should pass this advice on to them and let them decide if they are willing to spend the time or money.
 
rudy said:
You shouldn't waste your time with boonie hes a mac troll.

The reality is viruses are a war, an arms race and no one is ever ahead of it and there are many viruses no one is going to detect, and others that even if detectable are not going to easily show themselves. When you get to the point a virus has crippled your system you could very well have many more things on there. Its simply not worth the risk. At the very least if you really are dealing with a customer you should pass this advice on to them and let them decide if they are willing to spend the time or money.
Click to expand...

If only utilities were used to remove infections, I would agree with you. However, I only use the utilities after I have already accomplished a manual cleanup first. Redoing is only good as a last resort or if it is one of the rare infections that are near impossible to find no matter what.
 
ManofGod said:
So, what you are saying is we should kill the host to kill the virus then, eh? :eek:
Click to expand...

That is in fact the most effective way to curb a viral infection. Especially in Windows world where you can just 'revitalise' the host with a few simple setup manouvers. So what you do is nuke the host, rebuild it and get smart and create a backup image of your setup for the next time you will get a virus/malware. And you will as long as you're on windows.
 
B00nie said:
That is in fact the most effective way to curb a viral infection. Especially in Windows world where you can just 'revitalise' the host with a few simple setup manouvers. So what you do is nuke the host, rebuild it and get smart and create a backup image of your setup for the next time you will get a virus/malware. And you will as long as you're on windows.
Click to expand...

No, I will not do it the way in which you have described, that is typically a bad idea. No the backup but the nuke from orbit stuff. So, on you Mac, do you just redo from scratch from you Time Machine backup for every little problem?
 
Today's malware is becoming more and more sophisticated. As a tech I find the notion of blowing away everything and reinstalling repellent. But more and more it is becoming the safest option. Root kits/Boot kits rare just a year or two ago are now fairly common and not all that difficult to defeat with the right software. Encryption virus is now beginning to take center stage and is more difficult to defeat. There is malware out there for the Mac that can and will write to bios so no amount of a fresh install will do anything. There are versions of this for the PC as well, even for the supposed secure UEFI boot. There is no true %100 guaranteed removal process for all malware. They are and will be extreme cases where literally there is nothing you can do. All is lost with no hope of recovery. All you can do is make the decision yourself on just how much effort you want to put in to remove any virus.
 
QuietMan said:
Encryption virus is now beginning to take center stage and is more difficult to defeat. T
Click to expand...

Cryptolocker and it's variants aren't too difficult to remove, but you're not going to be able to decrypt any data. You either have a backup, you pay, or you lose your files.
 
ManofGod said:
No, I will not do it the way in which you have described, that is typically a bad idea. No the backup but the nuke from orbit stuff. So, on you Mac, do you just redo from scratch from you Time Machine backup for every little problem?
Click to expand...

I don't have 'little problems' such as a potentially bank account emptying infection on my mac. My Mac(s) never needs fixing and that's why I love it. Linux OTOH I break a lot but that's because I like to tweak it and learn stuff. Once upon a while I make a mistake with it. When properly set up and left alone it's rock solid however.
 
You must log in or register to reply here.
Back
Top