affordableCebu
Home » Questions » Computers [ Ask a new question ]

Virus cleanup brainstorming

Virus cleanup brainstorming

I'm in the process of cleaning up a virus from a friend's computer and so far I've managed to have the windows runtime clean. However, after a reboot the malware reappears. Another symptom is that the infected computer can't boot in safe mode.

Asked by: Guest | Views: 218
Total answers/comments: 4
Guest [Entry]

I have had good experiences with the folks over at bleepingcomputer.com. Follow their instructions for posting the initial diagnosis (usually involves running HijackThis) and they'll work with you to create/get the fix you need.
Guest [Entry]

"Backup the second partition onto an external HDD (don't forget to press SHIFT while connecting the drive to override autoplay).

run Windows Setup, nuke ALL partitions and create 2 new partitions and install Windows again.

grab A-squared command line scanner (portable and free for personal use), update it and scan the external drive (remember, SHIFT while connecting the drive and hold it until the device is installed). check the result and delete any infected files, ONLY then restore the files to the second partition."
Guest [Entry]

"If it's come back after a reinstall then it's almost certainly a MBR virus. You have two main ways to delete it. One is to zero the disk and do a fresh install. The other is to delete the MBR using a hex editor or something (do this from another machine), and then booting into a Windows disk and using the fixmbr command to repair it. GMER has a program to scan the MBR of the machine, it's on the mainpage called mbr.exe - you might also want to run their scanner.

It's also worth checking the your memory sticks are clean, and the other computers on the network aren't infecting your new one (which probably comes onto the network before being fully updated, so is vulnerable)."
Guest [Entry]

"It sounds like a MBR virus or a rootkit.
Check MBR and alternate data stream (of all drives plugged even USB stick, and don't use suspicious CD)

Tools I recommend:

General Anti-virus (do a full deep scan, ideally from a bootcd (ubcd4win), with all options to speed the scan disabled):

Kaspersky Virus Removal Tool (included in ubcd4win)
Malwarebytes' Anti-Malware (included in ubcd4win)
Nod32 (instructions to add it to ubcd4win or bartpe)

Anti-rootkit (be careful with them, use one at time, and uninstall them after using, and don't remove everything they found!):

GMER
RootkitRevealer
Rootkit Unhooker"