got me a virus..

S

scottatwittenberg

2[H]4U
Joined
Apr 10, 2002
Messages
3,306
ok...

i let a girl use my computer last night.. now i have a virus...

i can't remember the 3 files that come up in processes.. they all begin with IIS, one is iisreset.exe..

the computer uses 75% cpu useage due to the virus...

now.. i had dual boot xp and 2003 on different physical hard drives.. 2k3 got infected.. so i tried to boot into xp to scan the 2003 drive and it wouldn't load.. the keyboard and mouse wouldn't work.. i tried this twice.. tried safe mode in both xp, which still wouldn't load.. and ran scans from symantec corp, adaware, and spybot all night.. its still there

so now i have a spare drive in here that i luckily had sitting around..

here is my plan, tell me if it is flawed...

install all updates onto this drive.. its running xp sp2..
update virus software.. i have nod32 on here now.. should i install avg also?
stick infected hard drives into my external enclosure 1 at a time..
plug external drive into computer and scan it..

do you think that will work? or will the damn thing just migrate over to this drive?

plan b is a boot cd.. any reccomendations?

plan c is to boot back onto the infected drives.. burn any school shit off of there i will need over the next week or so.. and just run it off this drive till the summer...

i just need this thing to get me through the final papers and shit i need to write till the end of the semester.. then i can reformat all my os drives and go from there...
 
also 1 more thing...

if i do plan A, which is to scan my drives from this hard drive i am currently using, should i log in as either not an admin, or boot into safemode also? or will that not make a difference?
 
Sounds like it might work, assuming the anti-virus software is able to identify it as a virus.

Another perhaps safer method would be to boot to a Windows PE (pre-installation environment) CD. That way you don't have a writeable drive for the virus to infect. Just Google WinPE for more info.

Alternatively, maybe you can run a Linux Live CD, such as Knoppix, and then run a freeware Linux virus scanner such as BitDefender.
 
First off... don't install 2 anti-viruses. They don't tend to like each other, and will kill your resources.

First plan is to get the name of the files and google them. If nothing turns up...

1. Disable system restore.
2. Reset your internet explorer settings (enable "use TLS 1.0)
3. Restart in safe mode w/o networking
4. Check add/remove programs and get rid of the bs.
5. Use msconfig and get rid of them from starting up... and also check the services (hide all microsoft ones)
6. Check the registry for b/s
7. Look in windows explorer for the files and delete anthing awry.
8. Reboot and go to housecall.trendmicro.com and do a full scan.

That should do it.
 
AVG is a n00b piece of crap. Stick with nod32, its is MUCH better! If you want a free AV pick up AntiVir.

And only stick with one AV like slowbiz mentioned. For malware/spyware the more apps you have installed the better, but the same isnt so for AV.
 
How is AVG "n00b?" I've been using it for 2 years now and it works great. A full set of features, active protection, and it's free. I've cleaned out many computers with it.
 
seconded, you're a ^^ noob. AVG sux.

free antiviruses are trash too, as are open source ones -- stick to commercial ones as they'll have more complete databases.

my suggestion to you: back up everything you need, and format.
 
HekoAridese said:
seconded, you're a ^^ noob. AVG sux.

free antiviruses are trash too, as are open source ones -- stick to commercial ones as they'll have more complete databases.

my suggestion to you: back up everything you need, and format.
Click to expand...
No way... it's way more satisfying to take the virus down without help of an anti-virus and only your wits to save you.
 
..and why does AVG 'sux'?

with either method , you should be able to get your drives cleaned up ..as mentioned tho , be sure to turn off system restore so the virus cant hide on yuh


[F]old|[H]ard
 
ok.. i never had system restore enabled
i didn't do the tsl 1.0 deal..
i booted in safe mode
checked msconfig
looked quickly at services and didn't see anything
looked in add/remove programs
and i don't know how to check the registry.. unless i knew exactly where to go to change something..

i am going to try the external enclosure and see how that goes... then report back..

slowbiz said:
First off... don't install 2 anti-viruses. They don't tend to like each other, and will kill your resources.

First plan is to get the name of the files and google them. If nothing turns up...

1. Disable system restore.
2. Reset your internet explorer settings (enable "use TLS 1.0)
3. Restart in safe mode w/o networking
4. Check add/remove programs and get rid of the bs.
5. Use msconfig and get rid of them from starting up... and also check the services (hide all microsoft ones)
6. Check the registry for b/s
7. Look in windows explorer for the files and delete anthing awry.
8. Reboot and go to housecall.trendmicro.com and do a full scan.

That should do it.
Click to expand...
 
BurntToast said:
AVG is a n00b piece of crap. Stick with nod32, its is MUCH better! If you want a free AV pick up AntiVir.

And only stick with one AV like slowbiz mentioned. For malware/spyware the more apps you have installed the better, but the same isnt so for AV.
Click to expand...
HekoAridese said:
seconded, you're a ^^ noob. AVG sux.

free antiviruses are trash too, as are open source ones -- stick to commercial ones as they'll have more complete databases.

my suggestion to you: back up everything you need, and format.
Click to expand...
I love it when 'Internet Morons' make claims without facts and call everyone that disagrees with them or questions them "noobs" or other such names. Instead of being an idiot why don't you answer with at least a half way intelligent answer, give open and impersonal facts...no crap like "it doesn't work for me so it must suck".

OT - I agree with a full format and reinstall however, as long as you're not booting to those drives (ie - your third 'clean' drive) then you'll be fine to clean that stuff off without fear of further infection. Most all viruses require initial user intervention to launch or an OS insecurity for initial infection. After that they usually embed themselves in the registry and/or system files that must be called upon to function.
Again for absolute best results...wipe clean and rebuild.

Good luck man!
 
HekoAridese said:
free antiviruses are trash too, as are open source ones -- stick to commercial ones as they'll have more complete databases.
Click to expand...
Have you read ANY of the AV reviews and comparisons in the last 2 years? :rolleyes:
 
If you look at Heko's most recent posts, they are all trolls


He has nothing else to do??
 
just an update.. i have had the 2k3 drive connected for days now.. i don't know how long.. and the nod32 scans keep freezing on certain files. first it was in my visual studio 2003 folder. then i can't remember.. so as long as i have access to my school documents and my mp3s.. which i do.. i am just keeping it like this till i am done typing my final papers and shit.. then i can reformat this summer.

i also remembered that the same girl got a virus on my computer last semester.. i have no idea what she does.. and i have been there watching her use my computer both times.. oh well..
 
I love it when 'Internet Morons' make claims without facts and call everyone that disagrees with them or questions them "noobs"
Click to expand...
even worse is when they spell it n00b. i never take anyone seriously once they use that word.

when i use windows (in a VM only, i would never let the actual OS touch my hard drive), i use avg and antivir. haven't tried anything else besides avast, but that felt so cluttered and bloated to me, i stopped using it.

to the op, you're lucky it's your COMPUTER she infected with a virus :)
 
When I did tech support in college, most of my calls were fixing viruses on female-owned computers, most of them pr0n related...

Anyways, to manually check the registry, go to: hkey_local_machine\software\microsoft\windows\currentversion\run

See if anything in there is suspicous, you can always google file names to get some more info.

I agree with the above poster's comment about fighting viruses with your wits - it's way more fun ;)

Unless you've got a major, multiple-virus infection you shouldn't need to reformat. Most viruses go to the same places and use obvious filenames like "a.exe" or "system33.exe" and hence are easily killed.
 
You must log in or register to reply here.
Back
Top