HELP! My desktop is infected

[taterhill]

I think it has Advanced Virus remover malware and I cannot get rid of it.....any thoughts? SHuts down all of the time....cannot run Malwarebytes, cannot do system restore, etc

[Fezmid]

I hope you have a backup of all of your files like I preach all the time.

 

If so, reinstall the OS.

 

If not, buy a new harddrive, reinstall the OS, put the second drive as a slave, and copy off your files before reformatting it.

 

Others will say, "Use program X," or "Run program Y." But there's no guarantee that it cleans everything up - the only way to be sure is to reinstall.

[The Dean]

Yes, you have been infected by a rogue security product. Several will advise you to reformat and reinstall. That is certainly one way to go. But I regularly save computers that have been infected like this.

 

Either method takes a while.

 

 

If you want to attempt to clean your computer of this infection I recommend posting a thread here:

 

http://www.spywareinfoforum.com/index.php?showforum=18

 

Be sure to read this thread first:

 

http://www.spywareinfoforum.com/index.php?showtopic=79038

 

They will take good care of you.

[Beerball]

I think it has Advanced Virus remover malware and I cannot get rid of it.....any thoughts? SHuts down all of the time....cannot run Malwarebytes, cannot do system restore, etc

I blame brady*

Hope you get things cleaned up.

[The Dean]

I hope you have a backup of all of your files like I preach all the time.

 

If so, reinstall the OS.

 

If not, buy a new harddrive, reinstall the OS, put the second drive as a slave, and copy off your files before reformatting it.

 

Others will say, "Use program X," or "Run program Y." But there's no guarantee that it cleans everything up - the only way to be sure is to reinstall.

 

 

And there's no guarantee he won't reinstall the infection when he puts his files back on his hard drive. Reformat/reinstallation is not a guarantee, either.

 

Modern malware removal has come a long way. This particular infection is very removable.

[thebug]

And there's no guarantee he won't reinstall the infection when he puts his files back on his hard drive. Reformat/reinstallation is not a guarantee, either.

 

Modern malware removal has come a long way. This particular infection is very removable.

 

I have backed up and formatted a thousand computers and not once re-installed the infection on the clean install. most infections are located in the "windows" or "windows\system32" or "all users\application data" or "temp" directories. If you back-up docs and pics and e-mails etc you are pretty safe. I see what you are saying, but in the time it takes to run 1 malwarebytes scan on a infected 200GB hard drive, I can back-up data, format, re-install and restore data, Done. Never mind having to run 3 or 4 more different programs to make sure the infection is gone.

[The Dean]

I have backed up and formatted a thousand computers and not once re-installed the infection on the clean install. most infections are located in the "windows" or "windows\system32" or "all users\application data" or "temp" directories. If you back-up docs and pics and e-mails etc you are pretty safe. I see what you are saying, but in the time it takes to run 1 malwarebytes scan on a infected 200GB hard drive, I can back-up data, format, re-install and restore data, Done. Never mind having to run 3 or 4 more different programs to make sure the infection is gone.

 

 

I have cleaned, perhaps 100 or more computers, and have yet to have a machine be taken over by the same infection. (Of course, I follow up and make sure any remaining bits are cleaned before they become problematic.)

 

I have also found infections on several external hard drives. They are usually in fake .mp3 or MPEG files which have been backed up the external drive.

 

Of course, depending on your definition of malware, computers are regularly shipped already infected. This included brand new machines from Dell, HP, etc, I have also performed reinstalls (from the restore section of the hard drive) and the AV and anti-malware programs have found infections before anything else was installed. (These infections are typically Adware-related.)

 

As for the speed you can reinstall a system, you are a much better man than me, Gunga Din. I did a reinstall/reformat on my laptop a month or two ago (not malware related), and I STILL don't have it completely tweaked to my liking, the way it was before I reformatted.

[thebug]

I have cleaned, perhaps 100 or more computers, and have yet to have a machine be taken over by the same infection. (Of course, I follow up and make sure any remaining bits are cleaned before they become problematic.)

 

I have also found infections on several external hard drives. They are usually in fake .mp3 or MPEG files which have been backed up the external drive.

 

Of course, depending on your definition of malware, computers are regularly shipped already infected. This included brand new machines from Dell, HP, etc, I have also performed reinstalls (from the restore section of the hard drive) and the AV and anti-malware programs have found infections before anything else was installed. (These infections are typically Adware-related.)

 

As for the speed you can reinstall a system, you are a much better man than me, Gunga Din. I did a reinstall/reformat on my laptop a month or two ago (not malware related), and I STILL don't have it completely tweaked to my liking, the way it was before I reformatted.

 

 

 

Oh I've been there before as well. When we back data we do scan it as well on a test machine while the OS is installing, just in case. But yah some are a quick fix and some, not so much. I tell my guys, "lets not have 8 hours into a repair before we decide it's time to format", but let's not just format for the sake of ease.

[The Dean]

Oh I've been there before as well. When we back data we do scan it as well on a test machine while the OS is installing, just in case. But yah some are a quick fix and some, not so much. I tell my guys, "lets not have 8 hours into a repair before we decide it's time to format", but let's not just format for the sake of ease.

 

 

That's a good policy, I think. And you have to have different standards for a company than for an individual user.

 

For many people, a reinstall is a nightmare. They don't necessarily have the ability to reinstall all the programs they use, or have proprietary (or simply old and odd) programs, some with many tweaks done by someone else. People can become pretty attached to the their computers, and the way they have them configured. I take a very personal, individual approach, with each client and explain the pros and cons of different solutions.

[EndZoneCrew]

Clearly the result of too many "German Shizer" video downloads

[The Dean]

Clearly the result of too many "German Shizer" video downloads

 

 

The ones staring Cartman's mom are the best.

[thebug]

That's a good policy, I think. And you have to have different standards for a company than for an individual user.

 

For many people, a reinstall is a nightmare. They don't necessarily have the ability to reinstall all the programs they use, or have proprietary (or simply old and odd) programs, some with many tweaks done by someone else. People can become pretty attached to the their computers, and the way they have them configured. I take a very personal, individual approach, with each client and explain the pros and cons of different solutions.

 

 

Yah me too, the thing that drives me crazy is the pain in the azz repair, then you finally tell the customer that you need to format and they say " oh, that's ok, there's nothing on there I need to keep"

[The Dean]

Yah me too, the thing that drives me crazy is the pain in the azz repair, then you finally tell the customer that you need to format and they say " oh, that's ok, there's nothing on there I need to keep"

 

 

I've been there.

[Steely Dan]

I hope you have a backup of all of your files like I preach all the time.

 

If so, reinstall the OS.

 

If not, buy a new harddrive, reinstall the OS, put the second drive as a slave, and copy off your files before reformatting it.

 

Others will say, "Use program X," or "Run program Y." But there's no guarantee that it cleans everything up - the only way to be sure is to reinstall.

 

I run Avira, Noadware, Malwarebytes, McAfee site advisor and Registry Wizard which comes along with a years worth of driver downloads.

 

I'm probably over paranoid but it makes me feel a lot better.

 

How do you back up programs? If I wanted to back those programs up, for example, how do I do that?

[Fezmid]

How do you back up programs? If I wanted to back those programs up, for example, how do I do that?

 

There's a few options.

 

I use a service called "Mozy" (Mozy.com). You pay a monthly fee (and get a discount for multiple months/years), and install an application on your PC that automatically ships the files you request over to the Mozy servers. This is very helpful in case your house burns down, or someone breaks in and steals your PC. However, it's less helpful in the case of rebuilding a PC -- because depending on how much data you have backed up, it could take a long time to retrieve.

 

I also have software called Second Copy ( www.centered.com ). You can setup backup policies that backup files from one location to another. This is very helpful if you have a second harddrive in your computer, or if you occasionally plug in a n external harddrive (you can set the program up to only backup when you plug the drive in).

 

A third option is Windows Home Server. Everyone knows I'm pretty anti-MS, but they actually got this one right. You need to build another computer and leave it on 24x7, but you can then copy your files to it (using Second Copy, for example). In addition, you install a connector on your PC and it will make an image of your PC every night. If you PC gets infected or the harddrive dies, you simply put a new drive in, put a restore DVD in the drive (with just enough drivers to let your PC talk to WHS), and it restores your whole PC in about 20 minutes. Tater would've been able to use this to, for example, restore his PC to the way it looked 2 month sago, before becoming infected. Very handy. It has the added benefit of being able to stream effortlessly to the Xbox 360, which I also like.

 

 

As for the original topic -- with all respect to Dean, running software to remove Malware is no guarantee that the malware is gone. If "close enough" is acceptable, then go for it - you're probably going to be ok, but who knows.

 

And there's no guarantee he won't reinstall the infection when he puts his files back on his hard drive. Reformat/reinstallation is not a guarantee, either.

 

I do take issue with this comment though. Reinstalling from media is a 100% guarantee that the system will be clean. Copying data files (images, music, docs, etc) from a second source will not spread an infection, as the malware generally lives in Windows system files or application binaries.

 

Now is it "too hard" to reinstall because of old applications and such? Yes, it can be difficult in some cases, but what is that user going to do once their drive fails?

 

Dean, while I respect that your clients may appreciate being able to keep everyting the way it is, I still maintain that you have no idea whether the infections are actually gone by using your malware removal programs. I work in IT Security, have my CISSP certification, and industry best practice is to reinstall, not to remove malware. Even Microsoft agrees:

 

http://www.eweek.com/c/a/Security/Microsof...ing-Impossible/

 

"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here.

[The Dean]

There's a few options.

 

I use a service called "Mozy" (Mozy.com). You pay a monthly fee (and get a discount for multiple months/years), and install an application on your PC that automatically ships the files you request over to the Mozy servers. This is very helpful in case your house burns down, or someone breaks in and steals your PC. However, it's less helpful in the case of rebuilding a PC -- because depending on how much data you have backed up, it could take a long time to retrieve.

 

I also have software called Second Copy ( www.centered.com ). You can setup backup policies that backup files from one location to another. This is very helpful if you have a second harddrive in your computer, or if you occasionally plug in a n external harddrive (you can set the program up to only backup when you plug the drive in).

 

A third option is Windows Home Server. Everyone knows I'm pretty anti-MS, but they actually got this one right. You need to build another computer and leave it on 24x7, but you can then copy your files to it (using Second Copy, for example). In addition, you install a connector on your PC and it will make an image of your PC every night. If you PC gets infected or the harddrive dies, you simply put a new drive in, put a restore DVD in the drive (with just enough drivers to let your PC talk to WHS), and it restores your whole PC in about 20 minutes. Tater would've been able to use this to, for example, restore his PC to the way it looked 2 month sago, before becoming infected. Very handy. It has the added benefit of being able to stream effortlessly to the Xbox 360, which I also like.

 

 

As for the original topic -- with all respect to Dean, running software to remove Malware is no guarantee that the malware is gone. If "close enough" is acceptable, then go for it - you're probably going to be ok, but who knows.

 

 

 

I do take issue with this comment though. Reinstalling from media is a 100% guarantee that the system will be clean. Copying data files (images, music, docs, etc) from a second source will not spread an infection, as the malware generally lives in Windows system files or application binaries.

 

Now is it "too hard" to reinstall because of old applications and such? Yes, it can be difficult in some cases, but what is that user going to do once their drive fails?

 

Dean, while I respect that your clients may appreciate being able to keep everyting the way it is, I still maintain that you have no idea whether the infections are actually gone by using your malware removal programs. I work in IT Security, have my CISSP certification, and industry best practice is to reinstall, not to remove malware. Even Microsoft agrees:

 

http://www.eweek.com/c/a/Security/Microsof...ing-Impossible/

 

 

Fez, I respect your credentials and opinion, but you are living in a different world from most of the clients I see and I suspect, most users here. I understand that, for some infections, best practice is to reinstall. Of course, had the user worked in a sandbox or at least with a limited privilege account, they may have avoided the infection to begin with. Had they backed up their files, reinstall wouldn't be as objectionable to them. These people are so far from "best practices" they usually laugh out loud (or cry) at the suggestion they reinstall, instead of clean.

 

Moving on, though, I think you should note that the article you forwarded is three years old. As I suggested earlier, cleaning has progressed in the past couple of years, IMO. Rootkits, for example, while relatively hard to detect and clean, aren't quite as invincible as they once were. Still, in most cases where a rootkit is suspected, I advise reinstallation.

 

But the thing that bothers me most about your universal advice to reinstall and reformat, is your failure to give any parameters to that approach. Would you reinstall for anything a good AV or anti-malware program detects on a machine? An unexplained/unwanted toolbar (such as Ask, or from coupon.com)? Low level adware or spyware (something like the defunct Zango)? A dialer?

 

Some infections are relatively minor, very well known and not that difficult to remove. Is every tiny bit of that infection removed? Well, that's a question that applies to the removal of any program on a PC. Typically, programs leave bits in the registry, but that are unable to run once important components have been removed.

 

Might there be other infections that went undetected? Perhaps. Of course, you should be able to get a good idea of how extensive the infection is when you examine the machine. If it has been hit by a malware bomb, my first advice is to reinstall. But what if it looks to be a small/limited infection? There might be things we don't see, of course there might be unseen things on any computer that isn't acting up. Should we simply reinstall all the computers on a regular basis in case something is hidden and lying in wait?

 

When someone cleans a computer (or has it cleaned), they should backup the files (and also scan them for infections) and institute a backup regimen. I also use Mozy and find it pretty good. (Although recovering programs is always questionable, IMO.) I also try to get them to find a place for all their computer-related discs, manuals, etc. So, a client who opts for a cleaning now starts practicing the kind of behavior that will allow them to reinstall later on, if it ever comes to that. It isn't as if the cleaning somehow interferes with the reinstall, should that become necessary.

 

And for the record, while most infections live in the system files, these have become an issue:

 

http://searchsecurity.techtarget.com/news/...1312627,00.html

 

I have found these fake .mp3 files on external drives (I think some people download straight to the drive). Their payload impacts the system files, but they are ready to strike when they are activated from the external drive.

 

EDIT: Here's a quick article from someone who prefers to reinstall, but understands the need to clean, in some cases. It's obvious to me he works with individuals, and not simply company regulated computers:

 

http://www.bakersfieldcomputer.com/2009/05...ected-by-virus/

[BuffaloBill]

In addition to regularly backing up for the situation mentioned in this post I (like many I know) learned the hard way that disk drives crash. I used to have an Acer tablet - lost three HD's in the thing and on the third one gave it a guy for parts. Point is that between viruses and the possibility of a disk failure on any given day it is wise to back up information. For work I now store all files on the network and only pull to my desktop what I may need to work on in the evening or over the weekend ( I can always VPN back in if I need something additional). I also automatically synch folders every 4 hours for what is kept on my local.

 

While I am by no means an techie the same process can be pretty easily and inexpensively set up at home.

 

Finally, while I hated the Mac I bought my wife when I first bought it - I've now become a convert. It has been a very solid, reliable machine and not one issue with viruses, malware etc.

[Stl Bills]

Tater I had the same virus attack my laptop....that thing is a biitch! I just ended up wiping my computer and reinstalled from the disc.........hope you don't have to do the same, I know you'd be pretty upset to lose all your 70s porn and Saved by the Bell episodes.

[The Dean]

I run Avira, Noadware, Malwarebytes, McAfee site advisor and Registry Wizard which comes along with a years worth of driver downloads.

 

I'm probably over paranoid but it makes me feel a lot better.

 

How do you back up programs? If I wanted to back those programs up, for example, how do I do that?

 

 

Noadware has a very bad history, and I would remove it ASAP:

 

http://en.wikipedia.org/wiki/NoAdware

 

It is no longer considered a rogue security program, but it will always be suspect to me. Besides, there are far better products to use.

[RayFinkle]

German midget porn will get you every time.