never seen an virus stop me fixing it before...until today
#1
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
Was asked to have a look at a computer that was 'playing up'
Turns out it has a rather nasty virus which actually stops me in a couple of ways from installing and repairing it.
Couldn't install Eset NOD32 - administrator rights had been changed! (let's me install normal application no bother)
Couldn't install MalwareBytes - refused to the run the installed. Changed the filename and got it installed, but then it wouldn't run the exe
Caused an error when I tried to install superantispyware
Checked the task manager and shut down the offending item, only to be told the PC was going to shut down in 20 secs!
Resorted to burning Kaspersky's boot CD which I'm taking along tomorrow AM.
I've also got Hiren's Boot CD for good measure.
Turns out it has a rather nasty virus which actually stops me in a couple of ways from installing and repairing it.
Couldn't install Eset NOD32 - administrator rights had been changed! (let's me install normal application no bother)
Couldn't install MalwareBytes - refused to the run the installed. Changed the filename and got it installed, but then it wouldn't run the exe
Caused an error when I tried to install superantispyware
Checked the task manager and shut down the offending item, only to be told the PC was going to shut down in 20 secs!
Resorted to burning Kaspersky's boot CD which I'm taking along tomorrow AM.
I've also got Hiren's Boot CD for good measure.
Last edited by spectrum48k; 03 February 2009 at 08:06 PM.
#4
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
Zero point in trying to fix it, you could be there hours trying to modify the registry, hosts file etc massive waste of time and energy.
Instead download Unbuntu, burn to disk, then run it as a live cd, you can then access the whole (Windows) drive, just plug in a usb drive or slave another hard drive to the computer and backup any files that are needed, reinstall Windows, job done in 35 minutes.
That's how the pros do it
Instead download Unbuntu, burn to disk, then run it as a live cd, you can then access the whole (Windows) drive, just plug in a usb drive or slave another hard drive to the computer and backup any files that are needed, reinstall Windows, job done in 35 minutes.
That's how the pros do it
![Big Grin](https://www.scoobynet.com/images/smilies/biggrin.gif)
#6
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
Zero point in trying to fix it, you could be there hours trying to modify the registry, hosts file etc massive waste of time and energy.
Instead download Unbuntu, burn to disk, then run it as a live cd, you can then access the whole (Windows) drive, just plug in a usb drive or slave another hard drive to the computer and backup any files that are needed, reinstall Windows, job done in 35 minutes.
That's how the pros do it![Big Grin](https://www.scoobynet.com/images/smilies/biggrin.gif)
Instead download Unbuntu, burn to disk, then run it as a live cd, you can then access the whole (Windows) drive, just plug in a usb drive or slave another hard drive to the computer and backup any files that are needed, reinstall Windows, job done in 35 minutes.
That's how the pros do it
![Big Grin](https://www.scoobynet.com/images/smilies/biggrin.gif)
I know what you mean though - I might just pop out the hard drive and plug it into my laptop (I have a USB > SATA > ATA adapter. But I was hoping to get it done without having to open the damn thing up.
I've just tested the Kaspersky boot CD and it works rather nicely. It appears to boot a linux derivative, load a driver for the NIC and even update itself before doing a scan.
Last edited by spectrum48k; 03 February 2009 at 11:13 PM.
Trending Topics
#8
Scooby Regular
iTrader: (2)
Join Date: Oct 2003
Location: In the summerhouse
Posts: 661
Likes: 0
Received 0 Likes
on
0 Posts
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
I've had similar experiences.
I removed the drive(s) and put them in a USB caddy. Scanned them from my system & cleaned them with Malwarebytes, Spybot & AVG.
Took 4 attempts before they were "clean".
Reinstalled the drive in the PC, installed Malwarebytes, Spybot & AVG & ran the scan again.
Malwarebytes, Spybot & AVG all found about 18 "nasties". Cleaned them up & job done.
Took a bit of time, but both systems are back at 100% of what they were.
HTH
Just to add. Neither system would allow booting in safe mode nor allow any AV software to be installed or updated.
I removed the drive(s) and put them in a USB caddy. Scanned them from my system & cleaned them with Malwarebytes, Spybot & AVG.
Took 4 attempts before they were "clean".
Reinstalled the drive in the PC, installed Malwarebytes, Spybot & AVG & ran the scan again.
Malwarebytes, Spybot & AVG all found about 18 "nasties". Cleaned them up & job done.
Took a bit of time, but both systems are back at 100% of what they were.
HTH
Just to add. Neither system would allow booting in safe mode nor allow any AV software to be installed or updated.
#9
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
Most will also disable the task manager, the registry key which controls whether task manager is enabled or disabled is
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]System Key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\
System]
Value Name: DisableTaskMgr
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = default, 1 = disable Task Manager)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\
System]
Value Name: DisableTaskMgr
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = default, 1 = disable Task Manager)
#10
Scooby Regular
Join Date: Dec 2002
Location: Couch Spud
Posts: 9,277
Likes: 0
Received 0 Likes
on
0 Posts
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
Daft question but how does an edited hosts file affect programs from running, or your PC from booting up ?
a hosts file is only used to resolve names to ip addresses, and isnt actually needed
a hosts file is only used to resolve names to ip addresses, and isnt actually needed
#11
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
stopzilla if you want to pay to remove it..it does a free scan first
STOPzilla Anti-Spyware
i had the same virus a few weeks back
![Thumb](https://www.scoobynet.com/images/smilies/thumb.gif)
STOPzilla Anti-Spyware
i had the same virus a few weeks back
![Brickwall](https://www.scoobynet.com/images/smilies/brickwall.gif)
#13
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
I agreed with the overall method, but it's going to take a lot longer than 35 minutes, except if you are only considering a base install from a windows CD, ie with no updates, no apps, no virus checker, etc etc. Or I suppose an image of a previously good version may be this quick.
So I think you need to think hard about this method before doing it.
So I think you need to think hard about this method before doing it.
Last edited by Miniman; 04 February 2009 at 09:53 AM.
#14
Scooby Regular
Join Date: Oct 2007
Location: Wanting the English to come first in England for a change!
Posts: 2,091
Likes: 0
Received 0 Likes
on
0 Posts
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
Its not that nasty virus that sits in the Master Boot Record, below wondows if you like, and cant be got at, the only way to kill it is a re install of windows.
WTF is bill gates thinking, i cant think of one program that needs access to the MBR, it should be inaccessible!
WTF is bill gates thinking, i cant think of one program that needs access to the MBR, it should be inaccessible!
#15
Scooby Regular
Join Date: Feb 2006
Location: Going further than the station and back !!! ZZZZZZZZZzzzzzzzzzzzz
Posts: 11,097
Likes: 0
Received 0 Likes
on
0 Posts
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
i had one of these the other day on a home pc.
ended up dropping the drive aout and sticking in another with fresh xp pro.
spent about 2 hours beforehand trying everything.
also, as another PITA, the profiles "my documents" were 'empty'
that will teach them!!![Wink](https://www.scoobynet.com/images/smilies/wink.gif)
[off to backup my own pc again!!!]
ended up dropping the drive aout and sticking in another with fresh xp pro.
spent about 2 hours beforehand trying everything.
also, as another PITA, the profiles "my documents" were 'empty'
that will teach them!!
![Wink](https://www.scoobynet.com/images/smilies/wink.gif)
[off to backup my own pc again!!!]
#17
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
update:
So there I was plugging the affected drive into the laptop via my SATA/IDE>USB adapter, and it didn't respond! No drive letter showed up! BUGGER!
In the end I put the disk back in the PC, got a hold of the Dell WindowsXP disk and did a repair to refresh the corrupted files. Afterwards this left the pc in good enough condition to get all the latest a/v and a/spy apps to check through it and remove the reamining damage.
Anyone recommend a good SATA/IDE > USB kit ?I use the one from Maplin.
So there I was plugging the affected drive into the laptop via my SATA/IDE>USB adapter, and it didn't respond! No drive letter showed up! BUGGER!
In the end I put the disk back in the PC, got a hold of the Dell WindowsXP disk and did a repair to refresh the corrupted files. Afterwards this left the pc in good enough condition to get all the latest a/v and a/spy apps to check through it and remove the reamining damage.
Anyone recommend a good SATA/IDE > USB kit ?I use the one from Maplin.
#18
Scooby Regular
Join Date: Sep 1999
Location: Swindon, Wiltshire Xbox Gamertag: Gutgouger
Posts: 6,956
Likes: 0
Received 0 Likes
on
0 Posts
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
I've got one of these, and it's saved my bacon a few times ![Smile](https://www.scoobynet.com/images/smilies/smile.gif)
USB 2.0 IDE & SATA Cable Kit USBNow.co.uk
![Smile](https://www.scoobynet.com/images/smilies/smile.gif)
USB 2.0 IDE & SATA Cable Kit USBNow.co.uk
#19
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
I've got one of these, and it's saved my bacon a few times ![Smile](https://www.scoobynet.com/images/smilies/smile.gif)
USB 2.0 IDE & SATA Cable Kit USBNow.co.uk
![Smile](https://www.scoobynet.com/images/smilies/smile.gif)
USB 2.0 IDE & SATA Cable Kit USBNow.co.uk
#20
Scooby Regular
iTrader: (3)
Join Date: Aug 2004
Location: Cambs
Posts: 701
Likes: 0
Received 0 Likes
on
0 Posts
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
Its not that nasty virus that sits in the Master Boot Record, below wondows if you like, and cant be got at, the only way to kill it is a re install of windows.
WTF is bill gates thinking, i cant think of one program that needs access to the MBR, it should be inaccessible!
WTF is bill gates thinking, i cant think of one program that needs access to the MBR, it should be inaccessible!
![Smile](https://www.scoobynet.com/images/smilies/smile.gif)
#21
#22
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
Microsoft research paper which explains it, I think, its an old bookmark..
http://research.microsoft.com/pubs/70147/tr-2005-25.pdf
http://research.microsoft.com/pubs/70147/tr-2005-25.pdf
Thread
Thread Starter
Forum
Replies
Last Post
fatboy_coach
General Technical
15
18 June 2016 03:48 PM
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM