You may be infected with rootkit.
Download MBAR here : https://www.malwarebytes.org/antirootkit/
Virus /Rootkits Thread, Work In Progress (Virus/Malware)
![]() ![]() ![]() ![]() ![]() |
Virus /Rootkits Thread, Work In Progress (Virus/Malware)
|
![]() |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
Group: Senior Member
Posts: 2,884 Joined: Jan 2007 ![]() ![]() ![]() |
|
|
|
|
![]() |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
Group: Senior Member
Posts: 2,504 Joined: Mar 2005 ![]() ![]() |
|
|
![]() |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
Group: Senior Member
Posts: 2,504 Joined: Mar 2005 ![]() ![]() |
still the same old 4 files detected but could not remove by malwarebytes
|
|
![]() |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
Group: Senior Member
Posts: 2,504 Joined: Mar 2005 ![]() ![]() |
|
|
![]() |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
Group: Senior Member
Posts: 2,504 Joined: Mar 2005 ![]() ![]() |
Do i need to install another anti virus along side my malwarebytes premium? seems not worth it if I have to buy another anti virus to go along with malwarebytes, but protection is important.. So, do i need to?
|
|
![]() |
![]() ![]()
Group: Newbie
Posts: 3 Joined: Oct 2015 ![]() |
Because you said that is casesam infected with the virus. In this http://www.ourcase.co.uk case backup files Dllcache also deleted AVG.
This post has been edited by xwdgksvfh: Oct 23 2015, 10:17 AM |
|
![]() |
![]() ![]() ![]()
Group: Junior Member
Posts: 85 Joined: Nov 2013 ![]() ![]() |
QUOTE(n8210 @ Sep 28 2015, 04:58 PM) went into msconfig today to disable a partition software from starting every time windows start... but to my surprise, there is something that I don't recognize... what is this? how to find out? I am using W8.1 QUOTE(n8210 @ Oct 1 2015, 10:09 AM) Do i need to install another anti virus along side my malwarebytes premium? seems not worth it if I have to buy another anti virus to go along with malwarebytes, but protection is important.. So, do i need to? according to the pic . i believe u downlaod too many crack software and get infected . so in this case , if u have many P &C info and doing many transacation . i advise u to get an original antivirus + original windows =p |
|
![]() |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
Group: Senior Member
Posts: 2,504 Joined: Mar 2005 ![]() ![]() |
QUOTE(sony88 @ Sep 20 2016, 05:38 PM) according to the pic . It's a new w8 setup. Anyway already moved to w10.i believe u downlaod too many crack software and get infected . so in this case , if u have many P &C info and doing many transacation . i advise u to get an original antivirus + original windows =p |
|
![]() |
![]() ![]() ![]() ![]()
Group: Junior Member
Posts: 317 Joined: Apr 2008 From: Taman Putra Perdana ![]() ![]() ![]() |
If u don't have budget to buy Anti-Virus Software,you may try Microsoft Essential Security by downloading from Microsoft Download Center.
Window 7 & 10 having this software and its work great for me so far This post has been edited by raifalove: Oct 23 2016, 02:25 PM |
|
![]() |
![]() ![]() ![]()
Group: Junior Member
Posts: 98 Joined: Jun 2006 ![]() ![]() |
Guys, if your computer is still infected with virus even if you try scan with your antivirus software, you can try this Dr.Web CureIt!® by Doctor Web. It is FREE. Follow the link to download the software and run it. No need install.
http://free.drweb.com/cureit/?lng=en One of the best software to detect and cure files especially infected with new threat such as rootkit, trojan, virus and etc This post has been edited by blastmeister: Jan 9 2017, 02:00 PM |
|
|
|
![]() |
![]() ![]()
Group: Junior Member
Posts: 47 Joined: Dec 2016 ![]() |
QUOTE(blastmeister @ Jan 9 2017, 01:58 PM) Guys, if your computer is still infected with virus even if you try scan with your antivirus software, you can try this Dr.Web CureIt!® by Doctor Web. It is FREE. Follow the link to download the software and run it. No need install. is it really that effective?http://free.drweb.com/cureit/?lng=en One of the best software to detect and cure files especially infected with new threat such as rootkit, trojan, virus and etc |
|
![]() |
![]() ![]()
Group: Junior Member
Posts: 47 Joined: Dec 2016 ![]() |
|
|
![]() |
![]() ![]()
Group: Junior Member
Posts: 21 Joined: Jul 2014 ![]() |
hi guys , my computer some program can open fast like google chrome , firefox , but some of program it shows at task manager processes but it wont show in windows and task manager applications bar , and some of the program takes 20 min to show out in windows , and my command prompt cant open too , i scanned my comp with malwarebytes and kaspersky antivirus and already clean it out the virus , any idea to solve this ?
|
|
![]() ![]() |
![]() ![]()
Group: Newbie
Posts: 1 Joined: Jan 2017 ![]() |
QUOTE(AsenDURE @ Jun 18 2007, 04:11 PM) Virus Removal Steps Keep the infection local. Disconnect from the network/internet. I mean physically pull out your RJ45/RJ11 plug. This stops the virus from progating throughout your network or over the internet (worms/viruses), stop your data from leaving (calling home) your compromized system (trojans) through backdoors and stops your machine from participating in a zombie mob DOS attack. Perform a Virus Scan. This is the first attempt to determine if your system is truly infected. Do a deep scan of every single file and folder on the system. This may take several hours but it is necessary. Make sure your virus definition(Database) is updated. Many of them can update the database locally via a update file you can grab off the offical website. Grab the prescribed removal tool. Once you've identified the virus infecting your system. you can now better deal with the particular infection by administering the proper "vaccine". You can go to any of the known antivirus companies website and grab a removal tool. This tool will delete any of the known virus-infected files and registry entry made by the virus. Take not of the virus "version" and download the corresponding tool. It will require you to do a scan and then reboot into safe mode and perform the scan again. Removal Tools: • AVG http://free.grisoft.com/doc/8/lng/us/tpl/v5 • Kaspersky http://www.kaspersky.com/removaltools • Norton http://www.symantec.com/enterprise/securit...emovaltools.jsp • McAfee http://us.mcafee.com/virusInfo/default.asp?id=vrt • Panda http://www.pandasoftware.com/download/utilities/ I also suggest downloading McAfee's Stinger and PC-Cilin's Virus Cleanup template (and their respective virus definition files) which are standalone/install-less virus removal engine. • McAfee Stinger http://vil.nai.com/vil/stinger/ • PC-Cilin VCT http://www.trendmicro.com/download/dcs.asp Additionally, you can scan your PC online with • PC-Cilin Trendmicro's Housecall http://housecall.trendmicro.com/ • Panda Antivirus Active Scan http://www.pandasoftware.com/products/ActiveScan.htm • Kaspersky Online Scanner http://www.kaspersky.com/virusscanner • McAfee File Scan http://us.mcafee.com/root/mfs/default.asp • Norton Fee Online Virus Scanner http://kb.wisc.edu/helpdesk/page.php?id=2389 It is very important that you place any media you're using to trasfer the Removal tool, virus database update file or when performing a scan to read-only-mode until you are certain that your system is no longer infected. If you're media does not have read-only option then don't use it. If you have no choice, once it is put in the system, assume that it is also infected and treat it accordingly. These devices can be put into read-only mode by the sliding button on your device. Read your manual. Any portable media not on read-only mode are susceptible to being infected by the virus. Check for unusual applications and processes. A virus is just like a regular application and need to be running in order to work. It should also have a way to start itself up again when the system is rebooted (taking advantage of many of the ways programs automatically start-up in Windows). There are typically five ways that programs start-up automatically in windows and we need to look at these five ways to look for the virus. 1. The most rudimery is the Startup folder. Any application or shortcut that is located in the Startup folder will automatically start-up each time the system is booted into Windows. There are several of these folders located throughout the system notebly each user’s profile • C:\Documents and Settings\<username>\Start Menu\Programs\Starup (this includes Default and All Users profiles as well) • C:\Documents and Settings\Default User\Start Menu\Programs\Startup and; • C:\Documents and Settings\All Users\Start Menu\Programs\Startup and Windows system files such as; • c:\autoexec.bat • c:\config.sys • Windows\win.ini, wininit.ini, system.ini • Windows\system\autoexec.nt, config.nt more reading: http://www.aumha.org/a/loads.php 2. The most typically is from the Registry. Several locations in the registry that controls auto-startup of applications are contained. The HKEY_USERS and HKEY_CURRENT_USER run when the user logs in while settings under HKEY_LOCAL_MACHINE run when the system starts up. Some of the registry keys that you need to look it include: Local User HKEY_USERS\<User UID>\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\*CurrentVersion\RunOnce Local Machine HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit a more extensive list of launch point can be found here: http://www.silentrunners.org/sr_launchpoints.html 3. The current favorite is as a Service. Just like running from the registry, any viruses that installs itself as a service can run without user intervention upon start-up. It can also start back up when when you kill it because the service control has the option to restart the service upon a failure (in which case, manually killing it constitutes a failure). ![]() 4. Less common is from a Script. The GPO is an enterprise-wide feature that enables the network administrator to write a script to perform certain tasks upon start-up/shutdown on multiple computers in a network/domain using scripting language such as VB, JS,etc. Your computer also has a local GPO and you need to launch the GPO editor console and to check if there are any suspicious scripts running on your system. Running Scripts are located in • Local Computer Policy\Computer Configuration\Windows Settings\Scripts (Startup/Shutdown)\Startup for programs that run when the computer is started and; • Local Computer Policy\User Configuration\Windows Settings\Scripts (Logon/Logoff)\Logon for programs that run when the user logs in. ![]() If you don't do any scripting, aren't on a domain, then anything in here is considered highly suspicious. 5. Possibly, but rarely, from a Scheduled Task. A scheduled task has the ability to run applications on start up and on log in of a user. They also have the ability to run a program as a different user or as the system itself. The Scheduled Tasks can be found under the Control Panel. it is very common to see virus writers use a combination of these steps so you need to cover all these basics. Using Msconfig,Gpedit.msc,Services.msc The Microsoft System Configuration Utility or simply MSCONFIG is a tool built into Windows that is designed to help you troubleshoot problems with your computer. You can see some of the programs that run in the background upon startup here together with some registry entries and it's a good place to start. To check your services you need to use Services.msc and to check scripts, as mentioned before, Gpedit.msc. All are run from Start > RUn > ![]() more information: http://support.microsoft.com/kb/310560 for a more extensive utitily I would recommend AutoRuns from Sysinternals. http://www.microsoft.com/technet/sysintern...s/Autoruns.mspx Turn off System Restore. There is some debate about whether to turn off system restore or not when during an infection. The reason why we need to be concerned with system restore is because system restore can at certain times cache a virus which will be restored with the other windows system state files during a system restore operation. Often times you will also get the AV complaining that it is unable to clean one or more files in the System Volume Information data store. The downside is that when you purge the restore points, you will be unable to restore your system to a previous system state if anything goes wrong. ![]() as a general rule, take extra interest in any processes don't have a company name (with the exception of DPCs, Interrupts, System, SMSS, Services, System Idle Process and things mentioned above), verification signer (Process explorer auto verifies images) and version number attached to it. you can kill the process by right-clicking on it selecting Kill. process explorer also allows you to search for a specific process. you should also be interested in purple threaded processes. QUOTE(mark russ ppt presentation slide) Purple highlighting indicates an image is “packed” Packed can mean compressed or encrypted Malware commonly uses packing (e.g. UPX) to make antivirus signature matching more difficult Packing and encryption also hides strings from view ![]() If you're unsure what a process is responsible for you can check it out here: http://www.liutilities.com/products/wintas...ibrary/scvhost/ |
|
![]() |
![]() ![]() ![]() ![]() ![]()
Group: Senior Member
Posts: 525 Joined: Nov 2012 ![]() ![]() ![]() |
windows 10 stop letting you download 3rd party antivirus? my windows 10 asked me to uninstall my bitdefender and use their protection instead
|
|
![]() |
![]() ![]()
Group: Junior Member
Posts: 7 Joined: Mar 2017 ![]() |
|
|
![]() |
![]() ![]()
Group: Newbie
Posts: 8 Joined: Jul 2017 ![]() |
registry editor
remove it from there. |
|
![]()
Show posts by this member only | IPv6 | Post
#298
|
![]() ![]() ![]() ![]() ![]()
Group: Senior Member
Posts: 515 Joined: Feb 2009 ![]() ![]() ![]() |
any latest software effectively kill "virus" ?
|
|
![]() |
![]() ![]()
Group: Newbie
Posts: 2 Joined: Jan 2018 From: Kunak ![]() ![]() |
Already try not working ,maybe need more power antivirus ?
|
|
![]()
Show posts by this member only | IPv6 | Post
#300
|
![]() ![]() ![]() ![]() ![]() ![]() ![]()
Group: Senior Member
Posts: 1,020 Joined: Jan 2010 ![]() ![]() |
Guys today I got fooled by a pop up ad it was asking me to tick a box to prove I am a human and I click it which it lead me to another link that ask me to download something but by then I already knew I made a mistake and I closed it.
I have already run Malwarebytes free scan & Avast free scan. Both says I have no virus. Wta you guys does this mean I am save or is there more things I should do? My laptop is a old window Vista laptop. |
![]() ![]() ![]() ![]() |
Switch to: | ![]() ![]() ![]() ![]() Time is now: 24th February 2019 - 01:37 AM |