Results 1 to 19 of 19

Thread: My computer is infected!

  1. #1

    Join Date
    Jul 2007
    Location
    Boston
    Posts
    32
    Rep Power
    0

    My computer is infected!

    My computer is seriously infected!

    I followed a link to view a movie. As soon as I clicked the link, I noticed a webpage opening instead of the movie page.

    Then a warning appeared saying that my computer is infected with malware and need to remove them. I ignored and a few more warning windows appeared.
    Now the warning is taking my screen background completely and I cannot open any folder or application any more. Nothing works, including CTL+ALT+DEL

    Does anyone know what I have to do in this situation? I have a antivirus software but it doesn't open either. I have my kids pictures that I should not loose.

    Should I do forced reboot by pressing the power button on my computer and start in Safe Mode?

    Please help!

  2. #2
    Custom User Title entrecon's Avatar
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    2,742
    Rep Power
    16
    A hard re-boot and starting in safe mode sounds like it is about the only option you have left.
    ________________________________
    Find me on twitter: @entrecon

  3. #3
    YvetteKuhns's Avatar
    Join Date
    Feb 2003
    Location
    Allentown, PA USA
    Posts
    15,244
    Rep Power
    34
    Press the F8 key before Windows starts to boot up in Safe Mode.
    Diagnostic tools to use in safe mode
    Yvette Kuhns
    Power Pages Web Design
    Customized Internet Advertising Solutions

  4. #4
    Autoload's Avatar
    Join Date
    Feb 2003
    Location
    USA - New Jersey
    Posts
    563
    Rep Power
    16
    I have my kids pictures that I should not loose.
    You shouldn't have to worry. Your off site backup will have this data for you saved safe and sound.

    Beyond that I would recommend taking your PC to someone you trust to recover your important data and then attempt to clean up your PC.
    Autoload
    WhiskeyTangoFoxtrot, Over?

  5. #5
    Custom User Title entrecon's Avatar
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    2,742
    Rep Power
    16
    Unless you need to clean child porn off of it first like this guy: http://www.mlive.com/news/grand-rapi...two_felon.html
    ________________________________
    Find me on twitter: @entrecon

  6. #6

    Join Date
    Jul 2007
    Location
    Boston
    Posts
    32
    Rep Power
    0
    Thank you, but the photos I want to save are my kids.

    Still, I would like to learn how to clean the system and restore my data by myself, rather than taking my computer to a someone else.

    Does anyone know any site explaining how to do this?

    Thank you again!

  7. #7
    satis's Avatar
    Join Date
    Oct 2002
    Location
    Dallas
    Posts
    2,914
    Rep Power
    20
    cleaning a computer is a tricky proposition. Even for people that know what they're doing, it's not always 100% guaranteed.

    What I typically do is boot into safe mode, then try to clean stuff up as much as possible, removing startup applications I don't trust (ie, all fo them), disabling services I don't trust, etc. Then use process explorer to end any process that seems suspect. I can't remember if you can do virus scans in safe mode... if you can, then definitely follow up with that.

    After that, reboot, then check process explorer again for bad stuff. Kill processes(again), clean startup (again), clean services (again), then re-run antivirus. Follow up with some malware scanners. If everything looks kosher, dump the page file, reboot, defrag, reboot, check processes, services, etc etc. If all still looks good, recreate the page file, reboot again, then run the PC normally for awhile to see if it's really clean.

    That's a general synopsis of how I go about it. If some stuff doesn't go the way I want it to, I may have to improvise. An examples is if there are multiple processes that restart each other. That may require booting into a linux CD, mounting the NTFS partition, and trying to manually remove the evil files. Personally, 99% of the time I'd rather just format the drive(s) and start clean. It tends to be faster and more thorough.

  8. #8
    Mod.. with bite.. Croc Hunter's Avatar
    Join Date
    Sep 2002
    Location
    Australia
    Posts
    7,332
    Rep Power
    26
    Never switch off or reboot, it just ingrains it deeper. Sounds like you have a Trojan moreso than virus. Run Malwarebytes and you will be halfway clean. I'd connect a second drive with several cleanup programs installed and run them on the frozen drive.
    Croc Hunter MSC :

  9. #9

    Join Date
    Jul 2007
    Location
    Boston
    Posts
    32
    Rep Power
    0
    I agree that "reboot" will ingrains the malware even deeper.
    But then "hard reboot and starting in safe mode" will also be bad?
    Or will it be okay as long as I start in safe mode?

    Please advise.

    Thank you in advance!

  10. #10
    Mod.. with bite.. Croc Hunter's Avatar
    Join Date
    Sep 2002
    Location
    Australia
    Posts
    7,332
    Rep Power
    26
    Half the time it's the shutdown process that ingrains it. Safe mode is not fool proof either so no, I would not reboot but run a second drive as above. I've fixed many pc's this way. You need to kill the original Trojan source first to stop it re-infecting.
    Croc Hunter MSC :

  11. #11

    Join Date
    Jul 2007
    Location
    Boston
    Posts
    32
    Rep Power
    0
    so i download Malwarebytes into a external hard drive, then connect the drive to my infected computer?
    Could you verify if I understood you correctly?

    Again, "running a second drive" means "connecting an external hard drive" to the infected computer?

  12. #12

    Join Date
    Jul 2007
    Location
    Boston
    Posts
    32
    Rep Power
    0
    I realize that my question was kinda stupid.
    I am burning the Malwarebyte into a cd now and will try to install it into the infected computer...

  13. #13
    Mod.. with bite.. Croc Hunter's Avatar
    Join Date
    Sep 2002
    Location
    Australia
    Posts
    7,332
    Rep Power
    26
    Yes, connect them. You only need the working drive to see the frozen so it can run the cleanup programs on the infected drive. Do not run any programs from the frozen drive itself.

    [edit] That is, run the program from the CD drive. Not install and run Malwarebytes on infected drive. Just run it from CD and have it scan the infected drive.
    Last edited by Croc Hunter; 11-10-10 at 11:45 PM. Reason: Clarity
    Croc Hunter MSC :

  14. #14
    Mod.. with bite.. Croc Hunter's Avatar
    Join Date
    Sep 2002
    Location
    Australia
    Posts
    7,332
    Rep Power
    26
    Here's a useful link on creating an AntiVir / AntiMal CD and the pros and cons.

    http://forums.malwarebytes.org/index.php?showtopic=5736
    Croc Hunter MSC :

  15. #15

    Join Date
    Jul 2007
    Location
    Boston
    Posts
    32
    Rep Power
    0
    Thank you for your answer.
    I am trying to run the program but at first it was not responding.
    After keep trying, finally I was able to open the program file on my cd in the infected computer. But now it is taking forever to run it.

    Anyway now somehow I can open my explore and see my files. Before, I couldn't do anything on this computer including browsing my files on this computer.

    My question now is if it is safe to copy the pictures into an external hard disk. This external hard disk has a lot of valuable data that I cannot risk losing. Can my files in the infected computer be already infected as well, so copying them into my external hard can infect files in this hard?

  16. #16
    Custom User Title entrecon's Avatar
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    2,742
    Rep Power
    16
    The other thing to do with an infected PC is make sure to remove it from the internet and any home networks. This keeps a trojan from sending information out to some remote location and makes sure you don't infect any other machines on your network.
    ________________________________
    Find me on twitter: @entrecon

  17. #17

    Join Date
    Jul 2007
    Location
    Boston
    Posts
    32
    Rep Power
    0
    OK. This computer is not on any network. I will make sure that it is not connected to the internet until I clean it up.

    So you mean that copying files from this infected computer to my external hard can spread the virus to my external hard?
    This might be obvious, still I need to confirm since I feel quite tempted to do it now.

  18. #18
    Autoload's Avatar
    Join Date
    Feb 2003
    Location
    USA - New Jersey
    Posts
    563
    Rep Power
    16
    Yes
    Autoload
    WhiskeyTangoFoxtrot, Over?

  19. #19
    Mod.. with bite.. Croc Hunter's Avatar
    Join Date
    Sep 2002
    Location
    Australia
    Posts
    7,332
    Rep Power
    26
    It is highly unlikely any jpg png type image files have been infected. It should be safe enough to copy them but do not copy any other files especially bat db dll exe ini zip and so forth. Once Malwarebytes completes run an updated virus scanner as well then when you do eventually reboot run them both again.
    Croc Hunter MSC :

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •