so...how do i clean a virus?

[Fayd]

I somehow just got infected by a computer virus

i was searching for some Z-tables that i could print out and bring to class for a test tomorrow. i clicked on one of the picture links in google, and it takes me to some site i can't get out of, tells me that "microsoft 2013 antivirus has found my computer infected" or something. I get a UAC popup... i click NO, and somehow it takes over my computer anyways.

it keeps trying to install something else, i keep clicking no... i ctrl-alt-del and kill firefox, hover over the MSE icon in task tray, which disappears. (not good...)

with firefox closed, the other installer stops trying.. i kill every other open window, and manually open MSE... it pops up immediately, so it was apparently open. the wierd shit has stopped happening, MSE's log says it found the below things and quarantined them.

http://www.microsoft.com/security/p...name=Rogue:Win32/FakeRean&threatid=2147607809
http://www.microsoft.com/security/p...Trojan:Win32/Necurs.gen!A&threatid=2147662703

so MSE claims it took care of the problem. my issue is i use this computer for banking and other such stuff. how do i trust it again without a complete reformat and no importation of data?

(if this seems noobish, i've never experienced a computer virus before...)

 

[Sephire]

This is why I always have anti-virus running all the time when I'm online.

In your case you "clicked" on the popup. Game over. Recover your data and reformat.

 

[Fayd]

This is why I always have anti-virus running all the time when I'm online.

Antivirus WAS running. as was noscript.

In your case you "clicked" on the popup. Game over. Recover your data and reformat.

but i didn't. :/

 

[postmortemIA]

next time make your internet browsing user account be limited user. that will contain future outbreaks outside system folders.
clean up your temp folders, and do full scan.

 

[Steltek]

Preferably on another machine, download and burn the following ISO to a CD using Imgburn or other CD burning software of your choice:

http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso

I'd also download TDSSKiller and save it to a flash drive, along with the installer for the free version of Malwarebytes Anti-Malware:
http://support.kaspersky.com/5350
http://www.malwarebytes.org/


Boot the infected system using the Kapersky Rescue CD, which is based upon a Linux distro. It should ask to connect to the Internet to update the database, which you should do. Once that is complete, run a full scan on your machine and let it remove anything it finds. Remove the CD and reboot.

Once you reboot into Windows, I'd run Kapersky's TDSSKiller from the flash drive (you may have to rename it to a random name to get it to run), then install Malwarebytes Anti-Malware and do a full system scan. Hopefully, everything will come up clean for you.

Once the system is clean, make sure to turn off System Restore to delete all of your system restore points or the virus could use them to reinfect your system (you can then turn it back on).

 

[AdvancedSetup]

You need to be careful with the Kapersky Rescue CD

It's a great tool but has a lot of false positives. Malwarebytes as well as other sites such as Bleepingcomputer have dedicated forums to assist users in removing infections.

There is no cost and they're manned by people that have been trained in detection and removal procedures.

 

[xgsound]

This site( http://www.bleepingcomputer.com/virus-removal/ ) has instructions for many specifically named viruses. Generally it is to run " rkill " to stop the immediate problem and Malwarebytes to clean up. There are also forums you can read through and post to.
If you can find instructions for your specific virus you should absolutely read through it in case some of your data was hidden, encoded, or stored in a temp folder.
I find it helpful to use the stand alone version of http://www.mlin.net/StartupCPL.shtml to keep track of startup programs (msconfig is often outwitted) so a check mark can control unknown new startups. This program has been very helpful fixing the relatives computers.

Jim

 

[Sephire]

Antivirus WAS running. as was noscript.


but i didn't. :/

You "clicked" on the picture link.

I get attempted intrusion like that almost everyday but Norton AV catches it right away.

 

[Fayd]

just got around to doing this. system has been offline since last night.

loaded up kaspersky's rescue disk, let it do its updates and began scanning.

unfortunately it can't scan the raid1 array... oh well. i'll get to that later.

anyways, all it's found thus far have been things located within the temp folder (no surprise there) and in programdata\microsoft antimalware\... i'm guessing those are heuristic matches and it sees the definitions used by MSE as viruses. so false positives. i've deleted em anyways. i'll remove and reinstall MSE (or some other AV) after all this is done.

after it finishes scanning, i'll do like steltek suggested with the safemode and the tsskiller/malwarebytes.

i don't think the virus gained a real foothold on the machine, from the looks of it it seems MSE actually shut it down pretty fast. i'm not gonna let that stop me from taking due caution, but it doesn't look so bad right now.

 

[Steltek]

Sounds like you were probably very lucky this time.

If you don't already have one on place, now is the time to invest in some sort of system backup -- in the long run, you won't regret doing it.

 

[Fayd]

malwarebytes and tsskiller found nothing.

i think it's good.