SSLtech

Announcement: home computer troubles...
« on: April 13, 2008, 10:03:12 AM »
A very gloomy 'Hi' to all,

Yesterday my computer got smacked with some malware. It started while I was uploading some photos to photobucket, and it has pretty much buggered the computer, which wil now not boot up.

A small smattering of what it did:

It disabled CTRL-ALT-DEL (task manager) so I could not see what was running in the bckgrnd. (tricky.)

It wiped clean all the system restore points in XP, (clever.)

It replaced the wallpaper with a 'your system is infected.... click here to run spyware check' message, which is made to look official. (I'm not falling for that...)

It opened up LOTS of Internet Explorer windows....

It Hijacked my homepage

It REDIRECTS links from Yahoo and Google searches to 'preferred'  sponsor sites instead....

So I ran Ad-aware AND Spybot-S&D, They recognised the issues, and identified them correctly, but after several tries, about six hours struggling, and several apparently automatic re-infections, the computer now will NOT boot up.

I am typing this on a borrowed mac laptop at a local wi-fi coffee shop, it's the only net and computer access which I have right now.

I am S-O-O-O-O screwed.

My tax data is all in an excel file, on the C drive, and tax day is almost upon us.

As of now I'm desperate. My Only hope is to drag the computer into work and throw myself at the mercy of the web-geeks... but my overriding desperation is to get the data copied from the C and D drives before they do ANYTHING else to it.

Bugger.

Of course this had to happen RIGHT when Rochey and I are trying to set up the Expat audio stuff... and some future EXPAT design stuff is on there also...

Please bear with me, and communicate through Rochey for any expat/Turbo stuff... I am largely unable to do anything at the moment.

Keith
"A waist is a terrible thing to mind"
Quote from: PRR
Ah, but that was 1999; we don't party like that any more.


vertiges

Announcement: home computer troubles...
« Reply #1 on: April 13, 2008, 10:17:13 AM »
Keith,

If your computer doesn't boot anymore is because your anti-malware soft have deleted important (probably infected) system files  !

My experience is to try to know against what you fight before running any "automatic" anti-spywares softwares. For example, sometimes with the new redirected home page address, you can determine the nature or maybe the name of the spyware by Google-ing it !
Or just make a scan and check the names of the spywares in Google. Sometimes there is a specific tool, or safe method procedure available to kill the bastard !  :twisted:

You should run your recovery console and try to repair your windows.

By the way, are you able to start in Safe Mode ?

EDIT 1 :

Do you remember the name of the "sponsor" ?

EDIT 2 :

a) Are we talking about a laptop or a desktop one ?
b) I don't think your datas are gone. I think it's just some missing or corrupt system files...


eD)))
Quote from: "PRR"
> ...lighting tends to be lazy and typically finds a shorter path (such as my microwave oven).

clintrubber

Announcement: home computer troubles...
« Reply #2 on: April 13, 2008, 10:21:06 AM »
This is BAD  :cry: , hope things start to go well again soon...

Although it hasn't hit me this hard yet, the losing of a single partition with valuable data on it gave me already quite some trouble.

At the risk of perhaps spreading the nasty stuff further, can you connect the troubled drive to another machine to clone the data ?

Although I made backups before, after that 'disaster' mentioned above I bettered my life and increased the refresh-frequency. Dunno if your troubled machine is a boring or happening one (PC/Mac), but if you're on PC the least you could do -once things get going again- is to install something like SyncToy (free, from... MS itself, incremental echoing, cloning & whatnot). I'm using SyncToy myself and it very well suits my needs.

Best,

  Peter

dale116dot7

Announcement: home computer troubles...
« Reply #3 on: April 13, 2008, 10:29:21 AM »
Try this:

Buy a new harddrive (they are not that expensive), reinstall all of your software, then connect up your existing harddrive as a secondary, virus scan, and retrieve your data. If it never clobbered too much data but just infected system files that oughtta do it. I used to use that method when Win98 would clobber itself.

vertiges

Announcement: home computer troubles...
« Reply #4 on: April 13, 2008, 10:39:14 AM »
Quote from: "dale116dot7"
Try this:

Buy a new harddrive (they are not that expensive), reinstall all of your software, then connect up your existing harddrive as a secondary, virus scan, and retrieve your data. If it never clobbered too much data but just infected system files that oughtta do it. I used to use that method when Win98 would clobber itself.


It's a solution... but it's gonna be long...

I'm pretty sure this Windows can be recovered and cleaned.  :thumb:


Most of the time :

a) spywares don't destroy your data.
b) Infect only the windows files.
c) a lot of spywares are not detected by antivirus.
d) automatic scanning and deletion of the spywares often turn your PC in a non-booting unit.

eD))
Quote from: "PRR"
> ...lighting tends to be lazy and typically finds a shorter path (such as my microwave oven).

barclaycon

Announcement: home computer troubles...
« Reply #5 on: April 13, 2008, 10:45:17 AM »
First of all, you have my sympathy.
When you get attacked like that it makes you realise how you dependent you are on your computer.
But.... Very important !
Copy your C drive (and whatever other HD drives) onto some external media right away.
It's worth even buying one of those portable USB drives (which have quite a decent capacity - effectively they are a laptop drive in a caddy).
But get your data safe!
I had a virus last month which pissed me off mightily because Norton didn't catch it and, even though the machine was fully infected, didn't even recognise it (and I was fully up to date with all OS updates and virus definitions).
Norton is CRAP. It slows your machine down and doesn't protect you.
After a day of burning brain cells I finally got rid of the infection.
I would recommend AVG.
It catches a lot more than other antivirus programmes AND it doesn't slow the computer down as much.
Good luck Keith - get that data safe!

electrog

Announcement: home computer troubles...
« Reply #6 on: April 13, 2008, 11:04:21 AM »
Quote
Buy a new harddrive (they are not that expensive), reinstall all of your software, then connect up your existing harddrive as a secondary, virus scan, and retrieve your data.


I would second this suggestion - in my experience, the the amount of time spent tracking down & removing the virus is better spent rebuilding the system from scratch - in the end you can be sure that all is truly in order.

Once you have everything up and running again, I'd recommend buying one of the many external drives that come bundled with backup software (which are getting quite inexpensive these days) and back up your system. It only takes one crash to make you feel the investment was worthwhile!

Good luck!

s2udio

Announcement: home computer troubles...
« Reply #7 on: April 13, 2008, 11:06:40 AM »
Sounds like a replicator, remove it ,it comes back
Try Hi Jack This
http://www.spywareinfo.com/~merijn/programs.php
Removed many  Baddies with this :thumb:
On the end of a Rural Twisted Pair.

vertiges

Announcement: home computer troubles...
« Reply #8 on: April 13, 2008, 11:45:53 AM »
Quote from: "barclaycon"
Norton is CRAP. It slows your machine down and doesn't protect you.
After a day of burning brain cells I finally got rid of the infection.
I would recommend AVG.


I couldn't agree more on that !  :mad:
And by using "crap" you stayed polite... I would have used another term.  :wink:
Norton can turn a powerful and fast and slow PC into a sick one !
And the antivirus is not that good.

The last "good version" of Norton was the 2003 one !

I would recommend AVG too (the free edition) and Comodo Firewall (free as well). And also make "ghosts" of the partitions.


Quote from: "electrog"


In my experience, the the amount of time spent tracking down & removing the virus is better spent rebuilding the system from scratch - in the end you can be sure that all is truly in order.


Hum... I'm not sure... actually, maybe yes is you are not a Windows expert. But installing Windows from scratch takes forever : the Windows itself + 1000 security updates and 1000 restarts, all the softs (if you still have them) + the updates, the configuration of the programs (mails, FTP, etc.) reimporting your old datas, etc...

A Windows can fail to boot quite easily.
If you can't repair it with the recovery console or/and with  the hiren boot CD, it's getting complicated and it could take a long time. But if you can make it boot again, (probably the repaired files will be re-infected again), you should copy you important files on an external drive or on you "D" if you have two HD in you computer. After that, find the name of the bastard : the new home page in your browser is a good place to start. Once you have the name, I'm pretty sure, it will be possible to find a removing procedure or tool which won't arm your Windows...

Quote from: "s2udio"
Sounds like a replicator, remove it ,it comes back
Try Hi Jack This
http://www.spywareinfo.com/~merijn/programs.php
Removed many  Baddies with this :thumb:


Yes, but you have to be careful... You can remove very important files or keys in the registry by doing that. That's probably what happened to Keith

eD)))
Quote from: "PRR"
> ...lighting tends to be lazy and typically finds a shorter path (such as my microwave oven).

radiance

Announcement: home computer troubles...
« Reply #9 on: April 13, 2008, 12:06:22 PM »
Quote from: "vertiges"

I would recommend AVG too (the free edition) .....


I second that.
"Knowing that you are dreaming, however, does not automatically guarantee full rationality.
Then again, being awake doesn't ensure good thinking, either." -  Lynne Levitan


beatpoet

Announcement: home computer troubles...
« Reply #10 on: April 13, 2008, 12:41:24 PM »
Sounds like Vundo or something similar.

Someone's got a patch out there somewhere.

Announcement: home computer troubles...
« Reply #11 on: April 13, 2008, 12:42:08 PM »
FWIW, I would feel most comfortable with Dale's suggestion - it strikes me as the most time-efficient method. That way you can take the other data off the infected drive as and when it suits you.


Justin
Prepare yourself. You are about to become the voice of Interplanetary Parliament.

JohnRoberts

Announcement: home computer troubles...
« Reply #12 on: April 13, 2008, 12:52:01 PM »
Timing sucks with the Ides of April upon us.

It might be worth some professional help from a PC expert. It seems it should be deductible as tax preparation expense.

JR
Visit https://circularscience.com to hear what properly "cleared" drums sound like.

bcarso

Announcement: home computer troubles...
« Reply #13 on: April 13, 2008, 02:17:01 PM »
Quote from: "JohnRoberts"
Timing sucks with the Ides of April upon us.

It might be worth some professional help from a PC expert. It seems it should be deductible as tax preparation expense.

JR


And if you find a good expert please tell us who it is.

Truly though that situation is awful.  As far as the feds, if you can't recover in time, do a best estimate of what's owed and send money with an extension application, so at least you don't get dinged for late filing.  If you underestimate there's a penalty as well of course (they don't miss a trick) but it's not severe.

beatpoet

Announcement: home computer troubles...
« Reply #14 on: April 13, 2008, 02:33:32 PM »
Quote from: "bcarso"


And if you find a good expert please tell us who it is.


I can do it pretty easily.

s2udio

Announcement: home computer troubles...
« Reply #15 on: April 13, 2008, 03:09:50 PM »
Quote from: "s2udio"
Sounds like a replicator, remove it ,it comes back
Try Hi Jack This
http://www.spywareinfo.com/~merijn/programs.php
Removed many  Baddies with this :thumb:


Yes, but you have to be careful... You can remove very important files or keys in the registry by doing that. That's probably what happened to Keith

[/quote]
Then run an xp repair from the original Disk after removing the little DEVIL !!
I do this at work every day,for the unsuspecting computer Users
 :green:
For AV this kicks arse NOD32
http://eset.co.uk
On the end of a Rural Twisted Pair.

sodderboy

Announcement: home computer troubles...
« Reply #16 on: April 13, 2008, 10:08:27 PM »
You can get a 2007 extension form from the local library tomorrow and buy yourself an honest six months for free- just render unto caesar for 2007 by Tuesday.  All the other stuff is at least as good as your last bakup.


the mac users are still immune to these things- but there are hundreds of dudes in eastern europe messing around with all things unix and mac, so it is only a matter of time.

Mike

Svart

Announcement: home computer troubles...
« Reply #17 on: April 14, 2008, 03:56:41 PM »
Vundo:

http://vil.nai.com/vil/content/v_127690.htm

Quote
the mac users are still immune to these things


very UNtrue.  There have been mac viruses for years.  The latest one is called OSX.  :green:

but seriously, there are mac viruses, they are just a dirty little secret that Apple doesn't want you to know about.  Heck, there are Iphone viruses already too.  They like to fool people into believing that they are safe.
Welcome to the GroupDIY leper colony! when something falls off, we just replace it with a tube!
occupation: General Electron Mayhem

Alesis X2 information repository:
http://www.theopiumdenproductions.

vertiges

Announcement: home computer troubles...
« Reply #18 on: April 14, 2008, 05:12:09 PM »
Quote from: "Svart"
very UNtrue.  There have been mac viruses for years.  The latest one is called OSX.  :green:


Quote from: "PRR"
> ...lighting tends to be lazy and typically finds a shorter path (such as my microwave oven).

Re: Announcement: home computer troubles...
« Reply #19 on: April 15, 2008, 07:50:56 AM »
Quote from: "SSLtech"
A very gloomy 'Hi' to all,

Yesterday my computer got smacked with some malware. It started while I was uploading some photos to photobucket, and it has pretty much buggered the computer, which wil now not boot up.

A small smattering of what it did:

It disabled CTRL-ALT-DEL (task manager) so I could not see what was running in the bckgrnd. (tricky.)

It wiped clean all the system restore points in XP, (clever.)

It replaced the wallpaper with a 'your system is infected.... click here to run spyware check' message, which is made to look official. (I'm not falling for that...)

It opened up LOTS of Internet Explorer windows....

It Hijacked my homepage

It REDIRECTS links from Yahoo and Google searches to 'preferred'  sponsor sites instead....

So I ran Ad-aware AND Spybot-S&D, They recognised the issues, and identified them correctly, but after several tries, about six hours struggling, and several apparently automatic re-infections, the computer now will NOT boot up.

I am typing this on a borrowed mac laptop at a local wi-fi coffee shop, it's the only net and computer access which I have right now.

I am S-O-O-O-O screwed.

My tax data is all in an excel file, on the C drive, and tax day is almost upon us.

As of now I'm desperate. My Only hope is to drag the computer into work and throw myself at the mercy of the web-geeks... but my overriding desperation is to get the data copied from the C and D drives before they do ANYTHING else to it.

Bugger.

Of course this had to happen RIGHT when Rochey and I are trying to set up the Expat audio stuff... and some future EXPAT design stuff is on there also...

Please bear with me, and communicate through Rochey for any expat/Turbo stuff... I am largely unable to do anything at the moment.

Keith


Heres what I do:

I have a  removable caddy in my PC so if the hardive has any problems I can always drop it in to my back up PC as a slave  and scan the drive and remove an unwanted pests.

Then I copy the files on to the backup pcs hardrive and format the corrupted drive and reinstall the hardrive back in the other PC and install a fresh OS. :wink:  :wink:


 

Related Topics

  Subject / Started by Replies Last post
23 Replies
5225 Views
Last post April 11, 2006, 03:41:40 PM
by Jonkan
11 Replies
2083 Views
Last post July 25, 2009, 06:18:27 PM
by mnats
0 Replies
796 Views
Last post September 23, 2010, 05:59:43 PM
by joe333
27 Replies
5480 Views
Last post November 15, 2011, 06:14:41 AM
by RuudNL