Announcement: home computer troubles...

GroupDIY Audio Forum

Help Support GroupDIY Audio Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

SSLtech

Well-known member
Joined
Jun 3, 2004
Messages
5,447
Location
Florida (Previously UK)
A very gloomy 'Hi' to all,

Yesterday my computer got smacked with some malware. It started while I was uploading some photos to photobucket, and it has pretty much buggered the computer, which wil now not boot up.

A small smattering of what it did:

It disabled CTRL-ALT-DEL (task manager) so I could not see what was running in the bckgrnd. (tricky.)

It wiped clean all the system restore points in XP, (clever.)

It replaced the wallpaper with a 'your system is infected.... click here to run spyware check' message, which is made to look official. (I'm not falling for that...)

It opened up LOTS of Internet Explorer windows....

It Hijacked my homepage

It REDIRECTS links from Yahoo and Google searches to 'preferred' sponsor sites instead....

So I ran Ad-aware AND Spybot-S&D, They recognised the issues, and identified them correctly, but after several tries, about six hours struggling, and several apparently automatic re-infections, the computer now will NOT boot up.

I am typing this on a borrowed mac laptop at a local wi-fi coffee shop, it's the only net and computer access which I have right now.

I am S-O-O-O-O screwed.

My tax data is all in an excel file, on the C drive, and tax day is almost upon us.

As of now I'm desperate. My Only hope is to drag the computer into work and throw myself at the mercy of the web-geeks... but my overriding desperation is to get the data copied from the C and D drives before they do ANYTHING else to it.

Bugger.

Of course this had to happen RIGHT when Rochey and I are trying to set up the Expat audio stuff... and some future EXPAT design stuff is on there also...

Please bear with me, and communicate through Rochey for any expat/Turbo stuff... I am largely unable to do anything at the moment.

Keith
 
Keith,

If your computer doesn't boot anymore is because your anti-malware soft have deleted important (probably infected) system files !

My experience is to try to know against what you fight before running any "automatic" anti-spywares softwares. For example, sometimes with the new redirected home page address, you can determine the nature or maybe the name of the spyware by Google-ing it !
Or just make a scan and check the names of the spywares in Google. Sometimes there is a specific tool, or safe method procedure available to kill the bastard ! :twisted:

You should run your recovery console and try to repair your windows.

By the way, are you able to start in Safe Mode ?

EDIT 1 :

Do you remember the name of the "sponsor" ?

EDIT 2 :

a) Are we talking about a laptop or a desktop one ?
b) I don't think your datas are gone. I think it's just some missing or corrupt system files...


eD)))
 
This is BAD :cry: , hope things start to go well again soon...

Although it hasn't hit me this hard yet, the losing of a single partition with valuable data on it gave me already quite some trouble.

At the risk of perhaps spreading the nasty stuff further, can you connect the troubled drive to another machine to clone the data ?

Although I made backups before, after that 'disaster' mentioned above I bettered my life and increased the refresh-frequency. Dunno if your troubled machine is a boring or happening one (PC/Mac), but if you're on PC the least you could do -once things get going again- is to install something like SyncToy (free, from... MS itself, incremental echoing, cloning & whatnot). I'm using SyncToy myself and it very well suits my needs.

Best,

Peter
 
Try this:

Buy a new harddrive (they are not that expensive), reinstall all of your software, then connect up your existing harddrive as a secondary, virus scan, and retrieve your data. If it never clobbered too much data but just infected system files that oughtta do it. I used to use that method when Win98 would clobber itself.
 
[quote author="dale116dot7"]Try this:

Buy a new harddrive (they are not that expensive), reinstall all of your software, then connect up your existing harddrive as a secondary, virus scan, and retrieve your data. If it never clobbered too much data but just infected system files that oughtta do it. I used to use that method when Win98 would clobber itself.[/quote]

It's a solution... but it's gonna be long...

I'm pretty sure this Windows can be recovered and cleaned. :thumb:


Most of the time :

a) spywares don't destroy your data.
b) Infect only the windows files.
c) a lot of spywares are not detected by antivirus.
d) automatic scanning and deletion of the spywares often turn your PC in a non-booting unit.

eD))
 
First of all, you have my sympathy.
When you get attacked like that it makes you realise how you dependent you are on your computer.
But.... Very important !
Copy your C drive (and whatever other HD drives) onto some external media right away.
It's worth even buying one of those portable USB drives (which have quite a decent capacity - effectively they are a laptop drive in a caddy).
But get your data safe!
I had a virus last month which pissed me off mightily because Norton didn't catch it and, even though the machine was fully infected, didn't even recognise it (and I was fully up to date with all OS updates and virus definitions).
Norton is CRAP. It slows your machine down and doesn't protect you.
After a day of burning brain cells I finally got rid of the infection.
I would recommend AVG.
It catches a lot more than other antivirus programmes AND it doesn't slow the computer down as much.
Good luck Keith - get that data safe!
 
Buy a new harddrive (they are not that expensive), reinstall all of your software, then connect up your existing harddrive as a secondary, virus scan, and retrieve your data.

I would second this suggestion - in my experience, the the amount of time spent tracking down & removing the virus is better spent rebuilding the system from scratch - in the end you can be sure that all is truly in order.

Once you have everything up and running again, I'd recommend buying one of the many external drives that come bundled with backup software (which are getting quite inexpensive these days) and back up your system. It only takes one crash to make you feel the investment was worthwhile!

Good luck!
 
Sounds like a replicator, remove it ,it comes back
Try Hi Jack This
http://www.spywareinfo.com/~merijn/programs.php
Removed many Baddies with this :thumb:
 
[quote author="barclaycon"]Norton is CRAP. It slows your machine down and doesn't protect you.
After a day of burning brain cells I finally got rid of the infection.
I would recommend AVG.
[/quote]

I couldn't agree more on that ! :mad:
And by using "crap" you stayed polite... I would have used another term. :wink:
Norton can turn a powerful and fast and slow PC into a sick one !
And the antivirus is not that good.

The last "good version" of Norton was the 2003 one !

I would recommend AVG too (the free edition) and Comodo Firewall (free as well). And also make "ghosts" of the partitions.


[quote author="electrog"]

In my experience, the the amount of time spent tracking down & removing the virus is better spent rebuilding the system from scratch - in the end you can be sure that all is truly in order.
[/quote]

Hum... I'm not sure... actually, maybe yes is you are not a Windows expert. But installing Windows from scratch takes forever : the Windows itself + 1000 security updates and 1000 restarts, all the softs (if you still have them) + the updates, the configuration of the programs (mails, FTP, etc.) reimporting your old datas, etc...

A Windows can fail to boot quite easily.
If you can't repair it with the recovery console or/and with the hiren boot CD, it's getting complicated and it could take a long time. But if you can make it boot again, (probably the repaired files will be re-infected again), you should copy you important files on an external drive or on you "D" if you have two HD in you computer. After that, find the name of the bastard : the new home page in your browser is a good place to start. Once you have the name, I'm pretty sure, it will be possible to find a removing procedure or tool which won't arm your Windows...

[quote author="s2udio"]Sounds like a replicator, remove it ,it comes back
Try Hi Jack This
http://www.spywareinfo.com/~merijn/programs.php
Removed many Baddies with this :thumb:[/quote]

Yes, but you have to be careful... You can remove very important files or keys in the registry by doing that. That's probably what happened to Keith

eD)))
 
FWIW, I would feel most comfortable with Dale's suggestion - it strikes me as the most time-efficient method. That way you can take the other data off the infected drive as and when it suits you.


Justin
 
Timing sucks with the Ides of April upon us.

It might be worth some professional help from a PC expert. It seems it should be deductible as tax preparation expense.

JR
 
[quote author="JohnRoberts"]Timing sucks with the Ides of April upon us.

It might be worth some professional help from a PC expert. It seems it should be deductible as tax preparation expense.

JR[/quote]

And if you find a good expert please tell us who it is.

Truly though that situation is awful. As far as the feds, if you can't recover in time, do a best estimate of what's owed and send money with an extension application, so at least you don't get dinged for late filing. If you underestimate there's a penalty as well of course (they don't miss a trick) but it's not severe.
 
[quote author="bcarso"]

And if you find a good expert please tell us who it is.
[/quote]

I can do it pretty easily.
 
[quote author="s2udio"]Sounds like a replicator, remove it ,it comes back
Try Hi Jack This
http://www.spywareinfo.com/~merijn/programs.php
Removed many Baddies with this :thumb:[/quote]

Yes, but you have to be careful... You can remove very important files or keys in the registry by doing that. That's probably what happened to Keith

[/quote]
Then run an xp repair from the original Disk after removing the little DEVIL !!
I do this at work every day,for the unsuspecting computer Users
:green:
For AV this kicks arse NOD32
http://eset.co.uk
 
You can get a 2007 extension form from the local library tomorrow and buy yourself an honest six months for free- just render unto caesar for 2007 by Tuesday. All the other stuff is at least as good as your last bakup.


the mac users are still immune to these things- but there are hundreds of dudes in eastern europe messing around with all things unix and mac, so it is only a matter of time.

Mike
 
Vundo:

http://vil.nai.com/vil/content/v_127690.htm

the mac users are still immune to these things

very UNtrue. There have been mac viruses for years. The latest one is called OSX. :green:

but seriously, there are mac viruses, they are just a dirty little secret that Apple doesn't want you to know about. Heck, there are Iphone viruses already too. They like to fool people into believing that they are safe.
 
[quote author="Svart"] very UNtrue. There have been mac viruses for years. The latest one is called OSX. :green:
[/quote]

mediumdiscofrog.gif
 
[quote author="SSLtech"]A very gloomy 'Hi' to all,

Yesterday my computer got smacked with some malware. It started while I was uploading some photos to photobucket, and it has pretty much buggered the computer, which wil now not boot up.

A small smattering of what it did:

It disabled CTRL-ALT-DEL (task manager) so I could not see what was running in the bckgrnd. (tricky.)

It wiped clean all the system restore points in XP, (clever.)

It replaced the wallpaper with a 'your system is infected.... click here to run spyware check' message, which is made to look official. (I'm not falling for that...)

It opened up LOTS of Internet Explorer windows....

It Hijacked my homepage

It REDIRECTS links from Yahoo and Google searches to 'preferred' sponsor sites instead....

So I ran Ad-aware AND Spybot-S&D, They recognised the issues, and identified them correctly, but after several tries, about six hours struggling, and several apparently automatic re-infections, the computer now will NOT boot up.

I am typing this on a borrowed mac laptop at a local wi-fi coffee shop, it's the only net and computer access which I have right now.

I am S-O-O-O-O screwed.

My tax data is all in an excel file, on the C drive, and tax day is almost upon us.

As of now I'm desperate. My Only hope is to drag the computer into work and throw myself at the mercy of the web-geeks... but my overriding desperation is to get the data copied from the C and D drives before they do ANYTHING else to it.

Bugger.

Of course this had to happen RIGHT when Rochey and I are trying to set up the Expat audio stuff... and some future EXPAT design stuff is on there also...

Please bear with me, and communicate through Rochey for any expat/Turbo stuff... I am largely unable to do anything at the moment.

Keith[/quote]

Heres what I do:

I have a removable caddy in my PC so if the hardive has any problems I can always drop it in to my back up PC as a slave and scan the drive and remove an unwanted pests.

Then I copy the files on to the backup pcs hardrive and format the corrupted drive and reinstall the hardrive back in the other PC and install a fresh OS. :wink: :wink:
 
Back
Top