real bad computer infection

[Steve Miller]

Hello ng, I'm Steve! How are you?

For a few, something disabled AntiVir Guard. Also, the Avira.com homepage was blocked.

This must be some sort of malware or virus, therefore. Right?

I scanned with Avira AntiVir Personal and Search & Destroy. Avira AntiVir found two
infections but the probs still persist.

Now I'm scanning with TrendMicro HouseCall. Nor sure what the results will be.

Can someone please help?

Steve

 

[David H. Lipman]

Hello ng, I'm Steve! How are you?

For a few, something disabled AntiVir Guard. Also, the Avira.com homepage was blocked.

This must be some sort of malware or virus, therefore. Right?

I scanned with Avira AntiVir Personal and Search & Destroy. Avira AntiVir found two
infections but the probs still persist.

Now I'm scanning with TrendMicro HouseCall. Nor sure what the results will be.

Can someone please help?

Yes, disabling anti virus applications as well as blocking access to anti mawlare web
sites is indicative to being infected with malware.

Have you tried installing, updating and running Malwarebytes' Anti Malware (MBAM) ?

 

[Steve Miller]

Yes, disabling anti virus applications as well as blocking access to anti mawlare web sites is indicative to being infected with
malware.

Have you tried installing, updating and running Malwarebytes' Anti Malware (MBAM) ?

Hello David,

no not yet. When HouseCall was finished scanning the pc, I will try to rename the actual
AntiVir exe file. Avgnt.exe, to make sure it was not replaced by some malicious one.

I will remove and reinstall the software package basically.

Steve

 

[David H. Lipman]

Hello David,

no not yet. When HouseCall was finished scanning the pc, I will try to rename the actual
AntiVir exe file. Avgnt.exe, to make sure it was not replaced by some malicious one.

I will remove and reinstall the software package basically.

Steve

Do NOT rename the file!

It is a fully installed application, not a runtime utility. It should be LEFT ALONE
as-is.

If you want to scan using Avira AntiVir, you can use my Multi-AV Scanning Tool's Avira
module. It also includes scanners from; Emsisoft, Sophos and Trend Micro.

 

[marvt]

Hello David,

no not yet. When HouseCall was finished scanning the pc, I will try to rename the actual
AntiVir exe file. Avgnt.exe, to make sure it was not replaced by some malicious one.

I will remove and reinstall the software package basically.

Steve

I have no solution to your problem, but I do have one that will
prevent such nonsense in the future. Get yourself an imaging program
such as Acronis True Image, Macrium Reflect, etc., There are a
number of them out there. With one of those, you merely reload the
last saved image of your C: drive and your back in business in no
time. It is beyond me why more people don't have such software.

 

[Tired]

Hello ng, I'm Steve! How are you?

For a few, something disabled AntiVir Guard. Also, the Avira.com
homepage was blocked.
This must be some sort of malware or virus, therefore. Right?

I scanned with Avira AntiVir Personal and Search & Destroy. Avira
AntiVir found two infections but the probs still persist.

Now I'm scanning with TrendMicro HouseCall. Nor sure what the results
will be.
Can someone please help?

Steve

Possibly some kind of rootkit. Combofix has a good success rate with these
kind of things.

 

[FromTheRafters]

Hello ng, I'm Steve! How are you?

For a few, something disabled AntiVir Guard. Also, the Avira.com homepage was blocked.

This must be some sort of malware or virus, therefore. Right?

Most likely malware, but a virus is a distinct type of program
associated with malware. Malware is the 'umbrella' term for all kinds of
MALicious softWARE.

I scanned with Avira AntiVir Personal and Search& Destroy. Avira AntiVir found two
infections but the probs still persist.

It likely only found something else, not the problem. Can you boot the
machine from some media cleaner than the (possibly infested) harddrive?

CD, DVD, or USB?

Sometimes even 'safe mode' is clean enough.

Now I'm scanning with TrendMicro HouseCall. Nor sure what the results will be.

Scanning from within the affected environment can be problematic.

Can someone please help?

Follow David H. Lipman's advice. His Multi-AV tool coupled with MBAM is
quite good at finding most malware.

 

[thanatoid]

marvt@sdla;fj.com wrote in

I have no solution to your problem, but I do have one that
will prevent such nonsense in the future. Get yourself an
imaging program such as Acronis True Image, Macrium
Reflect, etc., There are a number of them out there.
With one of those, you merely reload the last saved image
of your C: drive and your back in business in no time. It
is beyond me why more people don't have such software.

For the same reason approximately 50% of PC's worldwide run
Vista or Win7, less than 40% XP, and most of all those also run
Internet Explorer and MS "Security" software.

BTW, there are some free imaging programs as well, although a
little harder to use.

 

[FredW]

BTW, there are some free imaging programs as well, although a
little harder to use.

Macrium Reflect Free
http://www.macrium.com/reflectfree.aspx

I use this freeware for my weekly backup (Windows 7).
I would know what is "harder to use" at this very simple imaging.

And the restore (don't forget to make your start-up CD/USB) is just as
simple and works fine (proven in practice).

 

[FromTheRafters]

marvt@sdla;fj.com wrote in



For the same reason approximately 50% of PC's worldwide run
Vista or Win7, less than 40% XP, and most of all those also run
Internet Explorer and MS "Security" software.

BTW, there are some free imaging programs as well, although a
little harder to use.

True, I use "MaxBlast" and it suits my purposes just fine.

 

[FredW]

I would know what is "harder to use" at this very simple imaging.

I would NOT know what is ...........
(sorry)

 

[thanatoid]

I would NOT know what is ...........
(sorry)

I saw it but got it.

Few people have used the free imagers, so it's hard to say
what's easy and what isn't. But Acronis is designed to be pretty
idiot-proof. And I got it FREE in a UK computer magazine in
2002. When I even THINK of ALL the damn utilities I had to rely
on before... The BEST gift I ever got. (Yes, I don't have much
of a life...)

 

[marvt]

I would NOT know what is ...........
(sorry)

Macrium Reflect does take a bit more understanding. The fact of
having to choose between the PE or the UNIX method for your backup CD
is not as clear to a non techie like myself as is the ultra simple
method of creating and using the rescue CD for Acronis True Image.
Also, I have no idea about the XML method Macrium can also use. I
have both of them. The Macrium I have is the paid version. I prefer
True Image for simplicity.

I had a major disaster some months back. Some damn piece of software
that looked like a simple program totally shot my system on C: I
couldn't even use the Acronis rescue disk. I had to use my Windows
install CD. I installed Windows without all the extra drivers, etc.
Just the bare minimum. I then reinstalled Acronis True Image and was
able to access the backup image on the Safe Zone partition which
Acronis previously had installed. I was back up and running in just
the time it took to reload the image - about 1 1/2 hours. Never had
something that disastrous happened before. All the times before I
simply used the rescue disk. That time, however, something totally
screwed my Windows System. Despite that, it was still simple to get
at the Save Zone again with just the bare reinstall of Windows. I
have well over a hundred programs in my Program Files folder. I have
tons of all kinds of drivers for a ton of different types of video and
audio files. Just thinking of how long - and how absolutely nerve
wracking it would been to spend literally days reinstalling everything
scares the bleep out of me. And would I have remembered everything,
every setting, etc.? NOT! Acronis saved my butt big time.

 

[Dustin]

Macrium Reflect Free
http://www.macrium.com/reflectfree.aspx

I use this freeware for my weekly backup (Windows 7).
I would know what is "harder to use" at this very simple imaging.

And the restore (don't forget to make your start-up CD/USB) is just as
simple and works fine (proven in practice).

I'm still a ghost user.. I've recently added ghost v11.5 to my modded
bartpe disc.

 

[David H. Lipman]

I'm still a ghost user.. I've recently added ghost v11.5 to my modded
bartpe disc.

Me too.
Symantec Ghost v11.5

 

[Nobody > (Revisited)]

I saw it but got it.

Few people have used the free imagers, so it's hard to say
what's easy and what isn't. But Acronis is designed to be pretty
idiot-proof. And I got it FREE in a UK computer magazine in
2002. When I even THINK of ALL the damn utilities I had to rely
on before... The BEST gift I ever got. (Yes, I don't have much
of a life...)

I used to be an an Acronis fan; but decided "why pay" (and yes, I know
about the comped/free versions you can get from various drive mfrs).

Haven't tried Macrim, but have been using EASUS ToDo Backup and the
companion Partition Manager (which I scored as "full" in one of those
daily giveaway deals). They cross over each other, both will do imaging
and cloning, but both are great, and both will create bootdisks.

I've been installing the free EASUS ToDo backup remotely in many of my
"clients" machines, (to be frank, it's the old free it for friends and
family shtick) and even those folks can understand how to use it with a
little coaching.




--
"Shit this is it, all the pieces do fit.
We're like that crazy old man jumping
out of the alleyway with a baseball bat,
saying, "Remember me motherfucker?"
Jim “Dandy” Mangrum

 

[Steve Miller]

I'm not a fan of imaging software at all. Well, you had loose the one file that
you but need to keep.

And now? Leave the PC off, writing letters as it used to be? I have my backup
file by file. And I not gonna change something there.

Well HouseCall found a Recycler Bin folder in C:\ and some config.bin it,
which I removed and deleted manually.

Lets see!

Steve.

 

[FromTheRafters]

I'm not a fan of imaging software at all. Well, you had loose the one file that
you but need to keep.

I make several, and keep them in different places.

And now? Leave the PC off, writing letters as it used to be? I have my backup
file by file. And I not gonna change something there.

Yeah, MaxBlast doesn't allow the browsing of the image as if it were
just another disk, but the full version of Acronis that it is based on
does. This would allow you to pick and choose what specific file you
want to restore. I'm only using it as an entire disk backup so that is
no problem for me. I *also* do regular backups of system and incremental
backups of data.

Well HouseCall found a Recycler Bin folder in C:\ and some config.bin it,
which I removed and deleted manually.

Lets see!

Steve.

Good luck.

 

[FredW]

I saw it but got it.

Few people have used the free imagers, so it's hard to say
what's easy and what isn't. But Acronis is designed to be pretty
idiot-proof. And I got it FREE in a UK computer magazine in
2002. When I even THINK of ALL the damn utilities I had to rely
on before... The BEST gift I ever got. (Yes, I don't have much
of a life...)

I also used paid software from Paragon, once free with a German computer
magazine.
It worked very well on my WindowsXP.
But when I switched to Windows 7 64-bit, I found out that the Paragon
software wouldn't work on 64-bit Windows.
According to the website Macrium would work on 64-bit, but Easus was not
ready for 64-bit Windows.

I started using Macrium Reflect Free and found that the creation of the
Back-up (image) went faster and that the restore went faster.
And after a restore I could continue without any problem from an earlier
date.
So in the end I was happy I found Macrium Reflect Free.

 

[FredW]

Macrium Reflect does take a bit more understanding. The fact of
having to choose between the PE or the UNIX method for your backup CD
is not as clear to a non techie like myself as is the ultra simple
method of creating and using the rescue CD for Acronis True Image.
Also, I have no idea about the XML method Macrium can also use. I
have both of them. The Macrium I have is the paid version. I prefer
True Image for simplicity.

BartPE is for WindowsXP only.
As I have Windows 7, I can only use the Linux version.
(and Linux is the default choice.)

Weekly I make an image of my C:\-partition.
The image is stored on an other partition.
And I copy the image to an external Hard disc.

For recovery purposes I have a "recovery" USB stick lying beside my
monitor.
Whenever something happens, I can use the USB stick to restart the
computer and do a restore.
http://kb.macrium.com/KnowledgebaseArticle50047.aspx?Keywords=usb+stick+bootable
http://kb.macrium.com/KnowledgebaseArticle50025.aspx?Keywords=usb+stick+bootable

The XML-thing is just a way to save the name of the backup.
You can manually delete names of backups you deleted.

Weekly I make a complete copy (nothing incremental, not possible?)
and it take less than 10 minutes.
A restore takes less than 20 minutes and thereafter everything is again
in working order.

On the C:\-partiton I only have Windows and other software installed.
All data are on other partitions and are no part of image and restore.
For backup of data I use different software (Karen).