What do I do if I'm infected?

[Guest]

[eXPerience]

Well, good question isn't it? I'll give you some simple steps and hope these will help you destroying the malware .

1) Shut down system restore [How to shutdown system restore]

2) Back-up all your files and folders using a back-up program, for example Comodo Back-up

3) Download following programs and install them
- SUPERAntispyware
- Malwarebytes' Ant-Malware
- Avira Antivir

*BE SURE TO UNINSTALL ANY ANTIVIRUS YOU MAY HAVE BEFORE INSTALLING AVIRA ANTIVIR*

4) Check for definition Updates (Important!).

5) Reboot and start into safe mode (How do you start in Safe Mode?)

6) Allow each program to Scan. Scan one at a time, And remove threats found. Now Reboot.

7) If you still have malware found, You may need these tools also
(Beware, these tools can be dangerous. Please do only use them when neccessairy):
VundoFix
SmitfraudFix
ComboFix (XP ONLY)

8) Reboot into normal mode and see if you find any remains of the virus

9) Download Hijackthis let it scan and save a log

10)

       * Post back the hijackthis logs or in this thread or in the following forums which are full of hijackthis experts
- Spyware Warrior
- Bleeping Computer
- TechGuy

       * If you post here, please add :
- If you still have encountered any symptoms of the Malware
- What system Windows version you're using + what system pack
- What security software is installed

11) Re-enable System restore

3xist Response: So to sum everything up here, Turn off System Restore, And Restart your PC but make sure you press continually "F8" As soon as the PC has finished shutting down/restarting. Choose "Safe Mode with Networking" when your at that configuration screen. (So you can do virus/malware definition updates, etc) then unplug your internet cable or disable your network card. It's important to disconnect from the internet to stop background malware downloading through your PC, So quickly do the malware updates then unplug *Scanning in Safe Mode Always* - Safe Mode disables the majority of malware. Turning off System Restore gets rid of all malware in restore points.

Thanks!
Josh

[3xist]

Hi Guys.

See Below on how to Enable & Disable System Restore.

System Restore

One of the best features of Windows ME, XP, or Windows Vista is the System Restore option, however if a virus infects a computer with this operating system the virus may be accidentally backed up because of this feature. In order to completely remove a virus on these operating systems, you should disable System Restore before cleaning the system, then reenable it after the system is clean.

Please Turn Off System Restore, Restart your PC and then begin your malware scan(s). After your finished, Then turn it back on and reboot.

Disabling System Restore on Windows ME

1. Click Start, Settings, and then click Control Panel.
2. Double-click the System icon. The System Properties dialog box appears.

NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.

3. Click the Performance tab, and then click File System.
4. Click the Troubleshooting tab, and then check Disable System Restore.
5. Click OK. Click Yes, when you are prompted to restart Windows.

Once you have cleaned the virus or other problem from the computer, reenable System Restore by following these directions

To enable Windows Me System Restore:

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click System, and then click the Performance tab.
3. Click File System, and then click the Troubleshooting tab.
4. Uncheck Disable System Restore.
5. Click OK. Click Yes, when you are prompted to restart Windows.



How to remove all previous infected restore points on XP.

Go to Start > All Programs > Accessories > System Tools > System Restore

• Select Create a restore point, and Ok it.
• Next, go to Start > Run and type in cleanmgr
• Select the More options tab
• Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.

If this wasn't working you need to follow these steps, please beware that there is no way of going back with Sytem restore disables unless you made a backup !!!
Disabling System Restore on Windows XP

IMPORTANT NOTES:

    * You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
    * Turning off System Restore will clear out all previous restore points.

To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab
4. Check "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this illustration:
5. Click Apply.
6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Proceed with what you need to do; for example, virus removal. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.

Starting System Restore From a Command Prompt in Windows XP

1. Restart your computer or turn the computer on
2. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
3. Select the "Safe Mode with Command Prompt option" and press Enter
4. Log on to the computer with an administrator account
5. Type the following at the command prompt and press Enter

%systemroot%\system32\restore\rstrui.exe

6. Follow the onscreen instructions to restore your computer to an earlier time.

Re-enabling System Restore in Windows XP via the Group Policy Editor

In some cases, System Restore is disabled via the Group Policy Editor. In these cases, System Restore does not show up as a tab under My Computer Properties in Windows XP. If it doesnt show up, the question becomes how do you turn it on in the first place. To re-enable System Restore via the Group Policy Editor, follow these directions:

1) Start the Group Policy Editor by clicking on Start, Run and typing gpedit.msc in the Run box and pressing Enter
2) In the left hand column, click on Computer Configuration, Administrative Templates, System, System Restore
3) In the right hand column, set Turn off System Restore and Turn off Configuration to Disable
4) Minimize the Group Policy Editor
5) Right click on My Computer and Select Manage
6) In the right hand column, double click on Services and Applications, then Services
7) Find the System Restore Service and double-click to open
On the General tab set [Startup Type] to Automatic using the drop down list
9) Click the Start button to start the service
10) Close the Computer Management console
11) Maximize the Group Policy Editor and set Turn off System Restore and Turn off Configuration to Not Configured
12) Close Group Policy Editor and reboot the system.
13) Once the system is rebooted, Click on Start, Right-click on My Computer, click on Properties and the System Restore tab should appear again.
Disabling System Restore on
Windows Vista


To turn off Windows Vista System Restore:

1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
9. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows Vista System Restore:

1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Place a checkmark in the box for any drive you wish to enable System Restore on
7. Click OK

Please do not forget to re-enable System restore

[eXPerience]

Hi guys,

Safe Mode

Windows 95

    * Restart the computer.
    * Just after the POST diagnostics and memory count, start pressing the F8 key
    * On the Startup Menu, choose Safe Mode


Windows 98/Me

    * Restart the computer.
    * Just after the POST diagnostics and memory count, start pressing the F8 key
    * On the Startup Menu, choose Safe Mode

or you may use the System Configuration Utility Method.

    * While in Normal mode, Close all programs.
    * Click Start, Run and type MSCONFIG in the box and click OK
    * In the System Configuration Utility, on the General Tab,   click the Advanced Button
    * In the Advanced Troubleshooting Settings dialog box, check Enable Startup Menu. Click OK. Click OK again when the System Configuration Utility reappears.
    * You will be prompted to restart the computer. Click Yes. The computer will restart in Safe mode.
    * When you are finished with troubleshooting in Safe mode, open MSCONFIG again and uncheck "Enable Start-up Menu." under the Advanced Menu, then click OK and restart your computer


Windows 2000

    * If the computer is running, shut down Windows, and then turn off the power
    * Wait 30 seconds, and then turn the computer on.
    * When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key. The Windows 2000 Advanced Options Menu appears.
    * Ensure that the Safe mode option is selected. In most cases, it is the first item in the list and is selected by default.
    * Press Enter. The computer then begins to start in Safe mode.
    * When you are finished with all troubleshooting, close all programs and restart the computer as you normally would.


Windows XP

If Windows XP is the only operating system installed on your computer, booting into Safe Mode with these instructions.

    * If the computer is running, shut down Windows, and then turn off the power
    * Wait 30 seconds, and then turn the computer on.
    * Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    * Ensure that the Safe mode option is selected.
    * Press Enter. The computer then begins to start in Safe mode.
    * When you are finished with all troubleshooting, close all programs and restart the computer as you normally would.

To use the System Configuration Utility method

    * Close all open programs.
    * Click Start, Run and type MSCONFIG in the box and click OK
    * The System Configuration Utility appears, On the BOOT.INI tab, Check the "/SAFEBOOT" option, and then click OK and Restart your computer when prompted.
    * The computer restarts in Safe mode.
    * Perform the troubleshooting steps for which you are using Safe Mode.
      When you are finished with troubleshooting in Safe mode, open MSCONFIG again, on the BOOT.INI tab,  uncheck "/SAFEBOOT" and click OK to restart your computer

Windows as part of a multiboot system

Use this method ONLY if you have multiple operating systems installed on your computer.

    * If the computer is running, shut down Windows, and then turn off the power
    * Wait 30 seconds, and then turn the computer on.
    * When the Boot loader menu (list of the available operating systems) appears, use the arrow keys on the keyboard to select the version Windows what you want
    * Press Enter, and then immediately begin tapping the F8 key. The Windows Advanced Options menu appears.
    * Scroll to and select the Safe mode menu item, and then press Enter.


Windows Vista

Windows Vista is similar to Windows XP for starting in Safe Mode.

    * Turn the computer on or Restart the computer
    * Start tapping the F8 key. The Windows Advanced Boot Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    * Ensure that the Safe mode option is selected (the top option)
    * Press Enter. The computer then begins to start in Safe mode.
    * When you are finished with troubleshooting, close all programs and restart the computer as you normally

[layman]

Great. This will help a lot of users.

Exerience, please edit the name 'Comodo Fix' in the first post to 'Combo Fix'. I followed the link on curiosity to know the malware 'Comodo' who malign our beloved Comodo and it opened 'Combo Fix'. I think it may confuse others also.

[3xist]

Great. This will help a lot of users.

Exerience, please edit the name 'Comodo Fix' in the first post to 'Combo Fix'. I followed the link on curiosity to know the malware 'Comodo' who malign our beloved Comodo and it opened 'Combo Fix'. I think it may confuse others also.

Hi laymen.

Thanks for the feedback. That typo was my error, Been fixed. 

Josh

[JamesFrance]

I cannot agree with the advice given in this thread to turn off System Restore before running malware removal fixes.

If these go wrong and they can, you then have no way back other than a reformat and reinstall of all your apps.

Far better IMHO to remove the malware and remove  infected restore points after.

A way to  not leave the system without one even temporarily is as follows.

How to remove all previous infected restore points.

Go to Start > All Programs > Accessories > System Tools > System Restore

• Select Create a restore point, and Ok it.
• Next, go to Start > Run and type in cleanmgr
• Select the More options tab
• Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.

[eXPerience]

I agree with you James. (to the others, I've been discussing this over pm now) I've sended you the document, could you give me your proposal then ? I will review it then and if found good, which I think it will be, I will change the document. 

Xan

[JamesFrance]

Sent you a pm Xan.

[3xist]

Thanks for all the contribution guys!

Josh

[Tags:]