DCSportbikes.net  
» Help Support .NET!
DCSportbikes Premier Membership for 25$ per year. Discounts! Click here for full information.

Now available in the .NET Shop:



Get your DCSBN Gear!
» Shoutbox
Sorry, only registered users have the ability to use our real-time shoutbox to chat with other members.

Register now, it's free!
» Online Users: 528
5 members and 523 guests
2blueyam, GRN96WS6, nootherids, Scot, tonetone
Most users ever online was 4,519, September 2, 2015 at 03:26 AM.
Go Back   DCSportbikes.net > Non-Sportbike Forums > Non-Sportbike Chat

Reply
LinkBack Thread Tools
Need computer help..
Unread
  (#1)
RIP Jeff Vega
 
Speed3's Avatar
 
Posts: 2,259
Join Date: January 4, 2004
Location: Fredneck
Need computer help.. - March 7, 2011, 06:51 AM

I got a virus over the weekend...it shuts down all of my anti-virus softwarde and directs me to "anti-virus monitor" screen to purchase what is obviously a scam. I can't go to any other sites or do anything.

I booted in safe mode and ran microsoft security essentials, and anti-malware. It picked up the "trojan.dropper", but after restart I get the same issue.

I'm assuming its in the registry and I'm not sure how to get it out. Any ideas for a non-computer person? Can I reset my computer to the way it ran a week ago, assuming the virus wasn't there at that point?

Any help appreciated...
  Send a message via AIM to  
Reply With Quote
Unread
  (#2)
Your Ad Here
 
Heist's Avatar
 
Posts: 32,590
Join Date: August 25, 2008
Location: Washington, D.C.
March 7, 2011, 06:56 AM

Roll back in Windows safe mode. Run your anti virus software which should have at a minimum quarantined it, then reboot.

If your AV software is dated, download Avast! which is free and updates definitions at least 3x a week.



“Any man who tries to be good all the time is bound to come to ruin among the great number who are not good. Hence a Prince who wants to keep his authority must learn how not to be good, and use that knowledge, or refrain from using it, as necessity requires”.

- Nicolo Machiavelli 1469-1527

  Facebook Page MySpace.com Page Send a message via AIM to  
Reply With Quote
Unread
  (#3)
Mojito Anyone?
 
onel0wcubn's Avatar
 
Posts: 10,208
Join Date: April 28, 2008
Location: La Habana
March 7, 2011, 06:57 AM

malwarebytes...


ay ya yay
  Send a message via AIM to Send a message via Yahoo to onel0wcubn Send a message via AIM to onel0wcubn  
Reply With Quote
Unread
  (#4)
↓ dn ʎɐʍ sıɥʇ ↓
 
Dark's Avatar
 
Posts: 8,213
Join Date: March 10, 2008
March 7, 2011, 06:59 AM

Which A/V are you running?


Quote:
A Trojan.Dropper is a type of Trojan whose purpose is to deliver an enclosed payload onto a destination host computer. A dropper is a means to an end rather than the end itself. In other words, the dropper is usually used at the start or in the early stages of a malware attack.

Once a dropper is executed, its own code is simply to load itself into memory and then extract the malware payload and write it to the file system. It may perform any installation procedures and execute the newly dropped malware. The dropper usually ceases to execute at this point as its primary function has been accomplished.

Droppers are used by malware creators to disguise their malware. They create confusion amongst users by making them look like legitimate applications or well known and trusted files.
The issue with droppers is you don't know what they 'dropped' in your filesystem so cleaning it out completely could be difficult.


-Ryan
  Send a message via AIM to  
Reply With Quote
Unread
  (#5)
↓ dn ʎɐʍ sıɥʇ ↓
 
Dark's Avatar
 
Posts: 8,213
Join Date: March 10, 2008
March 7, 2011, 07:02 AM

I do not know how accurate this is but it may be worth a shot. You'll likely need to execute these steps in safe-mode but try it without first.


Instructions
  1. End System Processes

    Right-click the taskbar anywhere in a blank space and select "Task Manager."
    Click the "Processes" tab.
    Select "search[2].exe" from list of processes and click "End Process."
    Repeat step 3 for "sysrtmvs.exe," "senh.exe," "wd7gi8nnew.exe," "visfx500new.exe," "OEM.exe," "numbsoftnew.exe," "Mendoza1.exe" and "Mendoza.exe."
    Close the Task Manager.
  2. Delete Registry Entry

    Go to the "Start" menu and click "Run."
    Type "regedit" in the search line and click "OK" to start the Registry Editor.
    Navigate to and remove the following entry:

    Microsoft\Windows\CurrentVersion\Emitt
    Close the Registry Editor.
  3. Delete Files

    Go to the "Start" menu and select "Search."
    Select the hard drive fromthe drop-down menu and check the "All Files and Folders" option.
    Type "search[2].exe" and hit "Enter" to begin the search. Delete all of the search results.
    Repeat step 3 for "sysrtmvs.exe," "senh.exe," "wd7gi8nnew.exe," "visfx500new.exe," "OEM.exe," "numbsoftnew.exe," "Mendoza1.exe" and "Mendoza.exe."
  4. Restart your computer.


-Ryan
  Send a message via AIM to  
Reply With Quote
Unread
  (#6)
Derpetologist
 
Posts: 6,270
Join Date: September 7, 2010
March 7, 2011, 07:07 AM

Boot from windows install cd, complete reformat, reinstall everything. Brand new clean system in 30 minutes or less. Hope your data is backed up.


*Not intended to be a factual statement.
  Send a message via AIM to  
Reply With Quote
Unread
  (#7)
SRWJTS SGT-At-Arms
 
Fitz's Avatar
 
Posts: 17,473
Join Date: October 1, 2002
Location: King George, VA
March 7, 2011, 07:09 AM

You could do all that, or you could go the easy route:

1.) boot with UBCD or some similar bootable linux distro
2.) save your important documents
3.) format the drive
4) reinstall windows
5) copy your documents back.
6) run a complete scan to ensure none of your files that you migrated are infected.

Takes less time than trying to track down all traces of malware.

Optional step 7) check your browsing habits... only download porn from reputable sites, stay away from pirated software. Very little malware happens without some unsafe browsing from the user.


-Fitz

2016 Harley Softail Slim S
2012 Harley Ultra Limited in Ultra Annoying Orange Sold!
2012 V-Strom 1000 Sold!
2009 Buell 1125R Sold!
2005 Superhawk Sold!
2001 Superhawk Abandoned!
1981 CB650C Destroyed!

Brace Yourselves... the cries of "It's too cold to ride" are coming...
  Send a message via AIM to  
Reply With Quote
Unread
  (#8)
↓ dn ʎɐʍ sıɥʇ ↓
 
Dark's Avatar
 
Posts: 8,213
Join Date: March 10, 2008
March 7, 2011, 07:22 AM

I'm not going to deny that either of your solutions will work BUT I hope neither of you are in the IT field working similar problems. Reinstalling should be the LAST option.

If a member of my team suggested that, it would be difficult to not give them the boot.

Quote:
Originally Posted by Rail View Post
Boot from windows install cd, complete reformat, reinstall everything. Brand new clean system in 30 minutes or less. Hope your data is backed up.
Quote:
Originally Posted by thefitzvh View Post
You could do all that, or you could go the easy route:

1.) boot with UBCD or some similar bootable linux distro
2.) save your important documents
3.) format the drive
4) reinstall windows
5) copy your documents back.
6) run a complete scan to ensure none of your files that you migrated are infected.

Takes less time than trying to track down all traces of malware.

Optional step 7) check your browsing habits... only download porn from reputable sites, stay away from pirated software. Very little malware happens without some unsafe browsing from the user.


-Ryan
  Send a message via AIM to  
Reply With Quote
Unread
  (#9)
GP Racer
 
Kayaus's Avatar
 
Posts: 1,319
Join Date: June 11, 2009
Location: ALABAMA
March 7, 2011, 07:29 AM

Dark - it is known that commonly available anti-virus solutions (McAfee, Symantec, etc..) and removal tools such as malwarebytes will only remove the visible items and do not fully remove good malware.

Best practice for any malware infection is to reload the OS, 9 times out of 10 the virus will be back on the system within 30 days when the removal tools are used.

Take the sack, punt. Start over. Usually faster than attempting to remove anyway.


Yamaha FZ8
Husqvarna TE310R ---
  Send a message via AIM to  
Reply With Quote
Unread
  (#10)
↓ dn ʎɐʍ sıɥʇ ↓
 
Dark's Avatar
 
Posts: 8,213
Join Date: March 10, 2008
March 7, 2011, 07:33 AM

Quote:
Originally Posted by Kayaus View Post
Dark - it is known that commonly available anti-virus solutions (McAfee, Symantec, etc..) and removal tools such as malwarebytes will only remove the visible items and do not fully remove good malware.

Best practice for any malware infection is to reload the OS, 9 times out of 10 the virus will be back on the system within 30 days when the removal tools are used.

Take the sack, punt. Start over. Usually faster than attempting to remove anyway.
In some cases I would absolutely agree and in those cases a solution similar to Fitz would work well but in all the malware related issues I've had to work on I'd say less than 10% needed a full reinstall to fix the problem permanently.

You can fix the problem completely if you look in all the right places.


-Ryan
  Send a message via AIM to  
Reply With Quote
Unread
  (#11)
SRWJTS SGT-At-Arms
 
Fitz's Avatar
 
Posts: 17,473
Join Date: October 1, 2002
Location: King George, VA
March 7, 2011, 07:37 AM

Quote:
Originally Posted by Dark View Post
I'm not going to deny that either of your solutions will work BUT I hope neither of you are in the IT field working similar problems. Reinstalling should be the LAST option.

If a member of my team suggested that, it would be difficult to not give them the boot.
LOL... "Taking the method that takes the least amount of time while guaranteeing the malware is eliminated would get you fired on my team."

Given that the data backup/reinstall option is less labor intensive than a manual removal, thus saving your team man hours of work...

Why would that be a worse option?

Fastest solution to the problem while still saving the data. I fail to see how painstakingly removing the malware is a better option.

If the data can be saved, then yeah... a reinstall is the best option.

Judging by the symptoms he gave, this isn't a simple java cache file that's infected. This sounds particularly bad, and a manual removal is likely more trouble than it is worth.


-Fitz

2016 Harley Softail Slim S
2012 Harley Ultra Limited in Ultra Annoying Orange Sold!
2012 V-Strom 1000 Sold!
2009 Buell 1125R Sold!
2005 Superhawk Sold!
2001 Superhawk Abandoned!
1981 CB650C Destroyed!

Brace Yourselves... the cries of "It's too cold to ride" are coming...

Last edited by Fitz; March 7, 2011 at 07:40 AM..
  Send a message via AIM to  
Reply With Quote
Unread
  (#12)
Elite Racing
 
Castle's Avatar
 
Posts: 7,716
Join Date: July 10, 2007
Location: HSV
March 7, 2011, 07:43 AM

Good trojans nowadays embed themselves so far in and come back with the quickness.

I'll give a good college try to remove it, about 1-2 hours. If after 2 hours I haven't cleaned things up, no question....the machine is give the high-sign and reformatted/reimaged.


Chris
Elite Racing
CCS AM #458

Godspeed Bam Bam

VFR Matt: gotta be a winner at something. Cant reach for the stars mind well be king of suck
tecknojoe: we could get together at my house and mount my trailor
vonstallin: whack one off 4 me henrey
thefitzvh: I'm the assholist asshole that ever assholed
  Send a message via AIM to  
Reply With Quote
Unread
  (#13)
SRWJTS SGT-At-Arms
 
Fitz's Avatar
 
Posts: 17,473
Join Date: October 1, 2002
Location: King George, VA
March 7, 2011, 07:45 AM

Takes me 30 minutes to save the data with UBCD and reimage.

Takes hours to clean most of the malware we get.


Hmmm...
Attached Images
File Type: jpg saved-time-fixed-problem-Youre-fired.jpg (121.0 KB, 66 views)


-Fitz

2016 Harley Softail Slim S
2012 Harley Ultra Limited in Ultra Annoying Orange Sold!
2012 V-Strom 1000 Sold!
2009 Buell 1125R Sold!
2005 Superhawk Sold!
2001 Superhawk Abandoned!
1981 CB650C Destroyed!

Brace Yourselves... the cries of "It's too cold to ride" are coming...
  Send a message via AIM to  
Reply With Quote
Unread
  (#14)
↓ dn ʎɐʍ sıɥʇ ↓
 
Dark's Avatar
 
Posts: 8,213
Join Date: March 10, 2008
March 7, 2011, 07:55 AM

Quote:
Originally Posted by thefitzvh View Post
LOL... "Taking the method that takes the least amount of time while guaranteeing the malware is eliminated would get you fired on my team."

Given that the data backup/reinstall option is less labor intensive than a manual removal, thus saving your team man hours of work...

Why would that be a worse option?

Fastest solution to the problem while still saving the data. I fail to see how painstakingly removing the malware is a better option.

If the data can be saved, then yeah... a reinstall is the best option.

Judging by the symptoms he gave, this isn't a simple java cache file that's infected. This sounds particularly bad, and a manual removal is likely more trouble than it is worth.
I can't say I've ever spent much time (an hour or two) resolving a malware issue and it doesn't take long to figure out if it's going to be more work than it's worth.

The issue with reinstalling is time, it could take much longer to get the user back up and running (reimaging/installing apps from scratch/remediating/etc).


-Ryan
  Send a message via AIM to  
Reply With Quote
Unread
  (#15)
Your Ad Here
 
Heist's Avatar
 
Posts: 32,590
Join Date: August 25, 2008
Location: Washington, D.C.
March 7, 2011, 07:57 AM

Thread Topic: Hey guys my computer is fucked and I need some help.

Thread Direction: Methodology fight. Go!



“Any man who tries to be good all the time is bound to come to ruin among the great number who are not good. Hence a Prince who wants to keep his authority must learn how not to be good, and use that knowledge, or refrain from using it, as necessity requires”.

- Nicolo Machiavelli 1469-1527

  Facebook Page MySpace.com Page Send a message via AIM to  
Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Powered by vBadvanced CMPS v3.2.3


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0
vBulletin Skin developed by: vBStyles.com
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2002-2010 by DCSportbikes.net. DCSportbikes.net is owned by End of Time Studios, LLC.