Sign in with
Sign up | Sign in
Your question

Viruses nuked my new machine

Last response: in Applications
Share
June 2, 2009 12:42:32 PM

I downloaded this and when I unzipped it my virus shield went crazy, completely failing to protect against the contents, which started propagating rapidly and kept turning my firewall off. Antivirus then recommended I restart and do a boot scan. I did so and it found and moved one virus, but when I tried to log on to Windows the infection turned out to be so bad it was stopping me logging on. So much for avast!

I have a Samsung NC10. It's a few days old and currently I can't even log on to it. What are my options? How do I start it in safe mode given it skips the boot screens?

More about : viruses nuked machine

June 3, 2009 2:35:25 AM

I have restored the machine to a usable state but malware remains and as of now it seems impossible to remove. I can't even tell what it is. But I have run S&D, Malwarebytes and Superantispyware and all have failed. Its symptoms are:

-I cannot install AVG
-I cannot install avast! or access its website
-I cannot access Avira's website
-I cannot use ComboFix
-I cannot use Chrome with sandboxing
-I am blocked from various security-related pages

Is the only solution to clean install?
June 3, 2009 12:40:57 PM

Re you not able to use the F8 key during boot time to access the safe mode menu? Never use msconfig to force safe mode boot, this can cause boot loop when dealing with malware.

If you can get into safe mode using the F8 method, run malware bytes antimalware from there.

Can you post the MBAM and SAS logs. You can retrieve them when you start the programs up.
Related resources
June 4, 2009 1:57:42 AM

Well here are the results of a OneCare scan:

PWS:Win32/Stealer.M
PWS:Win32/Zbot.PG
TrojanDownloader:Win32/Orbitel.gen!C
VirTool:Win32/Obfuscator.ET
VirTool:Win32/VBInject.gen!AV
Virus:Win32/Virut.BM [in some 3000 places]

So it's Virut. The consensus seems to be that my only option is to format and reinstall. I won't lose any data doing so.
June 4, 2009 2:14:36 AM

The Virut virus is a nasty one. It inserts malicious code into as many executable (.exe) and screensaver (.scr) files as it can.

I have seen a few successful Virut disinfections @ computing.net... but a few among alot to be honest.

As time goes by with this infection an AV program can detect it, but when it is unable to disinfect the file(s) the next step is to delete, slowly diminishing the functionality of the OS.

If you have no important data on the machine it probably will be better to format and reinstall the OS. It also has backdoor properties which makes an OS reinstall that much more favourable.

As this virus is selective about how it infects a system it should be safe to back anything up the doesn't have the .exe and .scr extension. If you do this, as a matter of safe computing practice remember to scan any files you wish to transfer back to the new install.
June 4, 2009 4:09:21 PM

Yes, I have disabled autorun so the flashdrive won't carry anything over.

I'm going to try Ubuntu's netbook remix.
June 4, 2009 4:58:05 PM

Wait, wait: I have a new problem. I am baffled. The desktop PC in my house which is on the same router as the infected netbook has now developed similar symptoms: that is, I cannot log on to desktop out of safe mode. How the hell did this happen? The netbook had literally no contact with the PC except that it used the same router. The only other common factor is I had just installed avast! on both when I began to get problems. avast! is now detecting viruses in the memory. This is unbelievable.
June 5, 2009 3:25:36 AM

Because they are both on the same network, apparently the virus passed through your network to your pc:( .
June 5, 2009 6:50:45 PM

So the important question is: will it have stored itself on the router somehow (in which case I will need to reset the router) or did it merely transmit itself from the netbook to the PC while both were on the network?

Should I reset the router just in case?
June 6, 2009 12:53:35 AM

I doubt it is in the router, probably just on the 2 machines.
!