Virus shuts down computer before protection software can get rid of it

Status
Not open for further replies.

keri22421

Honorable
Jul 18, 2012
2
0
10,520
How do I isolate or get rid of a virus that shuts the computer down before the virus protection software can get rid of it?
 
Solution
Restored to a previous date but problem persists. Tried it in Safe mode and it isolated and removed the "threat" but when I rebooted it was back again. No idea where to go from here.
are you seeing pop ups or is your antivirus reporting a virus. let me know what the name of the prorgram that is poping up is called (ie antivirus 2012) or what name your antivirus is giving it and i will be able to give you step by step directions.

because ther are many types of virus there is no simple one tool answer.
(ie polymorphic, multipartite, phage....ect)
 

Blahman11

Distinguished
May 23, 2011
205
0
18,710
Now I have little experience on viruses as I haven't had many. You could try and delete where the virus resides on the hard drive but it probably hides itself. You could try using system restore to restore it back to the time before you got the virus. It'll still be there but will be 'neutralised' and not work (worked with a virus I got that couldn't be deleted by the antivirus). If that fails try and back up what you can and wipe the drive. That's a bit heavy handed but it'll get rid of it
 

neieus

Distinguished
Simply start the computer in safe mode, disable system restore and run the scan or remove the virus that way. Running in safe mode allows windows to run with the minimal system drivers needed which means the virus won't be able to start. Once you have cleaned your system you can restart in safe mode again to scan your files and once you are sure the virus is gone start the system normally and enable system restore again if you use it. If you run in to problems removing the virus itself post information on that virus in the chat so we can assist.
 

keri22421

Honorable
Jul 18, 2012
2
0
10,520
Restored to a previous date but problem persists. Tried it in Safe mode and it isolated and removed the "threat" but when I rebooted it was back again. No idea where to go from here.
 
Solution



if it isolated and removed the threat its either

A) It missed the virus
B) There's another file that allows the virus to be recreated
C) The shutdown is not caused by a virus
 

rgd1101

Don't
Moderator


Can you tell use what this "threat" that got remove? It should have a name or something. And which virus protection software you are using?
 

neieus

Distinguished
1 Start in safe mode
2 Scan the system and remove threat
3 delete any files associated with the virus
4 delete any registry keys associated with the virus

You're going to have to look up online to find out what the files are called and where they are stored. As mentioned before you will need to do all of this in safe mode because doing it in Windows normal mode isn't going to work. I also mentioned before you need to disable system restore before you do any of this and if you for some reason decide to use system restore after you have done all this you will only end up placing the virus back on the system which completely defeats the purpose of removing the virus in the first place.
 
disabling system restore may not even help. neither will deleting all but last restore point if it's replicating from there. possible to delete all restore points ?

go into msconfig and stop all programs that need not run on start up/get program to scan boot sector too. ........ you can try online norton scan if they still have those. who knows ?

 

wavetrex

Distinguished
Jul 6, 2006
254
0
18,810
I suggest putting the harddrive into another computer which has installed an updated Avira antivirus, then run an enhanced scan on that HDD. It appears to me that it's the best software to use on such cases.

If it's a laptop harddrive and you can't remove it, the only way is to run from a rescue CD as suggested, and scan/clean the harddrive.

In any case, don't even attempt safe mode or other in-the-system methods, because they don't work. They never work (unless the virus coder was a retard...)
 

shanky887614

Distinguished
Feb 5, 2010
1,258
0
19,360
if its an xp pc

combofix fixed the same issue for stepdad a little while ago


run it in safemode


if it doesnt run in safemode then it might be in your program startup


go to run then

type msconfig


untick anything that looks fishy, had a couple viruses that have added themselfs to this list so they autoboot up on startup


 
Listen to Brett! Or at least to his method, even if you prefer a different product (e.g. McAfee or Kaspersky). Viruses typically replace Windows system files, which is why starting in Safe Mode may not make Jack Squat of difference. Part of your process may include using SFC /SCANNOW, after booting with the antivirus CD, but that is also no guarantee.
 


Why are you telling him to buy something without further investigation? yes its a virus but there are also free good programs that can get rid of the problem.

Avira rescue cd, kaspersky rescue cd, malwarebytes, running antivirus with a linux cd, there are loads more.

Not trying to bash you but you seem to jump the gun on 99% of your posts.
 



Hi :)


Jumping the gun ...maybe...OR knowing PRECISELY what I am doing.....you choose....

I wont argue, I fix the damn viruses...EVERY day.... and NORTON IS THE BEST ...and YES I have tried them all....

All the best Brett :)
 


Uhm, alright... But don't you think it would be more prudent to put 2 free bandages on a cut before resorting to buying a 50 dollar gauze pack?
 

wavetrex

Distinguished
Jul 6, 2006
254
0
18,810
He probably works for Symantec.
If I read the rules correctly, advertising is not allowed here in these forums...

Quote: "Avira rescue cd, kaspersky rescue cd, malwarebytes, running antivirus with a linux cd, there are loads more." - That's the way to do it... not BUY stuff.

Good luck keri !
 



Hi :)

No, I dont work for Symantec or anyone else, most people here on Toms know that I own some Computers companies in the UK....

Yes I sell Symantec products in my computer shops, but we also sell thousands of other things...

And I make it a point to NOT advertise ANY of my companies here.... as any Moderator will confirm if you ask them.....

And I do not like anyone , including you, impugning my integrity....

All the best Brett :)
 

unoriginal1

Distinguished
Apr 11, 2012
1,529
0
19,960
wavetrex wrote :

He probably works for Symantec.
If I read the rules correctly, advertising is not allowed here in these forums...


I believe the forum rules also state to attack the *idea* not the person ;). Kinda the pot calling the kettle black here aren't we?

Brett your advice is spot on, so is the advice of using free software.
 


You sure do pull that "I manage pc shops so I know everything and my word is absolute" card a lot.

I could care less what you do for a job, it doesn't mean your choice of product is any better than my choice of product. You basically were advertising when you said "Norton IS THE BEST" when in fact its most likely a false statement with no factual evidence to back it up. It is simply an opinion, and one that would have cost this user 50 dollars over some cheaper alternative that would have worked just as well (free really).

I don't see why you are so opposed to giving people a free alternative.

Edit: in an attempt to make this a bit less rude, I try and think of myself in the customers shoes, I sure as heck wouldn't come back to this website if some guy told me to spend 50 bucks on a piece of software and it didn't help but then I go an try some free software a friend tells me to try and it works like a charm.
 
Status
Not open for further replies.