Question:
Does anybody have knowledge about viruses and malware? I need help badly!?
anonymous
2013-05-26 19:23:15 UTC
About a week ago I downloaded some anti-virus programs because it seemed as if I was being DNS hi-jacked (my browser was being directed to random ad sites regardless of links I clicked) and I ran them both (Avira and Microsoft Essentials) and they both came up with nothing. A day later, I attempted to log onto my computer but as soon as I did a giant window came up on my screen displaying an alleged police website stating that I was locked out of my computer due to committing a crime that they had listed and the page declared that I must pay $100 within 3 days or face criminal charges. I am not able to do anything whatsoever to get out of it, other than log off. Luckily I could log into my guest account which for some reason is unaffected. I looked it up and it turns out it is called the Reveton virus and is also known as ransomware. I managed to install Malware Bytes on the guest account which has found the virus multiple times and quarantined it but the deletion fails every time and it still happens when I log into my main account on my laptop. Now as I am typing this Malware Bytes is also repeatedly stopping another virus which it lists as Trojan.MS and it's a file named 2.iwzd.dat but it won't let me delete it and attempts with Malware Bytes are unsuccessful as well. It has detected and quarantined the latter virus roughly ten times in the last half an hour, with them all originating from the same (apparently undelete-able) location in my ProgramData folder. Could somebody please help me with this? It seems all my attempts do absolutely nothing and I'm not sure what else to do at this point. Sorry for the long read and thank you in advance!
Seven answers:
anonymous
2013-05-26 19:39:20 UTC
Rather than keep messing around with ones that are picked because they are free, I'd spend a few bucks and get the best. That would be Norton Internet Security. Install in using the guest account and report back here with the results so we can go further with this.



Additional: Since you can easily restore the machine, that might be the easiest route to take. I'd still try Norton since you should have it anyway. If it works easily, fine. If not, do the restore and then install it to stop this from happening again.
?
2016-08-29 06:54:18 UTC
2
anonymous
2014-08-15 16:03:36 UTC
You can download Ccleaner here : http://bit.ly/1t3jm44





To start with open Ccleaner



To make this concise, beneath is my suggested setup:



Under web pilgrim check provisional web documents, treats, and last download area. Most clients don't generally require this stuff. keep history and bookmarks unchecked, history is a possibly, however you would prefer not to lose bookmarked locales.



Run Ccleaner and it will begin erasing documents.



a while later it will give you an arrangement of the documents erased, you truly don't have to experience it as it will be a few pages long.



The registry cleaner is proposed for marginally more praiseworthy clients. Use it in the wake of uninstalling projects as they will regularly abandon erroneous registry sections.



In the event that you choose to run Registry cleaner then audit the things identified and constantly move down the registry (I keep an envelope aside for this)



The Tools tab gives you a chance to uninstall projects and set startup programs. Why do you require this if Windows has these peculiarities? Particularly with Vista Home Ed. The windows safeguard programming wayfarer( startup programs) doesn't get a few sections (however programming adventurer is less demanding to utilize).



Utilizing Ccleaner to uninstall projects and after that check for remaining registry passages takes less time.



Under Options you can decide how Ccleaner cleans your records. I allow this to sit unbothered.
DonnaB
2013-05-26 20:02:47 UTC
Unfortunately, having access to the guest acct. isn't going to be much help if it doesn't have admin privileges and will not accept the admin password when you go to try and download anything.



Are you able to boot to the Advanced Boot Options menu and choose Safe Mode with Networking then access your admin acct?



Sorry, can't help you much further since I took and oath to refrain from removing malware without the guidance of my instructor till I graduate the course in which I am taking.



If the above solutions that the other memebrs have provided do not help, find someone who is experienced with PE (pre-installed environments) to access your system and remove the ransome trojan that is holding you hostage. Otherwise, it might be best if you took the computer to a reputable tech shop in your area and have them cleanse the infection.



More than likely a backdoor trojan may have been part of the "payload" that has been dropped from the trojan dropper and you will need to disconnect this computer from the internet immediately. If you do any banking what so ever on this computer, contact your financial institutions and let them know that your computer has been compromised and you need to change your passwords and logon information. You'll need to do this for all acct, sites that you access where you have documented and used your passwords. Please do this from a known clean computer to prevent the passwords from getting back to the blackhats that created this infection.



EDIT: I see you have edited your post to add more info:



Do you have the recovery discs handy? If so, then YES! In your case I would definitely restore back to factory settings. If not there are a couple ways to access the recovery partition. Following is a link that discusses 2 ways to do so:



http://en.kioskea.net/faq/4811-toshiba-laptop-reset-to-factory-settings



I'm walking away from my computer, if you need more help send me a message and I'll edit this post to add more instructions if needed.
Jordan
2013-05-26 19:40:39 UTC
If MalwareBytes is successfully finding the malware and is unable to delete it it's probably because you're using the guest account. Run the program as an administrator (right click > run as admin) then do the scan again and it should delete.



If still no luck, boot Windows into safe mode. Run the scan again and see if it can delete. If it won't delete you'll have to manually delete the file. MalwareBytes should show you the directory the file is saved in. Just go to it and delete.



If that still doesn't work you will have to force delete it with command prompt. To do this open CMD then type:



del x:\file\directory\file-name.extension



Where x = drive



example:

del c:\Users\Username\Documents\virus.exe



You can also use wildcards to delete multiple files like this:

del c:\Users\Username\Documents\*.* will delete all files in Documents or

del c:\Users\Username\Documents\*.exe will delete all executable files in documents
Needful Sinner
2013-05-26 19:34:10 UTC
Do you have a system restore disk, I'd be F-disking my computer and taking it back to factory specs.



You could try an online scan from a reputable security provider, eg:

(this is the virus allows you, often they are designed to disable scan attempts)



"Scan your PC to detect and remove malware, viruses, and spyware in one click. Free download with no registration required."

http://www.eset.com/us/online-scanner/

"Virus Removal Tool is a utility designed to remove all types of infections from your computer. It employs the effective detection algorithms used by Kaspersky Anti-Virus and AVZ. It cannot substitute a resident antivirus application."

http://www.kaspersky.com/virus-scanner
TWB
2013-05-26 19:33:53 UTC
First thing to try is to run RKill. The first link below discusses how it works. The second discusses some of the viruses it will remove. You will need another puter to download RKill and malwarebytes. You will need both of them on thumb drives or DVD. Read the instruction carefully



http://www.bleepingcomputer.com/forums/topic308364.html



http://www.bleepingcomputer.com/virus-removal/



http://www.malwarebytes.org/



If all else fails you will need to try to recover your data and files. Go to the link below and read on how to download a Linux Live CD to boot the system to recover what you want. If you have a Windows 8 puter then you need to turn of secure boot before using the CD. The live CD will also allow you to check out the rest of the puter. It helps to have a thumb drive or a external drive to copy your data and files to.



http://www.howtogeek.com/howto/windows-vista/use-ubuntu-live-cd-to-backup-files-from-your-dead-windows-computer/



After you get your data backed up and you have a brand name puter and a recovery partition then you can use the link below to get to the BIOS menu to restore it back to factory settings. When you press the power button start tapping the F key that is for your puter and the BIOS menu will open. Select the recovery and it will set your puter back to factory settings. Depending on your puter this will take one to two hours.



http://www.sevenforums.com/attachments/tutorials/194993d1327525063-usb-windows-7-installation-key-drive-create-boot-menu.png


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Continue reading on narkive:
Loading...