PC Question
This morning i booted up my PC and was checking my emails when a pop up appeared (which looked like a Windows 7 program) that scanned my PC and said 'Your computer is infected!) it said i had something like 30 trojan horses in my hard drive and 200 suspicious programs. If i had 30 trojans wouldn't my PC run mega slow/crash? Anyway when i exited the program a box appeared that said 'Do you wish to run, save, or cancel this program?'. I hadn't selected anything. I thought it strange so i ran a virus scan than picked up 1 harmless trojan and a spyware scan picked up nothing.
Is this some kind of scam?
Is this some kind of scam?
Post edited by zx1 on
The trouble with tribbles is.......
Comments
scan with malwarebytes anti malware http://majorgeeks.com/download.php?det=5756
It had gone away on the startup, but I still CCleaner'd the mofo afterwards.
i got that too a while ago, it didn't even clear on start up, had to re-install windows. luckily it was my lappy, so dont have any files on there.
unfortunatly, my pc bolloxed up a few weeks later in a seperate incident, and thats when i lost all my files. :-P
You're fecked, FORMAT !!!!
https://discordapp.com/invite/cZt59EQ
There isn't a file called System32 in the Windows folder, :p
reboot ya pc in safe mode and scan.. it'll prolly pick up a load of malware / fake warning type software.. get yaself some decent security if you haven't already
the worst pc I ever cleared out had 35 trojans on and 60+ viruses and it still booted.. it was a business computer.. problem with that was , it was being used as a zombie to mass mail the company clients links to pr0n sites.
http://www.filehippo.com/download_spybot_search_destroy/
http://www.filehippo.com/software/antimalware/antispyware/
i had a bad trojan and spybot / avg wouldnt find it when i pointed em to it, avast / malwarebytes did, cleared it eventually
and... when that doesnt work. FORMAT....
I don't really fancy formatting my hard disk (again!).
Excuse me, i'm too drunk too answer my own question. I'm off to vomit.........
Of course if you follow the link then all sorts of nasties can ensue but the machine was clean. (she had the good sense to give me a shout, you could see the false links embedded in the web page and this was a very respectable supplier)
I would still scan the machine with 3 different Anti virus packages (non are anything like foolproof) to make sure but if you haven't followed the link then your machine probably isn't infected from just the warning. Recent research does say that your machine is probably infected with something but that is a different matter.
and you saying scanned in safe mode with sys restore off ? spybot finds more in safe mode.
thats the only SURE way to make sure that the cack is off the machine.. I used to use avg, but with a newer version I found it to be very bloated.
besides, your chatting about avg.. what about vcleaner ? if your saying you didn't use that.. then you didn't use avg fully...
not everything can be shifted with solely a virus killer thats why there is vcleaner / stinger and many more things are around.
in an ideal world people would have 2 drives, 1 data , 1 system.. or at least 2 partitions.. that way system drive is easy to bring back and the data drive , well you could bring back on another clean system.
No its not. Not at all. That is plain wrong.
Firstly there is no sure way. All public AV products (anti virus, anti spyware etc) rely on signatures which are always out of date. Even if you downloaded the latest update 10 seconds ago it is already out of date. Heuristics (and also sandbox emulation) are not 100% reliable either so the bottom line is quite simple. There is no such thing as a 100% reliable AV product. Snake oil is a term frquently used.
The best way is to create an AV boot disk (most products will let you do this, AVG's rescue disc for example) and boot the machine from that. Even in safe mode a nasty can already be active. If you allow windows to become active in any way there is already a good chance you have lost the battle.
The only sure way is a full disc format. Not what you want to do.
Another goodie is ccleaner for getting rid of cookies, registery problems, cleaning up temporary files and uninstalling programs. It's free from filehippo.com.
Finally WOT (Web of Trust) is a good thing to install if your anti virus does not rate the safeness of sites in google search. WOT displays RED for danger, Orange for SUSPECT and GREEN for okay. WOT is a plugin for Firefox web browser.
is it , why ? because stopping the registry from starting in safe mode is basically stopping it from re-spawning and allowing it NOT to be untouchable (i.e. hiding in that or sys restore)
appart from anything like that wanting to infect as many files as possible it's other task it to re-spawn..otherwise why would would so many AV companies also have separate EXE's and not just solely the AV scanner.
if your telling me that certain things can be removed without using safe mode (or a boot disc as you say) then I'll disagree with you.
for people to say "oh I used an av scanner and it didn't find something" fair enough ... IF they have tried all the extra exe tools that are with it.
they all try to do that though, to make you think something is up and it's official or to mask that it's doing something.
NOTE - The registry runs - although that is totally irrelevant to a number of Trojans and root-kits, they are loaded far before the registry even kicks in.
I'm not sure where you got that definition of Safe Mode from but it's horribly out of date, it's referring to the 9x line of Windows and almost all of it is utterly irrelevant to NT based versions of Windows regardless of whether they're in safe mode or not.
That said, the Registry loads in both Safe Mode and a normal boot, it's just that in Safe Mode device drivers and services not marked as suitable for Safe Mode don't load (it's trivial to mark a service as starting in Safe Mode so it's zero protection against viruses).
Any half decent anti-virus tool can work as effectively from an ordinary boot as it can from Safe Mode, if it can't clean up the machine under normal circumstances then a format and reinstall is really the only option.
Of course good practice is to run your virus scanner continuously with up to date definitions, so that infected files are removed long before they get to damage your OS.
Technet
My point is that the registry is irrelevant to a virus which can easily be written to run without it and can be active long before the registry loads.
Safe or normal mode as you say shouldn't make any difference but I don't agree that all is lost otherwise why would all the major AV companies provide a boot disk which can work without launching windows at all. The fact that windows starts to boot at all is frequently enough to embed some nasties and the only option is then negate the issue by booting into either a PE or frequently mini linux environment from non writeable media. See Norton, AVG, Kaspersky and others for examples.
I agree this is best practice but maintain that signature based AV products are fundamentally flawed as they are purely reactive. I would also say that a very rarely followed piece of good practice on a Windows box would be to run as a User and not, as almost everybody does, as an Administrator. At least this means that undetected nasties have to do some privilege escalation to embed themselves which is another barrier you can add at no cost.