Solved

HP Vista infected and practically nothing works except https:/g

Posted on 2010-09-06
24
610 Views
Last Modified: 2013-11-22
Practically all functionality is shut down: firefox, chrome , Word, Adobe Acrobat reader, etc.

I can do https://, mostly just gmail.

Somehow "Security Suite" got in the PC. It scans as an eval copy but you have to purchase, and its expensive ($50 for 3 months ). Plus the site to purchase this comes up ok in IE.

I think the virus got on there via online games or something like that.

I can probably re
store to store-bought condition, them reload software. Plus make sure I have adequate protection this time. But if there's something quick I can do, I'll give it a shot.
0
Comment
Question by:Alaska Cowboy
  • 11
  • 5
  • 2
  • +5
24 Comments
 
LVL 6

Accepted Solution

by:
sagiamar earned 25 total points
ID: 33613264
try to run malwarebytes and combofix

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html


http://www.combofix.org/


also when downloading the files change the file name... some viruses block the files by name..
0
 
LVL 5

Assisted Solution

by:Da_Pirate
Da_Pirate earned 25 total points
ID: 33613273
Nothing you can do ( id you have a Ubunto CD you can log on from it and collect all your important files )
then you will have to reinstall windows or use the Recovery DVD's
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 33613312
Thanks, I inadvertently posted this twice from mobile device. I will review and try to get this solved.
0
 
LVL 6

Assisted Solution

by:rknetwork
rknetwork earned 25 total points
ID: 33613317
This free utility should definetely help you:
http://www.freedrweb.com/download+cureit/?lng=en
you may download it to a flash drive, then start VISTA in a Safe Mode and launch it.
0
 
LVL 91

Assisted Solution

by:nobus
nobus earned 50 total points
ID: 33615381
i think  you're best and safest going the way you thought : restore it to factory settings.
0
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 25 total points
ID: 33615970
Try HitManPro:


32 bit:
http://dl.surfright.nl/HitmanPro35.exe

64bit:
http://dl.surfright.nl/HitmanPro35_x64.exe

If that fails then try Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the logs for further analysis

Sudeep
0
 
LVL 30

Assisted Solution

by:mtz1of4
mtz1of4 earned 75 total points
ID: 33616498
I'm with nobus on this one as you indicated previously you didn't know how to start WindOws inSafe Mode, However I would confirm you Have Good Backups of your important data Before you start restoring to Factory condition.
Some things you might not want to lose,  Favorites or Bookmarks, Emails and the settings,  My Documents, My Pictures (don't lose the pics!!!!)
0
 
LVL 14

Assisted Solution

by:nltech
nltech earned 25 total points
ID: 33616519
That is a ROGUE APP -- DO NOT BUY IT.

If it's the "Security Suite" rogue app that's been spreading lately, you will likely need a combination of ComboFix, MBRcheck, TDSSkiller and Malwarebytes (and then some) to get rid of it.

A full, destructive factory restore would be a lot simpler.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 33651327
All, thank you for the tips, I apologize for not posting updates.
Right after the computer in question got infected, I brought home a similar computer from the repair shop, it had lost its hard drive and they re-installed original Windows Vista, which I'm on now, and things are happy there (which is what I'm on now0
On the infected computer, it was a nuisance type virus, it walked through all applications bit by bit and shut them down, even notepad. For a while Opera browser was working but then it couldn't get to the internet.
So I plan on just restoring, but a couple of questions:
- what about the files, should I assume they are (or are not) infected ?
- what about files on an external hard drive that I had connected and was mostly turned on ?
- is there any way to determine what exactly is the virus ?
0
 
LVL 91

Assisted Solution

by:nobus
nobus earned 50 total points
ID: 33652279
the best is to connect this disk to a protected pc, and scan it with these :
    Spybot :        http://www.download.com/3000-8022-10122137.html
http://www.malwarebytes.org/mbam.php                         MBAM
http://download.bleepingcomputer.com/sUBs/ComboFix.exe            Combofix
http://www.spychecker.com/program/hijackthis.html                                       download
http://www.hijackthis.de/index.php?langselect=english              check the log
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 33652743
nobus, thanks, I'll give it a try.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 30

Assisted Solution

by:mtz1of4
mtz1of4 earned 75 total points
ID: 33652800
Are you comfortable taking the hard drive out of the computer?  If yes, then you could remove it, connect it to the clean machine AFTER installing all the software you want to run on it to see if you can scan and clean it.

You should also be scanning that external drive.
I would also recommend grabbing an antivirus as I haven't seen one recommended or listed as installed.
These three, AVG and Avast and Avira have free versions, MS has their free Security Essentials.  You need to have something on that clean Vista machine.  I would hope your repair shop sold, gave, installed something on that machine.

http://free.avg.com/us-en/download-avg-anti-virus-free
http://www.avast.com/free-antivirus-download
http://www.free-av.com/en/download/index.html
https://www.microsoft.com/security_essentials/
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 33652838
mtz1of4, thanks a lot
great idea on removing, yes I can do that, I already have an external drive that is just a case on a HD.
I just went with Norton (internet security, v 16.0.0.125), it was on my other machine that was just cleaned with restore disks (it's not bad either, $60 a year for 3 machines and now I'm on a 60-day trial).
so I connect the external drive to my clean machine with Norton, via USB. The machine recognizes it as a device and such, and then Norton says, "oh look, I better do my thing on this new device, let's roll !"
and with this method, would it clean the bad drive from the machine in question such that I wouldn't have to wipe it clean with the restore disks ?
0
 
LVL 30

Assisted Solution

by:mtz1of4
mtz1of4 earned 75 total points
ID: 33652884
Possibly.
What I do is NOT RUN just ONE AV program on an infected hard drive.  These viruses can be tricky and there isn't just One Antivirus program that can catch them all, that is why we have been listing multiple programs.    Disable Autorun on your USB drives before connecting the infected hard drive.  Go to http://support.microsoft.com/kb/967715 , scroll down to FixIt for Disable Autorun.

You will definitely want to install MalwareBytes as sagimar first offered. I would also recommend SuperAntiSpyware.  


Here's a page for cleaning windows machines.  http://securitytango.com/windows.php

It can be tedious, but you'll learn a lot.  I would recommend downloading, installing any updates, before attaching the hard drive to the clean computer, then disconnect from the Internet, just as a precaution, however, if Autorun has been disabled, the external should not be able to activate any software automatically.

If you know you have a good backup, reinstalling might be faster.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 33652945
Ok, thanks again. I have to mull this over.
Is there any way I can determine what virus I was hit with and try to read up on it ? That might help me decide which way to go.
0
 
LVL 30

Expert Comment

by:mtz1of4
ID: 33652975
not really,  the different AV companies call them different things sometimes, so even if Norton told you it was a beagle virus, AVG might call it a trojan worm.  

Have you Googled "Security Suite" to see what it tells you about IT being a virus?
The key at this point in time is to not let your clean machine get infected, so no sharing USB thumb drives if you can't physically lock them to Read Only.  Most thumb drives do not have this switch, however some Memory cards for cameras (SD cards anyways) do have them.  
I turn them on in the clean machine, put my AV programs and updates on them, then remove them from clean machine, Lock to Read Only, then I can install those programs on bad machine, IF the virus lets me install.
I typically remove the hard drives and attach them to the clean machine though, but the above is a workaround if you're not comfortable.

Consider it a learning experience.  You have a clean machine, so if you run into issues, you can always Google the exact error message, or come right back here.  Keep good notes though, screenshots, digital camera even.
Exact Error Messages are crucial to finding fixes.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 33652987
mtz, ok, good, thanks so much. I need to do something to at a minimum recover the pics and make sure the external that was connected to infected machine is ok. I'll have to pick this up later today.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 33662257
Ok, one more question and then I think I'll close this out, as you've really answered my question. I think it's going to be awhile before I get around to this, as having the PC is not critical for the moment (my son is away at school).
so, what happens if I copy a couple of files from infected computer to flash drive and then put them on clean computer that has Norton running ? Will Norton say, "oh look, here's a new file, let's run it through the virus-checker "?
I know that sounds like a dumb question . . . although I work as a software developer (in a larger organization), I still am kind of puzzled at how anti-virus software works, from a user perspective.
So, when I put the flash drive in a USB port, would Norton immediately check everything on the drive ? If so, then Norton recognizes a "foreign object" and then does its thing ?
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 33717120
closing this out now, sorry for the delay. Most likely I will just re-install Vista, I have the Recovery Disks.
still looking for an answer to above comment, "so, what happens if I copy a couple of files from infected computer to flash drive and then put them on clean computer that has Norton running ? Will Norton say, "oh look, here's a new file, let's run it through the virus-checker "?
I know it might be risky, but my sense is this virus was a nuisance one and didn't infect the data files, only the executables.
Thanks.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 33717210
not sure why this didn't close out properly, I assigned points. Checking with moderator.
0
 
LVL 30

Expert Comment

by:mtz1of4
ID: 33717617
yes, Norton should scan those files just fine. you could even have Norton scan them while on the flash drive.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 33717653
mtz, ok, good, thanks, I'll start with that.
still not sure why this question didn't close out cleanly, I awarded points in the normal manner, as far I as can tell.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 33717709
Thank you, _alias99
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Automated IT tasks 4 108
Ransome Ware Question 10 124
Checkpoint Endpoint Managment 3 46
How do I determine the virus in this email? 5 73
PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now