jbstacyg
asked on
Nasty virus
I have several viruses on my computer. only way I can use my computer is in safe mode. What is the best virus removal software I should use? I know there are good free ones out there. As a matter of fact, I have norton on my system and it said I had to manually remove it.
1) The 2 WORST AV programs out there are: McAfee & Norton! Dump it!
2) I usually have success attaching the drive to another GOOD PC and doing a complete scan with the following TWO tools:
Microsoft Security Essentials, and
Malware Bytes AntiMalware...
3) If they have difficulties with removal, there are some "heavy hitter" tools I use next, but they require a bit of expertise to use... The main thing is that, once the drive is scanned without having been booted from, it won't have a chance to load and mask the baddies before the OS!
2) I usually have success attaching the drive to another GOOD PC and doing a complete scan with the following TWO tools:
Microsoft Security Essentials, and
Malware Bytes AntiMalware...
3) If they have difficulties with removal, there are some "heavy hitter" tools I use next, but they require a bit of expertise to use... The main thing is that, once the drive is scanned without having been booted from, it won't have a chance to load and mask the baddies before the OS!
ASKER
the virus was:
zeroaccess rootkit activity 4
zeroaccess rootkit activity 4
ASKER
i am running spybot search and destroy right now. is that a good tool?
Spybot is good for spyware, but not so good for viruses...
Actually, Symantec (vendors of Norton) have a removal tool here:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixZeroAccess.exe
However, if the virus on your PC prevents it from running, things are a bit more difficult.
It would be prudent to back up your data before continuing, while you can still access it.
Slaving the drive to another computer as n2fc suggests is an excellent idea, if you have one available.
Actually, Symantec (vendors of Norton) have a removal tool here:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixZeroAccess.exe
However, if the virus on your PC prevents it from running, things are a bit more difficult.
It would be prudent to back up your data before continuing, while you can still access it.
Slaving the drive to another computer as n2fc suggests is an excellent idea, if you have one available.
By definition, there can't be a "best" AV package. Not all AV software can protect against any specific virus, and some viruses can bypass specific AV packages.
You want to be immune? Then stop downloading stuff and going to the types of sites (you know what they are) that serve code that tries to hack into your machine.
Free AV code? Really now, you get what you pay for. Unless this is an open source community AV, then look out. Also remember that the people who create viruses also have access to the same source code.
You want to be immune? Then stop downloading stuff and going to the types of sites (you know what they are) that serve code that tries to hack into your machine.
Free AV code? Really now, you get what you pay for. Unless this is an open source community AV, then look out. Also remember that the people who create viruses also have access to the same source code.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Since you are in safe mode, first thing to check that the viruses do not have their hooks in the system.
Msconfig
Check the prefetch to make sure it is not there.
Younghv has a set of articles which I think include the references compprobsolve included with some additional overview.
https://www.experts-exchange.com/M_3628488.html
The other part to check is to make sure the virus is not part of the ie addons.
When booting in normal start start IE with extensions off
Then check the addons to make sure the ones there should be there.
Msconfig
Check the prefetch to make sure it is not there.
Younghv has a set of articles which I think include the references compprobsolve included with some additional overview.
https://www.experts-exchange.com/M_3628488.html
The other part to check is to make sure the virus is not part of the ie addons.
When booting in normal start start IE with extensions off
Then check the addons to make sure the ones there should be there.
ASKER
was able to pull the drive and save all my critical files. wiped the drive and put a fresh copy of xp on there. its an outdated copy (SP1). now i have outdated drivers so i cant connect to the internet.
At this point this question is mute?
With the approach you have chosen, you will have to find the appropriate drivers with another computer and install them on your computer or load them with a disk that may have been provided with your computer.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When I'm dealing with such problems I sometimes find that the time taken to remove every threat on a computer would exceed that needed to back up critical data, reformat the drive, and re-install Windows.
Also, the line between viruses, scareware, malware and other threats is becoming increasingly blurred, making it difficult sometimes even to identify what kind of infection you're dealing with.