I have a bad-ass virus.
Bad enough that it deleted Spybot’s main DLL out from under me.
Bad enough that I suspect explorer.exe might be flawed.
Bad enough that I couldn’t run a reinstalled spybot until I booted into safe mode.
Spybot discovered it in safe mode, cleared it out, and I rebooted into safe mode again … where it found it again.
If I’m lucky, that did the job, but I don’t suspect I am lucky here, so! My question!
I need to turn a flash drive into a bad-ass virus killer. Do you have a favorite Antivirus that fits on a flash drive? Preferably one that provides a boot environment?
This is all my fault for being reluctant to update XP – I just hate how it pushes you into updating every little thing, and you can’t even run Windows Update without turning on auto update. Oh well, that’s what I get. :)
you should be able to go to the windows site and update from there with out the automatics ones…..i think…..
but, I’ve been know to use stinger, macfee, and superantispyware and haven’t had much of a problem.
Of course I also scan everything when I download it, and only read email and stuff as plain text…..
Three things:
One, you have malware, not a virus.
Two, assumably you have a name for the malware. Google it. Find out what others have said make it tick. Then remove it by hand.
Three, you can go into IE and select Tools –> Windows Update to manually update Windows.
Oh and use Firefox, you’re much less likely to get infected. You may find that you need to format and reload to get rid of it if it’s particularly nasty.
That is all.
One, it is an authentic virus, not just malware – specifically, a trojan horse. Just because it also has malware attributes doesn’t make it “just” malware.
Two, I do, I did.
Three, do you not think that was where I went to Windows Update in the first place? Windows Update, at that point, informed me that it could not do any updates until I enabled “Automatic Updates”.
Four, I use FireFox (and occasionally Chrome) exclusively. Like STDs, it is disingenuous to presume that a person has poor hygiene standards because they acquired a virus. That said, of course, if I had kept my computer updated, it is less likely I would be in this position.
Though my AV program updates on a daily basis. Apparently, I need to find another one.
One: Sorry about that, I didn’t think that Spybot fixed (or attempted to fix) anything other than spyware.
Two: Well then, how’d that work out for you?
Three: It’s just a bunch of click through crap for MS’s genuine windows authentication. It should cause no harm, or is it different? I’ll have to admit if it literally won’t let you through that is something new to me.
Four: Double-ouch! I find myself apologizing again.
Well, it was very late at night last night when I went looking for it, heh. I don’t recall the name, but I discovered it because Teatimer (spybot’s reg blocker) kept asking for permission from a name I didn’t recognize. I googled and saw most hits for the word were coupled with “virus” and similar words. Crap! So I went to run full Spybot, and found that it couldn’t find a vital DLL. Hmmm, suspicious much?
I started a scan of my AV, but it didn’t find it immediately and I was absolutely sure it was running in system memory, so I basically reinstalled spybot and ran it in safe mode twice. I left it running when I went to sleep last night, then shut down the computer and came to work – so I haven’t had much change to actually hunt down the trouble.
Fortunately for me, George had some time to clean it out and doublecheck it. I think I’m done using AVG, though, it should have blocked it in the first place.
Re: point three, Alas it wasn’t a request for genuine windows authorization, as it is a valid copy and I’ve done that before. It actually told me that I could not use Windows Update until I fixed one of three possible problems – one was a service that could have been off, and the other was that Automatic Update had to be on.
I was kind of offended at that, y’know?
As for the last bit, well, I am a geek and a former network admin (a decade ago, admittedly), and as such I react harshly when my technological savvy is impugned. :D No worries though.
bad ass-virus
Sorry to hear about your virus troubles. I don’t have much to add that’s helpful. Instead, I thought I would help distract you from your virus troubles with this:
Good luck disinfecting!
Try the MSRT, it’s been foolproof for me. It’s probably FakeAlert combined with some downloader or another, those two have been teaming up and coming in through malicious banner ad code for a few months now. Boot in safe mode, run MSRT in full scan mode, wait like two boring hours, it’s clean.
Thanks for the suggestion – I handed it off to my friend George earlier today (I’m training two people at once to do my job so I can have a vacation!), and he pronounced it thusly clean. If I run into trouble again, I’ll do so.
I will say that it is an ingenious combination of malwares, bent on making you pay for a particular antivirus program, according to Spybot.
Yup, definitely FakeAlert. AKA Renos, AKA SpyAxe, AKA Antivirus XP… I’ve had at least five machines behind a proxy get it, not to mention my own personal machine at home while using the Chinese version of YouTube.
Something along the lines of antivirus-2009? I just saw an infection of that at work, and it was a pain in the ass to remove. i wants to know the name of your malwares!
Hmm, I will have to see if I can look it up, it’s a little hard now that the system is ostensibly clean!
I had one once that wouldn’t boot up because the virus corrupted the explorer.exe. Couldn’t do anything much with it. I ended up renaming explorer then changing the name in the registry. Worked like a charm. Removed 4 viruses from the PC and the lady didn’t lose a thing. Come to find out she didn’t have anything anyway and it would have been quicker to just reimage it but it was fun at least.
Y’know, I thought maybe it did, too. You renamed explorer.exe and then changed the name in the registry? Tell me more. Were you able to boot with explorer renamed? Did you have to bring a new explorere.exe in?
When it happened to me I was able to get the blue screen of the desktop but no desktop. I ctl alt del and ran a new task. I renamed explorer.exe to explore.exe I think it was. Then ran regedit. I don’t recall the entire way to the key but this is part of it. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion I think it was run or something like that after it. I’m on a vista machine so I can’t check it.
I didn’t need to bring in a new explorer. I’m sure there are other fixes but that one worked for me.
Clamwin? http://portableapps.com/apps I’ve never tried it, tho I’ve heard decent things about it. Dunno about the boot-ness of it.
But, I see you’ve gotten rid of it, so have fun with portableapps anyway. It’s got some cool stuff. :)
linux or osx :P
:)
Someone’s a jerk!
Re: :)
that’s me! :)
Ultimate Boot CD for Windows
Download and make a UBCD for Windows. Boot Windows from the CD. Run whatever spyware, virus removal, or scans that you wish; some goods ones come with UBCD. When you’re satisfied that everything is clean, reboot to your hard drive. The nice thing is, the UBCD can never get corrupted; it’s read-only. Even if the malware gets into memory again, you can always reboot to a known-good UBCD.