I had a malicious virus attack yesterday. It completely took over every aspect of my computer's functioning. It even prevented me from booting up in "Safe Mode".
I found out that if you have a USB keyboard, the virus gets on the beginning side of your boot up sequence and will prevent you from using windows components that could help you out of the mess.
Fortunately, I was able to find and old Emachine keyboard with the traditional connector in back of the computer which is in the beginning part of the boot up sequence and is in front of the virus.
This enabled me to get to a "safe mode" start up. I ran the full expensive version of "Computer Associates" virus scan software which reported no viruses.
On the advice of a friend, I downloaded the free "MalwareBytes" software on another computer to a memory stick. I then placed the stick into the infected desktop, executed it, and scanned my drives finding the 3 infected files. Apparently this "Trojan horse" is making the rounds and gets through a lot of firewalls.
Did you find out the name of the virus and perhaps the "best" program to catch it before it gets on the machine?
I Had That Two Weeks Ago
It just kept creeping in. Drove me nuts. Took it to a shop, came home with a bigger hard drive.
Paul in PA
> Did you find out the name of the virus and perhaps the "best" program to catch it before it gets on the machine?
As best I can tell the name was "Trojan Agent" and two variations of that name. I am now a believer in Malwarebytes for detection. I had real time protection turned on in my Computer Associates software, but it obviously didn't work.
The virus appears to start a scan of your computer in typical fashion and immediately comes up with fake files with names that would probably put the owner of the computer in jail if they were real. It was a real shocker!
Thank you for the info so I can be on the lookout for it.
Merlin, was it the Free version or Full version of Malwarebytes that found the virus?
The only reason I ask is I had a virus attack my PC last summer and I nor the IT guy at work could find it, even with Malwarebytes.
I was able to boot up in safe mode though so I could at least reformat my HD and OS.
Rob
It was the free version. My friend, an IT guy, told me after the episode that he always starts with the free version of Malwarbytes and works from there. I suppose the efficiency of any virus software depends the real time staff that continuously updates the software for the new variants of the bug.
Today, I notices that the version of Malware that I used yesterday was 30 days out of date and it still found the virus. The CA software was updated the day before the infection and it completely missed it.
I've used Malwarebytes many times. It is the best out there, and it's free. IIRC, the only difference between the free and the paid version is that the paid version can defend your computer in real time/all the time, whereas the free version must be initiated by you to run a scan. If you scan once a week or so, the free version is fine. I use this along with Spybot (free) and one or two other tools.
Merlin, Thanks for the heads up .
RADU
> I had a malicious virus attack yesterday. It completely took over every aspect of my computer's functioning. It even prevented me from booting up in "Safe Mode".
>
> I found out that if you have a USB keyboard, the virus gets on the beginning side of your boot up sequence and will prevent you from using windows components that could help you out of the mess.
>
> Fortunately, I was able to find and old Emachine keyboard with the traditional connector in back of the computer which is in the beginning part of the boot up sequence and is in front of the virus.
>
> This enabled me to get to a "safe mode" start up. I ran the full expensive version of "Computer Associates" virus scan software which reported no viruses.
>
> On the advice of a friend, I downloaded the free "MalwareBytes" software on another computer to a memory stick. I then placed the stick into the infected desktop, executed it, and scanned my drives finding the 3 infected files. Apparently this "Trojan horse" is making the rounds and gets through a lot of firewalls.
I had a Trojan last week called Generic20 that MalwareBytes wouldn't touch. Nor would two different AV programs. Finally had to take it in to a local computer guy who is quite good at nailing these things.
He told me a way to bring up MalwareBytes in Safe Mode that makes it MORE effective.
Now if I could Just Remember!:-P
I was a strong proponent of CA for years, the beancounters transmogrified it into bloatware. I've ditched it for Microsoft Security Essentials. MSSE is lightweight and highly rated for virus detection.
When Marewarebytes doesn't catch the bug, check their site for another tool that assigns the exe a random name. This defeats a function in the bug that disables the removal tool.
Malwarebytes is a GREAT tool.
Rick
Malwarebytes, etc...Little help program I wrote up
I see this often at http://www.flakelist.org. Lots of poor unsuspecting people get scammed because they are tricked into clicking on those fake credit score/IQ/rental links.
Here's what I tell them to do when they get hacked.
Now, let's get your computer cleaned and protected. You're in danger from not just identity theft but also personal invasion of your computer. Here's what to do:
#1: Run a program called C cleaner. You can download it at: http://filehippo.com/
#2. Run a full virus scan. I use Avast but you can use whatever you feel comfy with. Also downloadable at http://filehippo.com/ <(Try to avoid Norton at ALL costs!) #3. Run a malware program. I use http://www.malwarebytes.org/ and I also supplement it with spybot. You can download Spybot here: http://www.safer-networking.org/en/index.html
#4. Run a complete defrag. This is located in the control panel of your computer.
#5. Re-boot.
#6. Change passwords but do so once you have run the scans and re-booted.
I also recommend to ANYONE that has even clicked on one of these scammers IQ, Credit, or whatever bogus links they send you too, even if you did NOT fill out any info and immediately closed the page, to STILL do these 6 steps, just to be safe. Sometimes all it takes is just a click from you to get to their site for their site to put a keylogger (or worse!) onto your PC.
Next, contact the credit/bank card company of the card that you used to buy the scam credit report stuff and tell them you were scammed and see what their policy is as far as refunds, new cards, etc... Every place seems to have different rules regarding this particular scam.
Better to be safe than sorry and then have to pay up the rear to get your PC fixed. I also do these 6 steps 2-3x weekly as regular maintenance to keep my PC running smoothly. Heck while all this is going on I give the monitor & mouse a cleaning, the keyboard an air dusting, and tidy up everything else.
A happy computer = a WORKING computer. 🙂
Hope this helps. IF you have any questions, feel free to contact us here at FlakeList.
Malwarebytes, etc...Little help program I wrote up
Yep, I just got one yesterday just by looking at the Packer website. Shame on me...
I ran SUPERAntiSpyware, but it didn't completely get rid of it. I then used Kaspersky's program Tdsskiller (free) to kill the trojan and then used Malwarebytes to clean it up. I then ran SUPERAntiSpyware again, but it didn't find anything.
All clean now...
You should also download and run, from safe mode, a little sweetheart called "rkill". That stops the bugs that load at boot and allows the cleaner to run unobstructed.
