Inactive How do I deal with a virus that blocks all attempts to defeat?

[tepeco]

Trying to help my brother 150 miles away. His New HP Netbook with Win 7 has extreme problems. Pop-up windows warning of impending danger from viruses and offers to "click here" to fix. He says he only visits backgammon sites to play games.

With Comodo (free version) as the firewall, Avira Antivirus (free version) handling AV stuff, and SuperAntiSpyware being used daily, he has been attacked somehow. He is new to computing, I'm an advanced user. I tried remote control thru LogMeIn, but it disconnected as soon as I connected with his netbook. Nothing works for him on that end either. No email, no internet connection, no VOIP, no nothing. Only gets to the desktop and popups.

By phone, I tried to talk him through scanning with Avira, but when executing the scan, nothing happened. Scanned using SuperAntiSpyware, but when done, and only 3 items were detected and deleted, the program did not go any further. It's screen was covered by a Comodo labled warning that no executioin can take place.

I tried to use CCleaner to uninstall the protective programs, reinstall and clean up, but it would not execute. In the meantime, my brother says that pop up windows are randomly popping up constantly.

Right now, I'm going to attempt to restore back to 72 hours ago, however, I'm anticipating the virus to disallow that command. In the meantime, any suggestions for coming at the PC from a CD with a cleanup program of some sort? Or what?

 

[mailpup]

I recommend that you and your brother read this: https://www.techspot.com/vb/topic65943.html

If you decide to try to clean the PC, follow the 8 step procedure and have your brother post the results in the Virus and Malware Removal forum.

 

[LookinAround]

If you want help from the experts with malware removal training and experience, you must start here for Virus/Malware removal Instructions Attach your logs for review in Malware removal forum

 

[Matthew DeCarlo]

Moved this into the malware section.

 

[Bobbye]

Thank you for moving this over.

any suggestions for coming at the PC from a CD with a cleanup program of some sort? Or what?

As much as I would like you guide you into a 'fix', I can't even start that because I have no Information.

You have told us what he can't do. Can you tell us what he can do? You will know that although he does have an antivirus program, he does have a firewall and he does have an antimalware program, that those programs are only as good as their updates and configurations.

Actually, there is a contradiction here:

no nothing. Only gets to the desktop and popups.

Getting the desktop and then popups means all is not lost! The popups have to be coming from somewhere.

1.

pop up windows are randomly popping up constantly

.What popups is he getting? What do they say?
2. When he tries to connect to the internet, what happens? Error message? What?
3. As an advanced user, you know about the Event Viewer- what are the Errors?
4.

covered by a Comodo labled warning that no executioin can take place.

Explain further please.
5. Does he have a flash drive? Is it possible to download any of the cleaning programs to that and then install on the netbook?
6. Did the netbook ever work well and correctly? What did he do before the current problems started? As you know, the system becomes vulnerable as soon as he connects to the internet, even if all he did was play backgammon. (Not accurate though because you mention he can't get email- so a possibility exist as to an infected attachment-or email.

Without any idea of what malware infection(s)_ he has, I cannot advise you. There are some filinfectorsrs that we advise a reformat/reinstall right up front. I will try to help you, but I need information.

And by the way, most malware is written to 'block all (or most) attempts to defeat. Sometimes, by using an orderly process, it can be found and removed. But in this day of file infectorsrs and backdoors, it can be a tough job. Possibly not doable at all.

I wouldn't even attempt. a 72 hour restore unless you have a timeline for when it began
Probably by now, you have reached the point were there isn't any choice except to reformat and reinstall- not restore.

 

[tepeco]

I will be traveling to my brother's home tomorrow and hoped that there might be a solution by way of booting from a CD programed with a utility to fight this intrusion. This is a 3 month old computer and has nothing important on it. A restoration is my solution, however talking him through the restoration process is not working. The process is interrupted by virus messages telling him he cannot execute the process and that it has been stopped.

I attempted to talk him through the 8 step process already, but each program would not execute beyond scanning and recognizing intrusion by malware/trojans/??? . With each, the programs were interrupted and removed from the desktop and replaced with a dialog box warning of virus infection again. Each time, the problem file was different and each time, the only thing possible to do was to click yes or no to the question: Do you want to execute the solution to the problem. Yes takes you to a website to purchase software to solve the problem. I would be reluctant to follow that idea. I cannot quote any dialog boxes at this point and am approximating the quotes. My brother is totally novice and nearly impossible to communicate with any accuracy at all. I will be there tomorrow to swap out with a working PC. I'll then be able to work on it myself. Again, the post was to determine an external approach to the fix. Right now, I don't know if anything can be done without flushing that drive and using backup discs. And of course, he has told me he's not sure where the backup restoration discs are! Very frustrating.

That computer was set up with good protection, using all of the programs listed in the 8 step processes. Daily updates & daily scans. Unless my brother is lying to me, he has followed my instructions for keeping the system clean. As green as he is, he is anal retentive when it comes to trusting websites as he has called me many times asking about innocent pop ups, particularly those from Comodo when it's in the learning mode. Right now, this is all I can contribute.

 

[Bobbye]

This is a 3 month old computer and has nothing important on it.

The computer is an electronic system that can be use by others for DOS attacks, to spread malware and infect other systems, to act as zombies. That is what gives importance to every computer.

The Windows 7 starter version comes with a firewall and most manufacturer's put a security programs on like McAfee or Norton. This might need renewal, but it should at least have had him covered for 3 months.

but each program would not execute beyond scanning and recognizing intrusion by malware/trojans

This is confusing. Do you mean the malware is found but not removed? Depending on the type of program and did the scan and found the malware, it is possible a more specific program is needed. Hopefully the logs from the programs will give me some information on what there infections are. They are not all alike. They do not all respond tot he same method of cleaning.

booting from a CD programed with a utility to fight this intrusion.

First, you need to be sure that all of the malware has been found and removed. This may require a reformat and reinstall, rather than a restore. As for additional security to keep the system clean:

Note: Some of the following programs may not work with Windows 7 or 64bit systems.
Tips for added security and safer browsing:

1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
   This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
   
2. Have layered Security:
   • Antivirus Software(only one):Both of the following programs are free and known to be good:
     [o]Avira Free
     [o]Avast Home
   • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
     [o]Comodo
     [o]Zone Alarm
   • Antispyware: I recommend all of the following:
     [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
   [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
   For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
   IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
   Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
   [o]MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
   [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
   
3. Stay current on updates:
   [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
   [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
   [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
   
4. Reset Cookies to prevent Tracking Cookies:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   
5. Do regular Maintenance
   Remove Temporary Internet Files regularly:
   [o]ATF Cleaner by Atribune
   OR
   [o]TFC
   Disable and Enable System Restore:
   [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
   
6. Practice Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.