New Virus, disables AV removal software

Status
Not open for further replies.
@JeffMIS: Many viruses disable your anti-virus as well as other security software, but that is never an issue for any computer technician. You say you're the support for a couple thousand desktops but you're not capable of using a live Linux or simply putting the harddrive into another machine to find the culprit?
 
Yes MaXtor, I'm curious too. This 2nd PC could have had the "infected" hard drive set as a second dive, not the boot drive
 
Yes use a boot disk with antivirus software on it or just scan the second drive with antivirus software loaded on the C drive. I have seen restore volumes infected...
 
If you're careful, you can connect the infected drive to another PC (I use an external USB interface) and then scan the infected drive using the AV software on the host PC. You can, in this way, also see all the files that would be "stealthed" on the infected PC under normal operation.

The rootkit I found (eventlog.dll) appears to be part of the "Wndows Police Pro" scamware package. This is a new rootkit and was not discovered by any of the AV progams I used - however ComboFix did discover it (but was unable to remove it - had to do that manually).

There is always a danger of cross-infection when using a 2nd PC. My primary rule is to NOT explore the file system until I have first completed a full scan, and then, to EXPLORE the file system in the two-pane mode using the left pane to drill down through the folders and the right to observe the files - this avoid activating a virus that uses autorun.

jbw
 
Bruce..thanks for trying to help, but if you read what I was doing you will find I already tried what you recommended...but I have good news....

I seem to have finally removed this virus.

I took the drive out of the Laptop since it would not allow running any software.

Stuck it in another system as the 2nd drive, and had Avast Anti virus on that system.

Kept running virus checks every couple of days, the 7/13 or 7/14 avast update finally removed the virus and now the system is working properly again.

Sometimes it pays to just wait some time, I knew this was a new exploit, and sure enough, they cracked it.
 
JeffMIS said:
Bruce..thanks for trying to help, but if you read what I was doing you will find I already tried what you recommended...but I have good news....

I seem to have finally removed this virus.

I took the drive out of the Laptop since it would not allow running any software.

Stuck it in another system as the 2nd drive, and had Avast Anti virus on that system.

Kept running virus checks every couple of days, the 7/13 or 7/14 avast update finally removed the virus and now the system is working properly again.

Sometimes it pays to just wait some time, I knew this was a new exploit, and sure enough, they cracked it.
Click to expand...

How careful do you have to be to not infect your 2nd computer? Connect as an external drive?
No softwares work on my laptop now except chrome but without interent connection...
 
You just scan the second drive using the updated, properly running antivirus software loaded on the 2nd computer. The second drive won't infect the C drive unless you copy infected files to it directly
 
No XP is not a problem. Once more, the C rive in the 2nd computer WILL NOT become infected... I can't be any more clear than this
 
Hi, I also have this Bravia.ex Antivirus Pro 2010. No AV will run in safe mode, renamed, saved on desktop, etc.

I have a second laptop though. I looked for information on how to use it to scan the infected computer's hard drive, but couldn't find it on the boards. Can someone explain this to me please? Thanks

PS-I realize from a previous post that there is always an excuse not to reformat, but my laptop was a grad-school issue and the two year windows license has expired (I never got a windows disk.)
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
543
Mark Fuller
M
A
ExpressVPN disables security feature that was leaking DNS requests to third-party servers
Replies
2
Views
150
return
return
Jess_123
My num pad + doesn't work ...
Replies
0
Views
283
Jess_123
Jess_123

Latest posts

Back