Jump to content

Help with an infection


rudrax

Recommended Posts

Hey guys need a little help out here. I left my laptop with my little bro one day I was out of town regarding an interview, he got my laptop infected with Win32:LocalInfect. After the infection my antivirus Webroot SecureAnywhere gone crazy which is obvious. The virus is infecting all the .exe files in my laptop consequently. If I let the antivirus ON, it detects and deletes the whole .exe file. I got mspaint deleted with this. So now I have to work with antivirus disabled.

So is there any way to delete the virus without deleting the infected files because the virus is infecting all the system .exe files. I do not wanna do a system restore because a huge file is being downloaded with IDM.

@dcs18, if there were a panic button in nsane, I'd hit it right now. :unsure:

Link to comment
Share on other sites


  • Replies 62
  • Views 6.3k
  • Created
  • Last Reply

Going out on calls just now, shall be back in the second half (hope that the guys can help you in the meanwhile.)

Just 3 headsup to make post-infection life easier:-

  • Disable system restore (at least for the the time being.)
  • Use MsConfig to remove unwanted startups and reboot
  • Run McAfee Stinger (it's a very small utility - I'd try portable.)
Link to comment
Share on other sites


Going out on calls just now, shall be back in the second half (hope that the guys can help you in the meanwhile.)

Just 3 headsup to make post-infection life easier:-

  • Disable system restore (at least for the the time being.)
  • Use MsConfig to remove unwanted startups and reboot
  • Run McAfee Stinger (it's a very small utility - I'd try portable.)

For my download, I have made an export file from IDM and copied the temporary download folder to an external drive. Will it gonna work in other machine?

Edit: I tried scanning with MaAfee Stinger and found uncountable infections. Here's the log file

Link to comment
Share on other sites


As good as i know , System restore does not effect personal files and documents . It will only restore program and system files on the drives for which you have it enabled . So , if you run a restore , i dont think your IDM download shall be interrupted or corrupted .

... How about running a Bootable Virus Removal Disk . Eset or Kaspersky or Cure It .

Link to comment
Share on other sites


As good as i know , System restore does not effect personal files and documents . It will only restore program and system files on the drives for which you have it enabled . So , if you run a restore , i dont think your IDM download shall be interrupted or corrupted .

... How about running a Bootable Virus Removal Disk . Eset or Kaspersky or Cure It .

system restore will not help him !!

Link to comment
Share on other sites


In my experience, system restore (when it works) frequently removes viruses etc. It is well worth giving it a try.

Assuming success, then run your AV and AS proggies too.

Link to comment
Share on other sites


Thank you guys for replying..I will consider your ideas as per my conditions here.

Link to comment
Share on other sites


For my download, I have made an export file from IDM and copied the temporary download folder to an external drive. Will it gonna work in other machine?

@rudrax

http://www.internetdownloadmanager.com/register/new_faq/functions17.html

:)

(also came across this, and as saving this ISO download is your main priority, thought i would post it as well.)

http://kristianvillafania.com/von/f41/pause-resume-downloads-another-computer-using-idm-5196/

Link to comment
Share on other sites


Blackchildcx

scan with Dr. web from FP

and if you´re highly infected

Reinstall(would be my choise)

if its just a regular infection clean it !

Link to comment
Share on other sites


Blackchildcx

I will upload Hirens BOOT DISK 15 final and the Ultimate BOOT DIsk 6 later (this evening)

clean the viruses by boottime scan..

I guess Webroot got no Bootscan feature?

I think that helps you..

Link to comment
Share on other sites


Yep, as already advised. Your better booting from a live cd, either linux or Hirens (if you do use Hirens DO NOT use the option to boot OS from the installation)

I'd advise NOT using a system restore, as this will only replace missing files and repair certain instances, if you are truely infected it's like to be running at boot, scheduled & reg key for one, so a system restore will not eliminate anything.

Dodel.

Link to comment
Share on other sites


unknownasphyxiated

you're infected with Virut

it is better to start new because this threat infect all exe@application file

even if you restore/disinfect the file,you might get problem after this

don't backup exe file

if you want to backup self-extracting exe file,make sure you don't double click/run the file, the virus will run again

use extract instead

Link to comment
Share on other sites


Thank you guys, I really appreciate :)

Link to comment
Share on other sites


As good as i know , System restore does not effect personal files and documents . It will only restore program and system files on the drives for which you have it enabled . So , if you run a restore , i dont think your IDM download shall be interrupted or corrupted .

Disabling System Restore is the first basic step to take once an infection is suspected - not because of IDM.

When the system is dis-infected, System Restore has the elevated privileges of restoring all the infections that were previously removed.

Link to comment
Share on other sites


Edit: I tried scanning with MaAfee Stinger and found uncountable infections. Here's the log file

Yeah, the McAfee Stinger is one handy utility to have for such eventualities - serves as a good fallback (especially in portable variant - when one's prime security system get disabled by malware.)

Link to comment
Share on other sites


Preventative maintenance-scan with secondary scanners MBAM and HitmanPro. I use both with Webroot. What one does not find, the others will. You can boot into safe mode with HitmanPro as well. It is called Kickstart. Good luck.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...