Help with an infection

[dcs18]

For my download, I have made an export file from IDM and copied the temporary download folder to an external drive. Will it gonna work in other machine?

Ensure that your privacy tools (such as CCleaner) are not set up/scheduled to wash/wipe your system and that you've also backed up the following registry entry:-

[HKEY_CURRENT_USER\Software\DownloadManager]

[rudrax]

What's the current status of your system?

Aren't the malware been decimated?

I don't know as I can't dare to turn my AV on as if there still remains infected exe, it will delete them all.

[dcs18]

What's the current status of your system?

Aren't the malware been decimated?

I don't know as I can't dare to turn my AV on as if there still remains infected exe, it will delete them all.

Ah, that's easy enough to test out - just recreate some of the .exe files that were previously deleted (from their original directories) and monitor the repercussions.

If you've followed my 3 headsup - the malware should not be able to get activated on boots (and would remain merely passive - if at all, in existence.)

Take a hard look at your hosts file, too for any signs of tampering.

[dcs18]

Do not use System Restore, under any circumstance(s) - that will cause your laborious IDM download to also go back in time.

[majithia23]

As good as i know , System restore does not effect personal files and documents . It will only restore program and system files on the drives for which you have it enabled . So , if you run a restore , i dont think your IDM download shall be interrupted or corrupted .

System Restore is the first basic step to take once an infection is suspected - not because of IDM.

When the system is dis-infected, System Restore has the elevated privileges of restoring all the infections that were previously removed.

Agreed and i do know .

I said so regarding the fact that how the default system restore works , when triggered .

In normal clean state , it does work as i said and so helps , but when the system is infected , it can do system damage on the contrary ,

and that is when ( like here , in conditions like this rudrax's case ) it is pertinent to shut it down !

@rudrax ,

I dint know you were d/ling an ISO . So , if system restore is run , it might render your present d/l amount null ! .

And more so , its not even recommended from security point ...

I say your best bet is a Live Virus Killer tool .

I have used both KAV and Eset on two friends systems and both of them worked for me ......

[dcs18]

Also, for added insurance - exclude the following 2 folders from all your security systems (at least, until your ISO is fully downloaded and out of the infected system):-

• C:\Users\rudrax\AppData\Roaming\IDM
• The actual directory wherever your usual downloads from IDM are configured to get saved.

Edit:-

This will also cause your downloads to speed-up.

[unknownasphyxiated]

better finish the ISO first then start thinking on how to deal with the infection :lol:

because he already disable his av,i don't think he need to do any exclusion

[dcs18]

because he already disable his av,i don't think he need to do any exclusion

That's precisely the reason why I used the word Security Systems, instead of AV. :coolwink:

[SnakeMasteR]

Seriously, that is a POS infection. I don't think you can get rid of it completely without loosing half of important files.

[STEEL]

Yea, Flatten drive redo, it,s a Bitch but that,s what i had to do!!! :rolleyes:

[STEEL]

Or,

Win32/Virut:

If the infected computer is connected to LAN, disconnect it and re-connect only after all other computers have been checked and cleaned.

• Download the executable file rmvirut.exe
• Then run the tool for removal of infected files. The tool will automatically scan all available discs and will try to heal the infected files. If an active virus is found in memory, the tool will ask the user to reboot the computer. Healing will be performed during operating system boot-up sequence, so any active virus cannot interfere with the healing process.
• Update you A/S after restart and run a complete test.

:rolleyes: :)

[mazigh]

1- Uncheck unknown(or Suspicious) processes from Startup by using "msconfig" command

2- Try Installing Kaspersky or bitfdefender (known for being very good in desinfection capabilities), if you can't install it try an updated bootable CD of the Kaspersky

hope this helps =)

[LiLmEgZ]

Obviously... the best answer to fix this is... just fresh format and start from scratch

[dcs18]

Obviously... the best answer to fix this is... just fresh format and start from scratch

He's actually not concerned about the infected OS - he's ditching Windows 7 for Windows 8 (the only thing bothering him is just how to salvage his Windows 8 download.) ;)

[Kalju]

.....

After the infection my antivirus Webroot SecureAnywhere...

Something's wrong - You have Webroot SecureAnywhere, and you claim that you've got a virus. Some thing's gotta be wrong. You're protected on all sides - or not? Now, it might be time to ask for damages, if this slogan or ad is wrong and You aren't Secure Anywhere.

[SnakeMasteR]

:troll: :lmao:

[rudrax]

.....

After the infection my antivirus Webroot SecureAnywhere...

Something's wrong - You have Webroot SecureAnywhere, and you claim that you've got a virus. Some thing's gotta be wrong. You're protected on all sides - or not? Now, it might be time to ask for damages, if this slogan or ad is wrong and You aren't Secure Anywhere.

It has shocked me too. As my notebook is my little brother's possession at the time of infection, he inserted and scanned a pen drive before opening that but webroot failed to detect. Then when he opened the pen drive webroot detected infection and went crazy. This is the first time that webroot disappointed me.

[rudrax]

What's the current status of your system?

Aren't the malware been decimated?

I don't know as I can't dare to turn my AV on as if there still remains infected exe, it will delete them all.

Ah, that's easy enough to test out - just recreate some of the .exe files that were previously deleted (from their original directories) and monitor the repercussions.

If you've followed my 3 headsup - the malware should not be able to get activated on boots (and would remain merely passive - if at all, in existence.)

Take a hard look at your hosts file, too for any signs of tampering.

Yeah I followed your steps and I have, now, the system restore disabled. Now, I will wait till my download completes and in between that if I find any problem with that malware, I will update here - please try to help me.

[princenarwal]

I had an infection like this 3 or 4 years ago (don't remember the threat name but symptom was same) i tried two or three antiviruses but they could not repair the .exe then i tried quick heal and it repaired most of the .exe. after that i repaired the window and everything was working fine. also quick heal has a boot scanner option. so I will suggest you to use old quick heal version.

May be this will help you too. Best of luck..

[Blackchildcx]

did bootscan help?

[Zapdude]

You could also try to boot ans scan from an eset sysrescue / kaspersky rescue media cd :)

[rudrax]

did bootscan help?

Didn't try it as it may delete the infected executable too leading the OS to damage.

[Shadowx]

rudrax

you can try this, i had this issue before. But, after do full scan completely, it would majorly save your .exe files. This tools is specifically design to cure these kind of infection. ;) or you can use rescue disk to do full scan. Waiting for your answer mate

[rudrax]

I had an infection like this 3 or 4 years ago (don't remember the threat name but symptom was same) i tried two or three antiviruses but they could not repair the .exe then i tried quick heal and it repaired most of the .exe. after that i repaired the window and everything was working fine. also quick heal has a boot scanner option. so I will suggest you to use old quick heal version.

May be this will help you too. Best of luck..

I'm downloading windows 8 and planning to format my system with it. Till then, I just need to survive my OS. Thanks for your help though.

[rudrax]

rudrax

you can try this, i had this issue before. But, after do full scan completely, it would majorly save your .exe files. This tools is specifically design to cure these kind of infection. ;) or you can use rescue disk to do full scan. Waiting for your answer mate

Thanks buddy :)