Cannot get rid of virus!

Discussion in 'Computer Security' started by brizzoluk, Oct 19, 2010.

  1. brizzoluk

    brizzoluk Kilobyte Poster

    260
    0
    36
    Hi
    I have suspected for a while that my pc has a virus as it has been acting strangely, particularly extremely slow while booting up, and also it would frequently freeze up while using the internet and i cant close the webpage even using task manager.

    I have run virus scans using Avast, spybot-search and destroy and Ad-Aware but they all come back with nothing.
    I had the proof of the virus this morning when i had a lot of delivery failures in my hotmail inbox with a copy of the spam message i had "sent" to every contact in my hotmail!

    So this evening i rebooted into safe mode and scanned my pc again using the above three methods and the only thing that came back was Avast gave me a message that some files could not be scanned.
    It listed the two files which were setup files for skype and it says they are decompression bombs (but these do not show up when i scan in normal mode)

    I googled this and i think they are just highly compressed files that Avast thinks is bombs?

    Well apart from that the virus is still undetected, so does anyone have any reccomendations for solving this problem?

    Thanks in advance.
     
    Last edited: Oct 19, 2010
    Certifications: ECDL, A+
    WIP: Network+
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,205
    136
    199
    Only sure way to get rid of virus would be to format and re-install.

    Even if there isn't a virus it will do your comp a world of good.

    8)
     
  3. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    This doesn't prove you've got a virus. I can send a message that looks like it comes from your e-mail address, and the undeliverable messages will be forwarded to your box. Does your sent message folder contain the send attempt? If so, it's more likely someone's hacked your Hotmail account.

    If you still believe that you have a virus, I'd recommend running something that searches for rootkits.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  4. brizzoluk

    brizzoluk Kilobyte Poster

    260
    0
    36
    yes that is an option, but i only did that a few weeks ago so that would be a last resort really.
     
    Certifications: ECDL, A+
    WIP: Network+
  5. brizzoluk

    brizzoluk Kilobyte Poster

    260
    0
    36
    No it doesnt but my mailbox doesnt store copies of my sent messages.

    Would you reccomend any software for searching for rootkits?
     
    Certifications: ECDL, A+
    WIP: Network+
  6. Shinigami

    Shinigami Megabyte Poster

    896
    40
    84
    Have you tried running combofix?
     
    Certifications: MCSE, MCITP, MCDST, MOS, CIW, Comptia
    WIP: Win7/Lync2010/MCM
  7. brizzoluk

    brizzoluk Kilobyte Poster

    260
    0
    36
    Not yet but just had a look at it and this is in the instructions for using it.

    •Disable or Close all anti-spyware, anti-malware antivirus real-time protection, which may affect ComboFix.
    •Download (Download) the latest official version of ComboFix (2.8mb) save to you desktop

    To be honest im not very keen on turning off my antivirus and downloading stuff, surely thats a surefire way to get a virus?
     
    Certifications: ECDL, A+
    WIP: Network+
  8. Shinigami

    Shinigami Megabyte Poster

    896
    40
    84
    If you're getting a legit version of combofix, you'll be fine. Obviously, disconnect your computer from the internet (or your network) before disabling any protection (and besides, it's just a recommendation).

    You could try running it with the antivirus apps enabled on a first run.
     
    Certifications: MCSE, MCITP, MCDST, MOS, CIW, Comptia
    WIP: Win7/Lync2010/MCM
  9. JK2447
    Highly Decorated Member Award 500 Likes Award

    JK2447 Petabyte Poster Administrator Premium Member

    Top Poster
    of the Month

    7,191
    945
    318
    Give this a whirl for root kit removal. It is always possible that one product can miss a virus while another will not. I'd try this free product just to what it can find. Some viruses can stealth by intercepting the OS's request for an AV related task.

    If you absolutely cannot format your system, you should try booting a CD Distro of Linux with AV, I'm thinking something like Avira but admittedly its been a while....
     
    Certifications: VCP4, 5, 6, 6.5, 6.7, 7, 8, VCAP DCV Design, VMConAWS Skill, Google Cloud Digital Leader, BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, CCA (XenApp6.5), MCSA 2012, VSP, VTSP
    WIP: Google Cloud Certs
  10. brizzoluk

    brizzoluk Kilobyte Poster

    260
    0
    36
    yes but its telling me to disable my antivirus before downloading it?
     
    Certifications: ECDL, A+
    WIP: Network+
  11. Shinigami

    Shinigami Megabyte Poster

    896
    40
    84
    Probably just incorrect wording. Obviously you download it first. The disabling part is there for informative use in case it messes with combofix.
     
    Certifications: MCSE, MCITP, MCDST, MOS, CIW, Comptia
    WIP: Win7/Lync2010/MCM
  12. Theprof

    Theprof Petabyte Poster

    4,607
    83
    211
    Also try a tool called hijack this.... might help.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  13. Nyx

    Nyx Byte Poster

    189
    24
    15
    Another vote for Combofix. Also MBAM is recommended on many many sites. Last time I was doing someones laptop I got away with only MSRT and Microsoft Security Essentials, MSRT is worth a try (no need to install).
    there's also Dr.Webcureit, which you run from safe mode but for me full scan was taking forever (gave it up after 12 hours).
     
  14. gosh1976

    gosh1976 Kilobyte Poster

    337
    18
    35
    These are the steps I've done for ages for virus removal and it gets most stuff. These steps and others can be found on majorgeeks.com along with safe downloads for all software..

    empty recycle bin, virus quarantines, download and run CCleaner... make sure you are in normal mode in msconfig. check for the obvious questionable services running and programs in add remove programs... run Super Anti-Spyware, then malware bytes then combo fix (unless you are running 64bit system)

    run something that specifically looks for root kits like the sophos prog. mentioned earlier.

    Mgtools from the majorgeeks site provides some handy logs if you have the knowledge to make use of them. I believe that still includes Hijack this and here's some guidelines for interpreting http://netsecurity.about.com/od/popupsandspyware/a/aahijackthis.htm

    or use these guidelines they are more succinct http://forums.majorgeeks.com/showthread.php?t=38752

    Panda Active Scan, Kaspersky, F-secure and many others have free online or offline scans

    don't forget to toggle your system restore if you find any malware
     
    Certifications: A+, Net+, MCDST, CCENT, MCTS: Win 7 Configuring, CCNA
  15. brizzoluk

    brizzoluk Kilobyte Poster

    260
    0
    36
    Ok thanks for all the replies, i'll have a crack at it after work.
    Cheers guys.
     
    Certifications: ECDL, A+
    WIP: Network+
  16. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    172
    211
    Got to wonder what you are doing on your PC that results in virii or malware within a couple of weeks of a fresh build.

    I will sometimes rebuild my machine after 6 months if I've been installing and uninstalling a lot of crap on it, but only because it tends to slow things down a bit. Most of the time I'll leave it well over a year without issues.

    Edit: Forgot my point. I had issues with the PC locking up whilst browsing. Eventually I traced it back to the NVidia driver I was using. At the time I think it was the latest version, so I rolled back to the previous version - problem solved.
     
    Last edited: Oct 20, 2010
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  17. dazza786

    dazza786 Megabyte Poster

    758
    30
    67
    Plentiful tools on this thread for you to try mate, personally I use MBAM and ComboFix. Good luck!

    lol :biggrin
     
    Last edited: Oct 20, 2010
    Certifications: MCP (271, 272, 270, 290, 291, 621, 681, 685), MCDST, MCTS, MCITP, MCSA, Security+, CCA(XA6.5)
  18. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    just because a pc slows down and freezes up doesn't mean a virus.

    freezing can be down to hardware issues such as faulty ram, failing power supply, overheating etc etc.

    download memtest86 burn to disk and with one dimm installed run memtest for several passes then swap dimms.

    go into the BIOS and check your voltages and temps.

    Visit trendmicro.com and run their in house scanner if that doesn't see anything then its likely you are not infected.

    And to add to what Fergal said, sometimes a dodgy driver can be the cause such as a beta graphics card driver or a newly released driver update.
     
    Last edited: Oct 20, 2010
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  19. brizzoluk

    brizzoluk Kilobyte Poster

    260
    0
    36
    Well thanks for all the advice, plenty of options on here to keep me busy.

    GBL i want sure if it was a virus or not until the issue with my email.
    I do have memtest86 on disc so will def run that.

    FERGAL i dont do anything out of the ordinary, i probably install and remove more than my fair share of programs, but the thing is the missus also uses the pc a lot which increases the risk of picking up a virus.

    So thanks again for all the advice i'll give some of these a go and report back with my results.
     
    Certifications: ECDL, A+
    WIP: Network+
  20. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    make sure you run memtest86 with one dimm installed at atime for accuracy and also to check your BIOS for the voltages and temps just incase its a psu or overheating issue.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.