[SOLVED] Cleaning viruses

Tomanta

EDIT: Solved as good as it will get, I think.

So I managed to get a bunch of trojans/viruses on my computer last night. Through multiple runnings of AVG and Spybot I think I got some of them but there's definitely still something on my PC - I get a few popups, AVG is tossing up warnings. When I reboot into normal mode a few command prompts come up and vanish; I can't see what they are doing. And about 1/4 of my desktop is just a white box.

I can't turn on automatic updates.

I've installed windows defender but can't update it.

What I've done (in safe mode and in a regular boot. At least twice each):

Run AVG - comes up with an error reading boot sector but otherwise completes.

Spybot - keeps coming up with "virtumonde" but says it cleans it. Only thing it is finding now

Adaware - only run once, after spybot, but came up clean aside from tracking cookies.

stopped any processes I didn't recognize. Checked MSConfig and stopped anything I didn't recognize/couldn't find information on.

Other suggestions? Is there a better way than msconfig to see exactly what's happening during start up (what is triggering those command prompt boxes?).

Xenocide Geek

so first things first, get into safe mode

turn off system restore - that brings back viruses.

next, get HijackThis, and delete any suspicious files (i'm guessing there's going to be a ton). if you're unsure if something is bad, google the process, it'll tell you

after that, run AVG, then run trendmicro (web based virus scanner)

if all that fails, well... you're pretty fucked.

DeShadowC

For the future a lot of people on most of the tech forums I use recommend Nod32 for a real-time virus scanner. Personally I don't have a virus scanner but use process guard with safe online practices.

LoveIsUnity

Xenocide Geek made several very good points. A lot of viruses will use system restore to reintegrate themselves (and other nasty processes) back in to your registry. Also, make sure that you do everything in Safe Mode, as XG suggested.

I guess I'm just posting to tell you to listen to XG.

Frem

What I would do is make a Linux livedisk with ClamAV on it, and then boot off it to do the scan. This way, you don't have to worry about the virus being resident in memory doing nasty things in the background or whatever.

They've got some fancy stuff on livedisks these days so that you can install packages without actually installing Linux. So, I think you can run an Ubuntu livedisk, then install ClamAV and scan. It's worth a shot, anyway.

Falx

The best way to get rid of viruses once they have gotten by your AV programs is to remove the HDD, install it as a slave on another PC and then run a scan on it. Otherwise you're just going to battle your ass off, viruses are pretty clever when it comes to blocking AV's once they manage to get on your PC. Don't worry about infecting the other PC, I've been doing it for years... and I learned it from my father who's been doing it that way since 100Mb HDD's were huge, and I've never had a single virus infect the scanning PC.

Tomanta

Thanks for the suggestions. Turning off system restore didn't help. Hijack this helped enough to know that as soon as I deleted one of the files a new one showed up (bah).

I've created a Ubuntu liveCD and after struggling with it for a long time, am running ClamAV. Hopefully that'll get it. Installing the drive in another machine isn't possible (no other machine with SATA. Or a power supply). Working with linux a little is good, though (it's been a long, long time) since I want to install that whenever I get a power supply for my old box .

If this doesn't work it's format and start over, but backup should be easy this time around.