Welcome to Netrider ... Connecting Riders!

Interested in talking motorbikes with a terrific community of riders?
Signup (it's quick and free) to join the discussions and access the full suite of tools and information that Netrider has to offer.

Computer guru help request - rogue malware infestation.

Discussion in 'The Pub' started by robsalvv, Jul 25, 2011.

  1. So the (Vista Home premium OS) lappy has been hit with the Vista Security 2012 rogue malware virus.

    This site has a comprehensive self help guide to getting rid of the virus:
    http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012 which has a strong recommendation for malwarebytes program in amongst it - sounds like a wise purchase.

    I managed to kick off an online scanner (housecall) before finding the guide and the scanner has cleared out the virus, but now none of the programs work. I think that's the registry issue alluded to in the self help guide. Anyway, the lappy is now stable and not bleating at me to buy the 2012 antispyware software.

    I'm wondering whether I need to go to the full extent of the guide since I have a recent disk image back up (created by Vista backup utility). Can't I just restore the back up and go merrily along my way? (updating and adding better protections as a first post restore step of course)

    A mate recommends running in "safe mode with network connection" and downloading and running the malwarebytes first.

    Just looking for some guru guidance. If the malware has trashed some OS system utilities... shouldn't restoring a backup do the trick?


  2. Hey Rob,

    Daughters pc had this a few weeks back. I tried so many things to get rid of it. Then when I thought it was gone, no apps would open.

    In the end after many, many hours and ready to throw the thing out the window I just wiped it and did a reinstall... Plus it had so much crap on it anyway, think it was a good idea.

    When this sort of thing happens it is a good reminder to always backup!!!

    Good luck with it.
  3. A restore from an image created before the infection should do the trick - if you can run the restore.

    After the restore, run Malwarebytes (free) to check for infection (do the update first).

    If it's clean, you're good to go. If it's not - reinstall.

    Whenever I have to remove a virus from a client's computer - I use Malwarebytes to remove it. If Malwarebytes doesn't get rid of it, I reinstall - it's faster and cheaper for the client to do it this way.

    If the computer already had an AV on it - and the computer still got infected - I make the client purchase Malwarebytes Pro.
  4. Thanks Luke. When you say do the update first... is that the latest windows security updates?
  5. Cheers mate. I do backup things regularly - just haven't had to use a restore yet!

    Here's a question for you... if I have to reinstall OS from scratch, how do I get my personal files from my back ups?
  6. Update first = Malwarebytes update - as per the guide.

    AFAIK...If you only use the Vista Complete PC backup - then you can't use it to restore individual files. You'd have to:

    Restore the image (you might not need to do this if you can run the Vista Backup Files wizard on your possibly infected OS)
    Backup your files (using the Vista Backup Files Wizard)
    Restore your files using the Vista Restore Files Wizard
  7. Rob
    go start-control panel-system-system protection-system restore
    you should have an option to restore the status of the machine to several days ago (or at least to a date before the problem occurred)
  8. The computer went into blue death mode until I was able to pick up a system restore point prior to infection... however this is a nasty virus and was still in the system anyway - that's why I'm asking the question about restoring from a back up which is on a separate HD.

    Thanks Luke. Some homework for me tonight.

    TRA, taa, I'll have a closer look. What app do you associate with any of the windows system utilities though?
  9. beware the 'prefetch' directory as well. In the Windows folder I believe. Basically, when you run some code, a code stub can be created and kept here. That way, next time you run it, it preloads some stuff to make it faster etc. Often nasties can hide in that directory, so, you THINK you've got rid of them, only to find on reboot they come back. This is because they can hide a re-installer in the prefetch directory. It's OK to clean out this dir, as legitimate stuff will just recreate itself as required.
  10. Rob, not sure about the restore. I use a mac at home so use time machine to backup.

    Yes I thought it was gone and was celebrating in the wee hours of the morning only after the reboot it popped up again!!! It's a nasty thing that is for sure!

    Hmm I wonder if it was sitting in the 'prefetch' directory. I deleted the registry settings it said to and still it was hiding.

  11. Always best to be in safe mode with minimal options, when running malwarebytes, if booting normally, virus hides in many places.

    Get the update whilst in safe mode with network connection, then reboot with no connection and run malware....
  12. Get a copy of windows 7. Can be found easily enough on the net and it’s soooo much better than vista. Backup what you want, reboot with windows7 and you’ll be a happy man.
  13. or just download Ubuntu or Linux Mint.... (oh... here we go again)
  14. Flame on! =D> Yeah, just give it the Ubuntu patch.
  15. Someone had to say it :blackeye:

  16. Comodo Anti Virus & Firewall Package is pretty good (& it's free for personal use). I've been using it for 3-4 years now and haven't had a single problem.

    Click on the Comodo Internet Security Free Version from this LINK If you feel like checking it out.
  17. Well... Malwarebytes killed off four more malwares & now thinks the lappy is clean.

    Microsoft security essentials however finds Trojan DOS/Alereon.a, but only in normal vista mode. It says it needs to reboot to remove it - but rebooting doesn't remove it. The MS malicious software tool finds it too, but can only partially remove it.

    Is this a smart memory using Trojan? Do I run another scanner?

    Any more tips?


    (still hoping to do a roll back on a clean lappy because I can't find the damn OEM image disk... Perhaps win 7 might be the go afterall... Just reluctant to save personal data files to a fresh external drive before hand incase the Trojan hitches a lift.)

    - - -
    Tapatalking loud, saying somethin'
  18. For what its worth, the OEM image is usually stored in a seperate partition on the laptop drive. Most laptop manufacturers provide a tool so you can burn it to a CD. What brand is the laptop?
  19. I'd be reinstalling at this point. You can expend a lot of effort trying to get rid of these ***ers.

    As long as you're only backing up My Documents, Desktop, etc...you shouldn't carry the virus across with you.

    Your laptop may have an option during boot to recover to the factory settings. Many laptops have a fresh factory install on a hidden partition on the hard drive.