Cleaning a bad infestation of malware, virii, trojans, rootkits etc

[scarletandgrey]

I did a malbytes full scan, and it did come up with these:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) ->
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) ->
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) ->

Q'tine and rebooted. Thanks again. Don't worry, I wasn't going thru my settings files and deleting random shit. I found three that had jibberish names, with the same creation date and modded at the time of the attack. Since you've seen this before, are there any things I should check for settings changes? Any idea what the malware was intended to do?

As far as settings go, after I removed the malware everything worked as normal with no effects as far as I know (the virus wasn't on my computer.) I haven't heard anything back about it, so I assume all is well.

As far as what it intended to do. My only guess was it wanted you to buy the fake program just to get your credit card information.

Glad to hear you back up and running.

 

[JCOSU86]

I recently got the "AntiMalware Doctor" invasion on my PC. I removed it and rebooted. Now it's hung up on SafeBoot. I get a blackscreen with "Starting SafeBoot v5.1 Please wait" It's been a couple of hours. :(

 

[FrancisSoyer]

http://www.acronis.com/homecomputing/products/trueimage/

Only 50$. Create an image of your hard drive and store it on an external. It's fairly simple and saves a lot of time in case a virus or malware does show up. I used to like going though the registry and cleaning it out myself but I don't have the time anymore.

 

[CleveBucks]

I recently got the "AntiMalware Doctor" invasion on my PC. I removed it and rebooted. Now it's hung up on SafeBoot. I get a blackscreen with "Starting SafeBoot v5.1 Please wait" It's been a couple of hours. :(

Does anybody in your org. support Safeboot? I set it up in my enterprise and do basically all the support. It sounds like what you need is to boot to the rescue disk, authenticate to either the file system or the database, and that will let you do a few different rescue operations or a manual removal. The malware may have messed up your MBR so it doesn't know where Safeboot is located to boot to it. You'll need the "code of the day," which you need to get from McAfee's support website, in order to do the recovery operations in the rescue CD.

 

[scarletmike]

There is a nasty SQL injection that has infected hundreds of thousands of sites and is downloading scareware that runs as "Windows Stability Center." It seems all you need to do is visit one of the websites with the SQL injection issue and you're compromised. Here's some info on it.

Ars Technica Article
Websense

 

[Dryden]

My PC got hammered with a pretty awful virus called 'my 11-year old boy' a couple months ago. I'd done enough to get the PC back to usable until now, but I finally bit the bullet and started the complete reformat/reinstall carousel last night as there was still enough wonkiness with file attribute problems on system files that I couldn't fix, so I had to start over. Been putting it off for months.

This stuff was a lot easier before iPods and iPhones and iPads. Resyncing all that stuff takes longer than reinstalling Windows, Office, 100+ patches from Windows Update, and all my other apps.

 

[Gatorubet]

My PC got hammered with a pretty awful virus called 'my 11-year old boy' a couple months ago.

I'd done enough to get the PC back to usable until now, but I finally bit the bullet and started the complete reformat/reinstall carousel last night as there was still enough wonkiness with file attribute problems on system files that I couldn't fix, so I had to start over. Been putting it off for months.

This stuff was a lot easier before iPods and iPhones and iPads. Resyncing all that stuff takes longer than reinstalling Windows, Office, 100+ patches from Windows Update, and all my other apps.

fify

 

[CentralMOBuck]

This stuff was a lot easier before iPods and iPhones and iPads. Resyncing all that stuff takes longer than reinstalling Windows, Office, 100+ patches from Windows Update, and all my other apps.

CopyTrans is one of my favorite programs for restoring/pulling the contents from an ipod.

 

[scarletmike]

Thanks for the CopyTrans mention. I've been trying to find a way to pull stuff off my old iPod Video to properly repopulate my iPod Touch, and so far all the stuff I've used hasn't worked well, or at all.

 

[buckeyebri]

I've been having some blue screens and experiencing some definite slow downs. I ran the Microsoft Malicious Malware and found nothing. Do the Registry Edit softwares work well and is one better than another?

 

[Dryden]

I've been having some blue screens and experiencing some definite slow downs. I ran the Microsoft Malicious Malware and found nothing. Do the Registry Edit softwares work well and is one better than another?

AusLogics Registry Cleaner is free.

http://www.auslogics.com/en/software/registry-cleaner/

Outstanding app.

Every PC I build gets four utilities at install, and they're all free:

AusLogics Registry Cleaner
AusLogics Disk Defrag
HWiNFO32/64
Malwarebytes' Anti-Malware

HWiNFO is handy to benchmark temps and CPU core usage. May help troubleshoot if there are voltage/thermal problems causing the BSOD.

 

[generaladm]

AusLogics Registry Cleaner is free.

http://www.auslogics.com/en/software/registry-cleaner/

Outstanding app.

Every PC I build gets four utilities at install, and they're all free:

AusLogics Registry Cleaner
AusLogics Disk Defrag
HWiNFO32/64
Malwarebytes' Anti-Malware

HWiNFO is handy to benchmark temps and CPU core usage. May help troubleshoot if there are voltage/thermal problems causing the BSOD.

Cool stuff. Registry cleaner found almost 600 errors in about 1 minute, and was able to repair all but a handful. Defrag seems to be much more accurate than Windows version. (I will note that the correct download is the second down in the link)

Any recommendations for configuring HWiNFO? All of it looks like stuff I don't want to mess around with.

Greenies for you, sir.

 

[muffler dragon]

Every PC I build gets four utilities at install,

Is it okay to put these on a computer at a later time? Sorry for the noob question.

 

[Dryden]

Is it okay to put these on a computer at a later time? Sorry for the noob question.

Sure. I like to get HWiNFO on new machines, then export the results to HTML and keep them on file. That way I've got a reference point for the technical benchmarks when the PC was new and didn't have a bunch of crap installed and a 1/4 inch thick layer of dust embedded in the CPU heatsink. It can be installed anytime though. First util I go to in my toolbox when I suspect heat/voltage/fan speed issues are the cause of the BSOD. It also catalogs hardware to exacting specs, so I don't inventory hardware at work anymore.

 

[Dryden]

Cool stuff. Registry cleaner found almost 600 errors in about 1 minute, and was able to repair all but a handful. Defrag seems to be much more accurate than Windows version. (I will note that the correct download is the second down in the link)

Any recommendations for configuring HWiNFO? All of it looks like stuff I don't want to mess around with.

Greenies for you, sir.

AusLogics defrag is so far superior to the built in Windows edition it's silly. Can completely defrag a 300Gb Enterprise Raptor in about a quarter of the time as the built in MS version, and with better performance gains.

For hardcore power users I recommend Active@ KillDisk (data recovery and DoD grade hard drive reformatting) but that'll cost you. :) It has some stellar predictive failure features to save data from dying drives.

Nothing to configure in HWiNFO. just close the load summary and click the sensors button for thermal diagnostics.