# VIRUS?? Need help immediately!!!



## Volkodav (Jun 3, 2011)

I was looking for brownie recipes [lol] online and I got Avast telling me it blocked a trojan and whatnot and it moved it to a chest.
Then I scanned my comp with Avast and it said something about a hardware failure and I should restart my comp. Now some icons on my comp are missing!!  On my desktop
and Malware bytes is scanning [i told it to]
What do I do?!?!

ugh im having a panic attack

EDIT: I got the warning again! That I need ot restart!


----------



## Zenia (Jun 3, 2011)

Even though Gaia is dumb, and I don't like the guy that wrote it, this guide has helped me in the past.


----------



## Volkodav (Jun 3, 2011)

Its a very new virus
im on my dads comp right now and im in safe mode on my comp scanning with malwarebytes
i will let youknow what the names of the viruses are


----------



## Volkodav (Jun 3, 2011)

Ugh, guys it's that stupid Windows Recovery virus :\
hhhaaaaalp please


----------



## Garfang (Jun 3, 2011)

hm.. Enter Safe mode and then run Avast and scan deep scan. Then Run Anti Malware deep scan. then you can use this rootkit_revealer to find and the root of the virus and then delete it. or you can try this guide this is what i can say from here. I could help you if i was there :/ Search Google to find guides on how to remove them and try those. This is the best way to do it. If you don't manage to do it then :/ one solution is for you. Format


----------



## Volkodav (Jun 3, 2011)

Garfang said:


> hm.. Enter Safe mode and then run Avast and scan deep scan. Then Run Anti Malware deep scan. then you can use this rootkit_revealer to find and the root of the virus and then delete it. or you can try this guide this is what i can say from here. I could help you if i was there :/ Search Google to find guides on how to remove them and try those. This is the best way to do it. If you don't manage to do it then :/ one solution is for you. Format


 
hmmmm well ive been looking at that bleepingcomputers link and I can give it a try but idk if it will work ]:


----------



## Volkodav (Jun 3, 2011)

Ok im tyring to open it but Avast keeps blocking it


----------



## Cyanide_tiger (Jun 3, 2011)

Remove your hard drive, then take the most powerful magnet you can find and run it across the surface length-ways, front to back, seven times. This will fix your problem. :V


----------



## Garfang (Jun 3, 2011)

Cyanide_tiger said:


> Remove your hard drive, then take the most powerful magnet you can find and run it across the surface length-ways, front to back, seven times. This will fix your problem. :V



and how this will fix the problem? 



Clayton said:


> Ok im tyring to open it but Avast keeps blocking it


 
if you turn off Avast? does it still block it?


----------



## Volkodav (Jun 3, 2011)

Garfang said:


> if you turn off Avast? does it still block it?


 I don't know how ]: and won't that let more viruses in?


& no, Cyanide. I'm dumb but I'm not that dumb


----------



## CerbrusNL (Jun 3, 2011)

Clayton said:


> I was looking for brownie recipes [lol] online and I got Avast telling me it blocked a trojan and whatnot and it moved it to a chest.
> Then I scanned my comp with Avast and *it said something about a hardware failure and I should restart my comp.* Now some icons on my comp are missing!!  On my desktop
> and Malware bytes is scanning [i told it to]
> What do I do?!?!
> ...



I bet that message looks like a window popup, and always appears after a few minutes? That's the virus talking.

You'd better disconnect that machine from the internet, get "malwatebytes anti-malware" on a USB stick, and scan that machine.
I've had exactly the same virus, MWB found it for me.


----------



## Volkodav (Jun 3, 2011)

CerbrusNL said:


> I bet that message looks like a window popup, and always appears after a few minutes? That's the virus talking.
> 
> You'd better disconnect that machine from the internet, get "malwatebytes anti-malware" on a USB stick, and scan that machine.
> I've had exactly the same virus, MWB found it for me.


Yeah it was the virus lying to me.. but I have scanned it in safe-mode and it SAID it caught the virus and I deleted it out of quarantine... but when I boot the computer up out of safe-mode the virus is still there ]:


----------



## TechnoGypsy (Jun 3, 2011)

Clayton said:


> Ok im tyring to open it but Avast keeps blocking it


 
If it is possible, keep the avast block window up and keep doing what you were doing. If you click 'ok' or whatever it says then you're letting it block you.


----------



## Runefox (Jun 3, 2011)

My suggestion is to schedule an Avast boot time scan. It should be a lot more effective than scanning with Avast in Windows, but make sure you update it first.


----------



## ~Maelstrom~ (Jun 3, 2011)

If it's being a troublesome virus and opting to linger and chill on your system rather than leave, a safe mode system restore is a painless, easy option. (If you have a recent back up point.)


----------



## TechnoGypsy (Jun 3, 2011)

~Maelstrom~ said:


> If it's being a troublesome virus and opting to linger and chill on your system rather than leave, a safe mode system restore is a painless, easy option. (If you have a recent back up point.)


 
Indeed so, works every time


----------



## Runefox (Jun 3, 2011)

TechnoGypsy said:


> Indeed so, works every time


 Not... Really? Most malware can infect System Restore, and System Restore is hardly going to remove it entirely from the system. It's not a perfect image or anything.


----------



## ~Maelstrom~ (Jun 3, 2011)

D: That's horrible; I've just been really lucky then. Whenever my laptop picks up an illness my solution is just to kick it back in time 6-12 hours. It's gonna be a sad day when that doesn't work.


----------



## Sai_Wolf (Jun 3, 2011)

~Maelstrom~ said:


> If it's being a troublesome virus and opting to linger and chill on your system rather than leave, a safe mode system restore is a painless, easy option. (If you have a recent back up point.)


 
It's been a known tactic for *years* now to nest inside of the System Restore folders. Most virus/malware scanners scan there even in their 'quick scan' modes.


----------



## ~Maelstrom~ (Jun 3, 2011)

Don't doubt it's a good tactic, I'm just glad I've never had to deal with it.

Any new Clayton? Did it eat your computer yet?


----------



## Volkodav (Jun 3, 2011)

TechnoGypsy said:


> If it is possible, keep the avast block window up and keep doing what you were doing. If you click 'ok' or whatever it says then you're letting it block you.


 Yeah, I thought that so I had tried running RKill while Avast! bitched but it just opened another Avast! window telling me HURRR R U SURE U WANNA DO DAT and I'm all "yes, ugh cmon" and it won't work ]:



Runefox said:


> My suggestion is to schedule an Avast boot time scan. It should be a lot more effective than scanning with Avast in Windows, but make sure you update it first.


I'm not sure how to do that though. I mean my computer is pretty f'd up right now ahaha



~Maelstrom~ said:


> If it's being a troublesome virus and opting to linger and chill on your system rather than leave, a safe mode system restore is a painless, easy option. (If you have a recent back up point.)


 People [on FA] have been telling me to try system restore to before I got the virus but I don't exactly know where I went wrong. I make sure to always update MalwareBytes/Avast/etc but I realized that MalwareBytes is getting an update error.. 
"update error 5,  0, Createfile"
Which probably isn't caused by the virus.. maybe I just saw it before and ignored it thinking it would go away if I restarted?? idk, my memory is shit.



~Maelstrom~ said:


> Don't doubt it's a good tactic, I'm just glad I've never had to deal with it.
> 
> Any new Clayton? Did it eat your computer yet?


 Hey, sorry, I gave up for the night and went to bed... it's pretty messed up right now.. "messed up" as in the desktop icons are still gone, start-bar programs still gone and the background is black and the stupid Windows Recovery ad still pops up. Jeez I'm losing sleep over a damn stupid virus.. never thought I'd see the day.


----------



## dinosaurdammit (Jun 3, 2011)

Don't they have disk that can wipe any malware and viruses off a computer by just inserting the disk? I know I had a virus and someone came to fix it and just used a disk. Never had a problem after that.


----------



## AshleyAshes (Jun 3, 2011)

When in doubt, ComboFix. :V


----------



## Garfang (Jun 3, 2011)

AshleyAshes said:


> When in doubt, ComboFix. :V


 
yes! ComboFix is a good tool  try also Advance system care


----------



## Runefox (Jun 3, 2011)

Scheduling boot-time scans.


----------



## Volkodav (Jun 3, 2011)

dinosaurdammit said:


> Don't they have disk that can wipe any malware and viruses off a computer by just inserting the disk? I know I had a virus and someone came to fix it and just used a disk. Never had a problem after that.


 That's probably something a comp technician has, I don't have anything like that.



AshleyAshes said:


> When in doubt, ComboFix. :V


 No, Ashley. I'm not even going to try Combofix. Even BleepingComputers says "When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored."
So I'm not even going to download the program. I'm not good with computers.



Runefox said:


> Scheduling boot-time scans.


I will look into this, thanks! I don't know if Avast! can catch this though.. because the virus *did* get through it.


----------



## Ames (Jun 3, 2011)

...Brownie recipes?

Clayton, you should know that obscure fetish porn websites are malware-ridden... >:C


----------



## AshleyAshes (Jun 4, 2011)

Clayton said:


> No, Ashley. I'm not even going to try Combofix. Even BleepingComputers says "When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored."
> So I'm not even going to download the program. I'm not good with computers.


 
In that case, have fun reformatting the hard drive and reinstalling windows, cause it's safe to say that this thing came with a rootkit.


----------



## Volkodav (Jun 4, 2011)

AshleyAshes said:


> In that case, have fun reformatting the hard drive and reinstalling windows, cause it's safe to say that this thing came with a rootkit.


 Ummmm no 
I have been reading about this virus and browsing a website full of people who fix viruses and I've seen them helping many people with the exact same virus that I have.
It's not right to push ComboFix onto someone who knows little to nothing about that shit.


----------



## Conker (Jun 5, 2011)

You could try http://housecall.trendmicro.com/ if you still have the virus. I've had good luck with that particular scan, but YMMV.

Good luck to you though; sucks getting a bad virus.


----------



## Volkodav (Jun 6, 2011)

Conker said:


> You could try http://housecall.trendmicro.com/ if you still have the virus. I've had good luck with that particular scan, but YMMV.
> 
> Good luck to you though; sucks getting a bad virus.


 
What is YMMV?
& what is housecall?


----------



## Runefox (Jun 6, 2011)

Clayton said:


> What is YMMV?
> & what is housecall?


 Your mileage may vary.
Housecall is an online virus scan by Trend Micro. It's OK, but Trend Micro aren't great at finding viruses.


----------



## Conker (Jun 6, 2011)

Runefox said:


> Your mileage may vary.
> Housecall is an online virus scan by Trend Micro. It's OK, but Trend Micro aren't great at finding viruses.


 Meh. Like I said, I've had good luck with them. It's nice to, because it's both a free scan and one you can do via browser.  YOu have to download some really small thing and that's it. None of the INSTALL THIS bullshit.

Anything in particular you would recommend Runefox?


----------



## Volkodav (Jun 7, 2011)

mm gosh
Well I have some kinda PUM.Hijack thing caught in MalwareBytes and someone on a comp. fixer forum is helpingme


----------



## Branch (Jun 7, 2011)

try to get your hands on rKill. it's worked everytime for me. also safemode makes things extra better with maleware programs and such.


----------



## Volkodav (Jun 8, 2011)

Branch said:


> try to get your hands on rKill. it's worked everytime for me. also safemode makes things extra better with maleware programs and such.


 
I did 
Update: I ran RKill and it got the thing and now I don't get any more popups. I'm still not done messin with it though because now MalwareBytes doesn't want to update


----------



## Branch (Jun 8, 2011)

rKill ftw. -i kinda gave up on Malewarebytes. you can do most of it's job just by snooping around in the program folders


----------



## Runefox (Jun 8, 2011)

Branch said:


> rKill ftw. -i kinda gave up on Malewarebytes. you can do most of it's job just by snooping around in the program folders


 One thing that's prohibitively time-consuming is the cleanup, though, and since Malwarebytes handles most jobs anyway, it functions as a jack of all trades. Killing it yourself means you'll probably kill the process and what was spawning it, but you'll leave the rest on your system. Not particularly dangerous in itself, but still messy.


----------



## TheMadHatter (Jun 9, 2011)

You could use a Linux Live CD disc and boot to Linux, grab your files, and abandon ship, wipe the drive & start over.
Either that, or grab the sensitive data, cut/paste, then leave your computer to chance and try to wipe the virus, but with far less of a potential loss at your hands.

:M


----------



## Volkodav (Jun 9, 2011)

No way. I aint redoing my computer.

I have almost gotten rid of it. I'm having a computer technician look at logs right now to figure out why MAlwareBytes isn't letting me update... but other then that... no popups, no fake ads, nothin. So I'm feelng a lot better about it


----------



## yiffytimesnews (Jun 10, 2011)

I got some really good advice from a computer tech who always happens to be a furry. On another computer look for a anti virus boot disc. Burn it. Then run that disc on the infected computer, it could take a couple of hours but eventually the virus will be gone.


----------



## Kumiromi (Jun 11, 2011)

Oh! That virus! I had that one just yesterday. Windows Vista Restore, right?

Here's one thing I found while looking on how to get rid of it. In the end, I just gave up and did a wipe, seeing how I have everything I need backed up, but I'm sure you don't want to do that.

http://www.remove-virus.net/windows-vista-restore-virus/


----------



## Lapdog (Jun 12, 2011)

See, I know why people don't want to buy virus software, (Not enough money, don't think its worth it, etc) but people need to know that if you want somethign good, then you are going to have to buy it (In most cases). Thats why I bought Kaspersky, it has the best reputation, it has the best protection and a huge list of free tools for you to use if you do not want to buy. They also have 30 day free trials if you want full protection. If you want to keep the trials, but don't want to buy, then back-up important files (Word docs, music, etc), install windows again, and get another free trial. That's what I did for 6 months when I didn't have enough money to buy a new licence.

tl;dr: If you want good protection, go Kaspersky.


----------



## Volkodav (Jun 12, 2011)

Kumiromi said:


> Oh! That virus! I had that one just yesterday. Windows Vista Restore, right?
> 
> Here's one thing I found while looking on how to get rid of it. In the end, I just gave up and did a wipe, seeing how I have everything I need backed up, but I'm sure you don't want to do that.
> 
> http://www.remove-virus.net/windows-vista-restore-virus/


 
Windows 7 Recovery



Lapdog said:


> See, I know why people don't want to buy virus software, (Not enough money, don't think its worth it, etc) but people need to know that if you want somethign good, then you are going to have to buy it (In most cases). Thats why I bought Kaspersky, it has the best reputation, it has the best protection and a huge list of free tools for you to use if you do not want to buy. They also have 30 day free trials if you want full protection. If you want to keep the trials, but don't want to buy, then back-up important files (Word docs, music, etc), install windows again, and get another free trial. That's what I did for 6 months when I didn't have enough money to buy a new licence.
> 
> tl;dr: If you want good protection, go Kaspersky.


I don't have the $$ to pay for that stuff


----------



## Shmoot (Jun 14, 2011)

Unlucky man, I have to agree it's one of the most relentless, persistent pieces of malware out there.
When I had it a combination of killing the process tree, malwarebytes and deleting a whole load of stuff worked eventually.

Brutal.


----------



## Volkodav (Jun 16, 2011)

Shmoot said:


> Unlucky man, I have to agree it's one of the most relentless, persistent pieces of malware out there.
> When I had it a combination of killing the process tree, malwarebytes and deleting a whole load of stuff worked eventually.
> 
> Brutal.


 Im pretty sure im 99% finished.
I ran OTL and Unhide and was able to update MAlwarebytes to the most current version. Now there's no sign of Windows Recovery anywhere.


----------



## Andy Nonimose (Jun 24, 2011)

Stop looking at space cake recipes/porn without good browser protections. :V

If a virus is still present after an anti-virus sweep in safe mode, it's more than likely written a few registry keys that will allow it to replicate. If you can, look up the virus on a security database and see what files and registry keys need to be deleted. If your browser is blocked and won't allow you to visit security sites, check your HOSTS file and blocked sites list. If your browser/antivirus software/anti-malware is being blocked from starting up, rename the EXE file to explorer.exe and it will usually work around the filter.

All else fails, I hope you have a decent backup or a recovery disc.


----------



## Volkodav (Jun 24, 2011)

Andy Nonimose said:


> Stop looking at space cake recipes/porn without good browser protections. :V
> 
> If a virus is still present after an anti-virus sweep in safe mode, it's more than likely written a few registry keys that will allow it to replicate. If you can, look up the virus on a security database and see what files and registry keys need to be deleted. If your browser is blocked and won't allow you to visit security sites, check your HOSTS file and blocked sites list. If your browser/antivirus software/anti-malware is being blocked from starting up, rename the EXE file to explorer.exe and it will usually work around the filter.
> 
> All else fails, I hope you have a decent backup or a recovery disc.


 I've gotten rid of the actual virus, but I'm having other lame issues with my compute that are unrelated.

Lately, my computer has been bluescreening upon log-in and then it restarts my computer [just one] and I can log in fine. I think ntoskrnl.exe is causing it. Idk how to fix it but it's a minor annoyance.
Another problem I've been having is that I can't scan through using Brother's Control Center.. I have to scan through Paint, because when I use the CC, I get an error message CC3-003-00031c0e
I've uninstalled the printer and re-installed but nothing has worked.
Third problem I've been having is IDK how to back up my whole computer :\ It was going good the other night but failed at "shadow copy". I have a legit copy of Windows 7, it came with my laptop... I just don't know what the problem is.


----------



## Andy Nonimose (Jun 24, 2011)

Clayton said:


> I've gotten rid of the actual virus, but I'm having other lame issues with my compute that are unrelated.
> 
> Lately, my computer has been bluescreening upon log-in and then it restarts my computer [just one] and I can log in fine. I think ntoskrnl.exe is causing it. Idk how to fix it but it's a minor annoyance.
> Another problem I've been having is that I can't scan through using Brother's Control Center.. I have to scan through Paint, because when I use the CC, I get an error message CC3-003-00031c0e
> ...



Well it's good to hear your virus problem has cleared up. 

Go get NirSoft's BlueScreenView or some other similar utility. It'll allow you to see exactly what's been dumped in the logs as the cause for your BSOD. Then you can punch whatever it is that's highlighted as problematic into Google and go deeper.

As for the printer, have you tried looking on Brother's website for updated drivers and/or been updating Win7 regularly? Sometimes those issues are resolved with updates. Otherwise I'd say check their forums.

For backups, I can't really point you in any particular direction with the native backup program. I use a third party software (Rebit SaveMe) that passively maintains a backup whenever I plug in my external drive. Something that might help is looking at the Microsoft forums or HowTo.


----------



## Volkodav (Jun 24, 2011)

Andy Nonimose said:


> Well it's good to hear your virus problem has cleared up.
> 
> Go get NirSoft's BlueScreenView or some other similar utility. It'll allow you to see exactly what's been dumped in the logs as the cause for your BSOD. Then you can punch whatever it is that's highlighted as problematic into Google and go deeper.
> 
> ...


 
Yeah I got the BluescreenView thing.. and it said that ntoskrnl.exe is causing the bluescreens.

I updated Windows 7 the other day and after that is when the bluescreen occurred. I hadn't used my scanner for a little while before the updating, but it worked flawlessly until the update... IDK if the update is what caused it or not though.

I'm going to try and join both Brother and Microsoft's forums and ask em


----------



## Andy Nonimose (Jun 24, 2011)

Clayton said:


> Yeah I got the BluescreenView thing.. and it said that ntoskrnl.exe is causing the bluescreens.
> 
> I updated Windows 7 the other day and after that is when the bluescreen occurred. I hadn't used my scanner for a little while before the updating, but it worked flawlessly until the update... IDK if the update is what caused it or not though.
> 
> I'm going to try and join both Brother and Microsoft's forums and ask em



Sounds to me like Microsoft derped your scanner, wouldn't be the first time it's happened.


----------



## Volkodav (Jun 24, 2011)

Andy Nonimose said:


> Sounds to me like Microsoft derped your scanner, wouldn't be the first time it's happened.


 Uuugghh  Wellp, I'm askin em for help regardless. I love that scanner, man. It's my child.


----------



## Andy Nonimose (Jun 24, 2011)

Clayton said:


> Uuugghh  Wellp, I'm askin em for help regardless. I love that scanner, man. It's my child.


 
Hopefully delivered by C-Section. :V


----------



## Volkodav (Jun 24, 2011)

Andy Nonimose said:


> Hopefully delivered by C-Section. :V


 It was
It weighs 17lbs


----------



## Kamatz (Jun 26, 2011)

I hope the brownies were worth it :V

You probably could have formatted your computer in the time it took to try and purge the thing from your system. I've only ever gotten one virus. I gave up trying to fix it after a few days and just backed up my files and formatted. It's the only way to be sure everything is back to 100%. Sometimes even an e-condom isn't enough to protect your computer from the std's, and when that happens, it's best to just put her down.


----------



## Volkodav (Jun 26, 2011)

Kamatz said:


> I hope the brownies were worth it :V
> 
> You probably could have formatted your computer in the time it took to try and purge the thing from your system. I've only ever gotten one virus. I gave up trying to fix it after a few days and just backed up my files and formatted. It's the only way to be sure everything is back to 100%. Sometimes even an e-condom isn't enough to protect your computer from the std's, and when that happens, it's best to just put her down.


No way!!! It took so long because the guy(s) who were helping fix my computer were also fixing other peoples computers, and would take some time in between replies.

Im working on backing up my comp (I couldnt have formatted it in the first place because I don't have everything baced up :\)


----------



## yiffytimesnews (Jul 1, 2011)

If you ever need a brownie recipe again try the Food Network site http://www.foodnetwork.com/search/delegate.do?fnSearchString=brownies&fnSearchType=site


----------



## Volkodav (Jul 1, 2011)

yiffytimesnews said:


> If you ever need a brownie recipe again try the Food Network site http://www.foodnetwork.com/search/delegate.do?fnSearchString=brownies&fnSearchType=site


 Hahaha, thanks!  I will keep this in mind

UPDATE in case any computer nerds here care

Computer is working very well, like normal.. only problem I'm having is that my scanner doesn't want to scan through its control center.


----------



## Andy Nonimose (Jul 2, 2011)

Kamatz said:


> You probably could have formatted your computer in the time it took to try and purge the thing from your system.


^Computer repair advice from a bad. What if one of the files you backed up was a payload?

Formatting is a last resort, not a cure-all (unless you work for the gubmint, then it's standard protocol). Not everyone has the spare storage to back up their files, even though they should, and rewriting the partition is more taxing on the HDD than manual removal of a virus. I've got a 10 year old desktop sittin at home with the original HDD, and in its lifetime its had its share of viruses. Not once have I had to resort to reformatting.



> UPDATE in case any computer nerds here care
> 
> Computer is working very well, like normal.. only problem I'm having is  that my scanner doesn't want to scan through its control center.



I prefer "geek". :V

Check Brother's forums and check to see if there are any software/driver updates for your model of printer. Hell, even posting a conflict might help their developers realize there's an issue. (Can't make a software patch if you don't know what's broken)


----------



## Volkodav (Jul 2, 2011)

Andy Nonimose said:


> I prefer "geek". :V
> 
> Check Brother's forums and check to see if there are any software/driver updates for your model of printer. Hell, even posting a conflict might help their developers realize there's an issue. (Can't make a software patch if you don't know what's broken)



Will do, thanks!


----------

