R/C Tech Forums

Go Back   R/C Tech Forums > General Forums > Electric On-Road

Reply
 
Thread Tools Search this Thread
Old 03-21-2012, 05:54 AM   #31
Tech Fanatic
 
Join Date: Oct 2003
Location: downunder
Posts: 814
Trader Rating: 22 (100%+)
Default

What is the best way to get rid of this virus, as I am not to savy with pewters can you please make it easy for me.
bjspinner is offline   Reply With Quote
Old 03-21-2012, 08:24 AM   #32
Tech Regular
 
Coelacanth's Avatar
 
Join Date: Aug 2010
Location: Alberta, Canada
Posts: 318
Trader Rating: 2 (100%+)
Default

Quote:
Originally Posted by bjspinner View Post
What is the best way to get rid of this virus, as I am not to savy with pewters can you please make it easy for me.
To be honest, that's like a person who knows little about cars asking "How do I rebuild my transmission?". To thoroughly clean up all evidence of any malware takes years of experience, knowing where to look for their remnant files, knowing which software tools to download & use, and lastly verifying that a computer is indeed clean. I guess malware removal is one of my areas of expertise, and I can't easily tell you everything I know in a few paragraphs...but I would begin by downloading the free AVast Antivirus (www.avast.com), free MalwareBytes (www.malwarebytes.org), TDSSKiller (http://support.kaspersky.com/downloa...tdsskiller.zip) and installing them. Then boot into Safe Mode (press F8 repeatedly at bootup and select Safe Mode when a menu appears) and do full scans with all three utilities.

Even then, those programs may not remove the remnant leftover files or Registry entries, but nobody should be poking around there if they don't know about it, anymore than a person who doesn't know about car engines shouldn't be removing their cylinder heads or replacing injectors...but at least those programs will cripple the malware enough that your computer should work normally again.

Failing that, do what people do when their car has problems: take it to an experienced service technician.
__________________
"Paranoia roams where the shadows reign." ~Marillion
Coelacanth is offline   Reply With Quote
Old 03-21-2012, 03:20 PM   #33
Tech Champion
 
oXYnary's Avatar
 
Join Date: Dec 2003
Posts: 6,301
Trader Rating: 4 (100%+)
Send a message via AIM to oXYnary Send a message via Yahoo to oXYnary
Default

If this infection is the same one I had to fix on someone else's computer. It hides your system files, so you cant get to the downloads folder to start malwarbytes. You can click "open file when downloaded" to start. But upon reboot it will be hidden again. You need another script that unhides all the system files at the same time.
__________________
www.3drcracing.com <<RC Video Game.
Kyosho Mini-Z Buggy, Moto Racer | Losi Micro SCT, 8ight Mini
oXYnary is offline   Reply With Quote
Old 03-21-2012, 03:30 PM   #34
Tech Regular
 
Coelacanth's Avatar
 
Join Date: Aug 2010
Location: Alberta, Canada
Posts: 318
Trader Rating: 2 (100%+)
Default

It actually hides all the folders inside the infected user's profile folder; in Win XP, that's all the subfolders beneath C:\Documents & Settings\<profilename>; in Win 7, it's C:\Users\<profilename>. The My Documents, Downloads, etc. folders are inside those profiles, which is why you can't find the downloads.

The "Folder Unhider" is a tiny program that's about 493 KB and automatically unhides them. I can't remember where I downloaded it from, but you can probably find it without much trouble.

Of course, it's important to first identify which running process is doin' the nasty, and Ending Task on it. If it doesn't auto-load itself right away, you can delete that executable and look for Registry RUN key references to it, and delete those too. If it auto-loads itself, things get more complicated.
__________________
"Paranoia roams where the shadows reign." ~Marillion
Coelacanth is offline   Reply With Quote
Old 03-21-2012, 05:07 PM   #35
Tech Apprentice
 
Join Date: Jul 2010
Posts: 78
Default

Quote:
Originally Posted by Coelacanth View Post
It actually hides all the folders inside the infected user's profile folder... The My Documents, Downloads, etc. folders are inside those profiles, which is why you can't find the downloads...
Or you set your browser to not make an automatic download where the default folder, but set on "let me choose where to save", and you choose C: or even an USB key to save Malwarebytes.

I also believe that Malwarebytes can fix it alone. Didn't remind if it unhide folders or not though.
FFred is offline   Reply With Quote
Old 03-21-2012, 05:36 PM   #36
Tech Regular
 
Coelacanth's Avatar
 
Join Date: Aug 2010
Location: Alberta, Canada
Posts: 318
Trader Rating: 2 (100%+)
Default

Malwarebytes won't unhide folders. It also won't repair overwritten file associations, replace deleted Start menu shortcuts, and probably won't remove a functioning rootkit. MWB is an excellent program for what it does, but it's only one of many tools a person needs to do a thorough system clean...not to mention just having knowledge of where that crap hides and what the malicious files themselves look like (as far as filenames go).

I usually find those "Warning: your computer may be infected" type of malwares begin by sticking themselves in an infected user's "Application Data" and "Local Settings\Application Data" folders. Once you've terminated the offending running process(es), you can usually quite easily just delete the malicious files & folders right in those 2 locations, which effectively cripples it enough that antivirus & anti-malware programs can scan & remove the rest.
__________________
"Paranoia roams where the shadows reign." ~Marillion
Coelacanth is offline   Reply With Quote
Old 03-21-2012, 06:57 PM   #37
Tech Fanatic
 
elee32's Avatar
 
Join Date: Mar 2011
Location: lambertville, nj
Posts: 788
Trader Rating: 18 (100%+)
Default

Quote:
Originally Posted by bjspinner View Post
What is the best way to get rid of this virus, as I am not to savy with pewters can you please make it easy for me.
right there with you. I just ran my anti-virus program (its called webroot) and it removed it....as far as I can tell
elee32 is offline   Reply With Quote
Old 03-30-2012, 08:56 AM   #38
Tech Adept
 
Join Date: Oct 2004
Location: Bedfordshire UK
Posts: 106
Default

Anybody know if it is still a problem?

Jason
jasonb is offline   Reply With Quote
Old 03-30-2012, 09:52 AM   #39
Tech Master
 
littlevette's Avatar
 
Join Date: Apr 2009
Posts: 1,473
Trader Rating: 22 (100%+)
Default

just barely catching up with this thread. i got this thing a couple of weeks ago too. pretty crafty virus. won't let you do much. even with an open browser.

i downloaded the fake anti-virus remover: http://esupport.trendmicro.com/Pages...oval-Tool.aspx
loaded, ran it, and it was gone.
littlevette is offline   Reply With Quote
Old 03-30-2012, 10:41 AM   #40
Tech Master
 
Join Date: Aug 2002
Location: Nor-Cal
Posts: 1,853
Trader Rating: 18 (100%+)
Default

Quote:
Originally Posted by Coelacanth View Post
It actually hides all the folders inside the infected user's profile folder; in Win XP, that's all the subfolders beneath C:\Documents & Settings\<profilename>; in Win 7, it's C:\Users\<profilename>. The My Documents, Downloads, etc. folders are inside those profiles, which is why you can't find the downloads.

The "Folder Unhider" is a tiny program that's about 493 KB and automatically unhides them. I can't remember where I downloaded it from, but you can probably find it without much trouble.

Of course, it's important to first identify which running process is doin' the nasty, and Ending Task on it. If it doesn't auto-load itself right away, you can delete that executable and look for Registry RUN key references to it, and delete those too. If it auto-loads itself, things get more complicated.
It's call "unhide.exe" and you can find it available for download at bleepingcomputer.com
__________________
SMC ( www.smc-racing.com the only place to order your batteries online.), Awesomatix, Gonzo Paints, BN Racing

"Imitation is the sincerest form of flattery."
Advil is offline   Reply With Quote
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
RC Mushroom got virus? kinga Australian Racing 34 03-24-2012 11:45 PM



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -7. It is currently 01:51 AM.


We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
Powered By: vBulletin v3.9.2.1
Privacy Policy | Terms of Use | Advertise Content © 2001-2011 RCTech.net