The Warring States of NPF  

Go Back   The Warring States of NPF > Social > Computers & Technology
User Name
Password
FAQ Members List Calendar Today's Posts Join Chat

Closed Thread
View First Unread View First Unread   Click to unhide all tags.Click to hide all tags.  
Thread Tools Display Modes
Unread 03-19-2010, 07:04 PM   #1
Preturbed
betrayal!
 
Preturbed's Avatar
 
Join Date: Feb 2006
Posts: 1,092
Preturbed is a name known to all, except that guy. Preturbed is a name known to all, except that guy. Preturbed is a name known to all, except that guy.
Serious Virus Removal/System Maintenance. I charge $50 for this, so read up.

I've noticed lately that a lot of people are having virus trouble and aren't reading the previous virus-related posts. This post is for them. While I'm at it, I'm going to give you some basic tips on keeping your computer running at peak efficiency.


Help I've got a virus! / Do I have a virus?

First thing's first. If you're not sure if you have a virus, you've probably got a virus. You won't hurt your computer by treating as though it does so follow these instructions.

The most common virus on computers today is a variant on "Windows XP Antivirus," a program that masquerades as a virus scanner and tells you you have an ungodly number of infections. If you didn't install a virus scanner on purpose, it's probably a variant on this.

You will need the following tools:
Malwarebytes Anti-Malware | Sophos Anti-Rootkit | A computer with internet access | Flash Drive (optional) | A virus scanner that isn't Norton or McAffee.

1. Start your computer in safe mode. That means when your computer is starting up, hit F8 a lot until you get a menu. Choose Safe Mode with Networking.

2. Turn off System Restore. A virus can hide out in your system restore area until it decides to come out, and all this work will have been for nothing. Programs - Accessories - System Tools - System Restore - System Restore Settings - Check turn off System Restore - Apply

3. Install Malwarebytes Anti-Malware, update and run it. Some viruses have gotten smart and often block MBAM from running or installing. You can circumvent this by changing the filename and extension of the installer and/or program. It will run just as well as a .bat, so if you've changed the name and it still doesn't work, change the extension as well. If it installs but won't run, find the installed program file under C:\Program Files\Malwarebytes Anti-Malware\mbam.exe. You can change both the filename and extension here as well to stop the madness.

Let MBAM run, and once it has run tell it to remove selected. It's pretty self-explanatory here.

4. Still having problems, install and run Sophos Anti-Rootkit.

5. Still having problems? Google your symptoms. There's a solid chance others have the same issue and there's a fix to download for it. I've done this right in front of clients and they have no idea what I'm up to, and I still get paid for the fix.

6. Personally, I stop trying after about an hour or so and simply format and reinstall windows. Back up all your shit first, unless you want to lose it. You either have a copy lying around, know somebody who does, or your computer has a copy of windows in a special partition. This is a drastic measure, but it gets rid of EVERY problem you have. This step WILL cause hardware to stop functioning, so make sure that you are either using a disk designed for your make and model of PC, or learn where to download the drivers for your computer. They're usually not too hard to find. Run a virus scan on your backed-up files before putting them onto your new clean PC.

7. If you solved the problem without going to step 6, repeat step 2. This time you want to turn System Restore back on, and I recommend creating a fresh restore point as well.



Keeping your computer running like new

You will need the following tools:
Malwarebytes Anti-Malware | CCleaner | Ad-Aware | A Virus Scanner that isn't Norton or McAffee.

1. Pay attention to what the fuck you are doing. Do not open email from strangers. Do not download video that has an unusual codec it wants you to use. Do not go to sites you do not trust, even for a moment. This goes, like, quintuple for porn.

2. DO NOT USE LIMEWIRE for god's sake. If you must download, use torrents. If you must use torrents, read the comments on the download page. I shouldn't have to tell this to my peers, but the majority of work I do for people my age is removing a virus and lecturing them on what I just told you.

3. Check the URL before clicking a link. Just hover your mouse over the link and look in the bottom left corner of your browser. A link may look like this http://www.facebook.com and go someplace completely different. If you think you've fallen victim to this, look at the top of the browser where you type in the address. It should say what you expect it to say. Anything else is a scam.

4. Use Firefox or Chrome. Just do it. Don't try to remove IE though, that can cause serious system issues. Use an ad-blocker.

5. Run Ad-Aware twice a month.

6. Run Malwarebytes once in a while, even if you don't think you need to. Safe Mode isn't necessary this time, but keep an eye on it.

7. Run CCleaner about once a month. Use the Cleaner tab as directed. Using the registry tab has never done me wrong, but back up the registry just in case. Use the Tools - Startup tab to disable programs that start with the computer. Don't be afraid, none of this stuff is critical, so you can disable everything if you like.

8. Run your virus scanner weekly. Right now my favorite is Panda Cloud; I'm installing it on client's computers every chance I get. It's got a very small footprint so it's great for those older models.

I hope I've helped a bit by posting this.

EDIT: Added a tip.
__________________

sudden but inevitable

Last edited by Preturbed; 03-29-2010 at 12:53 AM.
Preturbed is offline Add to Preturbed's Reputation  
Unread 03-19-2010, 11:08 PM   #2
Azisien
wat
 
Azisien's Avatar
 
Join Date: Jan 2005
Posts: 7,177
Azisien can secretly fly, but doesn't, because it would make everyone else feel bad that they can't. Azisien can secretly fly, but doesn't, because it would make everyone else feel bad that they can't. Azisien can secretly fly, but doesn't, because it would make everyone else feel bad that they can't. Azisien can secretly fly, but doesn't, because it would make everyone else feel bad that they can't. Azisien can secretly fly, but doesn't, because it would make everyone else feel bad that they can't. Azisien can secretly fly, but doesn't, because it would make everyone else feel bad that they can't. Azisien can secretly fly, but doesn't, because it would make everyone else feel bad that they can't. Azisien can secretly fly, but doesn't, because it would make everyone else feel bad that they can't. Azisien can secretly fly, but doesn't, because it would make everyone else feel bad that they can't. Azisien can secretly fly, but doesn't, because it would make everyone else feel bad that they can't.
Default

Keeping your computer running like new, the awesome way!

1. Have good Internet.

2. Backup files

3. Nuke it and start over
Azisien is offline Add to Azisien's Reputation  
Unread 03-19-2010, 11:22 PM   #3
Preturbed
betrayal!
 
Preturbed's Avatar
 
Join Date: Feb 2006
Posts: 1,092
Preturbed is a name known to all, except that guy. Preturbed is a name known to all, except that guy. Preturbed is a name known to all, except that guy.
Default

Quote:
Originally Posted by Azisien View Post
Keeping your computer running like new, the awesome way!

1. Have good Internet.

2. Backup files

3. Nuke it and start over
This man obviously has experience in the business.
__________________

sudden but inevitable
Preturbed is offline Add to Preturbed's Reputation  
Unread 03-20-2010, 02:19 PM   #4
Pip Boy
Sent to the cornfield
 
Pip Boy's Avatar
 
Join Date: Feb 2008
Location: A right and proper Nerd Cave
Posts: 2,460
Pip Boy single-handedly slew a dragon. Pip Boy single-handedly slew a dragon. Pip Boy single-handedly slew a dragon. Pip Boy single-handedly slew a dragon. Pip Boy single-handedly slew a dragon. Pip Boy single-handedly slew a dragon.
Default

As often as I've had to reformat, it is quite inconvenient because nowadays it can take me weeks to finally get my computer back up to date as far as forwarding ports and installing programs and re-torrenting legitimate files and the like.

Last edited by Pip Boy; 03-20-2010 at 04:18 PM.
Pip Boy is offline Add to Pip Boy's Reputation  
Unread 03-20-2010, 04:04 PM   #5
bluestarultor
Blue Psychic, Programmer
 
bluestarultor's Avatar
 
Join Date: Feb 2007
Location: Home!
Posts: 8,814
bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two.
Default

Quote:
Originally Posted by Megaman FTW View Post
As often as I've had to reformat, is is quite inconvenient because nowadays it can take me weeks to finally get my computer back up to date as far as forwarding ports and installing programs and re-torrenting legitimate files and the like.
And that's not even counting your raging piracy addiction! :p
__________________
Quote:
Originally Posted by Drake Clawfang
Aerith is clearly the most badass character ever. She saves the world. Twice. While dead. No one else can claim that, can they?
I'm gone from here for good. This place gave me many memories to take with me and shaped me greatly. I still care about you guys. I just can't stay.

Journal | Twitter | FF Wiki (Talk) | Projects | Site
bluestarultor is offline Add to bluestarultor's Reputation  
Unread 03-20-2010, 04:14 PM   #6
synkr0nized
synk-ism
 
synkr0nized's Avatar
 
Join Date: Nov 2003
Location: throughout the Wired
Posts: 6,857
synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law.
Send a message via ICQ to synkr0nized Send a message via AIM to synkr0nized Send a message via MSN to synkr0nized Send a message via Skype™ to synkr0nized
Default a little prevention

Not a bad thread at all. Though I don't give up just after an hour or so nor do I advocate reformatting so easily, to each his own. In any case, that's a pretty solid list of the actions you should take. It may also be useful, for your peace of mind, to run HijackThis!, save the log, and post it somewhere (such as a malware help forum or, if you trust us here at NPF, here) to get the opinion of others, often people who do this for a living or have more experience than you, and help identifying issues.


I would also suggest that, regardless of one's browser preference, using something to enable easy management of scripts. For example, in Firefox I always run with NoScript and also Flashblock. While I don't intentionally visit shady sites on this machine -- that's what my Linux box is for -- at least NoScript will keep almost everything ever from running and auto-downloading or redirecting, etc., rendering sites impotent against me, including ones you feel are trustworthy. Fortunately, you can choose to allow sites you trust, or temporarily give scripts permission to run [the method I prefer].

Flashblock just stops anything flash-based from running; this is not as much for security as it is for my peace of mind. I abhor flash-based advertising and pages full of the animations, and things run quicker without them until I click to play what I want (e.g.: a YouTube video).


And for everyone's sake, if you are on a Windows machine please run some kind of anti-virus and make sure your firewall, either the built-in one or otherwise, is doing something, anything. This isn't a bash on Windows but a reality of running the most widely-used operating system.
__________________

Find love.
synkr0nized is offline Add to synkr0nized's Reputation  
Unread 03-20-2010, 04:16 PM   #7
Meister
Pure joy
 
Meister's Avatar
 
Join Date: Nov 2003
Location: Germany
Posts: 10,689
Meister slew the jabberwocky! Callooh! Callay! Meister slew the jabberwocky! Callooh! Callay! Meister slew the jabberwocky! Callooh! Callay! Meister slew the jabberwocky! Callooh! Callay! Meister slew the jabberwocky! Callooh! Callay! Meister slew the jabberwocky! Callooh! Callay! Meister slew the jabberwocky! Callooh! Callay! Meister slew the jabberwocky! Callooh! Callay! Meister slew the jabberwocky! Callooh! Callay! Meister slew the jabberwocky! Callooh! Callay! Meister slew the jabberwocky! Callooh! Callay!
Send a message via AIM to Meister Send a message via MSN to Meister
Default

Quote:
Originally Posted by synkr0nized View Post
Not a bad thread at all.
In fact I think I'm gonna stick it. Possibly as a go-to thread for virus problems, too, but mainly as a resource to point people to.
Meister is offline Add to Meister's Reputation  
Unread 03-20-2010, 05:53 PM   #8
Preturbed
betrayal!
 
Preturbed's Avatar
 
Join Date: Feb 2006
Posts: 1,092
Preturbed is a name known to all, except that guy. Preturbed is a name known to all, except that guy. Preturbed is a name known to all, except that guy.
Default

Quote:
Originally Posted by synkr0nized View Post
synkr0nized
All good suggestions. I don't personally use a noscript/flashblock because like you said, it renders everything impotent including sites you trust. The reason I give up after an hour is not that I can't fix it, but that you hit a difficulty curve like a brick wall. If it takes more than an hour, it's probably going to take more like seven. Since I'm charging a flat rate I can't afford that sort of thing.
__________________

sudden but inevitable
Preturbed is offline Add to Preturbed's Reputation  
Unread 03-20-2010, 07:11 PM   #9
synkr0nized
synk-ism
 
synkr0nized's Avatar
 
Join Date: Nov 2003
Location: throughout the Wired
Posts: 6,857
synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law.
Send a message via ICQ to synkr0nized Send a message via AIM to synkr0nized Send a message via MSN to synkr0nized Send a message via Skype™ to synkr0nized
Default I am also a glutton for fixing computers regardless of the time.

Hmm, interesting point. I don't do this for money [yet?], so I trudge forth. I imagine if I did and had multiple clients I'd have to set a boundary/gauge/limit/whatehaveyou, as well.
__________________

Find love.
synkr0nized is offline Add to synkr0nized's Reputation  
Unread 12-25-2013, 03:42 AM   #10
Darkblade
Sent to the cornfield
 
Darkblade's Avatar
 
Join Date: Apr 2004
Posts: 23
Darkblade is reputed to be..repu..tational. Yes.
Send a message via AIM to Darkblade
Default

I didnt see combofix in the thread so I'll make sure it does show up. Its a life saver.

Edit: If you want advice from someone that has done side jobs and done the job for work ask me.

---------- Post added at 03:50 AM ---------- Previous post was at 03:41 AM ----------

Quote:
Originally Posted by Preturbed View Post
This man obviously has experience in the business.
Stop talking please. You two make my profession a joke.

---------- Post added at 04:07 AM ---------- Previous post was at 03:50 AM ----------

So newbies and non tech folks know. Malwarebytes is a great program for cleaning off malware and adware, you have to pay for real time protection though. Combofix is a program that checks for rootkits and viruses(I'd say advanced users only).

---------- Post added at 04:12 AM ---------- Previous post was at 04:07 AM ----------

Quote:
Originally Posted by synkr0nized View Post
For example, in Firefox I always run with NoScript and also Flashblock. While I don't intentionally visit shady sites on this machine -- that's what my Linux box is for -- at least NoScript will keep almost everything ever from running and auto-downloading or redirecting, etc., rendering sites impotent against me, including ones you feel are trustworthy.

Would you please not give bad advice to people here unless you have some kind of understanding of security.

---------- Post added at 04:17 AM ---------- Previous post was at 04:12 AM ----------

The best advice anyone can follow is don't click links you don't trust or look shady. Use complex passwords and as always don't trust some ass on the internet to tell you the truth!

---------- Post added at 04:20 AM ---------- Previous post was at 04:17 AM ----------

Quote:
Originally Posted by synkr0nized View Post
Hmm, interesting point. I don't do this for money [yet?], so I trudge forth. I imagine if I did and had multiple clients I'd have to set a boundary/gauge/limit/whatehaveyou, as well.
You shouldnt do it for free or at all if you dont know what your telling people....

---------- Post added at 04:42 AM ---------- Previous post was at 04:20 AM ----------

Quote:
Originally Posted by synkr0nized View Post
Not a bad thread at all. Though I don't give up just after an hour or so nor do I advocate reformatting so easily, to each his own. In any case, that's a pretty solid list of the actions you should take. It may also be useful, for your peace of mind, to run HijackThis!, save the log, and post it somewhere (such as a malware help forum or, if you trust us here at NPF, here) to get the opinion of others, often people who do this for a living or have more experience than you, and help identifying issues.


I would also suggest that, regardless of one's browser preference, using something to enable easy management of scripts. For example, in Firefox I always run with NoScript and also Flashblock. While I don't intentionally visit shady sites on this machine -- that's what my Linux box is for -- at least NoScript will keep almost everything ever from running and auto-downloading or redirecting, etc., rendering sites impotent against me, including ones you feel are trustworthy. Fortunately, you can choose to allow sites you trust, or temporarily give scripts permission to run [the method I prefer].

Flashblock just stops anything flash-based from running; this is not as much for security as it is for my peace of mind. I abhor flash-based advertising and pages full of the animations, and things run quicker without them until I click to play what I want (e.g.: a YouTube video).


And for everyone's sake, if you are on a Windows machine please run some kind of anti-virus and make sure your firewall, either the built-in one or otherwise, is doing something, anything. This isn't a bash on Windows but a reality of running the most widely-used operating system.
Learn how networks function. This garbage might stop then

Idiots like you tell people about firewalls and there has always been a firewall between broadband users and the internet. Scare tactics are an asshole scammers game.

For browser security I have always run ad block plus. Its usually pdf ads that infect people so adblock seems to help a lot.

Last edited by Darkblade; 12-25-2013 at 03:48 AM.
Darkblade is offline Add to Darkblade's Reputation  
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 08:47 PM.
The server time is now 01:47:43 AM.


Powered by: vBulletin Version 3.8.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.