• I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...

I think I may have downloaded some form of malware...what to do

gabagoo

New Member
Yea stupid me... Multi tasking today and got an email from a client with an attachment in the text area of the mail. Like a dummy I clicked on it and I can tell something happened. I then realized what I had just done and ran ccleaner and then Super spyware and then Microsoft security essentials. How can I tell for sure If I removed whatever it was. Man I feel so stupid...I never touch stuff like that but I was not thinking straight. FAK!!! I am afraid to shut the comp down now... any suggestions outside of what I have run?
 

MGB_LE

New Member
Malwarebytes has a free version that works pretty well. If that doesn't do it, I also install Spybot and scan with that. The combo usually clears out any troublemakers I have.
 

bannertime

Active Member
Each one of those should have a log of what happened. I'd also see if any of those can scan the email itself.
 

netsol

Active Member
if you think you got something serious,
do a system restore to an older restore point
malwarebytes
empty temps
c:\temp
c:\windows\temp
c:\users\your user name\app data\local\temp
full virus scan
if you don't trust your virus software, i think symantec still has NPE
it scans yourvpc with their online database (great if your antivirus has already been compromised
change your passwords, hopefully from a different device

keep an eye on credit card and bank balances for a while
 

signage

New Member
hope this wasn't on your production machine. This is one of the main reasons for doing backups (incremental) so you have a solid restore point. Also this is why my production computers are not online! What has been mentioned above are all good staring points, hopefully if you did get malware or virus it has already been discovered and quarantined,
 

Texas_Signmaker

Very Active Signmaker
hope this wasn't on your production machine. This is one of the main reasons for doing backups (incremental) so you have a solid restore point. Also this is why my production computers are not online! What has been mentioned above are all good staring points, hopefully if you did get malware or virus it has already been discovered and quarantined,

Forget production machine...hope its not the same PC he run Quickbooks on or accesses inline banking, that would be much worse
 

WildWestDesigns

Active Member
Personally, what I would do (providing you have done backups and have them stored somewhere else that the computer doesn't have access to when the virus/malware attached itself to the computer) is do a fresh install and then load up that backup to get me roughly to where I was before.

I wouldn't trust existing consumer tools to get everything off the system and if I didn't have the knowledge and/or time to confirm that everything was off the system after running those tools, it is ironically going to be quicker to just nuke the install and use a backup to get up and running again.

Aggressive.....maybe. However, for peace of mind, I would do it. Sure it eats up into time, but that is all the risk that people have with computers attached to a WAN.

Then I would change out the passwords to everything, starting with the accounts that that computer has been used to access.
 

brycesteiner

New Member
This is one reason why running virtual machines works so well. Keep backups of one file and then you can move it to any other computer if the host gets compromised. It's easier to keep backups and you can run older software without the compatibility issues. You can also run the OS that you want as the host if you prefer not to run Windows, which has a poor track record of security vulnerabilities and real world compromises.
 

WildWestDesigns

Active Member
This is one reason why running virtual machines works so well. Keep backups of one file and then you can move it to any other computer if the host gets compromised. It's easier to keep backups and you can run older software without the compatibility issues. You can also run the OS that you want as the host if you prefer not to run Windows, which has a poor track record of security vulnerabilities and real world compromises.

In theory yes, but if your Guest VM has WAN access and there is shared folders inside the Guest for LAN access, that can fubar your entire system (even if one uses a UNIX-Like OS versus another Windows, some files can be compromised as they are cross platform if the program itself is also cross platform).

Also, be careful, swapping the host computer to a different host computer can also break your Windows install as the VM does acknowledge your CPU/GPU specs and if there is a significant change, programs and OS typically need to be re activated.

I do agree with regard to Windows and vulnerabilities/compromises. Ironically, some of the pluses with Windows are actually it's cons as well. And it tends to also go with some of the software as well.
 

netsol

Active Member
unless i am missing something, we have never seen anything else fromOP
if he deleted temp, changed passwords & did a scan this should be history

it seems like cabin fever striking the group, unless there is something i don't see
 

WildWestDesigns

Active Member
did a scan this should be history

Not necessarily. Some bad boys can hide in files/drivers etc that are protected when full Windows is running (as in not in Safe Mode). Even running in Safe Mode with networking on, also has it's drawbacks when trying to remove the bad boys as well. Some scanning software have to run specialty drivers which won't run in Safe Mode. So no, it may not be quite as easy as doing a scan and that being it.

Times like this, I really miss not being able to boot into full DOS (not that NTVDM crap that's on 32bit Windows now) and removing malware and then just running "win" when done.
 

DPD

New Member
Yea stupid me... Multi tasking today and got an email from a client with an attachment in the text area of the mail. Like a dummy I clicked on it and I can tell something happened. I then realized what I had just done and ran ccleaner and then Super spyware and then Microsoft security essentials. How can I tell for sure If I removed whatever it was. Man I feel so stupid...I never touch stuff like that but I was not thinking straight. FAK!!! I am afraid to shut the comp down now... any suggestions outside of what I have run?

Maybe good news and maybe not. I quickly read through everyone's replies but I don't recall seeing this.

Sometimes, once you load something (I say something because you don't know what it really is, only that your computer acts different) onto your system it can't be removed regardless of the software that you use to try and remove it. Many times, they just come back upon reboot as they are either in your startup or are a 'root-kit' type of malware. Once rebooted, you'll be fine for a little bit and then wham! it's back.

There remains one way to remove this and it's not something you want to hear: you will need to restore a partition to partition restore from a backup. This is not the type of backup that you'll see from Carbonite or any backup software that only backs up the files. What I'm talking about is a recent image of your disk as it was prior to the problem you are having. The best example I can give you of this is Acronis True Image (which has saved my butt many times) or Norton Ghost. You would also need to have a recent partition backup. Essentially, this software is reinstalling every bit and byte as it was at the time of the backup. So, even if you had a root-kit virus it would no longer exist because you are re-installing and clearing the entire disk.

I assume that you don't have this software and it's too late. Once you get past this problem (which may mean for you a fresh disk partition and re-installation of your operating system) then it may be a good thing to purchase the software I mentioned (I particularly like Acronis - I found Ghost to be a PIA) and design a backup scenario for your computer.

That being said, when you run all these malware preventative programs and virus software after-the-fact its similar to getting a flu vaccine shot after you get the flu - the horse is out of the barn. As Symantec once told me, our software is made to prevent viruses but if you install them our software can't help you.

Good luck. Hope you get this patched up. Been there and I know how frustrating it can be.

- denis
 

Texas_Signmaker

Very Active Signmaker
Maybe good news and maybe not. I quickly read through everyone's replies but I don't recall seeing this.

Sometimes, once you load something (I say something because you don't know what it really is, only that your computer acts different) onto your system it can't be removed regardless of the software that you use to try and remove it. Many times, they just come back upon reboot as they are either in your startup or are a 'root-kit' type of malware. Once rebooted, you'll be fine for a little bit and then wham! it's back.

There remains one way to remove this and it's not something you want to hear: you will need to restore a partition to partition restore from a backup. This is not the type of backup that you'll see from Carbonite or any backup software that only backs up the files. What I'm talking about is a recent image of your disk as it was prior to the problem you are having. The best example I can give you of this is Acronis True Image (which has saved my butt many times) or Norton Ghost. You would also need to have a recent partition backup. Essentially, this software is reinstalling every bit and byte as it was at the time of the backup. So, even if you had a root-kit virus it would no longer exist because you are re-installing and clearing the entire disk.

I assume that you don't have this software and it's too late. Once you get past this problem (which may mean for you a fresh disk partition and re-installation of your operating system) then it may be a good thing to purchase the software I mentioned (I particularly like Acronis - I found Ghost to be a PIA) and design a backup scenario for your computer.

That being said, when you run all these malware preventative programs and virus software after-the-fact its similar to getting a flu vaccine shot after you get the flu - the horse is out of the barn. As Symantec once told me, our software is made to prevent viruses but if you install them our software can't help you.

Good luck. Hope you get this patched up. Been there and I know how frustrating it can be.

- denis

We used to remove rootkits with bootable virus scanners. You down them to USB and boot to it before any of the OS loading has begun.
 

gabagoo

New Member
Thanks for all the suggestions...it's Monday morning...everything seems to be fine, but who knows....Don't think I will be going near my banking or any purchasing on this computer for a while.
 
Top