Welcome To Signs101.com: Largest Forum for Signmaking Professionals

Signs101.com: Largest Forum for Signmaking Professionals is the LARGEST online community & discussion forum for professional sign-makers and graphic designers.

 


  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I think I may have downloaded some form of malware...what to do

Discussion in 'General Chit-Chat' started by gabagoo, May 1, 2020.

  1. gabagoo

    gabagoo Major Contributor

    5,739
    108
    63
    Oct 10, 2006
    Vaughan, Ontario
    Yea stupid me... Multi tasking today and got an email from a client with an attachment in the text area of the mail. Like a dummy I clicked on it and I can tell something happened. I then realized what I had just done and ran ccleaner and then Super spyware and then Microsoft security essentials. How can I tell for sure If I removed whatever it was. Man I feel so stupid...I never touch stuff like that but I was not thinking straight. FAK!!! I am afraid to shut the comp down now... any suggestions outside of what I have run?
     
    Tags:
  2. MGB_LE

    MGB_LE Member

    78
    3
    8
    Jan 9, 2014
    Dallas, TX
    Malwarebytes has a free version that works pretty well. If that doesn't do it, I also install Spybot and scan with that. The combo usually clears out any troublemakers I have.
     
    • Agree Agree x 2
  3. bannertime

    bannertime Very Active Member

    2,160
    504
    113
    Sep 8, 2016
    No
    Each one of those should have a log of what happened. I'd also see if any of those can scan the email itself.
     
  4. Texas_Signmaker

    Texas_Signmaker Very Active Signmaker

    4,609
    1,704
    113
    Oct 21, 2016
    Frisco, TX
    Malwarebytes is very good!
     
    • Agree Agree x 2
  5. netsol

    netsol Active Member

    823
    115
    43
    Apr 26, 2016
    englishtown, nj
    if you think you got something serious,
    do a system restore to an older restore point
    malwarebytes
    empty temps
    c:\temp
    c:\windows\temp
    c:\users\your user name\app data\local\temp
    full virus scan
    if you don't trust your virus software, i think symantec still has NPE
    it scans yourvpc with their online database (great if your antivirus has already been compromised
    change your passwords, hopefully from a different device

    keep an eye on credit card and bank balances for a while
     
  6. Bert Wondervan

    Bert Wondervan Member

    252
    12
    18
    Nov 8, 2018
    Germany
    Do you use Google Chrome Browser?
     
  7. Texas_Signmaker

    Texas_Signmaker Very Active Signmaker

    4,609
    1,704
    113
    Oct 21, 2016
    Frisco, TX
    Did your programs pick anything up?
     
  8. Bly

    Bly Very Active Member

    3,063
    370
    83
    Mar 9, 2004
    Sydney
    take off and nuke the site from orbit
    it's the only way to be sure
     
    • Like Like x 1
  9. signage

    signage Major Contributor

    9,541
    82
    48
    Oct 5, 2005
    Penn
    hope this wasn't on your production machine. This is one of the main reasons for doing backups (incremental) so you have a solid restore point. Also this is why my production computers are not online! What has been mentioned above are all good staring points, hopefully if you did get malware or virus it has already been discovered and quarantined,
     
  10. Texas_Signmaker

    Texas_Signmaker Very Active Signmaker

    4,609
    1,704
    113
    Oct 21, 2016
    Frisco, TX
    Forget production machine...hope its not the same PC he run Quickbooks on or accesses inline banking, that would be much worse
     
  11. WildWestDesigns

    WildWestDesigns Major Contributor

    6,570
    324
    83
    Sep 27, 2010
    5
    Personally, what I would do (providing you have done backups and have them stored somewhere else that the computer doesn't have access to when the virus/malware attached itself to the computer) is do a fresh install and then load up that backup to get me roughly to where I was before.

    I wouldn't trust existing consumer tools to get everything off the system and if I didn't have the knowledge and/or time to confirm that everything was off the system after running those tools, it is ironically going to be quicker to just nuke the install and use a backup to get up and running again.

    Aggressive.....maybe. However, for peace of mind, I would do it. Sure it eats up into time, but that is all the risk that people have with computers attached to a WAN.

    Then I would change out the passwords to everything, starting with the accounts that that computer has been used to access.
     
    • Agree Agree x 2
  12. brycesteiner

    brycesteiner Member

    410
    39
    28
    Nov 5, 2014
    Ohio
    This is one reason why running virtual machines works so well. Keep backups of one file and then you can move it to any other computer if the host gets compromised. It's easier to keep backups and you can run older software without the compatibility issues. You can also run the OS that you want as the host if you prefer not to run Windows, which has a poor track record of security vulnerabilities and real world compromises.
     
  13. WildWestDesigns

    WildWestDesigns Major Contributor

    6,570
    324
    83
    Sep 27, 2010
    5
    In theory yes, but if your Guest VM has WAN access and there is shared folders inside the Guest for LAN access, that can fubar your entire system (even if one uses a UNIX-Like OS versus another Windows, some files can be compromised as they are cross platform if the program itself is also cross platform).

    Also, be careful, swapping the host computer to a different host computer can also break your Windows install as the VM does acknowledge your CPU/GPU specs and if there is a significant change, programs and OS typically need to be re activated.

    I do agree with regard to Windows and vulnerabilities/compromises. Ironically, some of the pluses with Windows are actually it's cons as well. And it tends to also go with some of the software as well.
     
  14. netsol

    netsol Active Member

    823
    115
    43
    Apr 26, 2016
    englishtown, nj
    unless i am missing something, we have never seen anything else fromOP
    if he deleted temp, changed passwords & did a scan this should be history

    it seems like cabin fever striking the group, unless there is something i don't see
     
  15. WildWestDesigns

    WildWestDesigns Major Contributor

    6,570
    324
    83
    Sep 27, 2010
    5
    Not necessarily. Some bad boys can hide in files/drivers etc that are protected when full Windows is running (as in not in Safe Mode). Even running in Safe Mode with networking on, also has it's drawbacks when trying to remove the bad boys as well. Some scanning software have to run specialty drivers which won't run in Safe Mode. So no, it may not be quite as easy as doing a scan and that being it.

    Times like this, I really miss not being able to boot into full DOS (not that NTVDM crap that's on 32bit Windows now) and removing malware and then just running "win" when done.
     
    • Agree Agree x 1
  16. bob

    bob Major Contributor

    5,275
    306
    83
    Nov 4, 2005
    earth
    Phuqueing A.
     
  17. DPD

    DPD Member

    318
    8
    18
    Apr 3, 2005
    New Jersey
    Maybe good news and maybe not. I quickly read through everyone's replies but I don't recall seeing this.

    Sometimes, once you load something (I say something because you don't know what it really is, only that your computer acts different) onto your system it can't be removed regardless of the software that you use to try and remove it. Many times, they just come back upon reboot as they are either in your startup or are a 'root-kit' type of malware. Once rebooted, you'll be fine for a little bit and then wham! it's back.

    There remains one way to remove this and it's not something you want to hear: you will need to restore a partition to partition restore from a backup. This is not the type of backup that you'll see from Carbonite or any backup software that only backs up the files. What I'm talking about is a recent image of your disk as it was prior to the problem you are having. The best example I can give you of this is Acronis True Image (which has saved my butt many times) or Norton Ghost. You would also need to have a recent partition backup. Essentially, this software is reinstalling every bit and byte as it was at the time of the backup. So, even if you had a root-kit virus it would no longer exist because you are re-installing and clearing the entire disk.

    I assume that you don't have this software and it's too late. Once you get past this problem (which may mean for you a fresh disk partition and re-installation of your operating system) then it may be a good thing to purchase the software I mentioned (I particularly like Acronis - I found Ghost to be a PIA) and design a backup scenario for your computer.

    That being said, when you run all these malware preventative programs and virus software after-the-fact its similar to getting a flu vaccine shot after you get the flu - the horse is out of the barn. As Symantec once told me, our software is made to prevent viruses but if you install them our software can't help you.

    Good luck. Hope you get this patched up. Been there and I know how frustrating it can be.

    - denis
     
  18. Texas_Signmaker

    Texas_Signmaker Very Active Signmaker

    4,609
    1,704
    113
    Oct 21, 2016
    Frisco, TX
    We used to remove rootkits with bootable virus scanners. You down them to USB and boot to it before any of the OS loading has begun.
     
  19. gabagoo

    gabagoo Major Contributor

    5,739
    108
    63
    Oct 10, 2006
    Vaughan, Ontario
    I do
     
  20. gabagoo

    gabagoo Major Contributor

    5,739
    108
    63
    Oct 10, 2006
    Vaughan, Ontario
    Thanks for all the suggestions...it's Monday morning...everything seems to be fine, but who knows....Don't think I will be going near my banking or any purchasing on this computer for a while.
     
    • Like Like x 1
Loading...

Share This Page

 


Loading...