Virus!

[Bilb]

Chaps,

I've got to pop over to sort out a computer later. I'm not sure what the problem is, but I'm getting vague messages saying:

"Firefox says it needs the proxy server checking"
"Internet explorer wont connect to the internet"
"The other computer works fine on Wifi, as does my phone connected via wifi"
"Symantec Anti Virus keeps constantly popping up telling me it's found stuff"

I'm guessing that the machine is riddled with some kind of virus/trojan/spyware/shite.

What are the latest standard tools for me to chuck onto a disk and take over with me? I'm a bit out of the loop!

Taaaa

[SphericaL]

best at the moment is the Windows Defender with a malware checker like Malwarebytes.

[[n00b]Zippy]

Quote:

Originally Posted by SphericaL

Malwarebytes.

What he said. Check the proxy settings in IE as well Tools > Internet options > Connection > LAN Settings. If the proxy checkbox is checked then uncheck if it's on a home machine.

[Bilb]

Yeah I think some of the virus' modify the hosts file, and/or redirect you to other sites. So already suggested checking proxy server.

Is Windows Defender able to be downloaded, chucked onto disk and then installed? If the internet connection is shafted by a virus, I need to tame it before I can get anything installed via interwebs.

[GroovYF]

Check the hosts file (just in case) in c:\windows\system32\drivers\etc

Definitely recommend Malwarebytes too!

[Bilb]

Cool, thank you all. Downloaded installable versions of MSE and Malwarebytes.

Fingers crossed!

[m00se]

Download the updates definitions too! Always helpful with malwarebytes!
copy the rules.ref
Just place in usual folder... (vista/7) ProgramData xp AppData...

[Inertiaman]

Once it's online proper Windows live scan seems to pick up the odd thing that mbam doesn't. Probably worth a spin.

Don't forget system restore from safe mode can save some pain if the UI is unresponsive.

[StarMonkey]

I've saved a few friends/relatives pc's using mcafee housecall (online scan)

[burundi]

Kaspersky do a bootable recovery disk that can download the latest definitions and then perform a scan.

Kaspersky Rescue Disk 10: http://support.kaspersky.com/faq/?qid=208282173

[Bilb]

Ooh thank you all. Recovery Disk created, all downloadable content stuck on there too.

I'll report back later if I have any success!

Thanks again.

[jimbobaggies]

lol, tags....

[Bilb]

ROFL very good.

Solved it. Both of her browsers had proxies applied to them of localhost or it's IP variant, 127.0.0.1 and a port number. Unchecked them and it worked fine!

No idea what had caused it.

Removed McAfee AND Symantec ... install Microsoft Security Essentials and Malwarebytes, ran a scan ... nowt. Did all crucial updates that she hadn't bothered with.

Seemed fine.

Thanks for all the help.

[burundi]

Ha, Two virus scanners - nice and SLOWWWW!

[The Scientist]

My father had Norton security suite on his pc. It slowed it so much that he would of been better of with a virus on there! :/

[The Big Kahuna]

Out of interest, find out if she's getting redirected to random sites when she clicks a link from a (mainly Google but can be others) search engine. There's a nasty rootkit out there that patches atapi.sys and has also been known to set the proxy settings to localhost (although if it did that you wouldn't be able to browse the web anyway, the search hiijack takes over after you fix the proxy issue).

[burundi]

For those who require utility disks I came across a fantastic utility called XBOOT - It allows you to put multiple .ISO's on a CD or DVD and choose which one to boot from.

I've created my own multi-utility DVD with various other bootable utilities on there, works a treat, I think it can also create a bootable usb stick as well.

Details: http://lifehacker.com/5716173/xboot-...able-usb-drive

XBoot: http://reboot.pro/13246/page__pid__115752

[StarMonkey]

Quote:

Originally Posted by burundi

For those who require utility disks I came across a fantastic utility called XBOOT - It allows you to put multiple .ISO's on a CD or DVD and choose which one to boot from.

I've created my own multi-utility DVD with various other bootable utilities on there, works a treat, I think it can also create a bootable usb stick as well.

Details: http://lifehacker.com/5716173/xboot-...able-usb-drive

XBoot: http://reboot.pro/13246/page__pid__115752

That's brilliant!

Now I need some recommendations for things to put on it!

[burundi]

Well, there's:

Kaspersky Rescue Disk: http://rescuedisk.kaspersky-labs.com...isk/updatable/
AVG Rescue Disk which includes other utilities: http://www.avg.com/us-en/avg-rescue-cd
Ultimate Boot CD for Windows: http://www.ubcd4win.com/
Slax Linux Live CD: http://www.slax.org/
GParted Partition Editor (allows partition resizing): http://gparted.sourceforge.net/
Helix v2 Forensics CD: http://www.filecluster.com/Security/...oad-Helix.html
OPHCrack - password cracker for windows systems: http://ophcrack.sourceforge.net/ (note: will be combined into one entry if you add both the Xp and Vista versions to an XBoot image)
PING Disk Cloning: http://ping.windowsdream.com/
System Rescue CD: http://www.sysresccd.org/Main_Page
Hirens Boot CD: http://www.hiren.info/pages/bootcd
Nimblex: http://www.nimblex.net/
Offline NT Password and Registry Editor: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
Network Security Toolkit: http://networksecuritytoolkit.org/nst/index.html

And of course you could put ISO's on of XP, Vista or Win7 install disks for easy install or recovery, though you may struggle to get them all one disk.

More AV bootable recovery disks here: http://www.techmixer.com/free-bootab...download-list/

[The Big Kahuna]

I've got an 8Gb Cruzer Pen Drive which I used Xboot to set up. I'm currently running:

Ophcrack XP
Ophcrack Vista
Gparted
Slax
Ubuntu 10.1
Bitdefender Rescue
Kaspersky AV
Offline NT Password and Registry Editor
Hirens Boot CD 10.6 (one of the last ones with Norton Ghost)
Mini XP

[The Big Kahuna]

Bollocks. And now I'm downloading Helix v2 Forensics CD (although, at 6Mb/sec it shouldn't take too long )

[burundi]

I've not been able to get OPHCrack XP working alongside OPHCrack Vista using XBoot which is a shame, I think when it builds it's ISO loader the files from one overwrite the files for the other as they are named the same in the ISO's, perhaps the USB versions are different from the CD versions I'm trying?

[StarMonkey]

So far I've got...

AVG Rescue CD
F-Secure Rescue CD
Kaspersky Rescue CD (can't have too many!)
NimbleX
Slax
PING (disk cloning)
System Rescue CD
Hirens Boot CD 13

I would go for things like gparted, but system rescue cd, nimblex, slax, and ping all include partition editors

[burundi]

Ahha! They are both there - it combines them into one entry!

http://reboot.pro/13246/page__st__150

[burundi]

I've created a new stickied thread for Xboot here: http://www.trickery.net/vb/showthread.php?t=57423