Viruses nuked my new machine

Status
Not open for further replies.

kalefield

Distinguished
Apr 1, 2009
40
0
18,530
I downloaded this and when I unzipped it my virus shield went crazy, completely failing to protect against the contents, which started propagating rapidly and kept turning my firewall off. Antivirus then recommended I restart and do a boot scan. I did so and it found and moved one virus, but when I tried to log on to Windows the infection turned out to be so bad it was stopping me logging on. So much for avast!

I have a Samsung NC10. It's a few days old and currently I can't even log on to it. What are my options? How do I start it in safe mode given it skips the boot screens?
 

kalefield

Distinguished
Apr 1, 2009
40
0
18,530
I have restored the machine to a usable state but malware remains and as of now it seems impossible to remove. I can't even tell what it is. But I have run S&D, Malwarebytes and Superantispyware and all have failed. Its symptoms are:

-I cannot install AVG
-I cannot install avast! or access its website
-I cannot access Avira's website
-I cannot use ComboFix
-I cannot use Chrome with sandboxing
-I am blocked from various security-related pages

Is the only solution to clean install?
 

btk1w1

Distinguished
Oct 13, 2008
744
0
19,060
Re you not able to use the F8 key during boot time to access the safe mode menu? Never use msconfig to force safe mode boot, this can cause boot loop when dealing with malware.

If you can get into safe mode using the F8 method, run malware bytes antimalware from there.

Can you post the MBAM and SAS logs. You can retrieve them when you start the programs up.
 

kalefield

Distinguished
Apr 1, 2009
40
0
18,530
Well here are the results of a OneCare scan:

PWS:Win32/Stealer.M
PWS:Win32/Zbot.PG
TrojanDownloader:Win32/Orbitel.gen!C
VirTool:Win32/Obfuscator.ET
VirTool:Win32/VBInject.gen!AV
Virus:Win32/Virut.BM [in some 3000 places]

So it's Virut. The consensus seems to be that my only option is to format and reinstall. I won't lose any data doing so.
 

btk1w1

Distinguished
Oct 13, 2008
744
0
19,060
The Virut virus is a nasty one. It inserts malicious code into as many executable (.exe) and screensaver (.scr) files as it can.

I have seen a few successful Virut disinfections @ computing.net... but a few among alot to be honest.

As time goes by with this infection an AV program can detect it, but when it is unable to disinfect the file(s) the next step is to delete, slowly diminishing the functionality of the OS.

If you have no important data on the machine it probably will be better to format and reinstall the OS. It also has backdoor properties which makes an OS reinstall that much more favourable.

As this virus is selective about how it infects a system it should be safe to back anything up the doesn't have the .exe and .scr extension. If you do this, as a matter of safe computing practice remember to scan any files you wish to transfer back to the new install.
 

kalefield

Distinguished
Apr 1, 2009
40
0
18,530
Wait, wait: I have a new problem. I am baffled. The desktop PC in my house which is on the same router as the infected netbook has now developed similar symptoms: that is, I cannot log on to desktop out of safe mode. How the hell did this happen? The netbook had literally no contact with the PC except that it used the same router. The only other common factor is I had just installed avast! on both when I began to get problems. avast! is now detecting viruses in the memory. This is unbelievable.
 

kalefield

Distinguished
Apr 1, 2009
40
0
18,530
So the important question is: will it have stored itself on the router somehow (in which case I will need to reset the router) or did it merely transmit itself from the netbook to the PC while both were on the network?

Should I reset the router just in case?
 
Status
Not open for further replies.