Jump to content

Help me please! Computer virus

canz

By canz
in Computer & Tech Chat

 Share

Recommended Posts

waddler8 Community Regular

waddler8

Posted
Posted
the part where it says download the ''rkill' well it wont let me and it says that rkill is infected or somethin.

 

Have you downloaded it or are you trying to run it straight off?

 

If you can, when you click to download rKill and you're presented with the option to Run, Save or Cancel - Choose Save and save it to your desktop.

 

Once you've saved it to your desktop, double click it to run it.

 

If you get the message that rkill is infected, the message is just a fake warning. Don't try to close the fake warning, but leave it on the screen and then try running Rkill again. If that's successful, then continue on with the instructions for downloading/running Malwarebytes. Run the Quick scan, not the Full scan.

 

Once you've run rKill don't reboot untill Malwarebytes prompts you to, otherwise the fake software's processes will start again.

Link to comment
Share on other sites
flamingjimmy Experienced

flamingjimmy

Posted
Posted (edited)

Once you've run rKill don't reboot untill Malwarebytes prompts you to, otherwise the fake software's processes will start again.

 

My story above isn't the first time I've had this virus, there was another time about a month ago and this time it let me download rkill. I ran rkill then ran Malwarebytes.

 

Once malwarebytes had finished it's scan, I told it to fix it, and it went about it. When it was done it said that there were a few infected files it couldn't actually delete until I had restarted my computer, so I let it do that. The problem was when my computer restarted the virus beat malwarebytes to the punch and didn't let it finish it's work, so I ended up having to go into safe mode that time as well.

 

Whoever programmed anti-malware doctor is a complete <removed>

Edited by flamingjimmy
swears removed (voluntarily)
Link to comment
Share on other sites
Paul Blade Proficient

Paul Blade

Posted
Posted
My story above isn't the first time I've had this virus, there was another time about a month ago and this time it let me download rkill. I ran rkill then ran Malwarebytes.

 

Once malwarebytes had finished it's scan, I told it to fix it, and it went about it. When it was done it said that there were a few infected files it couldn't actually delete until I had restarted my computer, so I let it do that. The problem was when my computer restarted the virus beat malwarebytes to the punch and didn't let it finish it's work, so I ended up having to go into safe mode that time as well.

 

Whoever programmed anti-malware doctor is a complete <removed>

 

I always advise people to turn off System restore on their PC after running antimalware and other similar programmes, a lot of malware put themselves into System Restore, and when the PC is restarted it reinfects the PC. So you them have to start at the beginning again

Link to comment
Share on other sites
waddler8 Community Regular

waddler8

Posted
Posted

It depends which rogue this actually is. They all have different characteristics and some are easier to get rid of than others, what works for one might not work for another. Some disable System Restore, some stop the ability to get into safe mode - some do both and some do neither.

Link to comment
Share on other sites
swarfendor437 Proficient

swarfendor437

Posted
Posted

If you are confident at reinstalling the system (and ONLY if you have the Operating System CD/DVD that came with the PC, rather than going through a painful removal exercise I would advise the following:

 

Download either of these .iso's:

PCLinuxOS 2010.1 KDE

or

VectorLinux 6.0-KDE Classic Edition

and then ImgBurn to burn one or other to CD

 

You will need -

1. An optical drive in your machine

2. Preferably a second one or buy an external DVD-Writer that uses 2 spare USB ports to backup your data to.

3. Set your PC to boot from the machines optical drive first (this is done either through the BIOS or hitting Esc or one of the F (Function) Keys at the top of the keyboard - refer to your computer manual as to which one.

4. Let the GNU/Linux Cd boot - PCLinuxOS is probably a bit easier than Vector Linux to use. Do not worry - you will not be installing any OS to your machine - the Operating Systems will be running entirely in memory.

5. Once you get to PCLinuxOS log in screen you are prompted to logon either as ROOT or User - choose the latter - the passwords are the same as the designated logon name - hints are given on the login screen. Log in as User.

6. Press Alt +F2 to bring up a 'run' box and type in K3b (by the time you have got to 3 it might already be trying to autocomplete for you. You may get a prompt saying that you need root priveleges and it will ask for a password (refer to 5 above).

7. Once K3b has launched you will see a CD/DVD burner software interface launch.

8. In the top left pane, scroll down to ROOT folder and expand it - click on MNT and you should see a set of drives appear in the right pain. If you only have one partition it will either show up as 'sda1' one for a sata drive - click on it and then you should see all your Windows folders (you haven't stated your OS - XP or Windows 7 etc). If XP you need to go to Documents and Settings Folder and double click on it - you should seed folders for Administrator and 'your name' [whatever name you gave your user account].

Go to Documents folder and left click and drag to the bottom left pane of the CD burner interface of K3b.

9. Put a blank CD or DVD in the drive and just click on 'Burn' button. - Word of caution - if you need to back up your e-mails then Google the information on how to backup your preferred e-mail client as these will be hidden - before you boot the Linux CD's you will need to ensure that you have your folder options set to show your hidden files - been a while since I used K3b - it may prompt you to include hidden files - these will be in a hidden folder called 'Application Data' with the name of the vendor of the email program; if it is Thunderbird you will need to copy the Thunderbird folder from Application Data into a 'new folder' in the project menu [rename the new folder AppData];

next go to 'Local Settings/Application Data' within your user account folders and look for the one named Thunderbird their - again create a new folder, but this time call it 'Local' or 'Local Settings'. When you want to reinstall Thunderbird you will need to copy these folders back to the same location so all of your e-mails will remain intact.

 

Hope this is of help.

 

swarfendor43

Link to comment
Share on other sites
waddler8 Community Regular

waddler8

Posted
Posted
I always advise people to turn off System restore on their PC after running antimalware and other similar programmes, a lot of malware put themselves into System Restore, and when the PC is restarted it reinfects the PC. So you them have to start at the beginning again

 

Not exactly.... Windows itself backs up the files and registry settings (both good and bad) as part of making a scheduled restore point or when changes occur, rather than the infections putting themselves there. They'll only ever reinfect you if you initiate System Restore and use a restore point that restores the malware's files.

 

It is a good idea to "flush" system restore by turning it off and then turning it back on again after cleaning a system - a process that deletes all previously saved restore points, eradicating the chance of you accidently restoring the malware at a later date.

Link to comment
Share on other sites
waddler8 Community Regular

waddler8

Posted
Posted
If you are confident at reinstalling the system (and ONLY if you have the Operating System CD/DVD that came with the PC, rather than going through a painful removal exercise I would advise the following:

 

Swarfy,

 

When infected with one of these rogues you can still back up the "My Documents" folder to an external drive or CD/DVD by using the old "Right click > Send to" method without having to mess about with Linux boot disks - should the OP wish to R&R or restore to factory settings. ;)

Link to comment
Share on other sites
swarfendor437 Proficient

swarfendor437

Posted
Posted
Swarfy,

 

When infected with one of these rogues you can still back up the "My Documents" folder to an external drive or CD/DVD by using the old "Right click > Send to" method without having to mess about with Linux boot disks - should the OP wish to R&R or restore to factory settings. ;)

 

Point taken waddler8 - It's just nice to play safe and have Linux by your side for a host of reasons, not just for viruses.

 

swarfendor43

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.