Can't Clean this Computer!

Siphon said:
Have you tried using a different CD drive, maybe the one in the machine is just dead or dying. Assuming you have a spare lying around.
Click to expand...

I actually do, I'll attempt that later tonight if setting the harddrive as a slave works...just got the darn thing out finally. Wish me luck :) Thank you for all your help thus far :) :)
 
I think it's worth noting that Malwarebytes and most other Anti-virus and Anti-malware programs need to load drivers to scan your system completely. So all major ones recommend running in normal mode not safemode. This is counter to the old days when antimalware programs where ran in safe mode.
 
Well I think slaving the drive onto another computer is working well. I have my firewall up and my NOD32 on...as soon as I plugged the drive in and started to run the drive I've gotten around 10-15 attacks from separate viruses including the love worm?! and a series of viruses from the customer's hard drive named nah.exe , die.exe , etc. Jeez.

As you may all be able to tell by now, this is my first time slaving a drive and doing a scan that way. I'm guessing it's one of those last resort things because it can infect the master drive.
 
I was listening to the owner of Superantispyware on a Podnutz show the other day, and he mentioned something I was unaware of: a Superantispyware "online scanner." Since you're not directly downloading an executable, the malware might not be able to detect that it's being circumvented:

Superantispyware online scanner

It might give you enough of a foot in the door, if it works correctly, to get rid of the rest of the nasties.

Of course, you should have a professional license if you're being paid for this.
 
Skyhooker said:
I was listening to the owner of Superantispyware on a Podnutz show the other day, and he mentioned something I was unaware of: a Superantispyware "online scanner." Since you're not directly downloading an executable, the malware might not be able to detect that it's being circumvented:

Superantispyware online scanner

It might give you enough of a foot in the door, if it works correctly, to get rid of the rest of the nasties.

Of course, you should have a professional license if you're being paid for this.
Click to expand...

Wow! Kudos to you and SAS - I never knew of it's online scanner...very nice! :o
 
TheProfessional said:
Wow! Kudos to you and SAS - I never knew of it's online scanner...very nice! :o
Click to expand...

I'm very glad to help! It's nice to be able to "give something back" (as much as I normally hate that saying) to the Technibble community once in a while. Frankly, I feel dwarfed in knowledge, expertise, and experience by most here, and don't seem to have a lot to add to most discussions, though I learn something new (to me) every day.

I hope that link helps.


Sky
 
There are plently of malware out there that prevent any security type of application from running.

I would look for a tool like HJT renamte it and look at the log. There are very specific tools that need to be run for specific malware and if those tools are not run first you will not be able to run mbam or any other apps.

Example, there is a root kit called Max++ there is nothing that will remove it unless you run a specific tool to remove it and or disable it.

sites like geeeks2go and bleeping computer have plenty of information on malware removal.
 
Skyhooker said:
I was listening to the owner of Superantispyware on a Podnutz show the other day, and he mentioned something I was unaware of: a Superantispyware "online scanner." Since you're not directly downloading an executable, the malware might not be able to detect that it's being circumvented:

Superantispyware online scanner

It might give you enough of a foot in the door, if it works correctly, to get rid of the rest of the nasties.

Of course, you should have a professional license if you're being paid for this.
Click to expand...

If it's anything like the variants I have come across it will lock you out of the site. By the way pump.exe is easy to remove manually it's the stuff that it brings down with it that's the problem. On it's own it's just a bloody nuisance and nearly always comes with one of the ransom leeches like windowcop.
 
TheProfessional said:
As you may all be able to tell by now, this is my first time slaving a drive and doing a scan that way. I'm guessing it's one of those last resort things because it can infect the master drive.
Click to expand...

I have been finding that as soon as I see that kind of virus behavior, I pull the drive and slave it and run Malwarebytes. That usually kills the main executable and the rest is clean up. Usually by reinstalling the drive in the original machine and booting normally, running Malwarebytes from there (since it works best in normal mode) and google the virus for the remnant removal guidelines.

As far as infecting your "master drive". You should have a personal business dedicated machine with all your important stuff on, billing, documents, irreplaceable porn, and another bench machine. The bench machine should also have a virtual machine on it for protection from most virii infections. Make an image of the clean bench machine drive and you can not worry about totally trashing the drive as you can just reimage it.

Then set up the clients machine beside this one and slave the drive, either by USB adapter or SATA cable without physically removing it, another time and labor saver.
 
atlanticjim said:
I have been finding that as soon as I see that kind of virus behavior, I pull the drive and slave it and run Malwarebytes. That usually kills the main executable and the rest is clean up. Usually by reinstalling the drive in the original machine and booting normally, running Malwarebytes from there (since it works best in normal mode) and google the virus for the remnant removal guidelines.

As far as infecting your "master drive". You should have a personal business dedicated machine with all your important stuff on, billing, documents, irreplaceable porn, and another bench machine. The bench machine should also have a virtual machine on it for protection from most virii infections. Make an image of the clean bench machine drive and you can not worry about totally trashing the drive as you can just reimage it.

Then set up the clients machine beside this one and slave the drive, either by USB adapter or SATA cable without physically removing it, another time and labor saver.
Click to expand...

Haha, that's good advice with having a virtual machine and of course it's not my actual computer, it's just one of my bench machines. :D

And yes all of the essentials especially that irreplaceable porn - that's backed up on cds. haha. ;)
 
As far as infecting your "master drive". You should have a personal business dedicated machine with all your important stuff on, billing, documents, irreplaceable porn, and another bench machine. The bench machine should also have a virtual machine on it for protection from most virii infections. Make an image of the clean bench machine drive and you can not worry about totally trashing the drive as you can just reimage it.
Click to expand...

What I do is I activate Returnil Virtual System, which erases any changes to the master drive upon reboot
 
I have this little toolkit I mostly use for fixing pc's. It has a bunch of usb drives in it. One of the usb drives in only 256 meg. It has on it this software called I.N.S.E.R.T. When a cd won't boot, you can just boot into insert, and fix a pc that way. Do be aware that insert stands for inside security rescue toolkit. It's freeware that you burn a cd of, then when you run the cd click the button to install it on 'any' usb stick. Then you have a 'repair cd' that is bootable on a usb stick. It's great. Sometimes when ubcd4win failed, only insert would work. :)
 
You must log in or register to reply here.

Similar threads

lcoughey
Data Recovery Clean Room?
Replies
0
Views
225
lcoughey
lcoughey
HCHTech
Gear View Basic and Windows 11
Replies
2
Views
346
HCHTech
HCHTech
P
Which component can cause memtest86+ wrongly detect defective RAM on MacBook Pro A1286?
Replies
3
Views
308
HCHTech
HCHTech
Velvis
Cleaned up a scammed computer and a weird command prompt window showed up
2
Replies
26
Views
1K
Markverhyden
Markverhyden
HCHTech
Microsoft signin issues - TPM
Replies
1
Views
187
Sky-Knight
Sky-Knight
Back
Top