Home »
Viruses and Malware
»
Malware Detection
Summary: A virus attacks the software installed on your machine. Fixing it may take work, but hardware should not need to be replaced due to malware.
|
My wife opened a file that appeared to come from UPS and that was the end of my computer. It tried to install files called Antivirus XP, then it tried to install an XP Security Center and wanted me to register to rid my computer of the virus and give them my credit card#. My McAfee is disabled on every boot and Spybot won't run. It also wants to change a registry value and run buritos.exe. It has also changed my wallpaper with "Warning!" message that can not be changed. A diagnostic through one of the geek services says my hard drive is damaged. Is there any way to get rid of this virus without having to pay a fortune in a new hard drive plus all the other geek service charges? Or should I just get a new computer? |
Your hard disk is not physically damaged. I'm hoping that the technical service company didn't really mean that. (If they did ... well, I'd use a different service next time.)
But you do have some work ahead of you nonetheless.
•
Bottom line: a virus is not going to physically harm your hard disk in such a way that you would need to replace it. And certainly nothing that would require a entirely new computer.
Viruses impact only the software installed on your machine and software can be fixed.
It just might be a painful fix.
It sounds like you got a double-shot of virus activity. The UPS (and Fedex, and USPS and other) phishing attempts showed up a few months ago, and I have to say that as a business owner who also ships UPS, they almost got me too. As usual, there were many signs that the email was a phishing attempt, but I had to look closely to make sure I wasn't about to delete an important issue relating to an actual customer shipment.
In addition, AntiVirus XP is another particularly nasty virus making the rounds right now. The major anti-virus programs are only just now catching up and detecting and removing it.
The real question boils down to this: if your machine is heavily infected by malware, what can you do to clean it up?
As I've mentioned before, there are two schools of thought:
try to clean it up
reinstall everything from scratch
The common attempts to clean it up boil down to running anti-malware software, possibly several different packages, repeatedly until the system comes up "clean". You might have to reboot into safe mode in order to do so.
And, because the alternative is so conceptually costly, "try to clean it up" is the option that most people attempt.
Sometimes it works. We think.
As I've also said before, though, once your computer has been infected by anything, it's not your computer any more. There's no guarantee that any amount of clean up will actually eradicate whatever was placed on your machine.
The only alternative is to start over.
And sometimes your machine is in such a bad state that you can't run any anti-malware programs.
The only alternative is to start over.
And starting over is simply this:
Back up
Reformat your hard disk, erasing everything on it (typically as part of the next step)
Reinstall Windows from scratch using your Windows installation CD or DVD
Reinstall all your applications from scratch.
Restore data (only) from your backup.
It's a huge pain.
But you know what? It's often less pain than all the failed cleanup attempts. And you know what you'll end up with when you're done.
But replacing hardware, be it a hard disk or an entire computer, is not part of the solution.
If you choose to replace something at this time, it's only because this is a convenient time to do so. If you're reinstalling everything, it's a fine time to upgrade your hard disk - or even your computer - for example.
But it's not required.
Article C3553 - November 2, 2008
Following a devastating malware attack I was left with a machine which would no longer boot up in Windows XP. I had to reinstall to factory default settings XP SP1 using the manufacturers rescue disk, losing all data and programs in the process. Fortunately I had some data on a backup disk (more than a month out of date) but it was a long and painful process restoring all lost programs. I still can't identify the Trojan responsible as it effectively suicided in the crash. I have a 320Gb USB backup drive which I am certain is infected. How can I access/clean/recover data on this drive without reinfecting my PC again - not something I would risk lightly!
An alternative would be to boot into a Linux Live CD (Ubuntu, Knoppix, others...) and use that to copy only the files you want off of the external drive.
05-Nov-2008
I think your 5 steps would be much clearer if you changed it to 6 steps and included a step before the step to reinstall all your applications to first install all your protection ie antirus, firewall, anti maleware software and windows updates.
Posted by: Robin at November 5, 2008 12:53 AMJust thought this might be worth trying. My friend's PC was infected by Malwarrior. It prevented her anti-virus programmes from working and prevented her from downloading any others. I suggested that she try downloading SuperAntiSpyware, which is available free from FileHippo.com. The programme downloaded successfully and destroyed the viruses. At another time, her brother's PC became infected with several viruses, only these viruses would not allow him to access the Internet for more than a few seconds before closing it down. He therefore could not download this anti-virus programme. I copied the programme onto a data disc-pen and he was able to run straight it from there. Again, it got rid of all the viruses. Hope this comment is useful.
Posted by: Jan at November 5, 2008 3:10 AMLeo, on some of the comments the last part of these comments are not readable. They are covered up. Am I doing something wrong?
08-Nov-2008
Since XP hit the market I've managed to attract a virus on twelve or fifteen occasions. It's a price I pay for traveling to the dark side of the net. Over the years I've found that the virus's have become more complex and downright malicious,so please allow me to offer some points to consider in making your computer healthy again. With the exception of a couple of times I've found the only way to get rid of a virus is to reformat as indicated in the article. If you suspect that you have a virus DO NOT shut down your computer. I've had several infections that would't allow a reboot in safe mode and several that wouldn't allow a reboot at all. The boot process would go into a continious cycle of trying to boot. If you can still navigate in your machine attempt to backup any pictures,music,or documents to CD or DVD. It may be the last chance you get. If you use an external hardrive for backup DO NOT attempt to backup anything to it. If you're lucky the virus might not be on that drive. I never backup to my external drive until I have disconnect from the IP and run a full system scan. If you use a external drive for backup some of the software programs for conducting the process have a catalog file that tells your computer where everthing goes when you do a recovery or you may have created a recovery disk as part of the program. If you know where this file is burn it to it's own CD. Once you've gotten to this point you can try some of the methods mentioned in the article and the comments section. If a reformat is the only way out then load you installation disk. As it goes through the process of loading windows you'll have the option to format the hardrive. There are actually two format options with one being identified as a fast format. Do yourselve a favor and use the slow format. It takes a lot longer but I used the fast format option once and it didn't get rid of the virus. Your engaged in a operation you don't need to repeat immediately. After you reload the OS you can get your updates. The Windows firewall should offer enought protection to complete that task. If you have a full system backup it's time to load and run the program to recover your data and all will be right with the world. If you have a full backup you'll need to install the updates or the recovery program is going to have a problem. If you don't have a full backup its one program at a time starting with security. One more point on external hardrives for backup. If for some reason you can't use the program to restore the data, like maybe someone stole your catalog file. Don't panic! All your files are still there. Turn on the hardrive and go to my computer, Windows should reconize it. Your backed up files will most likely be a set. You can download the whole thing to your documents and use exployer to open the set and pick out the individual files (pictures,music,documents)and move them where they need to be. Twelve Gig,76000 files,five evenings,piece of cake! Hope this helps.
Posted by: Mike Parsley at November 8, 2008 9:26 PMBackup, Backup, Backup!!!
Once a month, after Microsoft updates on Tuesday, I use Acronis TrueImage to make a full image backup of my disk drive to an external disk drive. Weekly I make a backup to an external disk drive of my "MY Documents" folder. And during the week if I make any updates to documents I copy them to a USB pen drive. I keep several months of Acronis TrueImage backups so if necessary I can go back farther than the past backup if somehow some virus slipped through my anti-virus scans.
Reformating and reinstalling everything is like torture, and to be avoided at all costs. Acronis TrueImage is simple, easy, fast, and has saved me a couple of times.
PS: The virus I got seem to have come from geek sites I went to researching some problem.
Posted by: Kenneth Crook at November 8, 2008 10:06 PMMany thanks for answering my query re your article a few days ago. A latte should be with you by now.
Posted by: Gwyn at November 11, 2008 6:56 AMI had the same thing happen with the cryptic 'warning' message and the inability to access or upgrade my Norton anti-virus software.
I had a virtual Symantec technician look at it and they thoroughly destroyed my system to the point where it was virtually inoperable... after that, I took it to a local shop and they are unable to wipe the HD and get rid of the virus so I do need a new drive. Before doing this, I had a computer person at my office try to fix it.
Vicious, ugly virus! Now if only people put their time and effort into the common good instead of hurting unsuspecting people the world would be much better off...
25-Feb-2009
My laptop is a windows vista. I was working normally on subtitle workshop when suddenly it said the the program had a problem and had to shut down. When I restarted the program, I had a black screen and I was unable to boot my computer. Now it would not even want to reinstall Vista and I get a message saying that my hard disk is dammaged. I don't understand what happened.
Posted by: omadham at March 29, 2009 10:11 AM"ATTENTION" "EARTHLINGS" "NEVER,NEVER,NEVER USE RESTORE ON YOUR COMPUTER,TURN IT OFF"If your computer gets even a smell of a virus it is saved on this section of drive and when you restore you also restore virus or malware!
Posted by: bill at May 14, 2009 11:40 AM