Home »
Viruses and Malware
»
Malware Detection
Comments
Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.
I had a similar problem a couple of months ago and Leo did an article.
http://ask-leo.com/how_can_an_infection_like_antivirus_xp_2008_happen.html
Maybe I was just lucky and caught the problem quickly enough, but the instructions at bleepingcomputer.com coupled with the free removal tool from Malwarebytes' Anti-Malware worked well.
Posted by: Mary at November 2, 2008 2:06 PMI've used UBCD4Win to clean up malware. I've also been the computer repair guy and had to explain these same choices to a customer: I can clean your system, but it will take me at least 6 hours at $30/hr, or can reinstall at the same rate for 2 hours. Most choose option 2, but, fortunately for the bank balance some choose option 1...
03-Nov-2008
In order to remove Antivirus XP from a computer I first boot the computer into Safe Mode then run a program called Smitfraud fix from the link below.
http://siri.geekstogo.com/SmitfraudFix.php
Now reboot.
Next I scan with whatever updated anti virus the customer has. If they have none, the usual situation, I install either AVG Free or Clam Win, depending on the speed of the computer and the amount or RAM. Slower computers get Clam.
Next I install and run Spybot Search and Destroy.
If this doesn't finish the problems I run HijackThis. If one is not experienced with this program I'd suggest that a trip to one of the many forums where they interpret HijackThis logs.
AG
Posted by: AG Wright at November 4, 2008 8:41 AMI was hit with Antivirus XP 2008 last month (AVG didn't catch it) but, like Mary above, Malwarebytes cleaned it up. It's a good download with step-by-step instructions. Thanks to Leo for the article and link.
Posted by: Roger at November 4, 2008 10:41 AMBelieve it or not, the HP agent in my country refused to honor the warentee on a work Laptop drive, as they stated that a virus had physically damaged the drive, and so was not covered! We had to purchase a new drive. Unbelievable. As Leo and others state, a virus can NOT physically damage your drive. Thanks Leo.
Posted by: Marc at November 4, 2008 11:08 AMRe the five "starting over" steps mentioned in this article, if you "back up" then at the end "restore...from your backup", will you not be transferring the virus to your backup external hard disk (or whatever ) and then transferring it back on to your cleaned pc? Also, re "reformat your hard disk", is this the same thing as "rolling back to the factory settings", which is a description I have read somewhere I'm sure?(Layman's language please in any explanation. Thanks)
"Reformat your hard disk" is not the same as "Restore to factory settings". A reformat erases everything on the disk, leaving it empty. Hence the additional steps to reinstall everything.
05-Nov-2008
To go back to the original comment, I am not as confident as you, Leo. I used to have a BBC Micro (Acorn Computers) in the days before PCs or Macs existed. There was a program floating round school that caused the stepper motor of the 80 track 5 ¼” Floppy disk to try to access track 81. These drives were pretty simple affairs and would make a horrendous buzzing noise when this happened. We never broke a drive but it certainly did no good!
These days, computers are far more complex, could a virus disable the heat monitor and overclock a CPU to destruction or perhaps wrap a hard disk head around the spindle?
05-Nov-2008
Leo - the two options that you mention in the article (either find an effective malware remover or reformat your hard drive and reinstall everything) are NOT your only choices! I've found that reverting your machine to an earlier state via a Restore Point is often an effective way to rid yourself of malware that the anti-malware package that you have installed does not detect (they ALL have their particular weaknesses). Another option, admittedly more exotic, is to set up and use a virtual machine as your primary means of defense. Virtual machine get infected? Blow it away (and the malware with it)! I suspect that this last option will become more popular as zero-day attacks become more frequent and virtualization software becomes easier for us mere mortals to use...
The problem with VM's is in its complexity for the average user, and this concept of "just blow it away" - you'd be blowing away all the customizations made within that VM, and potentially any data you saved within the VM. It needs to be very well understood what's in and what's out of the VM for it to be used effectively.
05-Nov-2008
Following a devastating malware attack I was left with a machine which would no longer boot up in Windows XP. I had to reinstall to factory default settings XP SP1 using the manufacturers rescue disk, losing all data and programs in the process. Fortunately I had some data on a backup disk (more than a month out of date) but it was a long and painful process restoring all lost programs. I still can't identify the Trojan responsible as it effectively suicided in the crash. I have a 320Gb USB backup drive which I am certain is infected. How can I access/clean/recover data on this drive without reinfecting my PC again - not something I would risk lightly!
An alternative would be to boot into a Linux Live CD (Ubuntu, Knoppix, others...) and use that to copy only the files you want off of the external drive.
05-Nov-2008
I think your 5 steps would be much clearer if you changed it to 6 steps and included a step before the step to reinstall all your applications to first install all your protection ie antirus, firewall, anti maleware software and windows updates.
Posted by: Robin at November 5, 2008 12:53 AM
Subscribe to the RSS Feed for comments on this article.
To post a comment on "Can a virus destroy my computer or hard drive?", please return to that article's main page.