Register - Login
Views: 99853653
 Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users
Ranks - Rules/FAQ - Stats - Latest Posts - Color Chart - Smilies 		05-04-22 11:22:29 AM
Jul - Computers and Technology - Damn parite virus New poll - New thread - New reply
Next newer thread | Next older thread
BlackNemesis13
1150
I am ***** but it's hard to pronounce, so you can call me Geno after the doll.
Level: 70


Posts: 234/1155
EXP: 2884134
For next: 131677

Since: 07-23-07

From: Columbus, Ohio

Since last post: 10.6 years
Last activity: 10.6 years
Posted on 05-09-09 06:30:26 PM Link | Quote
Great. So my sister's laptop got infected with the win32 parite virus. I've already tried Trendmicro's syscleaner, Nod32, AVG, Ad-aware, and Bitdefender. I've also ran mcaffe in dos mode from Hiren's boot cd. None of them completely clean the system of it, and the virus just keeps copying itself as if I never ran the scan. From searching around, it seems that this virus is supposed to be easy to get rid of if you know what you are doing, but I don't really. So, help?

____________________
Hiryuu

Level: 207


Posts: 9470/14435
EXP: 127635949
For next: 2148205

Since: 07-06-07


Since last post: 11.8 years
Last activity: 11.7 years
Posted on 05-09-09 06:34:04 PM Link | Quote
Try Avast! yet?

____________________
BlackNemesis13
1150
I am ***** but it's hard to pronounce, so you can call me Geno after the doll.
Level: 70


Posts: 235/1155
EXP: 2884134
For next: 131677

Since: 07-23-07

From: Columbus, Ohio

Since last post: 10.6 years
Last activity: 10.6 years
Posted on 05-09-09 07:13:07 PM Link | Quote
Avast is running a boot scan right now. It's unable to clean any of the infected files. It looks like my only options with avast are to either quarantine them all or delete them.

____________________
Hiryuu

Level: 207


Posts: 9475/14435
EXP: 127635949
For next: 2148205

Since: 07-06-07


Since last post: 11.8 years
Last activity: 11.7 years
Posted on 05-09-09 08:57:53 PM (last edited by Yume Kusanagi at 05-09-09 05:59 PM) Link | Quote
I would bet you've got something that is beyond help.

The usual that I have on me in these cases are Avast!, Malwarebytes and Spybot S&D (along with HiJackThis to see if anything is in the startup that's causing shit to happen).

If it's not fixed after that, I usually call it lost cause.

Although you went through BitDefender, did you see this here?

____________________
BlackNemesis13
1150
I am ***** but it's hard to pronounce, so you can call me Geno after the doll.
Level: 70


Posts: 236/1155
EXP: 2884134
For next: 131677

Since: 07-23-07

From: Columbus, Ohio

Since last post: 10.6 years
Last activity: 10.6 years
Posted on 05-09-09 10:20:12 PM Link | Quote
Yeah, that was one of the first things I tried. I appeared to work, but when I ran a scan to make sure, all of the files were infected again. I went ahead and let avast delete the files even though I knew they were pretty much all executables I needed just to see if it could actually clean it off. It did, but like I said, now I have no programs left. By the time I posted here I figured it was going to be a re-install situation. Luckily, my sister doesn't have that many files to back up, and its really just a matter of taking the time to re-install all of her programs again.

____________________
emcee
Member
Level: 37


Posts: 217/267
EXP: 320001
For next: 18252

Since: 08-11-07


Since last post: 12.9 years
Last activity: 12.7 years
Posted on 05-09-09 11:42:55 PM Link | Quote
Very rarely is a virus infection actually beyond help, it's just an issue of how much trouble it's worth.

In this situation your problem is probably finding a remover that can effectively repair these files AND can run with your current Windows installation not running. Since this virus infect executable files, core parts of Windows will be infected, and they will infect files that have already been scanned and repaired, while your scanner is still running. So, once the scan has completed, it will have found and fixed all the infected files, but your system will still be infected.

The solution is to run a scanner from a separate OS running from a CD. One option is the Avira rescue CD available here: http://www.avira.com/en/support/support_downloads.html. Although, I have tried that to remove Virut, a similar virus, and although it could detect infected files, it couldn't fix them. Another is to create BartPE CD on seperate computer. Install ClamWin Portable: http://portableapps.com/apps/utilities/clamwin_portable, and SpyBot on that computer, make sure both of their definitions are up to date, then copy the program files they installed to the BartPE ISO. Then also copy over that remover tool from the Bitdefender website to the ISO, as well. Then burn the ISO and put the CD in the infected computer and restart, it should boot into BartPE, if it doesn't you may need to set the CD as the first boot device in your bios. Then run each scan all the way through before booting back into normal Windows.

This will likely fix the problem, but as I said, it's an issue of how much trouble it's worth.
Hiryuu

Level: 207


Posts: 9480/14435
EXP: 127635949
For next: 2148205

Since: 07-06-07


Since last post: 11.8 years
Last activity: 11.7 years
Posted on 05-10-09 02:11:33 AM Link | Quote
Virut's shit in comparison to this.

I've removed Virut at the office plenty of times...mostly with Avast. Avira only goes so far.

Also...if you've not dealt with virus infections on a daily basis...you'd probably not get into situations like I have where a virus has been driven 'beyond help'. I mean, you're welcome to try it and other methods, but you should also know when to throw in the towel. You wouldn't make it as a comp tech who has to go against the clock otherwise.

BN: If you've already tried the removal tool, then the likelihood is that it's not the only thing on there and that something is mass-propagating it. Considering that you don't have much to backup and you're willing to reinstall and uh...now really don't have an option...yea...definitely reinstall.

The fact that Avast deleted the files that it did leads me to think that it took down critical Windows system files or bits in the registry in order to accomplish it on a reboot. I dealt with W95.MTX (the Matrix virus) that handled similarly back in high school and it basically boiled down to reinstall because of the particular files it infected (including explorer.exe and wsock32.dll). Needless to say it infected in the same manner: a few files would mass-propagate viruses on reboot after you would get done scanning them off and they would work in MTX and MTX.dr form. It eventually boiled down to a Windows 98 reinstall after it was all said and done because it had killed the critical explorer.exe process after I spent 14 hours scanning the computer in DOS (yea, that old) to get every single virus off there.

So hopeless cases, or cases you should throw in the towel, almost certainly exist. I deal with them almost daily (ask anyone I talk to on a normal basis).

____________________
BlackNemesis13
1150
I am ***** but it's hard to pronounce, so you can call me Geno after the doll.
Level: 70


Posts: 237/1155
EXP: 2884134
For next: 131677

Since: 07-23-07

From: Columbus, Ohio

Since last post: 10.6 years
Last activity: 10.6 years
Posted on 05-10-09 03:21:53 AM (last edited by BlackNemesis13 at 05-10-09 12:22 AM) Link | Quote
I figured that this was a virus that worked by using only a few files or perhaps registry entiries or system processes to mass-propagate more viruses, but without being that familiar with how to track down the offending files, I guess I was basically screwed. I used hijack this, but nothing that I could tell looked suspicious. I have no idea how to properly edit the registry so I just stayed away. And most of the antiviruses I tried, I ran outside of Windows. Nod32 was a portable version, syscleaner ran from command prompt, mcaffe ran from a boot cd, ad-aware ran at statup, and avast ran at boot. Bitdefender was the only one I couldn't run outside of windows, and I just used that one to check to make sure everything worked. Avast was the only one that did anything, and by that time it was basically computer chemotherapy. In short, this virus is a BITCH!

What really sucks though is that for once, my sister actually wasn't the one who originally infected her system. I did . I stupidly clicked on an exe that I downloaded from a "moderately" trustworthy site, without scanning it first :specialed:. What's worse is that AVG actually bitched at it, but considering what it was, I figured it was a false positive. So, all of this is just payback for that stupidity. Oh well. At least it didn't happen on my system. THEN I would be screwed.

Which reminds me: recommend any good backup software?

____________________
paulguy

Green Birdo
Level: 93


Posts: 182/2294
EXP: 8033253
For next: 19557

Since: 09-14-07

From: Buffalo, NY

Since last post: 9.7 years
Last activity: 9.7 years
Posted on 05-10-09 10:02:31 AM Link | Quote 
copy <srcfile> <destfile>
emcee
Member
Level: 37


Posts: 219/267
EXP: 320001
For next: 18252

Since: 08-11-07


Since last post: 12.9 years
Last activity: 12.7 years
Posted on 05-10-09 08:03:17 PM Link | Quote
Originally posted by Yume Kusanagi
Virut's shit in comparison to this.

I've removed Virut at the office plenty of times...mostly with Avast. Avira only goes so far.


I meant similar, as in, they both infect exe files that have to be repaired. And the full Avira program can remove Virut, the Linux based rescue disc can't.

Originally posted by Yume Kusanagi
Also...if you've not dealt with virus infections on a daily basis...you'd probably not get into situations like I have where a virus has been driven 'beyond help'. I mean, you're welcome to try it and other methods, but you should also know when to throw in the towel. You wouldn't make it as a comp tech who has to go against the clock otherwise.


I do deal with virus infections on a daily basis, I just know the difference between a lost cause and more effort than the average person is willing to put in.
Lyskar
12210
-The Chaos within trumps the Chaos without-
Level: 192


Posts: 2554/12211
EXP: 99331940
For next: 541631

Since: 07-03-07

From: 52-2-88-7

Since last post: 7.4 years
Last activity: 7.3 years
Posted on 05-10-09 08:33:40 PM Link | Quote

Time/Date

05-10-09 02:33:40pm

Posts

2554

Days Here

677

Level

73
Metal_Man88
Local Moderator
I, frankly, don't believe there's a beyond help scenario.

The virus could even destroy all the OS stuff--big whoop. Use a bootdisk and overwrite the OS files with the proper versions, scan the whole thing, delete every trace of it, et voila.

As long as the hard drive can be read by an operating system outside of it, the only reason to call it a 'lost hope' is perhaps if it has destroyed all your data files, thus making any further file copying-related resuscitation worthless.

____________________
Original Layout © Tobias Kelmandia
Next newer thread | Next older thread
Jul - Computers and Technology - Damn parite virus New poll - New thread - New reply


Rusted Logic

Acmlmboard - commit 47be4dc [2021-08-23]
©2000-2022 Acmlm, Xkeeper, Kaito Sinclaire, et al.

29 database queries, 1 query cache hits.
Query execution time: 0.099995 seconds
Script execution time: 0.028571 seconds
Total render time: 0.128566 seconds