Over the years I've gained some experince in how to defeat some nasty computer viruses. Some virtually prevent you from using your run command and your antivirus software. The most recent ones I've seen transplant themselves on your system tray as antivirus programs. And they often can't be shut off with the task manager. They keep running and telling you your computer has a virus.
Here are some of the most useful programs I have found. I don't use the paid for antivirus programs (they're overpriced and often ineffective):
1. Hijack This - This basically is for detecting browswer hijack but it can also tell you about registry entries designed to run at startup (autoload programs), browser helpers, toolbars, and other things. Using the "fix this" process should be done with care. Look for (unknown) entries. Don't delete programs you are unsure of. I have been somewhat fearless with my hunches about suspicious programs and have not been burned. But I don't recommend this. There are also some free log analyzers out there that can make recommendations. Be aware though that in the case of browser hijack, they can often prevent you from navigating to the known hijackthis pages. You'll need to save the log to your thumb drive and try it on an uninfected computer at hijackthis log analyzer page.
2. Killbox - This has a very specific purpose. It deletes files that seem to keep growing back because the rogue program manages to exploit Windows to regenerate it. You have to know exactly what the file is and the path. It gives you some options for killing- delete on reboot, rename, standard kill etc.
3. Avira - IMO, the best free antivirus program available. Better than AVG and Avast! it generally detects viruses the others cannot. I've run tests with several programs present. Sometimes Avira cannot get rid of the virus and keeps redetecting it. But it at least gives you a clue about what and where it is.
4. Malwarebytes - This can find and delete many viruses that others cannot including (sometimes) Avira. Generally it can get rid of anything it finds. Full scan takes a long time so be patient, because it sometimes finds viruses way towards the end. But sometimes it can't find viruses and trojans. No program is perfect.
There are some 1 time applications and programs I have used called CC Cleaner and Spybot but generally the programs above in concert are generally enough to defeat the problem.
Some horse sense methods:
Sometimes you can beat the virus before it starts up. If you invoke the task manager early (ctl alt del) you sometimes can catch the program loading and stop it by looking at the PC activity. This can buy you time and ability to defeat the program before it defeats you. However be aware that it may not be listed there. This step can be helpful if the rogue program is designed to defeat the run: program: msconfig.
Make sure to disable your Internet connection. You don't want your computer connecting to the Internet if you have a real hijack happening that is communicating with your computer. Check your Tools/Internet Options Homepage. In particularly nasty cases it can be redirected to a specific IP. In extreme cases (after you have defeated the rogue processes), you may have to use "reset" on your browser to get it to navigate properly again.
Presuming the rogue program hasn't disabled it. The run commands, msconfig and regedit. msconfig can show you what programs are designed to run at startup. You can uncheck any suspicious entries in the startup panel. Look for wierd names that are unsigned. Regedit is direct registry edit. Most people would advise extreme caution with monkeying around with this. If possible back up the registry before changing anything there. You can find and delete an entry that was found by Antivirus programs or from your hijack this log.
Explorer/Search. As Windows O/S systems upgrade it seems like they let you see and find files less and less (don't get me started on Vista). If you're trying to find files in Temp or Windows (often places were rogue programs are hidden) but somehow the path doesn't show them after you navigate to my documents/all users etc then make sure your that your view/folders options is set to show hidden folders and files. Look for files that were created within the last week or few days. Or look for *.exe. If you know your activity you can often find programs that you didn't have a hand in downloading and delete them.
Be careful with deep searches on lesser known webpages. I often have found I get a quick virus attack just by navigating to a search result or someone's blog page that turns out to be fake(sometimes in a foreign language page that is translated). These places can be hornet's nests. A recent problem seems to be a Java 6 pop up exploit that transplants itsef in the registry processes immediately. This is often a prelude to the phony Antivirus transplant on your system tray. Deletion of this entry via Hijack this/fix this (look for the java6 entry) is usually enough to start the process of getting control of your computer back. It's not everything. you have to find the program it's referencing as well (usually somewhere in your .tmp internet or mydocuments/`/temp directory).
Make sure to get a good thumb drive. Sometimes you need to find programs on the Internet on another computer and load them on the infected computer with the Internet connection disabled. In worse case you have to use all of your available options and work quickly before the trojans take hold of your processes. I've literally restarted dozens of times and used each time as a learning process to figure out which programs to invoke. I ran into a trojan that disables some popular antivirus programs and hijack this. If you run in safe mode sometimes this can prevent the rogue program from running which may require full blown Windows to do it's dirty work.
Good luck! (you're gonna need it)
No comments:
Post a Comment