Unremovable Virus

[Copperknickers II]

My computer has contracted a digital equivalent of Black Death; the Windows Security Centre virus. All executable files are disabled (including internet browsers), I cannot access any system information or control panel folders, and all my antivirus software (noscript, malwarebytes, McAfee etc) are either blocked from working or can't detect anything wrong.

I've seen a lot of people with this problem but my particular strain is the nastiest piece of malware that I've ever encountered, its completely crippling. I've tried running antivirus software, I even tried system restoring but that's blocked even on safe mode. Any ideas? In the event that I have to just uninstall my entire OS, can I put all my documents on a USB, or does that run the risk of the virus sneaking in there and infecting again?

[Bolkonsky]

Don't put a USB in there. Whatever you do, don't. It will spread. Don't even put files on a CD. co

Have you tried every web browser you could think of?

Here's one thing to consider. Burn an Ubuntu Live CD, boot it, kick the out of the virus. Copy all the files you need to a different partition, reinstall Windows, copy the files back, see if they're infected.

[Copperknickers II]

What is Ubuntu and how do I use it to get rid of a virus? And what is a partition? I'm sorry, I am ok with computers but the jargon is double dutch to me.

[PoleCat]

What is Ubuntu and how do I use it to get rid of a virus? And what is a partition? I'm sorry, I am ok with computers but the jargon is double dutch to me.

Ubuntu is a Linux kernel but more than that I cannot say. I haven't played with it. I'm pretty sure what he's suggesting is to burn a disc with an executable Linux OS and set the computer to read from the DVD-ROM on boot. That would bypass the Win load and should keep the virus from waking up. After that you would need to crawl through your Win32 folder and Registry and remove anything associated with that virus. It's simple in theory but I couldn't tell you how to do it exactly without looking for more info on it.

A drive partition is exactly as it sounds - a separate partition on your hard drive that acts like its own drive. If you have a C:\ drive then the partition would start at D:\ and so on. I think you can use the Windows recovery disc to set up a new partition but I wouldn't know for sure as I don't really use them.

I'm assuming you've already looked around for advice but here's a page that details a removal method. If you need more let us know.

And lastly, use a browser that blocks unwanted scripts from running when you go to a website. Both Chrome and FireFox have add-ons that will block ads and scripts without prompting. Don't use IE - it lets anything and everything in. Good luck!

If you run malwarebytes in safe mode there isn't anything that can circumvent that.

It looks like this virus recognizes anything related to Malwarebytes and blocks it from running. After a quick look this looks nasty.

[Top-Tier-Tech]

It looks like this virus recognizes anything related to Malwarebytes and blocks it from running. After a quick look this looks nasty.

Download the setup files on another PC, save to flash drive, install on your PC from the flash drive while in safe mode (virus cannot block the install there) then run and delete what it finds. I'm assuming installions can be accomplished in safe mode, I've honestly never tried it as I've never contracted a virus and therefore never had a need to do anything in safe mode.

[PoleCat]

Download the setup files on another PC, save to flash drive, install on your PC from the flash drive while in safe mode (virus cannot block the install there) then run and delete what it finds. I'm assuming installions can be accomplished in safe mode, I've honestly never tried it as I've never contracted a virus and therefore never had a need to do anything in safe mode.

That should work. But the flash drive would also need a scrub just to be sure - otherwise you might be importing your problem to a new system.

[Top-Tier-Tech]

That should work. But the flash drive would also need a scrub just to be sure - otherwise you might be importing your problem to a new system.

Ah yes. On second thought burning the install files on a CD would be the safest easiest way to go.

[Top-Tier-Tech]

I've seen a lot of people with this problem but my particular strain is the nastiest piece of malware that I've ever encountered

I seriously have no idea how you people manage to get viruses or malware etc. etc.

Can you boot into safe mode and run a virus scanner from there?

[Copperknickers II]

I seriously have no idea how you people manage to get viruses or malware etc. etc.

Neither did I until now, only times I've had one before are when my antivirus runs out and i forget to renew it. I couldn't have taken any more precautions tbh, the Trojan must have just completely circumvented all my defenses.

Can you boot into safe mode and run a virus scanner from there?

Safe mode hardly makes any difference, it only means that the virus comes up when I click on an executable rather than as soon as I log in.

[Top-Tier-Tech]

Safe mode hardly makes any difference, it only means that the virus comes up when I click on an executable rather than as soon as I log in.

If you run malwarebytes in safe mode there isn't anything that can circumvent that.

Next time install Microsoft Security Essentials, you never have to worry about it expiring. And even without any anti-virus software it is still difficult to run across viruses and the like unless you are either looking at porn or searching and downloading illegal pirated crap.

[SonOfCrusader76]

If you run malwarebytes in safe mode there isn't anything that can circumvent that.

Next time install Microsoft Security Essentials, you never have to worry about it expiring. And even without any anti-virus software it is still difficult to run across viruses and the like unless you are either looking at porn or searching and downloading illegal pirated crap.

Does MSE have a boot time scan? That's one of the things I like about AVAST - its boot scan finds things the ordinary scan doesn't.

[atraps]

Try running RKill if the virus is interfering with your anti-virus program when in safe mode.

[Bolkonsky]

Rule #1: Never insert a flashdrive to a computer that has a virus. At least an active one.

Basically, PoleCat got the gist of what I was saying. Download Ubuntu, and burn it to a disk. (Follow the walkthroughs on that page to do that.)

Download a partition manager (I've only ever used Paragon but I paid for it. If you don't want to pay, check out this link.) and create a new partition. (Find documentation for the software you chose. If you can't, just come back here, we can give you a hand.) Boot Ubuntu LIVE. To do this, insert the disk, turn on your PC. When it gets to the BIOS screen, mash F-11 - this is usually the boot menu. It will say "Press any key to boot from CD..." Press any key, and wait a bit. Be sure to choose live boot. Load Ubuntu. Go through your main Windows installation. Find all the files you want to keep, and put them in a folder on your new partition. Then install Windows onto that partition. Load that Windows and see if you're still infected. If you run into any problems, or need more detail, post here. For now, I'm going to bed. Sorry if this seems groggy.

Also, a quick note:

Some partition managers may not work because they rely on Windows services. If the service is infected, it might not function. If that's the case, try another one. Now go kick some virus ass!

[Top-Tier-Tech]

Rule #1: Never insert a flashdrive to a computer that has a virus. At least an active one.

Basically, PoleCat got the gist of what I was saying. Download Ubuntu, and burn it to a disk. (Follow the walkthroughs on that page to do that.)

Download a partition manager (I've only ever used Paragon but I paid for it. If you don't want to pay, check out this link.) and create a new partition. (Find documentation for the software you chose. If you can't, just come back here, we can give you a hand.) Boot Ubuntu LIVE. To do this, insert the disk, turn on your PC. When it gets to the BIOS screen, mash F-11 - this is usually the boot menu. It will say "Press any key to boot from CD..." Press any key, and wait a bit. Be sure to choose live boot. Load Ubuntu. Go through your main Windows installation. Find all the files you want to keep, and put them in a folder on your new partition. Then install Windows onto that partition. Load that Windows and see if you're still infected. If you run into any problems, or need more detail, post here. For now, I'm going to bed. Sorry if this seems groggy.

Also, a quick note:

Some partition managers may not work because they rely on Windows services. If the service is infected, it might not function. If that's the case, try another one. Now go kick some virus ass!

This would be the hardest way to go so I should think attempting my suggestion with Malwarebytes installed from a CD is worth trying first. Unless of course you know of a reason that would not work.

[PoleCat]

This would be the hardest way to go so I should think attempting my suggestion with Malwarebytes installed from a CD is worth trying first. Unless of course you know of a reason that would not work.

You're right - it is the pain-in-the-ass method. But it is also the surest way to go about it. Even loading Malwarebytes from CD in Safe Mode may not work as it seems this virus locks down any Malwarebytes related .exe and keeps them from working even in Safe Mode. And if you're loading Malwarebytes from disc in the first place then that means you'll need the Win OS open - and that is where the virus is already. Bolkonsky's method bypasses Win altogether so the virus never wakes and doesn't have a chance to work-around the fix.

At this point Copper is describing chaos on his system and he's shown the wherewithal to enter Safe Mode. He's also described the symptom of Malwarebytes related programs not being able to run. It looks from here like it's either the nuclear solution (full OS wipe and format) or try for an admittedly time-consuming and painful save via the Linux route. Since he has files he needs to save the second option might be his only choice.

Either way, good luck Copperknickers!

[Copperknickers II]

Well, thank you Atraps. I ran Rkill from a disk (a non .exe version) and it managed to terminate the virus' active processes so that I got rid of it with Malwarebytes. Problem solved. Thank you all anyway.

[karamazovmm]

the best would be if he downloaded ubuntu, ran the live cd, extracted the necessary docs, and simply formated the whole thing

before plugging in you just run a check of your usb, and you are fine, no imports or anything, since the virus wouldnt be running in ubuntu and since you scanned the usb before transferring, all files are healthy.

Seriously do this and format the pc.

btw everytime you insert a usb that has been used in another pc, just go scan it for viruses.

[ROFL Copter]

Just reinstall Windows. Its the easiest solution if you're not very computer literate.

[Copperknickers II]

I'm moderately computer literate, and if that affords me anything it tells me that reinstalling Windows would cause me to lose all my files unless I went to the lengths described above to safeguard them. :L

Anyway as I said, it's gone now, the thread can be closed I suppose.