Pages: 1 2

 

2009-09-30 04:47:13
FEOS
Bellicose Yankee Air Pirate
+1,182|6671|'Murka

Dilbert_X wrote:

You just have to delete the partition, make a new one, and format it. Boom. Virus is dead. No need to spend money on something that you don't need.
If the PC won't let you do it its pretty hard to do, plus obviously you lose your data for certain.
New HDs cost next to nothing, and they're usually bigger/faster/cheaper so don't see the problem TBH.
Well, it's a bit more sporty with a laptop than with a desktop system.

I'll probably just reformat, tbh. Not holding out much hope on the renaming the executable thing, but I still haven't had time to try that yet.
“Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid.”
― Albert Einstein
Doing the popular thing is not always right. Doing the right thing is not always popular
2009-09-30 05:02:53
Benzin
Member
+576|6259
You'd be surprised that renaming the EXE will fix all your problems. That's essentially what ComboFix does should you use it. It renames the virus files and copies them into its quarantine folder. I imagine that's what most anti-virus programs do, too.

But rename the executable. See what it gets you. If you're on a network, I would also inspect the other computers on the network because they may be infected, too.
2009-09-30 06:28:16
.Sup
be nice
+2,646|6713|The Twilight Zone

CapnNismo wrote:

You'd be surprised that renaming the EXE will fix all your problems. That's essentially what ComboFix does should you use it. It renames the virus files and copies them into its quarantine folder. I imagine that's what most anti-virus programs do, too.

But rename the executable. See what it gets you. If you're on a network, I would also inspect the other computers on the network because they may be infected, too.
Most of the viruses won't allow you to rename them especially if they are active- in use.
https://www.shrani.si/f/3H/7h/45GTw71U/untitled-1.png
2009-09-30 07:35:43
Benzin
Member
+576|6259
Not always the case. But what you do to get around that to install an antivirus program is you download the exe but rename it BEFORE you download it. Then install.
2009-10-01 03:30:15
FEOS
Bellicose Yankee Air Pirate
+1,182|6671|'Murka

CapnNismo wrote:

Not always the case. But what you do to get around that to install an antivirus program is you download the exe but rename it BEFORE you download it. Then install.
Wait a minute.

I'm confused.

I thought you were saying to rename the executable for the AV program, then run it. Not the exe for the install package of the AV program. Not sure how that would make any difference, as it would install the same filenames in the same paths that the malware is looking for.
“Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid.”
― Albert Einstein
Doing the popular thing is not always right. Doing the right thing is not always popular
2009-10-01 06:07:00
Dilbert_X
The X stands for
+1,815|6366|eXtreme to the maX
The malware will be looking for the AV.exe to start with I guess. Rename that and it could work.

You can also get malware killers which run solely as an exe, they don't install anything so the malware has nothing to look for - just run the exe and away you go.
Helps if you know the specific malware.

eg If you can find it here you might be lucky.
http://www.symantec.com/norton/security … ltools.jsp
McAfee and others have similar tools, eg stinger seems fairly general.
http://home.mcafee.com/virusInfo/VirusRemovalTools.aspx
And if you have an account they will help you.

Need to hunt for the original trojans also, eg Antivirus 2009 could be Zlob or Vundo or others.
If you don't kill them all at once they come back....

If this is teaching you to suck eggs - too bad.
Nothing seemed to work for my last attack, hence a total rebuild.
Fuck Israel
2009-10-02 04:23:10
FEOS
Bellicose Yankee Air Pirate
+1,182|6671|'Murka

I've gotten probably 80% of the files and registry entries manually. There's just some buried in the registry that I can't find...even with manual uninstall instructions.

Extremely frustrating.

I'll try a few more things  before I go the format/reinstall route, but I suspect that's where I'll end up. Just don't have the time, tbh.
“Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid.”
― Albert Einstein
Doing the popular thing is not always right. Doing the right thing is not always popular
2009-10-02 06:02:23
ghettoperson
Member
+1,943|6909

Run Hijack This, then post the log on here.
2009-10-02 08:09:04
King_County_Downy
shitfaced
+2,791|6857|Seattle

http://sales.webroot.com/downloads/regi … 5241_1.exe

SSFF-WRTL-AADH-CLNI-WVYC

It's only good for another month, but go ahead and install, update, run, etc.

Use in conjunction with malwarebytes.org scan

Holla-
Sober enough to know what I'm doing, drunk enough to really enjoy doing it
2009-10-02 10:34:32
Benzin
Member
+576|6259

ghettoperson wrote:

Run Hijack This, then post the log on here.
Good idea. Though if he can't run his antivirus then I doubt that he'll be able to run hjt.

 

Pages: 1 2

Board footer

Privacy Policy - © 2025 Jeff Minard