Virus help

2011-06-15 14:54:30

#1

nukchebi0: Пушкин, наше всё; +387|6579|New Haven, CT

I downloaded a freeware program I thought was safe, scanned it multiple anti-virus and anti-malware programs, tried to install it, and instantly got a virus. It forced Windows to shut down immediately, and every time I tried to reboot, both in safe mode and normally, I got a blue screen before the computer was usable (though I am usually able to log on in a normal boot and thus the computer considers it a successful boot). The messages vary a bit, though the two most common are "PAGE_FAULT_IN_NONPAGED_AREA" (error code 0x00000050) and another with error code 0x0000007E. I tried a system restore to the day before I got the virus, but this did not solve the problem. After this, I ran an Avira Rescue Disk and successfully detected the virus, which was a trojan TR/Obfuscate.PN.662, but even after this scan the blue screen persisted.

Basically, I'm curious if the computer is recoverable from this state, or if the Windows installation is mangled beyond repair and needs to be redone. Are there any other programs which can detect the virus and cleanse the system more thoroughly, or are the blue screens being caused by the damage the virus has done, rather than the virus actively running? If the latter case, is there any way to repair Windows Vista Business x64 short of reinstalling it, which I would prefer not to do since I do not have the installation disk accessible to me?

If anyone is curious, Comodo, Malwarebytes, and Windows Defender are the three programs that failed to identify the virus in the executable.

2011-06-15 15:05:47

#2

unnamednewbie13: Moderator; +2,053|7027|PNW

Why not "upgrade" WD to MSE? Here: http://www.microsoft.com/en-us/security … fault.aspx

Also, feel free to run ESET online av - http://www.eset.com/us/online-scanner

e:

Try booting in safe mode. If that fails, try attaching the drive to a 'sacrificial' PC and scanning it from that rig. If you could get your hands on a copy of Windows, you should be able to reinstall without formatting.

2011-06-15 15:38:36

#3

Zimmer: Un Moderador; +1,688|7011|Scotland

unnamednewbie13 wrote:
Try booting in safe mode. If that fails, try attaching the drive to a 'sacrificial' PC and scanning it from that rig. If you could get your hands on a copy of Windows, you should be able to reinstall without formatting.

He's already tried to boot in the safe mode.

Boot up a Linux Live CD, move some files from your Windows drive around (this should technically cause Windows to boot up in CHKDSK mode.)

Let CHKDSK mode run, it should detects problems (might not be able to fix it) and if it does, boot in through safe mode, run MalwareBytes and hope all for the best.

You're actually one of the first to get this virus. It's brand new and got released today, so you might have a lot of trouble getting rid of this problem.

Your programs failed to detect it because only one virus database has been updated to detect it so far and that is Avira's. The rest of them don't even have it on their radar right now.

An Obfuscate is a pretty nasty piece of software -
http://www.microsoft.com/security/porta … uscator.PN

You might not be able to recover properly.

2011-06-15 20:40:17

#4

nukchebi0: Пушкин, наше всё; +387|6579|New Haven, CT

It definitely got released before today, as I got it yesterday, but I see. That would explain why Avira's boot scan found it and nothing else did. And yes, it's an extremely nasty piece of software, considering it hijacked the system immediately and then shut it down. I don't really understand the purpose of it though, given that my computer is now unusable and thus it can't really do anything. Obviously, I turned off the wireless adapter as quickly as possible, but either way the computer doesn't work long enough for it to steal any information or spread itself more. Was it designed simply to ruin the computer? I was downloading a game trainer, so maybe the company put up an infected file intentionally? Either way, I've run the Avira scan, it says its cleaned up the infections, and I'm going to manually sweep through them to make sure.

I'll try booting again before anything, though that'll likely fail, and then I'll backup files and do a vista upgrade install to hopefully refresh that. I already ran chkdsk through command prompt multiple times, and it failed to find anything, so I don't think that is necessary.

2011-06-15 20:55:05

#5

unnamednewbie13: Moderator; +2,053|7027|PNW

Egh.

I've dealt with shutting down so many viruses from game trainers and third-party character editors that I barely use anything but what I get from cheat happens or what I make on cheat engine.

2011-06-15 21:07:28

#6

Kmar: Truth is my Bitch; +5,695|6856|132 and Bush

nukchebi0 wrote:
I downloaded a freeware program I thought was safe, scanned it multiple anti-virus and anti-malware programs, tried to install it, and instantly got a virus. It forced Windows to shut down immediately, and every time I tried to reboot, both in safe mode and normally, I got a blue screen before the computer was usable (though I am usually able to log on in a normal boot and thus the computer considers it a successful boot). The messages vary a bit, though the two most common are "PAGE_FAULT_IN_NONPAGED_AREA" (error code 0x00000050) and another with error code 0x0000007E. I tried a system restore to the day before I got the virus, but this did not solve the problem. After this, I ran an Avira Rescue Disk and successfully detected the virus, which was a trojan TR/Obfuscate.PN.662, but even after this scan the blue screen persisted.

Basically, I'm curious if the computer is recoverable from this state, or if the Windows installation is mangled beyond repair and needs to be redone. Are there any other programs which can detect the virus and cleanse the system more thoroughly, or are the blue screens being caused by the damage the virus has done, rather than the virus actively running? If the latter case, is there any way to repair Windows Vista Business x64 short of reinstalling it, which I would prefer not to do since I do not have the installation disk accessible to me?

If anyone is curious, Comodo, Malwarebytes, and Windows Defender are the three programs that failed to identify the virus in the executable.

I had a real tough time getting a peice of Malware off of my sisters computer once. There is a program called SuperAntispyware that did the trick. I had already tried spybot, hijackthis, nod32, mrt, and malwarebytes.

*but it looks like you have something much worse.

Xbone Stormsurgezz

2011-06-15 21:08:07

#7

11 Bravo: Banned; +965|5492|Cleveland, Ohio

ya that super one is pretty awesome

2011-06-15 21:11:17

#8

Kmar: Truth is my Bitch; +5,695|6856|132 and Bush

11 Bravo wrote:
ya that super one is pretty awesome

I actually never heard of it until I researched her problem. It sounds gimmicky, but whatever. It worked.

Xbone Stormsurgezz

2011-06-15 21:18:24

#9

nukchebi0: Пушкин, наше всё; +387|6579|New Haven, CT

I know about SuperAntispyware, and it is wonderful for dealing with more beneign issues, but I don't think it works without booting into at least safe mode, which this virus has prevented me from doing.

Un, what is cheat engine?

2011-06-15 21:46:57

#10

Kmar: Truth is my Bitch; +5,695|6856|132 and Bush

Yea that's why I added the last sentence.

Can you run mrt?

Xbone Stormsurgezz

2011-06-15 21:48:52

#11

Kmar: Truth is my Bitch; +5,695|6856|132 and Bush

or any of these other tools for that matter.
http://forums.bf2s.com/viewtopic.php?pi … 5#p3554335

Xbone Stormsurgezz

2011-06-15 22:10:23

#12

nukchebi0: Пушкин, наше всё; +387|6579|New Haven, CT

Kmar wrote:
Yea that's why I added the last sentence.

Can you run mrt?

No, since the Vista Recovery CMD won't let me run any executables but core Windows one like regedit and system restore. I certainly can't intall anything from it, and if neither msconfig or explorer will work, I highly doubt MRT would either. It does need to be installed, does it not?

2011-06-15 22:19:20

#13

Kmar: Truth is my Bitch; +5,695|6856|132 and Bush

MRT is built into windows. Everyone has it.

Xbone Stormsurgezz

2011-06-15 22:30:12

#14

nukchebi0: Пушкин, наше всё; +387|6579|New Haven, CT

I can't run it from the Vista Recovery CMD.

2011-06-15 23:08:59

#15

Kmar: Truth is my Bitch; +5,695|6856|132 and Bush

Yea I'd say your options are limited.
http://windows.microsoft.com/en-US/wind … dows-Vista

Xbone Stormsurgezz

2011-06-15 23:20:29

#16

Benzin: Member; +576|6253

Linux Live CD, rescue whatever files you can and reformat and reinstall.

2011-06-15 23:43:02

#17

nukchebi0: Пушкин, наше всё; +387|6579|New Haven, CT

I'm going to start with the Vista upgrade install and go from there.

2011-06-15 23:58:08

#18

Kmar: Truth is my Bitch; +5,695|6856|132 and Bush

CapnNismo wrote:
Linux Live CD, rescue whatever files you can and reformat and reinstall.

prolly the best thing to do at this point.

Xbone Stormsurgezz

2011-06-15 23:59:07

#19

Kmar: Truth is my Bitch; +5,695|6856|132 and Bush

btw, i keep one of these http://www.howtogeek.com/howto/linux/cr … -easy-way/

Xbone Stormsurgezz

2011-06-16 00:14:17

#20

nukchebi0: Пушкин, наше всё; +387|6579|New Haven, CT

I rescued all my files using the Vista Recovery DVD command prompt and a flash drive. I'm extremely limited in resources since I'm at school right now; thankfully the student techology office lent me a Vista disc that should have an iso with SP2. I'll report back after the upgrade install is attempted.

2011-06-16 00:14:49

#21

Kmar: Truth is my Bitch; +5,695|6856|132 and Bush

good luck

Xbone Stormsurgezz

2011-06-16 00:54:26

#22

nukchebi0: Пушкин, наше всё; +387|6579|New Haven, CT

Well, Vista upgrade option only works in Vista, not when booting from the install disk.

2011-06-16 01:54:16

#23

Benzin: Member; +576|6253

Burn yourself an Ubuntu disc and rescue what you can. Good opportunity to get a Win7 license.

2011-06-16 06:59:48

#24

Shahter: Zee Ruskie; +295|7030|Moscow, Russia

yeah, all you are reformatting anyway, don't go back to vista, get seven if you can.

if you open your mind too much your brain will fall out.

2011-06-16 11:23:34

#25

nukchebi0: Пушкин, наше всё; +387|6579|New Haven, CT

Since I'm going to Russia tomorrow, I'm just going to install Vista "clean" now (meaning all my files are saved in Windows.old) and then properly upgrade to Windows 7 once I return home in early August.

BF2S Forums Virus help

unnamednewbie13 wrote:

nukchebi0 wrote:

11 Bravo wrote:

Kmar wrote:

CapnNismo wrote:

Board footer