Help with virus

  • Hey - turns out IRC is out and something a little more modern has taken it's place... A little thing called Discord!

    Join our community @ https://discord.gg/JuaSzXBZrk for a pick-up game, or just to rekindle with fellow community members.

Torp

Torp

Hai
Dec 23, 2004
3,180
63
Milan, Italy
Girlfriend downloading bullshit yesterday on her laptop and got a trojan horse, silly bint.

Anyway, AVG can't heal/remove nor can Malwarebytes.

-Trojan horse Crypt.RHI
-Trojan horse BackDoor.Generic27.AZJY

I think that is it.

It seemingly destroys iexplorer links and just slows the system down completely.

Any suggestions chaps?

P.S. I am currently scanning the system with rootkit GMER.
 
I fully anticipate that response from MyM! And have a witty and elegant response of my own if that time comes!

Either way, was hoping a format could be avoided due to the laptop being around 5 years old and having various pictures and documents on of worth.

As I am a computer noob, is there a chance that these sort of files could also be affected? Or is it a case of backing them up?

Also about 20gb of music on there and she wont be too happy about having to lose all that!
 
First Part local the File in system or the pic or how ever, is hey locatet go to part2 normal you cant delete this he is running ..

Next go here start open (regedit or regedit 32 ) enter then new window go open now check this way
HKEY local Maschine>Software>Microsoft>Windows>Current Version> RUN and check Another RUN ONCE Delete the File Here

Now go to first Part and delete the Files , Restart your Computer and is clean ...

bussy hope you knwo the ugly english ^^:chainsaw:
 
MalwareBytes
SuperAntiSpyware
ComboFix (don't download from anywhere else apart from here!)
Hijack This
Avast AV or some other scanner
type "msconfig" from your run or search dialogue on Windows start menu to disable startup items and services

If you get rid of the virus and then none of your networking works (due to it overwritting ndis.sys files) use System Restore to restore to a couple of weeks before.
 
Do you have any partitions? if not I suggest you create one in the near future. Partitions can be created when you install Windows or you can use software such as Paragon Partition Manager. I'd be very suprised if your music and photos have been compromised. It's most likely just the files in the Windows folder.

You could try something like this. Alternatively, you could download a program called HijackThis, let it do a scan and post your log file here. Hijack is a very powerful tool and you can cause even more damage to your computer if you don't know what you're doing. Therefore, I can't stress enough how important it is to post your log file on their forum and let the people on there advise what is safe to delete.
 
Just boot from a LiveCD and scan from there. Since the virus can't operate then you can fix most of your system. Also you can backup your files with it.

For example this one : http://www.hiren.info/pages/bootcd
You'll need to download it elsewhere (google/torrents) though it seems, must be cause it has some non-freeware apps.
 
what pinhead said.
1. Ubuntu LiveCD/USB
2. ??? (scan with every program listed here/backup your wanted files then format)
3. Profit!
 
use:

http://www.softpedia.com/get/Antivirus/McAfee-AVERT-Stinger.shtml

run in save mode do allow Avast to delet the virus...

can you maybe give the link to the crap she downloaded to check if its really a thread?

and make a fucking backup if your laptop is so full of value data...

and as Martz said do hijackthis logfile and post here....

If you don't want linux Live CD then go for BartPE Windows...

btw i see only a little chance for you to avoid a full reinstall as the Trojan is already putting himself deep into system and you can't be sure if he survives all the AV-Programms. Its possible and then you're fucking lost in the inet getting hacked... all backups now must be counted as prolly infected...

:rolleyes:
 
jup, there are many anti virus boot cds out there:
copy and pasting my bookmarks:


Antivirus_BootCDs
13 Antivirus Rescue CDs Software Compared in Search For the Best Rescue Disk » Raymond.CC Blog
Kaspersky Offers FREE Rescue Disk To Clean Virus Without Booting in Windows » Raymond.CC Blog
BitDefender Offers FREE Rescue CD with Ability to Auto Update Virus Definition » Raymond.CC Blog
Bitdefender CD
Free Avira AntiVir Rescue System CD to Clean Unremovable Virus » Raymond.CC Blog
Antivir Rescue CD
GData Download (search on their site)
Plop Linux USB Boot Description
Plop Linux DL
Download FREE Bootable Rescue CDs from Kaspersky, BitDefender, Avira, F-Secure and Others - Tweaking with Vishal
Click to expand...
----------------------------------------------------

other than that - just for backing up your data you can also unscrew the hdd and connect it to some other computer ( maybe not necessarily a vista one, logged in as an admin with the "execute anything on any unknown storage device that was connected" bullshit activated :D ). you should be able to copy your music etc off the drive. if ntfs / access rights complain then there are ways around that, i think! not sure but i think i did it once - and the guys here know how to do it, i guess.

----------------------------------------------------

anyway - my recommendation would have been hijackthis so all the suggestions above should enable you to remove the fucker.
 
You must log in or register to reply here.
Top Bottom
Back