StarDestroyer.Net BBS

I got AVG, malwarebytes and spybot installed on my laptop, all fully updated and semi-frequently scanning. But lately it has been slower than usual, using way too much ram and cpu on idle, spybot always finds a dozen various malware even in nearly consecutive scans, and avg occasionally shows a popup about detecting a tracking cookie or another that it won't move to the vault, leaving me to delete them manually. But they always reappear, so whatever this thing is, it's gotten its roots deep within my system. How can I root it out, preferably avoiding a full format of the hd?

Dunno if it's relevant, but I've never been able to install the SP2 (Win Vista) on the machine. It always blurts out an unknown error, and has to revert the changes a little before finishing.

The first and easiest step is to redo the scans with each program while running in Safe Mode. Basically what this does is start up Windows without starting up most of the programs that would otherwise run automatically (which probably includes the bad programs), which will make your attempts to root out the malware that much more likely to succeed.

Another thing would be to ditch AVG for something better. MSE, Avira and Avast are all superior alternatives.

Edi is quite correct. My personal recommendation goes towards MSE, but any of the above would be good options. Additionally, I've seen a huge torrent of boot sector viruses in the past year or so, so if you have an actual Vista disc it's time to blow up the boot sector on speculation. Also: Combofix is your lord and master.

Are you using File Assassin to do the manual deletions? Cause it should be able to permanently delete any file that you can find. (warning: that does mean any file, and can trash the computer if you aren't certain of the files use> only kill with it what you are reasonably certain is bad.)

Huh. I am way behind on antivirus programs. I still use AVG.

Narkis, Have you done a HijackThis scan?

If you've got something that nasty on the system, it really is time for a nuke and pave. Back up all of your data (you do have it all on a separate partition, correct?), format the hard drive, reinstall Windows, use MSE as your main antivirus. Get all of your programs installed, get everything patched. Use CloneZilla to create a disk image. Should this happen in the future, all you need do is reload from the image. Oh, update it from time to time (but keep the original as you know it's 100% clean) so you don't have as long to patch after reimaging. Does it suck? Yes. Will it guarantee your malware issue is resolved? Yes. Will it put you in a better position for future issues? Yes.

Also, make sure all of your data is backed up to an external hard drive, and preferably offsite as well (if any of it is important to you). I like Crashplan personally. Encrypts data either with a key shared with them, or a private key shared only with you, prior to transmittal to their datacenter. Truly unlimited backups - no throttling after 100gb like some others. Can use external hard drives, and I think NAS, runs on Linux, Windows, Mac, has Android/iOS apps. Multiple computers can get a discount. Can use their free service to back up to external hard drive or to someone else who uses crashplan and provides you with a link to their system.

my $.02.

If all else fails, and you have good backups, Combofix has removed several nasty viruses for me. Backups are key, since Combofix just deletes every single file doesn't like and that might include key system files, making the machine unbootable. Its a good last resort before reformatting. Its best to run a bunch of other anti virus programs, one at a time, beforehand to ensure that Combofix sees a need to destroy as little of your hard drive as possible. Its been a while since I used it though, so I dunno if its kept pace with the very latest problems.

Combofix is most definitely still the wind of death as far as malware is concerned. And frankly, if Combofix is deleting your system files, it's because they were subverted and/or replaced by viruses anyway, so you're just as fucked, but now your hard drive is probably clean for you to recover data from, rather than running the risk of grabbing viruses off it too. It doesn't kill everything, but it tends to focus on the most brutally unpleasant viruses out there, so it's an invaluable tool.

Alright, I replaced AVG with MSE, had it perform a full scan (10 frigging hours), redid all scans in safe mode, even ran combofix (without a backup, thanks for the warning White Haven ) and it found some files it didn't like. But the problem persists. Spybot still finds stuff that should probably not be there every time I run a scan. The poor computer isn't getting any better. Both MSE and Malwarebytes find nothing. And HJT spits out an error after a bit of scanning, and I don't know enough to decrypt the results. Error and log are here, if anyone wants to have a look: https://docs.google.com/document/d/1Xw0 ... fee2Y/edit

Guess it's time for a nuke. I'd better find my vista cd soon.

If you have an actual OS CD and not a restore set of some kind, I can give you the procedure to blow up your boot sector and MBR; I've seen a ton of boot sector viruses of late.

Take a look at this. If a virus is blocking HJT from scanning system.ini, you may have to take a look at it yourself and see what's going on.

I checked my system.ini, and nothing seems out of place. It doesn't contain much anyway. I could cp it if you want to have a look.

And I have no idea what my Vista CD is, as I haven't been able to find it anywhere. Will check back if I do.

You should do so.

Narkis wrote:I checked my system.ini, and nothing seems out of place. It doesn't contain much anyway. I could cp it if you want to have a look.

And I have no idea what my Vista CD is, as I haven't been able to find it anywhere. Will check back if I do.

It's possible that you never got an installation CD; many new computers contain the means to make "recovery" disks, but not actual physical media.