FFFFFFFUUUUUUUUUUUU
April 14, 2011 6:18 AM Subscribe
I've got a nasty bit of malware. How do I get rid of it?
Last night I somehow managed to download a particularly nasty bit of malware on one of my computers. Right now, it's showing me a dialog box claiming to be "WindowsFixDisk" and telling me that I have major hard drive errors. It has also hidden a number of my files, keeps popping up warnings from my taskbar as well. Naturally, it's telling me that I should buy the full version in order to fix the "hard drive errors." Also, when I tried running AVG, it forced a system shutdown.
How do I get rid of the damn thing? I mostly use the computer for internet things, but a lot of my music is on there, so I would rather like to fix this.
Bonus question: should it come down to nuking the site from orbit, how do I rescue my music files?
Last night I somehow managed to download a particularly nasty bit of malware on one of my computers. Right now, it's showing me a dialog box claiming to be "WindowsFixDisk" and telling me that I have major hard drive errors. It has also hidden a number of my files, keeps popping up warnings from my taskbar as well. Naturally, it's telling me that I should buy the full version in order to fix the "hard drive errors." Also, when I tried running AVG, it forced a system shutdown.
How do I get rid of the damn thing? I mostly use the computer for internet things, but a lot of my music is on there, so I would rather like to fix this.
Bonus question: should it come down to nuking the site from orbit, how do I rescue my music files?
Best answer: Here's a step by step how to remove. If you have to Nuke you can do a parallel install. Just install the OS in a folder called windows1 instead of the default windows folder. If you are using Windows7 it should give you this option when the install begins.
posted by white_devil at 6:29 AM on April 14, 2011
posted by white_devil at 6:29 AM on April 14, 2011
I also came to recommend Deezil's profile. I was able fix my mom's computer last time I was home because of his awesomeness. Deezil is a hero.
posted by phunniemee at 6:30 AM on April 14, 2011
posted by phunniemee at 6:30 AM on April 14, 2011
That's an awesome list Deezil has. Combofix is a godsend. It has saved me in the past when all else has failed.
posted by rich at 6:30 AM on April 14, 2011
posted by rich at 6:30 AM on April 14, 2011
Response by poster: Sorry, I should clarify. This is an XP machine, and I'm actually not the most adept when it comes to IT issues. Thanks for the responses so far.
posted by TheWhiteSkull at 6:31 AM on April 14, 2011
posted by TheWhiteSkull at 6:31 AM on April 14, 2011
Seconding white_devils's recommendation of bleepingcomputer. I've had good results following their instructions in the past. Start there. It'll probably work.
I'd like add one thing: Do not download software advertised on their site. Use what they recommend in the article (Malwarebytes).
posted by nangar at 6:41 AM on April 14, 2011
I'd like add one thing: Do not download software advertised on their site. Use what they recommend in the article (Malwarebytes).
posted by nangar at 6:41 AM on April 14, 2011
should it come down to nuking the site from orbit, how do I rescue my music files?
Run a live CD like Knoppix from the CD drive, and use that to copy your files. It probably won't be necessary though.
posted by nangar at 6:50 AM on April 14, 2011
Run a live CD like Knoppix from the CD drive, and use that to copy your files. It probably won't be necessary though.
posted by nangar at 6:50 AM on April 14, 2011
Yeah good call nangar. Use the applications in the removal guide not what they're trying to sell you in the ads on the site.
posted by white_devil at 6:50 AM on April 14, 2011
posted by white_devil at 6:50 AM on April 14, 2011
Just install the OS in a folder called windows1 instead of the default windows folder. If you are using Windows7 it should give you this option when the install begins.
For both XP and 7 you can just install overtop the existing installation. This will cause the installer to move the old OS's files into a folder called Windows.old. Within that folder the older profiles should be accessible for recovering the music files.
As for Deezil's profile, it's a great resource that should address most malware out there. However, I would still take white_devil's approach first in following the instructions specific to your infection. Reason being, combofix can be a tricky animal if used in the wrong scenarios...I usually tend to save that step as a last resort, as when it fails...it can make recovery a bit tougher.
posted by samsara at 6:51 AM on April 14, 2011
For both XP and 7 you can just install overtop the existing installation. This will cause the installer to move the old OS's files into a folder called Windows.old. Within that folder the older profiles should be accessible for recovering the music files.
As for Deezil's profile, it's a great resource that should address most malware out there. However, I would still take white_devil's approach first in following the instructions specific to your infection. Reason being, combofix can be a tricky animal if used in the wrong scenarios...I usually tend to save that step as a last resort, as when it fails...it can make recovery a bit tougher.
posted by samsara at 6:51 AM on April 14, 2011
Kapersky Virus Removal Tool is a great tool that I've used to save many PCs, and it's not listed in Deezil's profile.
posted by cp7 at 7:22 AM on April 14, 2011
posted by cp7 at 7:22 AM on April 14, 2011
If you get stuck, just talk nice to Deezil. He walked me through a tough virus step by step a few weeks back. Totally awesome guy. An anti virus god.
posted by SLC Mom at 8:31 AM on April 14, 2011
posted by SLC Mom at 8:31 AM on April 14, 2011
after dealing with these things many times for friends and relatives, now I just pull the infected hard drive add it to a secondary computer and run malwarebytes from there, no safe mode no reg edit and the malware cannot disengage malwarebytes as it likes to do
posted by kanemano at 11:38 AM on April 14, 2011
posted by kanemano at 11:38 AM on April 14, 2011
I used to work for Support.com spending a majority of my time each day remotely cleaning up malware and I agree Deezil's procedure is pretty good. We rarely used combofix because it would kill ~5% of the computers that it ran on, this was almost a year ago though. I'd say 80% of the malware I've encountered can be fixed by updating and running MBAM (Malwarebytes' Anti-Malware) in safe mode, and changing the exe name if it won't run. After you run it in safe mode, run it again after a normal boot.
posted by Kupo? at 11:53 AM on April 14, 2011
posted by Kupo? at 11:53 AM on April 14, 2011
Response by poster: OK the instructions for removing this infection with Malwarebytes do not include booting in safe mode. Should I still do this? How would I do it?
posted by TheWhiteSkull at 2:07 PM on April 14, 2011
posted by TheWhiteSkull at 2:07 PM on April 14, 2011
Keep tapping the F8 key as the computer boots up and you should get a screen that will give you an option to boot in safe mode. Sometimes it's hard to catch so I just keep tapping the key during the boot sequence.
posted by white_devil at 2:17 PM on April 14, 2011
posted by white_devil at 2:17 PM on April 14, 2011
This thread is closed to new comments.
posted by inigo2 at 6:21 AM on April 14, 2011 [7 favorites]