Computer file association virus

Started by GabrielsThoughts, March 08, 2010, 04:54:06 PM

Previous topic - Next topic

GabrielsThoughts

Ok, so while my computer was booting up this morning before Norton activated itself a virus installed itself on the computer more than a dozen times.  tried to  use system restore, not available, the virus seems to have targeted my browsers and EXE files. how I managed to get Firefox opened in the first place was through dumb luck.


Anyway the computer a Vista 64bit doesn't recognize exe files and I don't know how to fix the problem. Any suggestions would be great.
   clickity click click click. Quote in personal text is from Walter Bishop of Fringe.

Noone

#1
Well, I'm not sure what you have,... though I do have a few tips and queries.
Queries:
- What were the last few things you did on your computer before it got the virus?

- How exactly did you get firefox to run? Can you do the same with other programs?

Solutions (possible):
- Norton hasn't been doing so well in the antivirus world. If you have another computer and a USB available, download Avast here , put the installer on the USB, or if you have another Vista-64 and a large enough USB, install it there and then port the whole program over. (The latter approach may not always work reliably). Once it's on your computer in some form, try doing a boot-time scan.

- Use task manager, if you see any processes that don't look like they belong there, try disabling them and seeing if that helps. If you're lucky, you can disable the virus this way.

- Delete your temporary internet folder, and your cookies, purge your recycle bin afterward. Some viruses place themselves here, the nasty ones will be in your Windows folder though.

This is all I can do with the information provided, I hope it's enough.

GabrielsThoughts

#2
yesterday night I watched Life and some English movie/miniseries on  Hulu I turned off the computer.

This morning at around  7:48 I turned on my computer and left it going to warm up  ten minutes later at around 8:02  I returned to the computer and Norton informed me that whatever AV virus it was had been stopped more than a dozen times successfully.

I have several midterms  this week and my day was stressful enough so I shut down the computer until about 1:15

I got Firefox to run after I received a prompt asking me to choose a program I wanted to use to open system restore and clicked a link that said "look for appropriate program on the web" rather than selecting internet explorer.

EDIT: problem still unresolved
   clickity click click click. Quote in personal text is from Walter Bishop of Fringe.

Darkmoon

I agree that running another AV program would be good. There's a good chance that whatever is trying to install could have also already partially corrupted Norton. The likelihood is that, if the virus has moved that far, you'll need to:

a) Dig into windows, the registry, all the various places the virus could hide, and hack it out.
b) Take the computer to a shop to have them to (a) for you.
c) Blow out Windows by doing a fresh install of the Windows folder over-top of the old one.
d) Completely reformat the computer.
In Brightest Day. In Blackest Night...

Drayco84

Quote from: Darkmoon Firelyte on March 08, 2010, 09:31:58 PM
I agree that running another AV program would be good. There's a good chance that whatever is trying to install could have also already partially corrupted Norton. The likelihood is that, if the virus has moved that far, you'll need to:

a) Dig into windows, the registry, all the various places the virus could hide, and hack it out.
b) Take the computer to a shop to have them to (a) for you.
c) Blow out Windows by doing a fresh install of the Windows folder over-top of the old one.
d) Completely reformat the computer.
Back up EVERYTHING that's important! (In other words, make copies of it on an external HDD, USB flash drive, SD card, CD, WHATEVER.  Digging into windows and the reqistry can destroy the windows install. More than likely, to make sure that this SOB is gone, you'll need to reformat and do a fresh install of windows.

Personally, I'd recommend splitting your HDD into two partitions during/before the reformat for the final step later on here. (Because someone's GOT to say it...) I'd steer clear of those all-in-one security packages as if some malicious software can take PART of it down, the whole thing is usually down as well. (So yes, that means seperate firewall, separate AV, two or three anti-spyware programs, etc.) ClamAV is a good open-source antivirus and MAY be able to remove it, but then again it may not. (It's already taken out one anti-virus, and the name of this blighter could come in handy. You could be dealing with a rootkit, even.)

After your HDD is split into two partitions, I'd recommend installing a version of Linux on one of those partitions. (Yes, I HAD to say it.) Check here http://distrowatch.com/dwres.php?resource=major for info on the major distros. (I use PCLinuxOS, and the gui feels an awful lot like windows. Once you get the hang of it, it really does start to grow on you.)

Darkmoon

If you want to make sure it's gone, I would agree with burning the whole drive, salting the earth, and then reformatting.

If you're gonna backup your files, I recommend burning to CDs/DVDs. It'll be all but impossible for a virus to run off of that without your say so, but it would still be a good idea to virus scan ever disk before copying anything off of them.
In Brightest Day. In Blackest Night...

GabrielsThoughts

I haven't done anything to the computer yet, but if I use the "old" trick of right clicking  the browser and selecting run as administrator I can launch exe files. ...

as for Linux... I don't know if would it be compatible with the  64 processor  and I don't know anything about what hardware it is compatible with.

I have an HP media smart entertainment laptop with a built in blue ray player. I use it mostly for watching video on YOutube Hulu Blueray dvd and word processing with open office and microsoft works... I also have cs3 production software Flash, After effects, and Elements  installed that I use/need.
   clickity click click click. Quote in personal text is from Walter Bishop of Fringe.

RobbieThe1st

First, the 64-bit processors in common consumer products can run 32-bit OS's and software with no problem. Most likely, your version of Windows XP/Vista/7 is a 32-bit version anyway.

Second, I suggest using Ubuntu. The Ubuntu CD is whats known as a "LiveCD" - This means that when you stick it into your CD drive, you can boot into Ubuntu right off the CD, no harddisk changes needed.
Thus, if you are worried about compatibility, try it! You don't have to worry about installing or partitioning yet; just download the ISO, burn it to a disk and reboot.
If you aren't satisfied, or things don't work, you can try a different distribution of Linux, or ask here for help.
(To other Linux fans: Yes, I know there are other distributions, but this is probably the best for the OP)
----
To be honest with you, I don't suggest going entirely to Linux - You have applications without much in the way of Linux equivalents, and the switch would be painful. What I suggest is a dual-boot system: You have two partitions, one for Linux and one for Windows. This way, you can run Windows when you need the functionality, but when it F***s up... you can still access the Internet/use Open Office/etc.


Pasteris.ttf <- Pasteris is the font used for text in DMFA.

Tapewolf

Microsoft Security Essentials.  It's one of the few pieces of Microsoft software which actually impressed me.  It is actually very good at what it does.

J.P. Morris, Chief Engineer DMFA Radio Project * IT-HE * D-T-E


Darkmoon

I second that. It's my primary virus program.
In Brightest Day. In Blackest Night...

Drayco84

Quote from: RobbieThe1st on March 09, 2010, 12:48:44 AM
First, the 64-bit processors in common consumer products can run 32-bit OS's and software with no problem. Most likely, your version of Windows XP/Vista/7 is a 32-bit version anyway.

Second, I suggest using Ubuntu. The Ubuntu CD is whats known as a "LiveCD" - This means that when you stick it into your CD drive, you can boot into Ubuntu right off the CD, no harddisk changes needed.
Thus, if you are worried about compatibility, try it! You don't have to worry about installing or partitioning yet; just download the ISO, burn it to a disk and reboot.
If you aren't satisfied, or things don't work, you can try a different distribution of Linux, or ask here for help.
(To other Linux fans: Yes, I know there are other distributions, but this is probably the best for the OP)
----
To be honest with you, I don't suggest going entirely to Linux - You have applications without much in the way of Linux equivalents, and the switch would be painful. What I suggest is a dual-boot system: You have two partitions, one for Linux and one for Windows. This way, you can run Windows when you need the functionality, but when it F***s up... you can still access the Internet/use Open Office/etc.
Ubuntu isn't the only Linux distro that has this feature, BTW. I know for a fact that PCLOS does too, and possibly many other distros. Just select option to load the OS into the RAM when using the disk. Heck, you might even be able to run antivirus software from Linux too. (Which means that since the virus isn't running, it can't stop you. But, I'm not sure if it can fix the registry files within Windows.)

And Robbie, I'd debate you on the use of Ubuntu. but since I'm aware that the distro has a large userbase and is well-documented, plus since the OP is using older hardware, I don't have much of a leg to stand on. On a related note, (And I apologize for hijacking the OP's thread.) How well does Ubuntu handle? I've heard it uses Debian "Sid" which is supposedly an unstable branch. So, how stable is it? (And mind you the last Windows ver. I've used is XP.) PCLOS is great and all, but I've got 2 partitions and I don't see myself going back to Windows.

Mao

Hey guys?  Rather than pimping your favorite OS's, why don't you.. you know.. try and actually help with the problem as it is stated?

Anyways, GT see if you can go to http://www.microsoft.com/security/malwareremove/default.aspx and use any of the tools there and get back to us.

Darkmoon

Most of us were... I will admit the thread got a little sidetracked by OS options, but they aren't a bad idea. I mean, if he has to reformat, he'll have to think about these things.
In Brightest Day. In Blackest Night...

Mao

Maybe, but I've noticed a rather disturbing trend in that.. if a computer has a problem and it happens to be a windows box, the answer from some of our more vocal techies is "Use Linux".  Which to me is starting to read as "Lol, m$ suxxors, use <insert_personal_favorite_distro_here>".  Not only does this *not* address the stated problem, but it's pushing their own agenda/opinion imho.

Darkmoon

True, I'll grant you that.

I coul always just make a rule: In threads where people ask for computer help, please don't state "use Linux" as the only solution (or even the primary solution). Some people aren't ready for Linux, and anyone that is "techie" enough to use it, and isn't already, plainly knows about it and has chosen not to go with it. Don't use this forum to push an agenda...

Actually, don't use this forum to push an agenda make already be a rule... I should go check.
In Brightest Day. In Blackest Night...

Drayco84

#15
Quote from: Mao Laoren on March 09, 2010, 01:54:49 PM
Maybe, but I've noticed a rather disturbing trend in that.. if a computer has a problem and it happens to be a windows box, the answer from some of our more vocal techies is "Use Linux".  Which to me is starting to read as "Lol, m$ suxxors, use <insert_personal_favorite_distro_here>".  Not only does this *not* address the stated problem, but it's pushing their own agenda/opinion imho.
Obligatory Techie Joke Response: It's a windows box, and it has a problem. Crappy OS is crappy!

Okay, joking aside, the OP has a problem, and in this case, a virus or other malware. Unfortunately, to be absolutely 100% sure the problem is gone, the only real option there is, is reformatting the system and reinstalling the OS. Yes, it's drastic and sucks, but all too often, malware is "smart" enough to find out what security you've got on the machine and circumvent or disable it. And while some just annoys the crap out of you, the stuff that plays for keeps tracks keystrokes for things like online games and bank account info. (Why online games? Virtual goods are quite often worth IRL cash, plus if they can get into your online game, your IRL accounts are next.)

Now, if it was a hardware issue with drivers or some software program, then the OS wouldn't really matter. If it was a problem with Windows updates or it's WAT...
Don't laugh, they recently "tried" to fix the command prompt which, turns out, has been a massive security hole for years. People's comps stopped booting, even refusing to allow people to get into the secret administrator account. If that's not enough, WAT is the new name for WGA, which has been known to act up and hold LEGAL purchasers of Win hostage until they pay up. Well, then your best choice WOULD be Linux.

And I only advised Linux as a last step, even directing the OP to a list so they can look up the major distros and pick their own. In case crap hits the fan again. In my distro's case, I can find everything on the NTFS partition of my HDD and copy it, despite the fact that the malware I had run afoul of installed some faux drivers that handed me a BSOD whenever I tried to boot into Windows.

Ironically, I had just installed PCLOS on my other partition (Asus netbooks have two partitions, luckily for me.) before the crap hit the fan and was about to walk away from it. (Thank YOU, Microsuck! You did me the biggest favor EVER!) Oh, what was I doing when I got hit? Well, I was browsing a certain imageboard WITH Firefox when it froze, and I was the proud papa of the computer version of a chest-burster. Meanwhile, PCLOS has shrugged off TWO similar instances since then. And I can run this baby all over the internet and back with NO firewall, NO antivirus, and NO anti-malware without a care in the world. (As long as I don't use the root account. NEVER use the root account.)

So, there you have it. The story of why I use Linux and encourage other to do so. Seriously, if you want to give it a try, burn an iso onto a blank CD, load the OS into the RAM, and give it a try. Heck, don't like Linux? Google should have Chrome OS ready later this year. (They already have ALL of your private info anyway, like your pr0n browsing habits. So, it's not like they'll learn anything NEW...)

EDIT: TO OP: Oh yeah, still waiting on the name of whatever it was that Norton stopped. And trying to switch to a diff AV now is gonna land you between a rock and a hard place. Norton is probably trying to suppress the thing as best as it can, and you HAVE to remove it before installing a diff AV. Otherwise, Norton throws a hissy fit, and you'll WISH you ONLY had an issue with .exe files being dis-associated. I've encountered it enough to know. I used to do support with an ISP that had it's own (VERY crappy) security suite. One of our "duties" was supporting the POS. Occasionally, somebody tried installing it AFTER they got the initial infection, and that... Was... Messy... Ugh... Save your important data, reformat, and reinstall EVERYTHING. Odds are good you'll have to do it if whatever else you try fails anyway. (And even if it does "succeed", I wouldn't trust it.)

Kenji

Did he ever mention what it was called, by chance?

GabrielsThoughts

according to the windows live one care safety pop up window no viruses or spyware was found. According to Norton however, this  morning at 4:35:36 Antivirus 2010 which I suspect is related to the  av.exe file that my computer was bombarded with on the 8th between 6:48 and 7:42 apparently it made 28 system changes and was considered a "low" threat. Problem is I still can't access the web browsers by double clicking and I'm fairly certain the problem still isn't resolved.
   clickity click click click. Quote in personal text is from Walter Bishop of Fringe.

Tapewolf

Antivirus 2010 is a nasty piece of work, I managed to get infected with it at work somehow.  Again, use Microsoft Security Essentials - it seems to be the best way to remove it.

J.P. Morris, Chief Engineer DMFA Radio Project * IT-HE * D-T-E


GabrielsThoughts

okay, so firefox is back to normal ! complete with icon. Internet explorer gives me a pop up that says "a problem has stopped the program from working correctly."
   clickity click click click. Quote in personal text is from Walter Bishop of Fringe.

Darkmoon

I'm still recommending blowing out at least the Windows folder. Especially with IE acting, and how deep IE/Explorer is built into Windows, you're never going to be sure the problem is fix and the computer is safe.

That said, I would also recommend you pick one AV system and use it. Most computer experts I talk with don't recommend running two different AV suites at any one time as they can actually cause conflicts with each other, trying to remove the other one's processes as potential malware, making your system less secure in the process.
In Brightest Day. In Blackest Night...

Drayco84

#21
Yes, use one AV prog with a separate firewall. The good news is that Antivirus 2010 is mostly scare-ware. It tries to trick you into thinking you have an antivirus prob when you don't, and that you'll pay for their fake security program. Because of this, it's not going to take out your system. HOWEVER! This means that you're more vulnerable to infections by other malicious software, in addition to its "sister" crapware. (Like Antispyware *whatever*.)

After reboot, did you have the system scanned AGAIN? A lot of that stuff reinstalls itself on boot after it's been removed.

EDIT: Wikipedia has an article on this stuff: http://en.wikipedia.org/wiki/MS_Antivirus_%28malware%29

Azlan

Here is a cleaning recommendation that my techs and I use for malware related issues:

First off, the PC that is infected is not the machine you should be using to do your solutions research or downloading of cleaners on.  Outside of a business environment, using a friend's computer is an option, but hopefully he doesn't have his own malware issues that are less invasive...

You will need a flash drive or external USB hard drive.  Download and install to the external drive your choice malware scanners and script based cleaners (be sure to run the definition up-daters to bring them up to date).  Download the most current virus definitions for your existing anti-virus program, or the installation file for one if you don't have one yet along with the most current virus definition file.

I tend to use MalwareBytes and Spybot S&D, and HiJackThis for registry investigations. 

I use Microsoft Security Essentials as an antivirus solution, though as a previous contractor for Symantec I have a free renewable floating license for any of their products, so I have a Norton product or two on a home box.

I used to use ClamWin, because you could build a portable antivirus scan tool with it on a flash drive... but I don't anymore.

Any other tools that might be useful should also be included.

Preparation on the infected computer:

Unplug the computer from your wired internet connection and disable the wireless radio by physical switch (if applicable).

Turn off System Restore for all drives and remove all the restore points and shadow copies.

Connect the flash drive or external hard drive and fire up the first antimalware tool and scan away (scan all drives even the USB device your tools are on).  Clean and restart machine.  Repeat process with the second tool, clean and restart.  Perform a third sweep with each program. 

Install your current virus definitions from the file or install the anti-virus program and its most recent virus definitions, run a scan on all drives.

I typically wipe out the USB drive completely, running it through a drive eraser, and re-extract my clean tools image back onto it.

Normally, we backup data... clean the heck out of it on a locked down box... then reimage the infected PC.  As it tends to be more trouble then it is worth to clean an infected file system.
"Ha ha! The fun has been doubled!"

Turnsky

i typically maintain consistent backups, be -careful- about what enters my PC (typically run antiviral/spyware once a week), have a firewall running that enables me to have control what i actually give access to the internet to.. and generally use good ol' fashioned common sense.

Prevention is better than the cure...


and my "cure" typically means a Scorched earth policy: i.e: nuking the system partition.

Dragons, it's what's for dinner... with gravy and potatoes, YUM!
Sparta? no, you should've taken that right at albuquerque..

Tapewolf

#24
Quote from: Turnsky on March 11, 2010, 12:13:47 AM
i typically maintain consistent backups, be -careful- about what enters my PC (typically run antiviral/spyware once a week), have a firewall running that enables me to have control what i actually give access to the internet to.. and generally use good ol' fashioned common sense.

So do I, but it doesn't help very much(*) when something that the AV software doesn't recognise comes in via a flash exploit launched from a compromised ad server.  Just browsing trusted websites with Firefox is enough to do that.  Of course you could just disable flash, but then you'd have to do without youtube and a lot of other things.  The only real alternative to is to use some other OS or architecture so an exploit targeted on the win32 version of flash will fail.  But that's a big hassle.

(*)Except the consistent backups.  They help a lot.

J.P. Morris, Chief Engineer DMFA Radio Project * IT-HE * D-T-E


RobbieThe1st

Tapewolf(and others), I have the solution: FlashBlock(AdBlockPlus has the same feature, it can be used instead).
It replaces all Flash content with a white box and "play" button. Click on the button, the flash file loads.

I use it because I don't like having things load unless I want them to - This way I can open up a bunch of Youtube tabs, and if I decide I want to watch one, I click the "play" button and can watch it. If I don't want to... I just don't click.

It also keeps annoying ads away - Text and image ads don't bother me, flash does(not to mention often making my old laptop crawl).

Also, I have recently found out that right-clicking on the FlashBlock box and clicking "copy link location" gives me the URL of the flash file for easy download access.

Pasteris.ttf <- Pasteris is the font used for text in DMFA.

superluser

Quote from: RobbieThe1st on March 11, 2010, 12:53:59 PMTapewolf(and others), I have the solution: FlashBlock(AdBlockPlus has the same feature, it can be used instead).
It replaces all Flash content with a white box and "play" button. Click on the button, the flash file loads.

I use it because I don't like having things load unless I want them to - This way I can open up a bunch of Youtube tabs, and if I decide I want to watch one, I click the "play" button and can watch it. If I don't want to... I just don't click.

It also keeps annoying ads away - Text and image ads don't bother me, flash does(not to mention often making my old laptop crawl).

Also, I have recently found out that right-clicking on the FlashBlock box and clicking "copy link location" gives me the URL of the flash file for easy download access.

Unfortunately, ad blocking can be devastating to the sites you love.

Thankfully, there are ways around that.


Would you like a googolplex (gzipped 57 times)?

Tapewolf

Quote from: superluser on March 11, 2010, 01:53:31 PM
Unfortunately, ad blocking can be devastating to the sites you love.

Yeah, I felt a bit low about installing Adblock, and I haven't installed it on any of the non-windows machines, but given a choice between having XP Antivirus 2010 magically install itself and them not getting ad revenue...  :<

J.P. Morris, Chief Engineer DMFA Radio Project * IT-HE * D-T-E


RobbieThe1st

#28
Quote from: superluser on March 11, 2010, 01:53:31 PM
Quote from: RobbieThe1st on March 11, 2010, 12:53:59 PMTapewolf(and others), I have the solution: FlashBlock(AdBlockPlus has the same feature, it can be used instead).
It replaces all Flash content with a white box and "play" button. Click on the button, the flash file loads.

I use it because I don't like having things load unless I want them to - This way I can open up a bunch of Youtube tabs, and if I decide I want to watch one, I click the "play" button and can watch it. If I don't want to... I just don't click.

It also keeps annoying ads away - Text and image ads don't bother me, flash does(not to mention often making my old laptop crawl).

Also, I have recently found out that right-clicking on the FlashBlock box and clicking "copy link location" gives me the URL of the flash file for easy download access.

Unfortunately, ad blocking can be devastating to the sites you love.

Thankfully, there are ways around that.
Which was why I recommended FlashBlock. Which only blocks Flash.

And yes, someone who has flash ads only may lose some money on me, but hopefully that will convince them to go with text/image ads, which I might actually click on. And, the fact that it prevents things from loading, often means reduced bandwidth usage for me and the site I'm visiting.
---
Correction: AdBlockPlus doesn't block flash anyway.  I was mistaken. What I meant to say was NoScript. NoScript can be configured to block flash in the same way as FlashBlock, as well as other things - Note that they are fairly incompatible with each other though.

Pasteris.ttf <- Pasteris is the font used for text in DMFA.

superluser

Quote from: RobbieThe1st on March 11, 2010, 03:15:17 PMWhich was why I recommended FlashBlock. Which only blocks Flash.

That's why I talked about Adblock.  I think you have to stop reading my mind when you post, by the way.


Would you like a googolplex (gzipped 57 times)?