Advice for getting rid of a virus

Merkuri · 19th September 2008, 01:47 PM

So, my boyfriend, Awayfarer, got a virus earlier this week. McAffee detects it as FakeAlert-AB, and the McAffee website claims that its latest software and dat files will remove the virus, yet he's run the scan fifteen times now and the virus is always still there when he reboots.

He's smart enough to have not clicked on any of the alerts that it popped up and kills the virus's process as soon as it appears, but it's still annoying because there are other affects on the machine, like the inability to search the internet for said virus name.

I could not find any information online on how to remove the virus manually. Awayfarer went in and manually found the executable that launched the alert and deleted it, so it no longer gives him the fake warning when he reboots, but the other effects are still there.

The worst part is that we didn't realize until this happened that Away's computer doesn't have the latest McAffee software, which may be why it's not removing the virus. I tried downloading the software from our ISP for his machine, but I believe the darn virus is preventing McAffee from downloading things, so it won't update on his machine.

Is there anything you guys can think of that we can do, short of removing his hard drive, sticking it in my machine as a secondary drive, and running the virus scan from there?

XCorvis · 19th September 2008, 05:16 PM

Quote:

Originally Posted by Merkuri

Is there anything you guys can think of that we can do, short of removing his hard drive, sticking it in my machine as a secondary drive, and running the virus scan from there?

Frankly, if this is an option for you, you should do it. Booting up from a different device is really the only way to be sure you've actually gotten the virus out.

You might be able to boot his computer into safe mode, copy the latest virus updates on it with a CD or USB drive, update McAffee and run a scan, but if the virus is particularly invasive that still might not work.

Just FYI, if your McAffee subscription has expired and that's why it's out of date, ditch it and get a free virus scanner like AVG or Avast. Otherwise, make sure it's set to update at least daily.

Merkuri · 19th September 2008, 06:58 PM

We get McAffee free from our ISP. It's not my favorite virus scanner, but we use it since it's free for us and it's recommended by the ISP. I believe he has the latest virus definitions, just not the latest software, and apparently the only way they have of updating the software is with a little downloader application that pulls it from their servers, and the virus is smart enough to block that.

This virus is a clever little <blank>. It's designed to get you to pay for fake antivirus software, and one of the ways it makes you think you have a virus is that it installs a screensaver that makes it look like your computer is perpetually blue-screening and rebooting. I laughed when I saw that.

We have a virus that's designed to makes us think we have a virus.

Rackhir · 19th September 2008, 10:34 PM

I think you might have windows xp 2008 antivirus, which is what's called Malware rather than a virus (not really sure what the technical difference is but I think it's that one's an application of sorts and the other is more minimal, kind of like the difference between bacteria and viruses). Anti-virus packages aren't necessarily effective against malware IME.

Here's a recent thread talking about how to get rid of it.
Windows XP 2008 antivirus spyware

I found Malwarebytes particularly useful in getting rid of it on a machine that belongs to my boss's son. It's going to take a couple of reboot and purge cycles to get rid of it. Also using multiple anti-malware packages helps, since different packages will detect and purge different parts/malware.

ssampier · 20th September 2008, 06:58 PM

Some viruses can be a real bit... not nice person... to remove.

I would try an online virus scan in Safe mode with networking.

You can try to stick the hard drive in another system, but you risk the virus infecting your system.

Finally if you know the file name, you could try a Linux boot cd. Boot the PC with the Linux boot cd and try to remove the file from there.

XCorvis · 20th September 2008, 08:30 PM

Quote:

Originally Posted by ssampier

You can try to stick the hard drive in another system, but you risk the virus infecting your system.

Not really, if you take reasonable precautions. Just make sure the virus scanner on the system you boot from is up to date, and don't open files from the infected hard drive until it's clean.

ssampier · 21st September 2008, 08:44 PM

Quote:

Originally Posted by XCorvis

Not really, if you take reasonable precautions. Just make sure the virus scanner on the system you boot from is up to date, and don't open files from the infected hard drive until it's clean.

Maybe. In the real world how close would you get to someone with hepatitis? You are probably really safe, but as my mom always said, "it's better to be safe than sorry."

Besides av-comparatives tests antivirus software and they found most anti-virus do a poor job of proactive virus detection (most are in the 20-30% range versus 90-99%'s for reactive scans).

mrtauntaun · 22nd September 2008, 06:12 PM

That virus can be VERY nasty. I got a version that was a rootkit, and kept changing my DNS settings. So every time I got rid of it, the DNS would sometimes get it back. While I was finally able to eradicate it, when something gets that invasive, it's best to do a full reinstall. That's what I did, and I don't regret it.

Putting into another machine to test is risky. I managed to get this virus through a two firewalls, AVG and two regularly scheduled spyware scans. Until this virus humbled me, I was fairly confident in my setup, and had been virus free for years.

Merkuri · 22nd September 2008, 06:41 PM

Well, I already put it in my machine last night, scanned it with my McAffee, found and quarantined a bunch of stuff, put it back in the original machine, and we seem to have made progress. Now the McAffee downloader is able to contact the internet (it wasn't before), so before we went to bed last night we installed the latest version of McAffee and let the machine scan overnight one more time. I didn't get a chance to check on it before I went to work in the morning.

The McAffee website is confident it can remove the virus with the latest software and virus definitions, so I'm hoping this'll do it. The only sign of the little bugger that I found last night was that I'm still unable to set his screensaver (the tab is gone from the display properties page), but I'm sure if I find the right registry entires I can put that back to normal.

Traveon Wyvernspur · 25th September 2008, 11:26 PM

Here's what you do: You boot up into "Safe Mode w/ Networking", then go to bitdefender.com and do their free scan. The reason I tell you to do this is because their defiitions can't be overwritten like your McAfee definitions can be. Then you go and download "Spybot Search & Destroy", load that puppy up and download the updates, then do a full scan with that and immunize your computer. I'd recommend you also go get the free version of "Ad-Aware" and do a scan with that as well after you have done it with Spybot.

I got a nasty virus a few weeks ago and had a crash course in how to get rid of something that nasty, most of the nasty stuff nowadays is in the form of malware spyware and you will want to let teatimer on the Spybot keep running in the background after you download it and scan. This will help prevent future spyware from getting on your computer.

Hope this helps,
Trav