posted
Wanda was on the computer doing some work when she decided to take a break and check things on Facebook. She clicked on a link not realizing it was a virus until it was too late.
A moment later the screen went black. She couldn't get the computer to do anything so she tried to reboot. The computer would freeze as soon as it accessed the MBR.
Originally my fear was that either the computer or the hard-drive had failed. I took it down the the local computer repair center for them to do a diagnostic. The hardware was fine.
A computer of mine at work has Norton 360 on it and has a HD docking station. I took the HD out of the infected computer and put it in the docking staton. Norton 360 caught it immediately. I took the HD to another computer that has BitDefender on it and it confirmed the infection.
As for removing the infection, both Norton and BitDefender failed. Malwarebytes didn't acknowledge the infection nor did Panda and AVG.
After doing some research it turns out that the only solution was to reformat the HD.
Using the docking station did allow me to remove the important files, but I still had to reinstall the OS and other software.
posted
Damn it got past avast and malwarebytes now that is a shocker. Getting past the other 2 not so much. Do you even know what it was?
-------------------- You ever notice how easily accessible people are when they are requiring your services but once they get invoice you can't reach them anymore
While they say the damage rating is low, it was enough that none of the recommended removal routines would work and it locked up Windows every time I tried to boot up the computer.
posted
I ran across an irritating one that had infected a laptop that belongs to one of my workers- he brought it in to see if I could figure out what was wrong-- it was one called "antispy safeguard" and it had went in and disabled the internet connection and even the task manager-- it took awhile and some research, but finally got it off the laptop... I am firmly in favor of the death penalty for people who create these things!
-------------------- Michael Clanton Clanton Graphics/ Blackberry 19 Studio 1933 Blackberry Conway AR 72034 501-505-6794 clantongraphics@yahoo.com Posts: 1735 | From: Conway Arkansas | Registered: Oct 2001
| IP: Logged |
I repartitioned the hard-drive and then did a low-level reformat and set it up as a simple drive.
The virus is still popping up on the darn thing. I've never seen anything like it. I'm tempted to just throw it away or send it to Billy as an anonymous Christmas gift.
posted
From your data posted... And this is an educated guess. You have to do a root kit search and destroy,,, If it were a positive mbr problem than the virus it would write over the last two letters in the master table and you would get nothing..
-------------------- Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate. Posts: 5274 | From: Im a nowhere man | Registered: Jul 2001
| IP: Logged |
posted
apparently you didnt do a full format, if a virus is still on a hard drive. used to use an old dos in put command C:\ format MBR that cleans the hard drive master boot record, and then you has to c:\ sys the hard drive. then it was good to reload. i still have a 3.5 floppy on my computer so i can do this from it.
-------------------- joe pribish-A SIGN MINT 2811 longleaf Dr. pensacola, fl 32526 850-637-1519 BEWARE THE TRUTH.....YOU MAY NOT LIKE WHAT YOU FIND Posts: 11582 | From: pensacola, fl. usa | Registered: Nov 1998
| IP: Logged |
posted
doing a repair on the MBR only fixes the first 440 give or take pieces. Its the last two pieces that cannot be fixed if it is a MBR virus. It changes them to 0's
-------------------- Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate. Posts: 5274 | From: Im a nowhere man | Registered: Jul 2001
| IP: Logged |
posted
Glenn - How big is this drive? For all the time and hassle it may be simpler to just buy a new one as they are pretty cheap these days.
Send this drive to Pickett bundled with a popular software program that won't work on his mac and a copy of Dale Carnegie's: How to win friends and influence people. ;-)
-------------------- Todd Gill Outside The Lines Potterville, MI Posts: 7792 | From: Potterville, MI | Registered: Dec 2001
| IP: Logged |
posted
zero wipes will not wipe the restricted spaces..
-------------------- Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate. Posts: 5274 | From: Im a nowhere man | Registered: Jul 2001
| IP: Logged |
posted
Wow, That's too bad Glenn I hope you get it figured out. You say you got it from facebook. Man that is scary.
Couldn't you do like was suggest: Install a brand new hard drive, then connect your old hard drive just long enough to grab only the documents you need, staying far away from your possibly corrupt system files? I don't know, but would going in safe-mode be wise when doing that? Or is none of that necessarily because you were already backing up your files anyway? If not, I would recommend Carbonate in addition to local backup when moving forward.
-------------------- Joe Diaz Diaz Sign Art 628 W. Lincoln Ave. Pontiac, IL 61764 www.diazsignart.com Posts: 538 | From: Pontiac, IL | Registered: Aug 2005
| IP: Logged |
posted
I was able to pull most of the data files from it. To do so, I had to slave it onto another computer. Before doing so I installed the latest version of Norton 360 to protect the MBR of the other computer.
While transferring the files, Norton warning kept popping up as the infected HD tried to infect the master drive it was slaved to.
Later when I have time, I'm going to try "fdisk/mbr". Its an old DOS command I had forgotten about but its worth a try.
posted
All these problems bring up another question. Do the offsite backup services like the one AT&T offers provide complete protection? To have to replace all your files wouldn't be as much of a chore if you had to reformat the hard drive if the offsite backups were reliable and guaranteed virus free.
-------------------- Dave Sherby "Sandman" SherWood Sign & Graphic Design Crystal Falls, MI 49920 906-875-6201 sherwoodsign@sbcglobal.net Posts: 5396 | From: Crystal Falls, MI USA | Registered: Apr 1999
| IP: Logged |
-------------------- Joe Diaz Diaz Sign Art 628 W. Lincoln Ave. Pontiac, IL 61764 www.diazsignart.com Posts: 538 | From: Pontiac, IL | Registered: Aug 2005
| IP: Logged |
I've installed a new 2T hard drive, installed Windows7/64, all of the software and reconfigured everything exactly as I want it.
The next step is to mirror the new drive and set the mirror aside in a safe place.
Wanda and I are seriously considering Carbonite to back up the important stuff at home.
Joe, I'm not sure if Carbonite would be ideal here at work. I assume you're using Carbonite at work there. How much data are they backing up for you? I've got about 6 terabytes of client and morgue files I want to protect. I can only imagine the amount of time it would take to upload and download. At work I'm on a 2mb-up / 6mb-down cable connection.
I'm thinking about an 12 terabyte external ethernet network storage server with mirrored drives. Its less than $1500.
[ August 09, 2011, 05:03 PM: Message edited by: Glenn Taylor ]
posted
why does anyone need TB's? I cant even fill up a 500 GB hard drive. This is like have the option of installing jet engine in car and the speed limit is 70, theres not point in having a HD that large, because one day I guarantee you its gonna die. You will never fill it up
-------------------- You ever notice how easily accessible people are when they are requiring your services but once they get invoice you can't reach them anymore
posted
some guys need huge hard drives to store all those porn images..
-------------------- Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate. Posts: 5274 | From: Im a nowhere man | Registered: Jul 2001
| IP: Logged |
posted
Loyal PC weenies will never know what they are missing, while they continue to fret about viruses and hoping their anti virus software works! Hahaha!
quote:Each time this subject comes up, I am struck by how fervently the Mac community denies that Mac users might ever have to deal with anywhere near the level of malware that currently besieges the Windows world. The Mac, these apologists explain, is far more secure than Windows, and that is why we have not seen malware writers attack the platform with the same vigor and interest. As one commenter on this blog reasoned, OS X simply doesn’t allow programs to be installed without user permission. My response is, assuming for the moment that the above statement about the Mac’s superior security is true, the operating system does nothing to stop the user from being tricked or cajoled into installing malware. What’s more, social engineering attacks are one of the primary ways that Windows users get infected today, so why would it be any different for Mac users?
posted
Sounds like Facebook had something to do with it all...
-------------------- "Stewey" on chat
"...there are no limits when you aim for perfection..." Jonathan Livingston Seagull Posts: 7014 | From: Highgrove via Toowoomba, Queensland, Australia | Registered: Dec 2002
| IP: Logged |
posted
Glenn, I'm a Mac user and know nothing about this virus stuff. I just try to eat a balanced diet. But what do you think of this advice from a friend of mine, an email list manager:
"I wouldn't worry too much, Dennis. I run Linux and I believe it has many things in common with a Mac regarding the operating system. One bad thing about Windoze is most people are logged on as administrators. A hacker or malware can gain access to your machine and put bugs in there without your knowledge, much like the bug that was passed on to the list. A good practice in Windoze is to create another shell account (new user) and do all your activities from there. When you need to make changes, you can log in to the admin account. Deny your new user admin privileges. In Linux and Mac, your shell account is automatically created for you. You're never an admin (root) user unless you log in as such."
-------------------- dennis kiernan independent artist san francisco, calif, usa Posts: 907 | From: san francisco, ca usa | Registered: Feb 2010
| IP: Logged |
-------------------- Jack Wills Studio Design Works 1465 E.Hidalgo Circle Nye Beach / Newport, OR Posts: 2914 | From: Rocklin, CA. USA | Registered: Dec 1998
| IP: Logged |
posted
There are a few free cleaners you can find online that you can run in safe mode. AT&T uses these: Hitman Pro and Super AntiSpyware free edition. After you run both, clean up the quarantine and you should be back to normal...I say should. I personally have an external that I put ALL of my files on that is connected to the computer and one that is not connected. It may seem like a lot of trouble until you come up against a virus. Then, at least you can use another computer in your shop with the backup while your infected computer is repaired, giving litte down time. Carbonite...Isn't that promoted on Fox Radio?
-------------------- Keith Jenicek Artisan Signs St. Louis, MO
posted
if you guys can fill up a TB harddrive i would like to see wth your putting on it it would scare me to own that much info
-------------------- You ever notice how easily accessible people are when they are requiring your services but once they get invoice you can't reach them anymore
![[Eek!]](eek.gif)
![[Smile]](smile.gif)
![[Wink]](wink.gif)
Printer-friendly view of this topic