Author Topic: Malware attack on laptop  (Read 6459 times)

FireYourJob

  • Stubble
  • **
  • Posts: 110
    • Get Rich or Die Trying!
Malware attack on laptop
« on: December 03, 2014, 07:46:21 PM »
Having a heck of a time. I purchased spy hunter and ran scan but problem still exists.

Don't really want to take it to someone. Any suggestions?  It soon gonna be more cost effective for me to pay someone $200 to fix it.

Daley

  • Magnum Stache
  • ******
  • Posts: 4825
  • Location: Cow country. Moo.
  • Still kickin', I guess.
Re: Malware attack on laptop
« Reply #1 on: December 03, 2014, 10:09:51 PM »
First of all, SpyHunter is garbage, and used to be classified as malware itself. It's difficult to remove (or at least used to be), equally difficult to cancel the subscription to, and an overall ripoff.

If you're ever going to spend money on security software again, I have two words for you, and only two words: Eset NOD32

Unfortunately, we're entering the post-antivirus era where it's only a very small part of an ever growing and absurdest arsenal. Even the best products (Eset and Kaspersky) can't effectively keep up anymore, which means it's that much more important to practice security best practices and common sense when operating your computer online. Also, use an adblocker at the least with your browser. This also means that spending money on AV and security software is throwing good money after bad, and MSSE or Avira (both free) is sufficient if you don't do things that can compromise your system. It needs to be understood that the best AV software in the world can't protect a careless user. Realtime AV software is more of a canary in the coal mine anymore. We're all human, we all make mistakes and can't be vigilant 100% of the time, but we can reduce the possibility of compromise through practice and common sense. If you're going to run Windows, your best bet is to be careful, backup your data, keep everything patched and current, and learn how to restore your OS to factory default if you get compromised again.

Which brings us to the advice on what to do from here: learn from the experience.

You might be able to roll back your system to a date prior to the infection using System Restore, but I've run into situations where there's been great to limited success doing so. It's the first place I'd start, though.

Now, I come from a *nix background, full neckbeard, security rigorous, and there's a saying amongst my kind: once a box is compromised, it can't be trusted. Lots of Windows folks (techs included) are more than happy to try and clean up infections and malware. Can it be cleaned up? Yes. Should it be cleaned up? Definitely. If you want to go that route and a simple system restore doesn't get you, spend the time and/or money to do so (there's a lot of good and legitimate tools out there, and several times that number of garbage scammy malware posing as such)... but understand that there can be an art to it depending on what you're dealing with, and you should start by removing Spyhunter. Here's a guide to get you started, though it is getting a little dated. That said, sometimes (especially with Vista forward) if you've got your data backed up, it's just easier to restore to factory, restore your data, and reinstall your apps. It just depends on how technically savvy you are and how much you value your time and money.

All things considered, however, this should give you a few options and paths to start with and try on your own before dropping any more money, and it's just as important to understand what needs to change post-cleanup to keep this from happening again as it is to know how to fix it. I hope that this and the resources linked helps give you that greater understanding moving forward. Good luck!

Sid Hoffman

  • Pencil Stache
  • ****
  • Posts: 928
  • Location: Southwest USA
Re: Malware attack on laptop
« Reply #2 on: December 03, 2014, 10:37:26 PM »
Wow, nicely put.  PC user since DOS 2.1 myself and Windows since 3.1.  I also have a lot of experience with *nix through work since 1997.  As much as I always wish I could stop using Windows, it's just so darn cheap and so much software is written for Windows that it's hard to switch.  I'm running Windows 8.1, and have been for a while now even though I personally don't like it much.  However, since it's the newest operating system, it's the one getting all the updates and the most security hardening.  So many hacks now are at such a low level compared to the old days that having the OS itself being up to date and secure is a pretty big deal, right behind the obvious security risk of the user itself.  :)

One thing that I've done for family members which has helped somewhat is setting up a separate Administrator account and user accounts.  They log in using the regular user accounts and then they know that if they get anything that prompts them for the Administrator password, that is a red flag and they back out of it.  I went from rebuilding my aunt & uncle's laptop every 3 months to not having done it a single time in the last year.  It's too easy to screw things up when their primary account ran with Administrator privileges and they simply had to click the "OK" button to continue with something that was doing a software install.

Daley

  • Magnum Stache
  • ******
  • Posts: 4825
  • Location: Cow country. Moo.
  • Still kickin', I guess.
Re: Malware attack on laptop
« Reply #3 on: December 04, 2014, 07:05:06 AM »
One thing that I've done for family members which has helped somewhat is setting up a separate Administrator account and user accounts.  They log in using the regular user accounts and then they know that if they get anything that prompts them for the Administrator password, that is a red flag and they back out of it.  I went from rebuilding my aunt & uncle's laptop every 3 months to not having done it a single time in the last year.  It's too easy to screw things up when their primary account ran with Administrator privileges and they simply had to click the "OK" button to continue with something that was doing a software install.

I'm glad you mentioned this. For the sake of not being too redundant and even more long winded, I left it out of my initial response, but it is #3 on the security best practices link I provided... and it's an important one.

NEVER RUN UNDER THE ADMIN/ROOT ACCOUNT should be a phrase tattooed into the minds and etched onto the monitors and keyboards of every computer user on the planet. Not running as an admin by default under Windows and doing exactly as you say about security escalation requests will stop about 90% of the threats out there from getting far enough to do any damage, as they rely heavily on social engineering under an admin account to get installed in the first place.

skunkfunk

  • Handlebar Stache
  • *****
  • Posts: 1053
  • Age: 37
  • Location: Oklahoma City
Re: Malware attack on laptop
« Reply #4 on: December 04, 2014, 07:47:59 AM »
What do you use your computer for? Most users would be perfectly fine with, say, Ubuntu or Mint or something, which is both free and is not targeted by malware/viruses. It's also pretty secure unless  you don't update or give out root access. Mother and wife have been using it for a few years now - I offered to install it on their Windows laptops and I don't think they've booted Windows since. It isn't perfect, but it's a helluva lot faster and safer than Windows at this point (half the reason being that you aren't required to run active antivirus.) I don't think I've ever heard of a "normal" user being targeted.

Personally, I'm a bit more savvy than them and have managed to get all sorts of Windows software to run under WINE, too. The only thing I haven't bothered to figure out is AutoCAD and that because I have it on my work machines anyway.

If you don't like that idea, then I suggest you reformat your hard drive and wipe everything. As the others have said if you do that keep frequent backups and don't ever use the admin account for normal use.

hybrid

  • Handlebar Stache
  • *****
  • Posts: 1688
  • Age: 57
  • Location: Richmond, Virginia
  • A hybrid of MMM and thoughtful consumer.
Re: Malware attack on laptop
« Reply #5 on: December 04, 2014, 08:11:50 AM »
I agree with absolutely everything IPDaley says above, and as a longtime sys admin overseeing 90 workstations without administrative privileges, located behind a security device that sniffs out bad websites, and running corporate anti-virus locally I can testify to the fact that even that does not stop malware / adware / ransomware / screwyouware (the last one is my invention). I am swapping out a compromised workstation on average of once a month these days.

My humble suggestion is to save your data, format the hard drive, and reload the OS.

After that, watch where you surf.

FireYourJob

  • Stubble
  • **
  • Posts: 110
    • Get Rich or Die Trying!
Re: Malware attack on laptop
« Reply #6 on: December 04, 2014, 07:17:46 PM »
I think I'm almost there. 

I have removed the findwide.com virus that was hijacking my internet explorer.

Now I need to remove one called trojan.poweliks

Anyone heard of that one?  Doing some bing'ing now.

skunkfunk

  • Handlebar Stache
  • *****
  • Posts: 1053
  • Age: 37
  • Location: Oklahoma City
Re: Malware attack on laptop
« Reply #7 on: December 04, 2014, 08:56:44 PM »
I think I'm almost there. 

I have removed the findwide.com virus that was hijacking my internet explorer.

Now I need to remove one called trojan.poweliks

Anyone heard of that one?  Doing some bing'ing now.

I like how you ignored all the advice and are trying to fix the system. Won't say I haven't done that before, but it is definitely the hard way of doing it, and less secure.

FireYourJob

  • Stubble
  • **
  • Posts: 110
    • Get Rich or Die Trying!
Re: Malware attack on laptop
« Reply #8 on: December 04, 2014, 09:00:26 PM »
I think I'm almost there. 

I have removed the findwide.com virus that was hijacking my internet explorer.

Now I need to remove one called trojan.poweliks

Anyone heard of that one?  Doing some bing'ing now.

I like how you ignored all the advice and are trying to fix the system. Won't say I haven't done that before, but it is definitely the hard way of doing it, and less secure.

Right now I have so many bogus processes running I have no easy way to copy my data as computer is very unresponsive.

southern granny

  • Pencil Stache
  • ****
  • Posts: 531
Re: Malware attack on laptop
« Reply #9 on: December 04, 2014, 09:01:25 PM »
We had malware on our computer and Norton's wasn't touching it.  It became completely unusable.   I downloaded the free Malwarebytes and it cleaned it the first time.  I was so happy that I immediately purchased the complete program.  We haven't had anymore trouble since we installed it.  It seems to catch everything that gets through the anti-virus program.

skunkfunk

  • Handlebar Stache
  • *****
  • Posts: 1053
  • Age: 37
  • Location: Oklahoma City
Re: Malware attack on laptop
« Reply #10 on: December 04, 2014, 09:22:09 PM »
I think I'm almost there. 

I have removed the findwide.com virus that was hijacking my internet explorer.

Now I need to remove one called trojan.poweliks

Anyone heard of that one?  Doing some bing'ing now.

I like how you ignored all the advice and are trying to fix the system. Won't say I haven't done that before, but it is definitely the hard way of doing it, and less secure.

Right now I have so many bogus processes running I have no easy way to copy my data as computer is very unresponsive.

You need a bootable CD or USB. Throw lubuntu on a USB or have a friend make some kind of bootable disk. You can get it copied unless you have some weird encryption. I don't know what the heck you are gonna fix it with if it is so unresponsive you can't copy, anyway, so your best bet is to mount the drive with a bootable disk.

Sid Hoffman

  • Pencil Stache
  • ****
  • Posts: 928
  • Location: Southwest USA
Re: Malware attack on laptop
« Reply #11 on: December 04, 2014, 10:51:25 PM »
Right now I have so many bogus processes running I have no easy way to copy my data as computer is very unresponsive.

Depending on which version of Windows you're running, usually hitting F8 repeatedly during the bootup process can get you a menu to skip the normal boot and do safe mode instead.  Often times it's a lot easier to do stuff in safe mode if the computer is pretty dorked up already.

guitar_stitch

  • Bristles
  • ***
  • Posts: 280
  • Age: 39
  • Location: Jacksonville, Florida
Re: Malware attack on laptop
« Reply #12 on: December 05, 2014, 07:15:43 AM »
Malware Bytes
Super Anti-Spyware

Advanced:
HiJack This


hybrid

  • Handlebar Stache
  • *****
  • Posts: 1688
  • Age: 57
  • Location: Richmond, Virginia
  • A hybrid of MMM and thoughtful consumer.
Re: Malware attack on laptop
« Reply #13 on: December 05, 2014, 08:36:45 AM »
Right now I have so many bogus processes running I have no easy way to copy my data as computer is very unresponsive.

Depending on which version of Windows you're running, usually hitting F8 repeatedly during the bootup process can get you a menu to skip the normal boot and do safe mode instead.  Often times it's a lot easier to do stuff in safe mode if the computer is pretty dorked up already.

This. Boot into safe mode, copy out your data to a flash drive or USB hard drive, and then format and reload the OS. That's the quickest path.

FarmerPete

  • Bristles
  • ***
  • Posts: 346
Re: Malware attack on laptop
« Reply #14 on: December 05, 2014, 01:44:33 PM »
I worked as a Technician at a company with 2500-3000 workstations.  I was the Antivirus Administrator.  We paid well over $25,000 a year to Symantec to "protect" our computers.  The end result was just as stated above.  AV's only job is to bark when the computer is infected so a technician can be alerted and dispatched to reimage the computer.  I don't care how good you are at "cleaning" an infected machine.  The only way to 100% prove that a computer is clean is to wipe it and reload it.  If I had a nickel for every time one of our technicians thought they had cleaned a computer, only to have it reappear after a few reboots...I'd have FIRE'd by now.  Yes, Malwarebytes and HiJackThis CAN clean a computer good enough in the right hands for most consumers.  The problem is that getting a clean scan with MalwareBytes only proves that whatever is on your system isn't being detected by MalwareBytes.  Maybe that's because your system IS clean, or maybe it's because the program is outsmarting MalwareBytes.

If you have things on your computer that you must recover, first SHAME ON YOU.  You should always treat your computer like any data on it could be lost at any time.  Hard disks fail A LOT.  Viruses happen.  Backups are a requirement.  Pay the $4 a month and get a service like CrashPlan, or manually backup to DVDs or an external hard drive.  Second, find someone who can recover your data.  Ask friends/family for recommendations.  Avoid places like the Geek Squad, as they over promise, under perform, and over charge.  There are tons of local people near me that will backup your data, restore your OS, and put your files back on for $100 flat fee.  Don't pay GS $2-250 to do this same service.  Third, BACKUP YOUR COMPUTER.  An external drive can be found for $50-100.  Get one with full disk backup software.  This will allow you to restore your computer to a point in time before the virus.  I do this with my wife all the time.  Instead of getting pissed that she got a virus, I just inform her that everything on her laptop since the last backup will be lost, and we revert the entire laptop to that point in time.  It's never a big deal to her.

I used to use Microsoft Security Essentials.  I recently switched to using McAfee.  It's SOO much better than when I last used it back in the mid 00's.  It seems efficient, and I love that it will auto-update applications for me.  No longer do I have to regularly have to log in to my wife's laptop and make sure a half dozen apps are updated.  It does it all in the background on a set schedule.  A lot of apps are better than they used to be about updating themselves (Adobe specifically), but Java & VLC still just nag you about updating.  They wont do it for you automatically.  And Java tries to install garbage toolbars if you don't deselect it.  My main reason for using McAfee was because I got a 5 computer license pack and a cheap-o 7" tablet from Tigerdirect.com for a combined $10 after rebate.

Pigeon

  • Handlebar Stache
  • *****
  • Posts: 1298
Re: Malware attack on laptop
« Reply #15 on: December 05, 2014, 03:15:39 PM »
I'm also dealing with this. If I back up the data to an external drive how do I know the virus won't get on the external drive?

Spork

  • Walrus Stache
  • *******
  • Posts: 5742
    • Spork In The Eye
Re: Malware attack on laptop
« Reply #16 on: December 05, 2014, 03:30:29 PM »
I worked as a Technician at a company with 2500-3000 workstations.  I was the Antivirus Administrator.  We paid well over $25,000 a year to Symantec to "protect" our computers.  The end result was just as stated above. 

I can second (or sixth?  seventh?).  In my GPEN course we took a copy of malware, fuzzed it and pitched it against every antivirus everyone in the room was running.  None of them caught it.

Privilege separation (not running with administrative privs) is key.  We learned that way back in the 70s, but we keep forgetting.

FireYourJob

  • Stubble
  • **
  • Posts: 110
    • Get Rich or Die Trying!
Re: Malware attack on laptop
« Reply #17 on: December 07, 2014, 05:33:48 PM »
Have any of you heard of Farbar Recovery Scan Tool? (FRST)?

BEN_BANNED

  • 5 O'Clock Shadow
  • *
  • Posts: 67
  • Location: Pittsburgh
  • BREADFAN
Re: Malware attack on laptop
« Reply #18 on: December 07, 2014, 06:04:01 PM »
Combofix or Malwarebytes is all you need.

They're both free.

 

Wow, a phone plan for fifteen bucks!