Hey there,
a relative of mine just called because his work computer got infected. I already have a portable NOD32, Autoruns, APT and ComboFix in my flash drive, for situations like this. Are there any other useful programs you'd recommend?
Hey there,
a relative of mine just called because his work computer got infected. I already have a portable NOD32, Autoruns, APT and ComboFix in my flash drive, for situations like this. Are there any other useful programs you'd recommend?
"I just remembered something that happened a long time ago."
I always use MalwareBytes
A registry cleaner will help after disinfection.
Also, CCleaner portable helps
(CCleaner has a nifty registry cleaner inbuilt)
Last edited by leechmodder; 16.11.11 at 23:22.
I'm assuming your flash stick is protected against basic autorun virus.
All your executables on that drive should NOT have their default download names. Use random names for them.
Before doing any scanning with malwarebytes , combofix etc. you should disable all virtual cd/dvd drivers on your system (ie. disable emulation). You can do this by running DeFogger.
For diagnostic purposes, you should take a look at OTL OldTimer's List-It. It is used mostly for logging all services, programs, recent files created/installed etc. but it can also be used to clean infected files. You'll need to learn how to use it though.
For diagnostics you could also use DDS and hijackThis. Excelent way to be 100% all infections have been cleaned.
Yes, I created hidden folders which have the usual filenames (autorun.inf, copy.exe, etc.) to prevent them from copying. I'll also make a backup of the drive's contents in case something disastrous happens.Originally Posted by Master Razor
I didn't think of that!All your executables on that drive should NOT have their default download names. Use random names for them.
Thanks a lot! To you and the others for your suggestions.Before doing any scanning with malwarebytes , combofix etc. you should disable all virtual cd/dvd drivers on your system (ie. disable emulation). You can do this by running DeFogger.
For diagnostic purposes, you should take a look at OTL OldTimer's List-It. It is used mostly for logging all services, programs, recent files created/installed etc. but it can also be used to clean infected files. You'll need to learn how to use it though.
For diagnostics you could also use DDS and hijackThis. Excelent way to be 100% all infections have been cleaned.
I'm also adding the Pocket Killbox to my list. It can come very handy to remove nasty files.
"I just remembered something that happened a long time ago."
DONE! This will create an undeleteable autorun.inf folder in the root of your stick. I changed the ACL to deny every user (included built-in admin and system) the ability to: write, change, add, edit any file inside the autorun.inf. It will appear as the control panel.
You need to change the drive letter in call :mkautorun F:\autorun.inf
I did this script a long time ago (when I had the batch skill of a 3 year old) but I've corrected it now. Hope it works right (it should). Keep in mind: once the autorun.inf is created you cannot delete it from windows. You'll have to boot a live os or something to delete it.
Code:@echo off setlocal enabledelayedexpansion call :mkautorun F:\autorun.inf goto :end :mkautorun REM ===================================================================== REM Purpose: Creates an autorun.inf folder. REM Usage: REM CALL :mkautorun %1 REM %1 - drive letter and path to inf REM ===================================================================== md %1 cd /d %1 md .\con\ md .\Nul.protected\ echo.[.ShellClassInfo]>%1\Desktop.ini echo.CLSID={21ec2020-3aea-1069-A2dd-08002b30309d}>>%1\Desktop.ini attrib.exe +s +h +r %1 icacls.exe /t /deny everyone:(D,DC,WEA,WDAC,WA,AD,WD)>nul 2>&1 goto :eof :end endlocal exit
Last edited by Master Razor; 17.11.11 at 19:43.
A decent antivirus is just enough IMO !
Well, the problem was/is random cold reboots, but it turns out the computer wasn't infected. It wasn't high temperature either, as the processor and motherboard stood at around 30°C. There's just so much stuff that can be blamed for this - bad drivers, faulty RAM, maybe a screwed up disk...
"I just remembered something that happened a long time ago."
Dead GPU, Power supply, faulty connections....could be a number of things. It's a matter of process of elimination now.
I always hate when it comes to hardware fault. You always end up having to spend money :(
Try to unplug all the cables from the front panel of the case. And start the pc using a screwdriver to connect the two power pins.
Ditto. I had a bad story with a power supply last year...
Will try that next time I go. Disabling automatic reboots in case it's a driver problem may also help.
"I just remembered something that happened a long time ago."
I doubt the problem is coming from the os. The problem is somewhere on the hardware part.
If it was a faulty ram the bios should beep x times or not boot at all. If it were a dead GPU then the the display wouldn't start. Power supply? Maybe
I had a two computers that had the same symptoms and everytime it was either the button on the case or the cable itself. Somewhere along the cable there's a breach and it is shortcutting randomly. Pc starts/stops unexpectedly and reboots unexpectedly.
If the GPU failed, the PC could start on VGA(depending on the failure,very possible) and when you install the drivers, it could restart your PC.
Anon, as Master Razor said, software fault is not likely but just to rule it out, I'd take a backup, format my system and start from scratch. Best of Luck with it.
Last edited by leechmodder; 19.11.11 at 22:39.
the best tools ive found are malwarebytes and superantispyware. spybot still is good at times as well.
Posting Permissions
Reply With Quote
Bookmarks