Viruses everywhere!

[unnamedplayer]

Hi all,

I need some help cleaning up a friend's computer. I was originally there to help them with some CD recordings, but then this came up.

Basically they are running Avast antivirus and it has started picking up a whole bunch of infected files. I tried quarantining or deleting those infected, but some of the files that it is reporting look pretty serious (the one example that springs to mind is mmc.exe). I ran a thorough scan and it picked some up, but after that it reported finding a virus that was at the operating system level and suggested a boot time scan. I did the boot time scan and everything seemed to come up clean.

When I got back into Windows though, it found more infections. And the thing is when I try to read the name of the infection I can't make it out because the characters are not displaying right for some reason. Two of the names for example were something like f(then a little square looking character)bop and m(square looking character)bop. Another one was called µ.

I'm not really sure as to where to go from here. I ran a thorough scan a couple of more times and things seemed to come up clean, but after I restarted I got more infected files. I'm afraid a total format might be in store.

What do you guys think?

 

[deathwalker]

Make sure you try to run the Virus scan in Safe-mode...also..disable system restore prior running scan then re-enable after scan is done.

 

[mechBgon]

Here's what I'd do (other than strongly considering the reformat):

1) download F-Secure's BlackLight Beta, which is a rootkit detector.

2) download a free 30-day trial of Kaspersky Antivirus Personal 5: mech's link showing how to configure it for maximum detection. Kaspersky is way better than Avast.

3) also get set up to run this manual scanner: instructions



Now uninstall Avast (you don't want two antivirus packages installed), install Kaspersky, and follow the configuration instructions I gave in my link above. Don't get flustered and run a scan yet. First run F-Secure's BlackLight and use the Rename option on any rootkits it finds.

After using BlackLight Beta, now reboot the system into Safe Mode With Command Prompt and try the manual scanner I have in Step 3 above. Once it's done, its scanning window goes away.

After that scan is done, while you're still in Safe Mode With Command Prompt, use CTRL ALT DELETE to bring up Task Manager, and use the New Task button to start explorer.exe. The taskbar and Start button appear. Now use the Start > Programs menu to start up Kaspersky Antivirus and run an exhaustive scan with it as well.

Now reboot into normal Windows and see how it goes. If the computer has no firewall, or is not up-to-date on its patching, then take care of those issues too.

 

[unnamedplayer]

Thanks for the replies. That sounds like solid advice mech. I will give those tools a try. Thanks!