Post Friends My journal
lokisday in computerhelp

general Trojan help needed!!

May 24, 2011 16:51

I'm at work and my girlfriend just emailed me from her iPod, saying her laptop had broken. Apparently she got some popup and then her computer crashed saying "harddrive failure" and she briefly got back into it to pull some stuff onto her memory stick but then it crashed again and now she couldn't get into it at all for a moment and then she got ( Read more... )

hardware, software, viral support

Leave a comment

Comments 4

tanamiya May 25 2011, 06:32:55 UTC
Sounds like she was hit with Windows Recovery, which is a virus that deletes all items from the Start Menu, and sets all user profile stuff to Hidden, so that it's still there, but inaccessible ( ... )

Reply

mudo May 26 2011, 12:44:46 UTC
I'm with you up until the "wipe & reload" bit. I agree with the principle -- once a machine is compromised, the only way you can ever really trust it is to wipe and reload -- but I don't think that's actually needed if you're willing to spend about the same amount of time but instead, run:
1. TDSSKiller
2. ComboFix
3. Malwarebytes AntiMalware
4. Spyware Search & Destroy
5. Microsoft Security Essentials
6. ... and then run Windows Update until there are no more important updates.

Reply

tanamiya May 26 2011, 18:51:01 UTC
The only issue with not wiping and reloading in the 'Windows Recovery' case is that this particular virus deletes all the icons in the Start Menu, rather than hides them. The user will either need to go through and manually recreate every single one of those icons, or they'll need to reinstall all their programs (and even then, they'll need to remake their Windows icons.) System Restore also restores all the Start Menu icons. If the user is okay with not having their Start Menu to work with, they'll be fine without a system reload, but otherwise, that's the way to go at that point.

Reply

mudo May 26 2011, 19:20:50 UTC
You know, you are very right. I ran up against this one once, and that was why I started to respond in the first place. I will admit that we sort of gave up on restoring _every_ icon, and instead restored what we could. Then I came in and saw your nuke comment and totally forgot about this problem being this particular virus.

So, kudos to you for keeping it on-target!

Reply

Leave a comment

Up
Homepage Read journal... Full version Help Русская версия
© 1999-2025 LiveJournal, Inc.