| View previous topic :: View next topic |
| Author |
Message |
SuperMassiveBlackHole
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 29 Apr 2006
Posts: 1947
Location: United Kingdom
|
 Posted: Fri Aug 14, 2009 8:48 am Post subject: Virus/Trojan |
 |
|
I dunno, maybe one of you have encountered a similar one and found a fix.
| Artix.Entertainment wrote: | I've got a trojan. Before I go on, I know little about viruses and trojans.
Kaspersky has detected one of them as "Heur.Trojan.Generic" and the other as "Type_Win32", since they appear to have infected such a large amount of files(important and unimportant) has anyone got any suggestions in the unlikely event of Kaspersky failing to disinfect?
I'd rather not format... |
| Artix.Entertainment wrote: | I tried to get Kaspersky to neutralize them, I was then told to reboot and now it won't let me log into my computer.
It let's me enter my password then flashes me my desktop(minus taskbar and icons) before going back to a screen saying "[USER] is logging off" and giving me a blue screen of death and rebooting, turning off seems to be a problem as well, it spends around 5 minutes saying "Shutting down" before giving me another blue screen of death and rebooting. The only way I can shutdown is by removing my laptop battery or holding down the power button |
Note: I cannot access my laptop past the log in screen, but a lot of the data seems undamaged, but like I said, I'm no expert.
|
|
| Back to top |
|
 |
Haswell
Grandmaster Cheater
![]() Reputation: 10
Joined: 24 Nov 2007
Posts: 703
|
| Posted: Fri Aug 14, 2009 9:52 am Post subject: |
|
|
| Try booting from a LiveCD and run a virus scan. Be sure to back up any stuff you might still want in case you have to reformat.
|
|
| Back to top |
|
|
Luigi
Grandmaster Cheater Supreme
 Reputation: 1
Joined: 24 Mar 2008
Posts: 1082
|
| Posted: Fri Aug 14, 2009 12:15 pm Post subject: |
|
|
| ~Freelancer~ wrote: | | Try booting from a LiveCD and run a virus scan. Be sure to back up any stuff you might still want in case you have to reformat. |
http://www.ubcd4win.com/ is a good one. I think there is a USB version too. Fits perfectly on a CD, 700mb. I keep that baby in a case, and has in fact saved my PC.
|
|
| Back to top |
|
|
Saifallofjmr
Grandmaster Cheater Supreme
![]() Reputation: 4
Joined: 02 Apr 2007
Posts: 1450
|
| Posted: Fri Aug 14, 2009 12:32 pm Post subject: |
|
|
off the top of my head i thought vundo, try googling malwarebyte's anti malware
_________________
|
|
| Back to top |
|
|
Luigi
Grandmaster Cheater Supreme
Reputation: 1
Joined: 24 Mar 2008
Posts: 1082
|
| Posted: Fri Aug 14, 2009 12:41 pm Post subject: |
|
|
| Saifallofjmr wrote: | | off the top of my head i thought vundo, try googling malwarebyte's anti malware |
He won't be able to use it, because he cannot log in.
He most likely has another PC.
Try the link I gave you, or try some other rescue CD's, like Avira's or Avast's.
|
|
| Back to top |
|
|
SuperMassiveBlackHole
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 29 Apr 2006
Posts: 1947
Location: United Kingdom
|
| Posted: Sun Aug 16, 2009 10:38 am Post subject: |
|
|
| Well I got in, a file was deleted: userinit.exe if anyone else has a similar problems. I used Windows recovery console to copy the file back into the original directory and it let me log in. But, by that time the virus seemed to be everywhere and it kept freezing so I just formatted. :/
|
|
| Back to top |
|
|
Luigi
Grandmaster Cheater Supreme
Reputation: 1
Joined: 24 Mar 2008
Posts: 1082
|
| Posted: Sun Aug 16, 2009 2:33 pm Post subject: |
|
|
| Artix.Entertainment wrote: | | Well I got in, a file was deleted: userinit.exe if anyone else has a similar problems. I used Windows recovery console to copy the file back into the original directory and it let me log in. But, by that time the virus seemed to be everywhere and it kept freezing so I just formatted. :/ |
Always does the trick :3
For the future, keep the UBCD4WIN or http://www.free-av.com/en/products/12/avira_antivir_rescue_system.html handy.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25840
Location: The netherlands
|
| Posted: Sun Aug 16, 2009 5:23 pm Post subject: |
|
|
Just one theoretically hypothesis just for fun:
Let's say your AV signature file got messed up or the av itself got slightly corrupted. (or you just configured it too strict, e.g strong heuristics)
That would cause the following effects:
Detecting valid files as infected
Major problem here is that a "Heur.Trojan.Generic" can not be cleaned since it's a heuristics detection and not a real detection. Meaning the AV has no way of cleaning up the program. This leaves it with only one choice: Delete
So, let's assume it falsely detected the virus in userinit.exe
The only course of action it could do is delete the file... (asking for confirmation or not. Most likely clicking yes as that's the default reaction to seeing a "OMG USERINIT.EXE IS A VIRUS!! DELETE IT OR YOU ARE DOOMED! Do you want to delete it ?")
So, I have to ask, did you try installing a clean version of the antivirus before formatting ?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Luigi
Grandmaster Cheater Supreme
Reputation: 1
Joined: 24 Mar 2008
Posts: 1082
|
| Posted: Sun Aug 16, 2009 10:48 pm Post subject: |
|
|
| Dark Byte wrote: | Just one theoretically hypothesis just for fun:
Let's say your AV signature file got messed up or the av itself got slightly corrupted. (or you just configured it too strict, e.g strong heuristics)
That would cause the following effects:
Detecting valid files as infected
Major problem here is that a "Heur.Trojan.Generic" can not be cleaned since it's a heuristics detection and not a real detection. Meaning the AV has no way of cleaning up the program. This leaves it with only one choice: Delete
So, let's assume it falsely detected the virus in userinit.exe
The only course of action it could do is delete the file... (asking for confirmation or not. Most likely clicking yes as that's the default reaction to seeing a "OMG USERINIT.EXE IS A VIRUS!! DELETE IT OR YOU ARE DOOMED! Do you want to delete it ?")
So, I have to ask, did you try installing a clean version of the antivirus before formatting ? |
Your theory probably states the exact problem that happened today. I set the heuristics on high and it picked up explorer.exe as a virus 
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
