Antivirus Software Is Destroying My Computer

Discussion in 'Virus Information' started by Rebecca Chung, Mar 4, 2010.

  1. Rebecca Chung

    Phyllis Guest

    I have had the same exact thing on my computer and I finally got rid of it
    last night after three days. I had already run MalwareBytes several times
    and rkill in safe mode with networking, but it would not find anything or
    get rid of it. Every time I would reboot in normal mode it was back. Since
    it wouldn't let me system restore, I decided to turn system restore off and
    the Antivirus Soft crap just magically disappeared and I was able to run all
    of my scans. My computer is now acting normal again. Don’t know if this will
    work for you but fixed my problem. You might want to run the MalwareBytes in
    safe mode a couple of times first.
     
    Phyllis, Mar 8, 2010
    #21
    1. Advertisements

  2. Rebecca Chung

    Leythos Guest

    Me, personally, if I wasn't able to edit the registry with confidence, I
    would wipe the system completely and reinstall from clean media.

    When I do a rebuild, as in wipe the entire computer, I just boot from
    the Windows CD and go from there. Some vendors have special restore
    CD/DVD media, but the instructions would be different for each vendor.
     
    Leythos, Mar 8, 2010
    #22
    1. Advertisements

  3. Rebecca Chung

    Phyllis Guest

    I finally got rid of it last night after three days. Since it wouldn't let
    me system
    restore, I decided to turn system restore off and the Antivirus Soft crap
    just magically
    disappeared and I was able to run all of my scans. My computer is now acting
    normal
    again. Thanks for all the suggestions.
     
    Phyllis, Mar 8, 2010
    #23
  4. The installer will rewrite the MBR if no validity marker is found.
     
    FromTheRafters, Mar 8, 2010
    #24
  5. The installer will rewrite the MBR if no validity marker is found.

    And if there is a valid MBR that loads a valid rootkit...?
     
    RossettoeCioccolato, Mar 8, 2010
    #25
  6. Rebecca Chung

    Andy Medina Guest

    Best way to get around that is to "Zero out" or wipe the drive. There are
    utilities that will do this like dban (Darik's Boot And Nuke).
    http://www.dban.org/about
    Then a new MBR will be written. There is also the Recovery Console fixmbr
    utility to rewrite the MBR. Generally if the OS is being reinstalled due to
    virus/malware/whatever issues, then a MBR rewrite should be done. I just use
    dban and be done with it.
     
    Andy Medina, Mar 8, 2010
    #26
  7. Then I presume that Leythos' "wipe" wipes out the valid marker (he wrote
    "wipe" and I know that he knows what that entails). If you just go to
    install without wiping, the MBR might not be touched. Probably any
    rootkit hiding code in the MBR would also have to have relocated some
    MBR code to another area of the disk to function properly during boot -
    so, this other area of the disk must also go untouched for the rootkit
    to work.
     
    FromTheRafters, Mar 8, 2010
    #27
  8. Rebecca Chung

    Peter Foldes Guest

    BD

    You have no idea what the conversation entailed. Leythos said the same as Andy did
    in a round about way
     
    Peter Foldes, Mar 9, 2010
    #28
  9. Rebecca Chung

    Leythos Guest

    I generally ignore BD, he's about as close to a troll as anyone can come
    without actually being one.
     
    Leythos, Mar 9, 2010
    #29
  10. That *is* Andy's approach, only stated differently. If you *wipe* the
    drive , the program data is obliterated. Then you load known good
    replacement data and everybody's happy. :eek:)
     
    FromTheRafters, Mar 9, 2010
    #30
  11. From: "FromTheRafters" <erratic @nomail.afraid.org>

    | That *is* Andy's approach, only stated differently. If you *wipe* the
    | drive , the program data is obliterated. Then you load known good
    | replacement data and everybody's happy. :eek:)

    :) ^2
     
    David H. Lipman, Mar 9, 2010
    #31
  12. Rebecca Chung

    Leythos Guest

    What's the point of "Wiping" a drive if you leave anything that could
    contain malware?
     
    Leythos, Mar 9, 2010
    #32
  13. You mean like flashable firmware? :eek:D

    I guess BD overlooked the fact that you wrote both "wipe...entire..."
    and "wipe...completely" in your post before even mentioning the Windows
    CD. :eek:)
     
    FromTheRafters, Mar 9, 2010
    #33
  14. [...flashable firmware...blah, blah, blah ]
    Controlled malware?
    :eek:)

    I thought maybe you were thinking "format" while reading "wipe" which
    are *not* equivalent.
    Yes, i does bear mentioning that a "wipe" *should* invalidate the MBR so
    that it will be rewritten when installing the OS.
    Also, that the MBR should be replaced with the *correct* MBR which might
    not necessarily be the one that the Windows CD thinks is correct. You
    wouldn't want the Windows CD to stomp on grub or lilo if your system is
    a dual boot system. You can reinstall Windows from a CD without
    affecting the MBR as long as it is still marked as valid, but after a
    "wipe" you would have to replace the now overwritten and invalidated MBR
    with whatever is proper.
     
    FromTheRafters, Mar 9, 2010
    #34
  15. Rebecca Chung

    Phyllis Guest

    As a "less" then "expert" at computing, I want to really expose my ignorance
    and ask - what exactly is MBR?
     
    Phyllis, Mar 9, 2010
    #35
  16. Rebecca Chung

    Leythos Guest

    Master Boot Record

    http://en.wikipedia.org/wiki/Master_boot_record

    http://support.microsoft.com/kb/69013
     
    Leythos, Mar 9, 2010
    #36
  17. Rebecca Chung

    Phyllis Guest

    Thanks guys!
     
    Phyllis, Mar 9, 2010
    #37
  18. Rebecca Chung

    Andy Medina Guest

    An important step in cleaning out unwanted stuff (virus/trojan/worm/etc) is
    to turn off System Restore.
     
    Andy Medina, Mar 9, 2010
    #38
  19. From: "Andy Medina" <>

    | An important step in cleaning out unwanted stuff (virus/trojan/worm/etc) is
    | to turn off System Restore.

    No, not really.

    I used to think that but, no more.

    Having the System Restore cache working (many forms of malware disable or corrupt it)
    allows one to have a fall back position when cleaning malware.

    It is better to have a infected PC that's running than a PC that BSoD's or have some other
    fatal problem.

    After the PC has been cleaned you can dump the System Restore cache and subsequently
    re-enable it.
     
    David H. Lipman, Mar 9, 2010
    #39
  20. (remembering Vecna's Hybris and its encrypted plug-ins being obtained
    from posted a.c.v. articles)

    I suspected that was what you meant, but why would "controlled malware"
    be any different than any other malware with respect to the ability to
    flash firmware. Also, it must be considered that command and control can
    also mean that there is the ability to completely change the programming
    of the bots themselves - add new functions or change it to a completely
    redesigned node.

    [...]
    You're welcome, Dave.
     
    FromTheRafters, Mar 10, 2010
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.