So you went into safe mode, ran a cleaner (ccleaner or bleachbit) and ran an anti-malware program and when you restart, your PC becomes infected again. So what happened?
Many times, the virus is in the startup group and has been copied to your program files or programdata folder. Even though the cleaners removed the virus, the virus may be dynamic and when restarted, it spawns (polymorphic) and reinfects the computer. The virus has cloned itself and is basically regenerating itself when Windows reboots.
You can get to the source of the problem and delete the virus and left over files just after you clean it in safe mode.
Run msconfig from the search box
Locate the virus – it will usually be a string of numbers and letters
Navigate to the folder it is in and delete the virus manually.
Run your anti-virus and malware again to insure it has been removed (traces)
Run a registry cleaner such as MV-Regclean
Update and use a quality anti-virus program
MSConfig (Finding the rogue software)
Navigate to the folder and delete the files. You will see a pattern of odd files.
Properties of the file
Note: Executing the file by identically clicking on it will reinfect the computer. If single click is on (Mouse), turn off the single mouse click option prior to navigating to the folder containing the virus.
Skilled professionals can capture the virus and practice removing the virus by using an old pc or a virtualized operating system in an educational environment. This should be in a controlled lab. Anytime you work with viruses (removal or educational), it must be controlled and infected computers should be backed up and removed from the network.
How do I remove the virus and what programs should I use? Link
Ivan got an email in that looked like a legitimate order. In a controlled setting with a virtual computer, Kurt, Michael and I opened the email and hovered over the link. The link takes you to Iran. In Iran, you are redirected to an ip in New York, from New York you are taken to Samoa where an .exe file waits on you to infect your machine. Ingenious.
Which anti-malware should you use when removing a virus or malware? Here’s a list if removal is tough. These programs can be used for system maintenance. You should use cleaners such as Glary or CCleaner to clean your computer first. So boot into safe mode and uncheck all startup items (NOT process) by typing msconfig in the run line. Then run these programs when removing a virus / malware.
Here’s several websites to check your computer for viruses and malware. Are you aware that nearly 70% of computers have malware or spyware? It only takes a few minutes to check your computer. AOL Computer Checkup
Very interesting article about a rootkit we’ve been seeing on people’s PCs lately. This is one scary virus! - Dawn Babian
The malware detected by Kaspersky Anti-Virus as TDSS is the most sophisticated threat today. TDSS uses a range of methods to evade signature, heuristic, and proactive detection, and uses encryption to facilitate communication between its bots and the botnet command and control center. TDSS also has a powerful rootkit component, which allows it to conceal the presence of any other types of malware in the system.
The newly published Symantec Internet Security Threat Report Trends for 2010 counted some 6,253 new bugs — the most ever in a year — that were mostly driven by malware attack toolkits. The ease of deployment that comes with these kits resulted in some 286 million new malware variants, according to Symantec…more