If you have been exposed to Malware/Viruses you may notice that when you go to view files, they are hidden. How do you unhide these files?
Go to a command prompt as an administrator and type the following -
cd\ (Hit Enter)
attrib -s -h -r c:/*.* /s /d (Hit Enter)
This process will take several minutes to run.
So you went into safe mode, ran a cleaner (ccleaner or bleachbit) and ran an anti-malware program and when you restart, your PC becomes infected again. So what happened?
Many times, the virus is in the startup group and has been copied to your program files or programdata folder. Even though the cleaners removed the virus, the virus may be dynamic and when restarted, it spawns (polymorphic) and reinfects the computer. The virus has cloned itself and is basically regenerating itself when Windows reboots.
You can get to the source of the problem and delete the virus and left over files just after you clean it in safe mode.
MSConfig (Finding the rogue software)
MSConfig Close-up
Navigate to the folder and delete the files. You will see a pattern of odd files.
Properties of the file
Note: Executing the file by identically clicking on it will reinfect the computer. If single click is on (Mouse), turn off the single mouse click option prior to navigating to the folder containing the virus.
Skilled professionals can capture the virus and practice removing the virus by using an old pc or a virtualized operating system in an educational environment. This should be in a controlled lab. Anytime you work with viruses (removal or educational), it must be controlled and infected computers should be backed up and removed from the network.
How do I remove the virus and what programs should I use? Link
(Above pics by Michael M. -Bama)
Credit to Bill Mullins for posting this at his blog - original post at ThreatPost
Ivan got an email in that looked like a legitimate order. In a controlled setting with a virtual computer, Kurt, Michael and I opened the email and hovered over the link. The link takes you to Iran. In Iran, you are redirected to an ip in New York, from New York you are taken to Samoa where an .exe file waits on you to infect your machine. Ingenious.
Let’s go to New York
Let’s pick up our virus in Samoa!
Be careful and think before you click!
Damballa report shows seven new botnets among the top 10 largest; off-the-shelf construction kits dominate list. via DarkReading share- New Botnets Gaining Traction Across The Web, Study Says – Dark Reading.
Researchers say that the rootkit used in the TDL4 botnet has been partially rewritten in what appears to be an attempt by the creators to make it even harder to eradicate. via DarkReading Share -TDL4 Botnet Now Even Harder To Kill – Dark Reading.
Notes
UPDATE – See note at the end of this article.
(This first option of repair the MBR can fix the Win32/Popureb.E virus)
Option 1
Try Malwarebytes, Super AntiSpyware portable in Safe Mode First
Option 2
You must boot the PC into repair mode, hitting F8 before windows starts and select:
Repair my Computer
Select the Command Prompt
The virus may have caused damage to your Master Boot Record (MBR) and Boot Configuration Data (BCD). :
Which anti-malware should you use when removing a virus or malware? Here’s a list if removal is tough. These programs can be used for system maintenance. You should use cleaners such as Glary or CCleaner to clean your computer first. So boot into safe mode and uncheck all startup items (NOT process) by typing msconfig in the run line. Then run these programs when removing a virus / malware.
40 percent of small and medium-sized businesses have suffered a security breach due to unsafe web surfing, and nearly one-third still do not have a policy to govern the use of social networking sites,
Thanks Rick for this great tip!
Rick at What’s On My PC explains how to use your browser to check a website for maleware….read more.
Here’s several websites to check your computer for viruses and malware. Are you aware that nearly 70% of computers have malware or spyware? It only takes a few minutes to check your computer.
AOL Computer Checkup
Very interesting article about a rootkit we’ve been seeing on people’s PCs lately. This is one scary virus! - Dawn Babian
The malware detected by Kaspersky Anti-Virus as TDSS is the most sophisticated threat today. TDSS uses a range of methods to evade signature, heuristic, and proactive detection, and uses encryption to facilitate communication between its bots and the botnet command and control center. TDSS also has a powerful rootkit component, which allows it to conceal the presence of any other types of malware in the system.
Read About the Advertising Malware Problem
Symantec Logged 286 Million New Threats In 2010 – Darkreading.
The newly published Symantec Internet Security Threat Report Trends for 2010 counted some 6,253 new bugs — the most ever in a year — that were mostly driven by malware attack toolkits. The ease of deployment that comes with these kits resulted in some 286 million new malware variants, according to Symantec…more
