Virus

[Robby nz]

To start off I know stuff all about these things if I push a button and it works fine if not................

I have recently bought an ASUS notebook PC, a new model with touch screen.

It is loaded with windows 8, at the place where we bought it they loaded in all the programes however when we got home we found we needed something else to get photos so a local expert loaded in ASDSee Pro3.

Before he did this everything worked fine but after I could not open my mail and a couple of other things.

When the lady boss who knows more about these things than me called him he said he had got a virus from my machine in whatever he had used to install the programe.

On checking I found I had 2 viruses 1 a Trojan . Cleaned them off but things still don't work as they should.

Now I am told that that the Trojan is still in there and everything must be removed from the hard disk and start again.

On top of that the fella does not have windows 8 to put back in and says he would put in windows 7.

Before I let him do it any advice would be greatly appreciated.

O yes we are 3 hours away from where we bought it.

[JetsetBkk]

Download Microsoft's "Windows Defender Offline" from here: http://windows.microsoft.com/is-is/windows/what-is-windows-defender-offline

Burn it to a CD and boot from it. Set it to scan your entire disk(s) and it will find and remove just about every piece of malware.

When they loaded 'ACDSee Pro3', they probably used a key generator which had the trojan in it.

They say they got a virus from you? I call BS on that.

[topt]

Download Microsoft's "Windows Defender Offline" from here: http://windows.microsoft.com/is-is/windows/what-is-windows-defender-offline

Burn it to a CD and boot from it. Set it to scan your entire disk(s) and it will find and remove just about every piece of malware.

When they loaded 'ACDSee Pro3', they probably used a key generator which had the trojan in it.

They say they got a virus from you? I call BS on that.

Make sure it is an empty CD or USB stick as it apparently formats it and deletes anything else on there.

I used this on a laptope after JetsetBkk recommended it in another thread and it worked very well - once I had googled how to boot from the USB at startup on my machine

JsB - any idea how I can use on another laptop which has the hard disk encrypted - True Crypt - I cannot work out how to get it to boot from the usb - I am guessing I would have to unencrypt the hard drive first?

[JakeBKK]

Download Microsoft's "Windows Defender Offline" from here: http://windows.microsoft.com/is-is/windows/what-is-windows-defender-offline

Burn it to a CD and boot from it. Set it to scan your entire disk(s) and it will find and remove just about every piece of malware.

When they loaded 'ACDSee Pro3', they probably used a key generator which had the trojan in it.

They say they got a virus from you? I call BS on that.

Sorry to say this - but windows defender is utterly useless. Here http://www.bleepingcomputer.com/download/combofix/ is a good place to start.

[Chicog]

**** don't let him loose on your PC again.

Try one of the online scanners below and report back exactly what malware it finds and we'll see if we can help you.

http://www.pandasecurity.com/activescan/index/

http://www.bitdefender.com/scanner/online/free.html

http://housecall.trendmicro.com/

http://www.eset.com/us/online-scanner/

Edited March 8, 2013 by SeaVisionBurma
remove unacceptable language

[JakeBKK]

Expert my arse, don't let him loose on your PC again.

Try one of the online scanners below and report back exactly what malware it finds and we'll see if we can help you.

http://www.pandasecurity.com/activescan/index/

http://www.bitdefender.com/scanner/online/free.html

http://housecall.trendmicro.com/

http://www.eset.com/us/online-scanner/

good advice. please run combofix first.

[Chicog]

Expert my arse, don't let him loose on your PC again.

Try one of the online scanners below and report back exactly what malware it finds and we'll see if we can help you.

http://www.pandasecurity.com/activescan/index/

http://www.bitdefender.com/scanner/online/free.html

http://housecall.trendmicro.com/

http://www.eset.com/us/online-scanner/

good advice. please run combofix first.

No, don't do anything that "fixes" it until you know what you're dealing with.

[BlackPuddingBertha]

No, don't do anything that "fixes" it until you know what you're dealing with.

Indeed. Scan first. Identify second. Fix third.

[JakeBKK]

Expert my arse, don't let him loose on your PC again.

Try one of the online scanners below and report back exactly what malware it finds and we'll see if we can help you.

http://www.pandasecurity.com/activescan/index/

http://www.bitdefender.com/scanner/online/free.html

http://housecall.trendmicro.com/

http://www.eset.com/us/online-scanner/

good advice. please run combofix first.

No, don't do anything that "fixes" it until you know what you're dealing with.

disconnect your i-net clean it. done. why do want spend time to trace a pile of ----...... and change you passwords afterwards. Edited March 8, 2013 by SeaVisionBurma
removed unacceptable language

[BlackPuddingBertha]

"It is loaded with windows 8, at the place where we bought it they loaded
in all the programes however when we got home we found we needed
something else to get photos so a local expert loaded in ASDSee Pro3."

Loaded in all what programmes? Windows 8 is complete in itself and if the shop added extra things then it's highly likely that they installed pirated versions of pay programmes. Thai shops do this all the time.

So you probably need to watch out for both your local expert and the original shop.

For viewing pictures there are loads of free software tools available so there is never any need to install pirated stuff.

[Chicog]

Expert my arse, don't let him loose on your PC again.

Try one of the online scanners below and report back exactly what malware it finds and we'll see if we can help you.

http://www.pandasecurity.com/activescan/index/

http://www.bitdefender.com/scanner/online/free.html

http://housecall.trendmicro.com/

http://www.eset.com/us/online-scanner/

good advice. please run combofix first.

No, don't do anything that "fixes" it until you know what you're dealing with.

disconnect your i-net clean it. done. why do want spend time to trace a pile of ----...... and change you passwords afterwards.

Not really helping, are you?

He said "Cleaned them off but things still don't work as they should."

[Chicog]

"It is loaded with windows 8, at the place where we bought it they loaded

in all the programes however when we got home we found we needed

something else to get photos so a local expert loaded in ASDSee Pro3."

Loaded in all what programmes? Windows 8 is complete in itself and if the shop added extra things then it's highly likely that they installed pirated versions of pay programmes. Thai shops do this all the time.

So you probably need to watch out for both your local expert and the original shop.

For viewing pictures there are loads of free software tools available so there is never any need to install pirated stuff.

Why the **** you would bother installing pirated software to view pictures when IrFanView is free I have no idea.

Some "expert".

[JakeBKK]

"It is loaded with windows 8, at the place where we bought it they loaded

in all the programes however when we got home we found we needed

something else to get photos so a local expert loaded in ASDSee Pro3."

Loaded in all what programmes? Windows 8 is complete in itself and if the shop added extra things then it's highly likely that they installed pirated versions of pay programmes. Thai shops do this all the time.

So you probably need to watch out for both your local expert and the original shop.

For viewing pictures there are loads of free software tools available so there is never any need to install pirated stuff.

sorry. we are talking about windows here, maybe in june when the first SP is out. until then i would not consider it as an reliable os, unless then - 7 does the job.

[Chicog]

"It is loaded with windows 8, at the place where we bought it they loaded

in all the programes however when we got home we found we needed

something else to get photos so a local expert loaded in ASDSee Pro3."

Loaded in all what programmes? Windows 8 is complete in itself and if the shop added extra things then it's highly likely that they installed pirated versions of pay programmes. Thai shops do this all the time.

So you probably need to watch out for both your local expert and the original shop.

For viewing pictures there are loads of free software tools available so there is never any need to install pirated stuff.

sorry. we are talking about windows here, maybe in june when the first SP is out. until then i would not consider it as an reliable os, unless then - 7 does the job.

You can consider it whatever you like, but it's still vulnerable to infection and it (probably still) needs cleaning, so perhaps staying on topic would be more helpful.

Edited March 8, 2013 by Chicog

[JakeBKK]

"It is loaded with windows 8, at the place where we bought it they loaded

in all the programes however when we got home we found we needed

something else to get photos so a local expert loaded in ASDSee Pro3."

Loaded in all what programmes? Windows 8 is complete in itself and if the shop added extra things then it's highly likely that they installed pirated versions of pay programmes. Thai shops do this all the time.

So you probably need to watch out for both your local expert and the original shop.

For viewing pictures there are loads of free software tools available so there is never any need to install pirated stuff.

sorry. we are talking about windows here, maybe in june when the first SP is out. until then i would not consider it as an reliable os, unless then - 7 does the job.

You can consider it whatever you like, but it's still vulnerable to infection and it (probably still) needs cleaning, so perhaps staying on topic would be more helpful.

agreed. the ---- currently out there requires you to reboot in safe mode (press F8 while booting) rum mbam, combofix and such stuff. and here we reach the point where PBST does not work any more.

so give them the advice to run rootkit - ---- with bitdefender or a fee online-scan? give me a break!

Edited March 8, 2013 by SeaVisionBurma
removed unacceptable language

[Robby nz]

First off thanks for your help.

Did a scan with ESET and it found nothing.

The previous scan I did was with Windows Defender which came with the machine.

Something new; the Mrs has just told me she used this thing to download something from her bank (K) when I was out between the time I used it in the morning without a problem and when her friend put ASDSee on so it could well have been something she downloaded that brought the trouble.

OK so where to from here?

Is it correct that the Trojan will still be in there somewhere and if so what will need to be done?

[Robby nz]

Sorry posted the previous without reading beyond post 5 as I have been carrying out a scan.

But still confused and where to from here?

[Chicog]

If you scan with a couple of those online scanners and it finds nothing, then it's probably clean, but whatever you used may have removed an infected system file.

What makes you think it's still infected?

Open a command prompt as administrator and type "SFC /VERIFYONLY" and let's have a look at the state of your windows install.

Hopefully you'll eventually see this message:

"Windows Resource Protection did not find any integrity violations."

so give them the advice to run rootkit - ---- with bitdefender or a fee online-scan? give me a break!

Sure Jake. Take a break.

Edited March 8, 2013 by SeaVisionBurma

[Chicog]

Oh, and on the off-chance that it dumped something into your browser(s), run this as well:

https://browsercheck.qualys.com/

[Robby nz]

Ok first what makes me think there is a problem.

There are some things on this site I cant use

1 I can click on the quote on a post and it comes up OK and I can type an answer but it will not post when I click the post button.

2 Same with the post at the bottom of the page, can type a reply but the post button will not work.

I can post with 'reply to topic' at the top of the page

3 I cant get my notifications to come up, I click on the icon and get the little whirly thing but no notifications.

Then there is my Hotmail acc, I can open the account but cant open any of the messages nor access any of the other things like contacts or sent messages etc.

I also get a message at the top that says ;cannot connect to Hotmail' (not those words).

All those things work as normal when I use the Mrs's computer.

Sorry to appear ignorant of these things but I am, how do I get :

Open a command prompt as administrator and type "SFC /VERIFYONLY" and let's have a look at the state of your windows install.

[transam]

SuperAntiSpyeware.

But you might have a many times illegal copy of Windows 8 and Microsoft will ''inject' problems. Been there.

[Chicog]

Follow the procedure below to open a command prompt with administrator permissions.

Then at the command prompt, type SFC /VERIFYONLY and hit Enter.

Here's How (Short Way):

1. Swipe up from the bottom of the Start screen and then touch All apps.
   
   Note: If you're using a keyboard, right-click on the Start screen and then click on All apps.
2. On the Apps screen, locate the Windows System heading. You may need to swipe or scroll to the right depending on the size of your screen.
   
3. Press and hold, or right-click, on Command Prompt.
   
4. Press or click on Run as administrator from the menu that appears at the bottom of the screen.
   
5. Press or click on Yes if you're prompted with a User Account Control message.
   
   Note: If your Windows 8 account does not have administrator privileges, you may be prompted with a different message here, asking for credentials from another account on your computer that does have administrator privileges before you'll be allowed to open an elevated Command Prompt.
   
6. An elevated Command Prompt window will appear.
   
   Since you're now running the Command Prompt program as an administrator, you can execute any Windows 8 command without worrying about permission restrictions.

Edited March 8, 2013 by Chicog

[Chicog]

You might also want to reset your Internet Explorer settings:

http://support.microsoft.com/kb/923737

[JetsetBkk]

<snip>

JsB - any idea how I can use on another laptop which has the hard disk encrypted - True Crypt - I cannot work out how to get it to boot from the usb - I am guessing I would have to unencrypt the hard drive first?

Yes, I haven't found a way to scan a drive that is encrypted with Truecrypt using the off-line scanner. However, I don't see why the hard drive being encrypted should stop the laptop booting from a USB thumb drive since that is achieved by changing the boot drive order in the BIOS.

So you would have to boot Windows normally, letting Truecrypt allow access to the files and then run one or more of the on-line scanners already listed above by Chicog. And possibly a Malware Bytes scan. And if you're really stuck, a Comboxfix scan - but I don't recommend it as it is far too powerful for the average user to use.

[MichaelJohn]

System Restore?

Restore back to before the bank software, if not fixed restore before that and keep going back till it's right?

If virus scanners are not finding anything then unlikely to be a virus - have you tried something like Malwarebytes.org?

[topt]

<snip>

JsB - any idea how I can use on another laptop which has the hard disk encrypted - True Crypt - I cannot work out how to get it to boot from the usb - I am guessing I would have to unencrypt the hard drive first?

Yes, I haven't found a way to scan a drive that is encrypted with Truecrypt using the off-line scanner. However, I don't see why the hard drive being encrypted should stop the laptop booting from a USB thumb drive since that is achieved by changing the boot drive order in the BIOS.

So you would have to boot Windows normally, letting Truecrypt allow access to the files and then run one or more of the on-line scanners already listed above by Chicog. And possibly a Malware Bytes scan. And if you're really stuck, a Comboxfix scan - but I don't recommend it as it is far too powerful for the average user to use.

Thanks but maybe I did not explain very well. My point was I scanned my other laptop which has Nod 32 on it with defender offline and it supposedly found a couple of viruses so I wanted to do the same with this laptop which only has Avast on it. Online scans I know I can do any time no problem.

[SeaVisionBurma]

Off topic post and reply to it removed.

And a general warning for some of you to watch your language - read the forum rules, or expect a holiday. You're not in the playground, so try to keep the language civil, okay?

[JetsetBkk]

<snip>

JsB - any idea how I can use on another laptop which has the hard disk encrypted - True Crypt - I cannot work out how to get it to boot from the usb - I am guessing I would have to unencrypt the hard drive first?

Yes, I haven't found a way to scan a drive that is encrypted with Truecrypt using the off-line scanner. However, I don't see why the hard drive being encrypted should stop the laptop booting from a USB thumb drive since that is achieved by changing the boot drive order in the BIOS.

So you would have to boot Windows normally, letting Truecrypt allow access to the files and then run one or more of the on-line scanners already listed above by Chicog. And possibly a Malware Bytes scan. And if you're really stuck, a Comboxfix scan - but I don't recommend it as it is far too powerful for the average user to use.

Thanks but maybe I did not explain very well. My point was I scanned my other laptop which has Nod 32 on it with defender offline and it supposedly found a couple of viruses so I wanted to do the same with this laptop which only has Avast on it. Online scans I know I can do any time no problem.

Well, now I'm totally confused!

So is your problem that you can't get "this laptop" (with Avast on it) to boot from the USB?

If that's not the problem, please start afresh and state the problem!

[Robby nz]

But you might have a many times illegal copy of Windows 8 and Microsoft will ''inject' problems. Been there

Now I think it through Transam you might be right and if so its probably my own silly fault.

But enough for today will have another go tomorrow.

Thanks again all

[Robby nz]

Hi Again, back after a sleep and just done a browser check and got the following message:

ERROR:

Error parsing signature data Syntax error -

What the hell does that mean?