Jump to content

Virus Warning


gi7omy

Recommended Posts

I had a customer's laptop in for repair with a virus - one I haven't come across before called 'mislead.exe'

 

This was totally resistant to any AV that I ran on it so I tried to manually shut it down with the three finger salute (to stop the app running so I could start to remove it)

 

I got a message saying, basically, "you don't have permission to run Task Manager" - the virus had embedded itself in suich a way that even an Admin account couldn't get at it.

 

From what I've found on the net, it sets up exe files in the temp internet folders (and you can't even delete those). I did try in Safe Mode but rebooting left the virus there. It seems to set up randomly generated registry keys that vary in location and name so, what would be a valid edit for one infection, won't work on another.

 

Why didn't I just do a 'format c:'? The flamin' optical drive was dead as well :angry2: (I don't know if this was down to the virus getting at the BIOS or not)

Link to comment
Share on other sites

It would be worth attacking that with a LiveCD PE version of your Windows, Daithi. Cold boot on the CD, and go kill out the contents of the internet cache. Since you're cold booting from the CD, the virus won't get run.

 

Regards,

Brendon

Link to comment
Share on other sites

Do have any idea Daithi, how the virus got into the computer to start with. Or can your customer remember anything that would help others to NOT get infected ?

 

EDIT: I wonder if this attachment might have been in someway associated with the virus ?

 

Frank...

Link to comment
Share on other sites

EDIT: I wonder if this attachment might have been in someway associated with the virus ?

 

Frank...

 

 

I hope not Frank. I use Firefox with the Finjan plugin which scans links before you click in order to test the potential for nasty sites and that one comes up with the message that it's safe to browse. It makes me wonder about Finjan.....NOT that I'd ever even browse to it by the looks of it but maybe there's something else on that page. Very odd and definitely something to avoid.

Link to comment
Share on other sites

It would be worth attacking that with a LiveCD PE version of your Windows, Daithi. Cold boot on the CD, and go kill out the contents of the internet cache. Since you're cold booting from the CD, the virus won't get run.

 

Regards,

Brendon

 

 

Dead optical drive Brendon - so that wasn't an option. The client was using Limewire (or he says his kids were). No matter how often you tell people to be very careful, they just won't listen

Link to comment
Share on other sites

Dead optical drive Brendon - so that wasn't an option.

Bummer!! He's going to need to replace that drive before you could reinstall Windows, but if things are that infested it might be better to hook the HD out first and get any priceless data off it, then format it and put it back in the laptop to reinstall Windows, rather than trying to repair the current Windows installation. It would certainly be cheaper for him.

 

He's luckier than the owner of a Toshiba Laptop I'm working on at the moment. She's really anxious about her data [aren't we all] but there's no way I can persuade the HD to initialize, in or out of her machine. It spins up and the interface is fine, but the HDA can't find home so it won't talk to the world. Warming it didn't help so I have it in the freezer at the moment, but I'm not confident.

 

BACKUP: Something most people do after they have a disaster. :(

 

 

Link to comment
Share on other sites

Luckily enough Brendon I was able to network the laptop and transfer all his data to my own machine (and scanned it as it arrived) and then burnt a DVD of his docs and video so he won't lose out on a reformat

 

Still - I don't know whether or not the optical just died or the virus killed it (I do recall a virus that hit the BIOS before)

Link to comment
Share on other sites

Odd that you would mention "Limewire" Daithi. I have a good friend that teaches a class in computer stuff at our local Jr. high, and he gives his students all kinds of advice on how to download MP3 and other types of music and what websites to use and not use. He has told me that a great deal of his students problems with their computers has happened while using Limewire. I have no knowledge of limewire but would have to believe him.

 

Frank...

Link to comment
Share on other sites

Limewire is one of those filesharing apps (for anything really) but because of its popularioty with the cheapskates it's the target of every idiot who wants to spread a virus

 

The problem is that it's a lot of people who will ignore virus warnings (presuming they even HAVE an AV program installed) and open all sorts of archive and exe files willy-nilly - and then scream when something goes wrong with the computer

 

I've tried telling people 'til I'm blue in the dace, to get RID of Limewqire, but as sure as a *%$$! is a cat, 6 months or so down the line. I get the thing back for another problem and there's Limewire sitting there

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...