I was trying to delete a questionable 600 kb .exe file today, but accidentally double-clicked on it instead. :smack: Although nothing else appeared to happen, it immediately disabled my windows update feature (I can’t turn it back on for more than a minute now–it will turn back off immediately), and also my windows firewall. I can’t turn on the firewall at all—I just get an error message or something bogus about group settings. Although neither Spysweeper nor McAfee register this program as offensive, McAfee Security Center alerted me to the fact that my computer was no longer protected.
Luckily, I also have the Sygate firewall installed—and I was able to block the program from using svchosts.exe to access a questionable website.
Can anyone help me? I will be happy to send the offending exe file and/or the Sygate firewall alert and website, if you think you can help me restore my computer to the way it was.
I tried your suggestion, but the name is far too common for that. Also, I had full protection on my computer–McAfee Security center, windows XP firewall, Sygate firewall, Spyware Blaster, etc. at the time this occured. The file itself does not register as malware with my antivirus (Mcafee) or anti-spyware (Webroot Spysweeper) software.
However, I did block it from accessing a particular website (as mentioned earlier), so I probably prevented anything worse getting installed on my computer. I really think it will require someone looking at the actual executable file. Is crippling the windows update and firewall a common problem with malware? It shouldn’t be that easy to do! I tried looking for hours on how to fix this online, to no avail.
Still post the name of the original .exe here so we can have a look. Unless it is a randomly generated filename, there is bound to be some info on it when you know where to look.
I’m guessing it looks quite like a legit Windows component filename or something?
The problem is that you now cannot actually TRUST your PC when it is booted - it can lie to you about almost everything. Try getting and installing AVAST Free Antivirus, it has a boot time AV scan option that will really help without the hassle of the following options.
Can you pull the hard drive and scan it on another PC (using a USB to IDE/SATA adapter)?
You could also make a BartPE disk or a UBCD-Win (google these) so you can boot and scan your PC without starting your current copy of Windows, but you cannot make these disks on your current PC.
Otherwise, nuke it from orbit - it’s the only way to be sure
You can rescue your PC, but you can’t do it while windows is actually running.
If you have a proper Windows installation CD (not just an image-based ‘factory restore’ disk), you could boot into the recovery console and run the System File Checker (sfc /scannow) - this should identify any essential system files that have been altered and restore them as necessary.
That will fix system files, but not registry links to programs that will reinstall the malware. It is a good thing to do after a scan from a 2nd OS - it may help your cleaned OS boot.
Agreed, although in all the cleanup operations I’ve had to do, I’ve never had one so severe that it required pulling out the drive and scanning it from a different machine - not that it’s a bad idea.
BTW, if you don’t have a Windows install CD, you can download a set of boot floppies from Microsoft here - although it might be easier to find someone else who has the right version of the full CD and borrow it.
Yes. That’s the way most computer repair shops do it. Very safe, as long as none of the executables on the suspect drive are run (and the scanning unit is known to be clean). You can at least clean up viruses and badware this way by running a full scan. Once this is done, you may have some more work to do, but at least it gives you a fighting chance at recovery.
If the system is too badly damaged, this may not work.
You have been lucky. I’ve seen some terrible systems - one that could not be cleaned without a format - I still don’t know how that one worked (I replaced the MBR and boot sector, reinstalled Windows and it was still infected). That said, Avast AV boot up scan goes a long way to solving problems that other AV programs struggle with, because it gets going so early (before the malware starts). It’s just that installing/updating Avast may be difficult on an infected machine.
