Virus removal: am I doing something wrong here?

Factual Questions
1

It appears my fiancee’s computer has picked up a bug. AVG Free does not detect it at all but the online Kaspersky scan detects a wma.downloader bug. Unfortunately, the online scanner has no options to actually remove this bug but will spit out a report. I made the mistake of not getting this report and I don’t feel like waiting the two hours it took to do the scan to generate it again. I ran Windows Defender and found nothing. I ran the MS Malicious Software removal tool and found nothing. I ran Malbytes Anti-malware and found a couple of registry entries but her computer is still messed up.

This virus has some strange symptoms. It messes up the screen. Unfortunately my powers of description cannot accurately convey how. The screen is just messed up, with a pattern of little dots behind the mouse cursor. It looks kind of like:

::::::::

With the mouse cursor in the middle. This same kind of pattern appears elsewhere on the screen as well.

This has to be the stupidest virus in the history of mankind and I hope whoever wrote it gets horrible ball cancer. Because this virus is like horrible ball cancer: nothing I do seems to get rid of it. If I can’t find a tool or utility that removes it I’m going to use the nuclear option and just reformat her computer and reinstall everything. I don’t mind doing this but collecting up all of her files is going to be a pain in the ass so it would be nice if I could just remove the wma.downloader poopware that has infected her normally clean machine. Any ideas?

2

Haven’t heard of that particular problem but my general experience is that if something is very difficult and time consuming to track down and fix you can probably save a lot of time by just going for the format and reinstall. Even if you do manage to remove the malware you have no way of knowing what else it may have messed up.

3

Probably a variant of Antivirus XP.

Reinstalling Windows is always the very last resort; there are always plenty of free tools that will completely remove a virus and any damage it does. I always wonder why people always suggest it so blithely; it’s a major operation and in all my years cleaning viruses, I’ve only had to do it once (and then because I didn’t have enough information to know the correct method).

First of all, scan with Malwarebytes.. If that fails, go to Super Antispyware. That fixed most infections.

If you can’t get either to work, then the problem is serious, but there are still plenty of better ways to clean viruses than reformatting the hard drive, which is sort of like junking you car because a tire is flat.

4

First of all you have to rerun the scan and get the exact report. It could be a false positive and something else is messing up your computer. I’ve seen people who mess with their regedit and then say they have a virus.

So re-run the scan and copy the details and then post back here what the details are and what kind of operatings system you have.

Also make sure your AVG is up to date. Make sure all your windows patches are in place. I’ve seen people say “My windows is up to date.” Only to find out they “hid” some windows patches and never installed them. So make sure you go to your computer and unhide all the windows patches and see to it they are up to date.

5

Also Kaspersky says it won’t fix the virus, but you can download a free trial of it that should attempt to fix the problem.

This is why I’m wary of it. AVG is pretty good and it could be Kaspersky is saying you have something just to get you to download a free trial. I’m not saying that that is the case but it does raise an eyebrow

6

Actually, it sounds like you have a hardware issue. Garbage on the screen typically indicates bad RAM, either in the system or on the video card itself. Or maybe a driver issue. Download and install the newest driver for your video card. Or roll back to an earlier version if you have just recently installed the new one.

If that doesn’t help, try removing half of the system RAM and check again. Swap the RAM you removed for the ones you left. Note that in some configurations RAM has to be installed in pairs, so if you only have two sticks and the system won’t boot when you pull one you’ll need to make other arrangements. Maybe a geek friend will have some you can borrow for testing.

Video cards are pretty tough to test unless you have a spare you can swap in. I’ve never found a diagnostic app that was 100% reliable.

Good luck!

7

Kaspersky is pretty damn trustworthy, as these things go.

8

I respectfully disagree. To my mind reinstalling Windows is frequently much easier and far less time consuming than trying to track down and repair some unknown problem.

If there is any antivirus software that is capable of determining whether or not any files on the computer have been corrupted or deleted, much less repair or replace them, I am not aware of it.

Your flat tire analogy doesn’t work; a flat tire is a clear and easy fix. Picture instead a difficult to pin down intermittent electrical problem on a car; how many times do you get towed off the freeway and pay a mechanic to troubleshoot it before you replace the car’s wiring or computer or even the entire car if it’s an old beater?

And let’s not forget the added benefit of restoring the machine to like new performance. Windows does degrade with use and requires occasional reinstallation to run at its best.

I maintain that not only for the casual computer user but also for we old geeks who have been dabbling since the 60s that it is often a better choice to simply spend a few hours doing the reinstall than to spend untold hours (or days or weeks) trying to fix a problem that might not actually have a total solution.

9

I can usually fix a virus problem in twenty minutes. It takes at least forty minutes to install Windows XP, and that doesn’t include restoring all your files from backups (and let’s not forget – lots of people don’t have the backups), installing non-Windows software, reconfiguring settings, etc.

If you have an image (which few people have), then reghosting makes sense. Otherwise it takes far less time to do a good virus scan with the proper tools.

Then you’re not particularly aware of the field. They *all * do. I’ve cleaned malware from hundreds of computers using these tools. I’ve never had any problems after scanning was complete. The tools scan all files (one reason it takes twenty minutes) and if the virus does any damage, they find it and fix it. Windows works just as well as it did before the infection.

Whether the analogy works or not, the point is that it’s nearly always unnecessary. Using your example, do you immediately buy a new car, or take it in to be fixed? If it can’t be fixed, then you get a new car. With viruses, they usually can be fixed, so you don’t “buy the new car” – reinstall Windows – as your primary solution.

No – it requires cleaning tools. CCleaner for instance.

Windows, BTW, doesn’t “degrade.” It gets slower primarily because as you add software, more of the memory is being used. If you want better performance, your best bet is simply to increase the memory and delete unneeded running processes.

False assumption. 99% of all malware problems have a total solution. The longest it’s ever taken me to fix a particularly stubborn problem is three hours (That was due to my lack of knowledge; if I had the problem today, I’d have it fixed in no more than an hour), and usually it’s under half an hour. Rebuilding fixes things, but it’s the most difficult way to do it, and is an especially bad solution for average users.

10

Mr. Chuck,

I fear you have missed my point. I did not recommend reinstalling Windows as a primary solution but rather as an option for those who don’t have your breadth and depth of computer knowledge; you are by no means an ‘average’ computer user.

It’s a matter of reaching a point of diminishing returns for one’s time; spend hours or days mucking about running various scanners and doing research and/or posting Hijack This logs and waiting for replies telling you which other software to run and post yet more results and wait for yet another reply … or simply spend a few hours reinstalling the OS and your software … if and only if initial attempts to remedy the problem prove fruitless and frustrating. At some point, when the standard options are failing, one must decide whether it is indeed worthwhile to continue chasing a 99% certain cure or to instead cut one’s losses and go for the tedious but fairly simple 100% solution.

BTW, I would surely like to know what specific piece of software is able to repair bits on a hard drive that have been randomly altered by some sort of malware. It would save me a whole lot of time because I do mess around in places that cause me to tend to pick up the very latest versions of bad stuff.

Respectfully,
Turble

11

Thanks for the advice all. I think it may well be a hardware issue because the garbage on the screen shows up when the computer first boots- the BIOS splash screen has artifacts on it.

12

Kaspersky gives a lot of false positives. If nothing else can find it I would be very suspicious of this diagnosis. Seconding hardware issue.

Do another scan with housecall online if youre still worried.

13

Well, the RAM seems to check out so far. The video card is now #1 suspect because it is an older model (AGP Radeon 9800 Pro) and it has been well abused over the years. I took it out and cleaned it with an air duster but it didn’t any difference. Unfortunately I don’t have any other AGP video cards kicking around right now. I have a PCI and a PCI express but no AGP.

I downloaded the trial version of Kaspersky so we’ll see if I can get the same results from it. I googled for “wma.downloader” and didn’t find anything from reputable AV vendors. It mostly just seemed to be offers to download more viruses. So hopefully Kaspersky is giving me a false positive. But we could have a hardware problem and a virus at the same time so I don’t mind being thorough.

ETA: the artifacts on the splash screen are a pattern of blue rectangles, if that sounds familiar to anyone.

14

You can kinda do a half-ass videocard diagnostic with ATItool. That’s ATIs overclocking utility. Run it and it will try to see how fast it can get that card to work. If its registering errors at the default clocks or early on then you’ve got a bad card. You can see the errors on the bottom of the window with the carpet cube. It will read something like “no errors found in x seconds.”

Might want to try getting the latest video driver too.

15

The video card driver is up to date but as I said before, the funky blocks on the screen are present at boot so it’s not a driver issue.

I’m going to get another video card to see if that fixes it. If not I have no idea where these errors could be coming from.

16

The video card continues to be suspect. I checked DXDiag and found that Direct3d functionality is not available. Unfortunately that prevents me from gathering any useful info from ATItool.

Edit: I know this card is capable of anything Direct3d can do as I have played hours and hours of all kinds of games on it when it was in my old system. I think it done died.

Off to the hardware store!

17

Heh - I was going to post it sounds like a check to see if your bios is up to date will be more fruitful then reinstalling windows and finding you still have the problem, or eh same for an antivirus scan.

18

Hmmm… i have 23+ years in the IT (real, on-site) field and I have never seen AV software that could scan for virii and take care of those while at the same time fixing corrupt files. Though they do try. I would love to have such software because it would make my job much much easier. If you have never had a problem then you were dealing with fairly innocent virii or you were very lucky.
They would have to pinpoint the corrupt file and then substitute a substitute. From a cache or cd/dvd. Maybe I’m not aware of the field…

19

Virii isnt a word. Its viruses.

/pet peeve

20

Well, it would appear the problem was an over-abused Radeon 9800 video card. It has since been replaced by an EVGA Nvidia GeForce 6200 which is running smoothly and silently as it does not need an extra power connector or fan. It’s probably not much of an upgrade per se and I probably paid too much for it ($75 CDN- I know I could have found it for less but I was in a hurry) but it’s for a computer that doesn’t do any more intense gaming than what can be found on Pogo.com. So it’s all back to normal now.

The viruses that Kaspersky found were some questionable MP3 files. I’m guessing if you tried playing them in WMP they would prompt you to download a “codec” which is actually a virus. Strange that no other AV or malware scanner detected these. In any case, I found Kaspersky to be an incredibly annoying product (reminded me a lot of Norton actually) and I have since gone back to AVG Free.

The debate of cleaning malware with available tools versus reformatting is an interesting one. I know on my own computer it’s hardly a choice at all. With my hardware and Vista, a reinstall takes about 20 minutes. This is easily better than the 2+ hours it would take any AV scanner to go through all my files. So I’m all for nuking and paving as I feel it is both easier and more effective. But I understand how mileage can vary.

ETA: the GeForce 6200 is 62.99 at TigerDirect.ca so I only lost $12 to impatience.