Viruses and Malware

I figure its time we have something like this. There's tons of computer users here, and not everyone is super skilled with them, and I'm sure a lot of us run into complicated problems we're not sure how to fix. I recommend we have this thread where we can help each other, and use it for reference so we dont have to run all over the internet in search of a good solution!

For example. Recently I had a trojan pop into c:\windows\system32\services.exe and I didn't know how to fix it. I decided to do a system restore, but that complicated the problem! Instead, a file known as CRYPT32.dll was missing, and I thought my computer was gonna bite the dust, since it couldn't start up properly.

So my advice is for CRYPT32.dll if you ever have that problem:
1. Start your computer, press F1 repeatedly to bring yourself to a screen that will ask you to select your operating system (black and white screen, like booting up in safe mode, for win 7 users)
2. Press F8, this will bring you to advanced options
3. Select Country and Language, and System Recovery Options
4. Log on like you normally do
5. There are multiple recovery tools. I went to the Command Prompt, typed in "cd\windows\system32" pressed enter, then typed "dir crypt32.dll" and finally I typed in "copy crypt32.dll D:\windows\system32"
and voila. Each time I typed something in I waited after pressing enter, because after "dir crypt32.dll" it gave me a bit of information on that file. There are videos out there that can help too.

For services.exe:
1. Run CMD in admin mode (you can find it in accessories, right click run as admin)
2. Type "sfc /scanfile=c:\windows\system32\services.exe"
3. Windows scans and replaces services.exe with the original.

Services.exe is very important! It is used by thousands of virus writers, and legitimately its under C:\windows\system32 and is called service control manager. If the file is found anywhere else, treat it suspiciously.
It is responsible for running, ending, and interacting with system services.

That's what I know at least. I know people have issues with SVCHOST but im not exactly sure what problems occur or how to fix them. If anyone else has any details, that'd be helpful.

This is why I never visit porn sites.

...

Spoiler:

Also, be aware of a trojan called "Pando Media Booster". It installs itself whenever you play most F2P games, and it's a HORRIBLE resource hog.

It drives your upload/download limits to their peak, and it hogs system performance. Many game companies use it to save on them hosting servers, so Pando Media Booster steals your resources to host their games.

If I were you, I would go into Control Panel -> Uninstall Programs, then find Pando Media booster and uninstall it immediately. It won't hurt your system, and better yet, it'll give you back your performance. It's actually illegal to install it, which is why most companies force you to sign a waiver before they let you play their games.

Ilceren wrote:

I've been told I probably have a svchost trojan by a friend of mine, since I seem to have sixteen of such processes instead of the normal nine or ten. However, I've never really looked into it, most probably because I don't want to break down my own computer. If someone knows how to do it, then I'd appreciate if they say something so i can at least check if those sixteen processes are legit.

I found a list of instructions that details how to go into safe mode and exactly what to do. You don't have to download any programs, so this could be a saving grace. Tell me how it works for you! I'd do it myself but I don't have svchost.exe viruses.

http://www.ehow.com/how_5132341_remove-svchostexe-virus.html

I have an svchost in my processes (checked through windows task manager) but my friend said that I should keep it there.

I dunno if having "too many" is a good thing or a bad thing or whatever, since I'm not too familiar with svchost. As for the website's guide, I hoped it would help but it seems like you're fine now, yes? ^-^

Anyone ever have any issues with bho_project.dll I think its causing an issue on my PC and I'm unsure how to fix it.

Hey I'm updating this due to relevance.

Guess what? My Firewall disappeared!

I suppose Malwarebytes removed it somehow (on that note, any good anti-malware programs to use? They all seem bad or ineffective).

So I went to turn on firewall and I got error code 0x80070424, and I was told to:
1-go to services, scroll to the bottom and start Windows Firewall

-It wasn't there for me, so I couldn't turn it on, Firewall didn't exist,  so I went to a website on a techie forum that told me where I can get registry files that worked brilliantly.

It basically told me all I needed to know, lol. Its very useful instead of repair installing or reformatting your computer if you're having issues. However, Windows Firewall STILL wouldn't start,
-so I went to regedit, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
-went to permissions, added NT SERVICE\mpssvc
-then went back and went back to services, which showed Windows Firewall there, started it, and it worked.

So now I have a firewall again. whoo. By the way, all of this was nabbed off the support.microsoft website.

Not sure if it does malware too, but Avast Antivirus has worked swell for me for years.

Quote :

I'll preface this by saying that for the nastiest viruses, the best course of action time and frustration wise is to just reformat the computer. However, most common viruses and malware that infect machines today are pretty easily taken care of.

Preparation

Depending on the infection, you may or may not have internet access. Even if you do, it's wise to pull the computer off your home network to reduce risk of it infecting other machines.

If you have another machine, grab a small USB stick, and download the following applications to it:

Combofix (Direct Download Link)
Malware Bytes
SuperAntiSpyware

If possible, disable System Restore on all drives on the computer. Disconnect any external drives as well.

Cleaning

On your infected machine, turn it on and boot into safe mode. To do this, on most computers tap F8 during the initial boot screen and it should prompt you. If this doesn't work, check google for how to do it for your model.

Once into safe mode, insert your USB stick and drag all 3 installation files to the desktop. if you haven't already, disable system restore.

First, run Combofix. (Note: Some viruses will block you from running Combofix. Simply rename the executable to something like "Combo1" to get around this) You'll see a few warning messages, just click past them. Let it back up the registry. Don't install the Windows Recovery Console.

If you see your desktop or taskbar blinking, this is normal. You might get the "Windows has started in safe mode" introductory message again, just click Yes so Combofix can continue scanning.

Note: If you have a rootkit on your machine, Combofix will pause and list the files associated with the rootkit. It will then reboot to clear the infection. Typically there are still many leftover files after this, make sure you reboot into safe mode and start over from the beginning and run ComboFix again.

Once Combofix has successfully finished scanning, it will generate a log for you. Reboot if it prompts you to, and go back into safe mode.

Second, install and run MalwareBytes. This is straight forward, and will clean any left over files that ComboFix may have missed. Once that's complete and it's removed all files, reboot if it prompts you to.

Lastly, run SuperAntiSpyware. You can skip this step if you think the first two steps cleaned the infection, but a little redundancy never hurts.

Cleanup

Reboot and log into Windows normally. Check to make sure that the symptoms you experienced before are gone. If they're not, make sure you had System Restore turned off, no CDs in your drive, no external drives, etc where the virus could have reinstalled itself.

Download CCleaner and run it. This will clear all your temporary internet files and also clean out your registry so that any left-over entries are taken care of.

Prevention

Always have an up-to-date virus scanner and all your Windows Updates. Obviously paid antivirus solutions like Kapersky and Nod32 are the best, but a good free scanner like Avast! is better than nothing. Don't neglect Flash/Java/Quicktime updates either, as many things use exploits in those programs to infect your machine.

Hope this helps.

The basics. Source / cross posted from BG tech forum. Nowadays most people have a / have access to a smartphone to access the internet even with their PC hosed so higher tier support is just a search away.

Hey a pretty good website for y'all to know is http://www.bleepingcomputer.com/

It helped me get rid of some real nasty rootkits that was affecting my skype. Couldn't have done it without it. Some VERY powerful programs here!