Announcement

Collapse
No announcement yet.

Malware - What next?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dogbearbyter
    replied
    Oh, Mac, iOs, OSX, Android and Linux have their problems too these days: http://www.theregister.co.uk/software/os/

    Leave a comment:


  • jonnyseeandoh
    replied
    Welcome to yesterday!

    Leave a comment:


  • jonnyseeandoh
    replied
    Got Mac? Got Linux? Don't need none of those, just some antivirus so you don't become a carrier.

    Leave a comment:


  • batman
    replied
    Originally posted by mad dog View Post
    4 essentials for any cpu/laptop:

    1. AVG Anti Virus 2011
    2. CCleaner
    3. SuperAntiSpyware
    4. Malwarebytes

    I've fixed a lot of old heads laptops using those four programs. Anyone care to guess how they got viruses and trojans?
    I would add Combofix to that list of essentials. Excellent virus/malware repair program, just in case something gets by one of the protectors.

    Leave a comment:


  • mad dog
    replied
    4 essentials for any cpu/laptop:

    1. AVG Anti Virus 2011
    2. CCleaner
    3. SuperAntiSpyware
    4. Malwarebytes

    I've fixed a lot of old heads laptops using those four programs. Anyone care to guess how they got viruses and trojans?

    Leave a comment:


  • BadOrderKing
    replied
    Originally posted by jonnyseeandoh View Post
    And with that, if you take regular backups...delete all backups you now have and start a new full backup.
    Yeah, thats what advice I will give him when I return it. Well that and to allow the virus scan to RUN and occasionally run CCleaner and the Malwarebytes.

    Leave a comment:


  • jonnyseeandoh
    replied
    And with that, if you take regular backups...delete all backups you now have and start a new full backup.

    Leave a comment:


  • Enigma
    replied
    I would also suggest...

    To prevent reinfection of what you just cleaned off,

    Turn off the system restore, so that it will delete the system restore points where the computer was previously infected. (Since the scanners cannot search inside the restore files.)

    Once you turn it off, and hit Apply, they should be deleted.

    Then you can turn system restore back on, hit Apply, and it will create fresh restore points on the now clean computer.

    Leave a comment:


  • BadOrderKing
    replied
    Originally posted by BadOrderKing View Post
    I do believe Malwarebytes found the issue. The rundll32.exe is associated with a file that it believes to be a Trojan virus. Told me I would have to restart to finish removal. I restarted and Windows told me that something could not open properly (The file MB found as a virus). I looked in the system configuration under the start up tab and there it is with a check in its box. I assume this means it is still active?

    Labeled:
    Start up item - Okuharukururulip
    Manufacturer - Unknown
    Command - rundll32.exe "C:\Users\Computer name\AppData\local\ijelawet.dll", Start up

    I have googled "ijelawet.dll" and "Okuharukururulip " and found not even a close match to anything computer related.

    I believe we found it. What next? How do I make sure it is dead? What the hell is it?
    It appears it was just coincidence that I saw that file when the system config started. I later found that the program that failed to open was Malwarebytes itself. Windows blocked it. I got it open and it finished its work. After a full scan that same file was found and removed.

    Everything is now working as it should. Went through CCleaner and MSConfig and the file is not there any longer. Windows appears to be running normal again and all updates have finally loaded without failing.

    As always, you guys have been a great help and I appreciate your time and expertise.

    Leave a comment:


  • FutureHogger
    replied
    Originally posted by Dogbearbyter View Post
    BOK if you use CCleaner go to the tools link and select startups. It's a useful and clear way to manage startups. You can see them easier than MSconfig and you can easily disable/delete them too. AND you don't have to reboot to save the changes.

    ^^^^^^^^^^^^^^^^^^^^^^^^^^Good information^^^^^^^^^^^^^^^^^^^^^^^^^



    Originally posted by jonnyseeandoh View Post
    If you use MSCONFIG to manage your startup routines, you will get a a cryptic notice the first time you boot, to remind you you have done this. When you see it, select the option to not notify you of this fact. You already know after all!
    forgot to mention that, thanks for adding it!
    Last edited by FutureHogger; 02-02-2011, 07:12 AM.

    Leave a comment:


  • jonnyseeandoh
    replied
    If you use MSCONFIG to manage your startup routines, you will get a a cryptic notice the first time you boot, to remind you you have done this. When you see it, select the option to not notify you of this fact. You already know after all!

    Leave a comment:


  • Dogbearbyter
    replied
    BOK if you use CCleaner go to the tools link and select startups. It's a useful and clear way to manage startups. You can see them easier than MSconfig and you can easily disable/delete them too. AND you don't have to reboot to save the changes.

    Leave a comment:


  • BadOrderKing
    replied
    Thanks. God I love this place! A railroad site that also diagnosis computer problems.

    Future hog, have you read my other computer adventures?

    Leave a comment:


  • FutureHogger
    replied
    yeah if you type msconfig in the run box you can just un-check the box and windows wont try to open the file anymore....there is a much longer and more complex way to remove it from the registry but as long as the offending files are gone that is neither here nor there...its only giving you a message because its tying to open the virus that was removed.


    in short just un-check the box

    Leave a comment:


  • BadOrderKing
    replied
    I do believe Malwarebytes found the issue. The rundll32.exe is associated with a file that it believes to be a Trojan virus. Told me I would have to restart to finish removal. I restarted and Windows told me that something could not open properly (The file MB found as a virus). I looked in the system configuration under the start up tab and there it is with a check in its box. I assume this means it is still active?

    Labeled:
    Start up item - Okuharukururulip
    Manufacturer - Unknown
    Command - rundll32.exe "C:\Users\Computer name\AppData\local\ijelawet.dll", Start up

    I have googled "ijelawet.dll" and "Okuharukururulip " and found not even a close match to anything computer related.

    I believe we found it. What next? How do I make sure it is dead? What the hell is it?

    Leave a comment:

Working...
X