Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Asus laptop virus infection mostly gone

Status
Not open for further replies.
DrB0b

DrB0b

IS-IT--Management
May 19, 2011
1,420
US
Hello again all,

I was given an Asus laptop U50F that had a recurring popup box saying there were hard drive errors and they could be fixed by clicking the Buy Now button for the full version.

After a Safe Mode install and scan with MBAM, msconfig, and install of MSE and scan, redoing the folder permissions and unhiding them, almost all of the virus seems to be gone. Also, a CCleaner in there for good measure.

I popped up IE to download CCleaner and it went to Google just fine and did my search fine, then it redirected my search. So... I installed FF and didnt copy over any settings from IE during the install, but FF also redirects sites.

Any idea where exactly the rest of this baddy is hiding? Currently MSE and MBAM are doing Full Scans but have found nothing in the hour they have been pumping away.

Ideas?

"You don't know what you got, till its gone..
80's hair band Cinderella or ode to data backups???
 
Sort by date Sort by votes
Run ComboFix, it will find things the others can't. That said, you must disable or remove your anti-virus program, kind of a pain. Just my opinion
 
Upvote 0 Downvote
Fair enough, but do we know a general location that ComboFix would find something like this?

"You don't know what you got, till its gone..
80's hair band Cinderella or ode to data backups???
 
Upvote 0 Downvote
open a command prompt and enter the following:

ipconfig /flushdns
netsh winsock reset catalog and reboot!

I would also use GMER to run a scan, but before deleting anything, make sure that it is not a legit hook, e.g. VMWare hooks USB etc. and it is shown in GMER as a possible RK...






Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
Upvote 0 Downvote
Well Gentlemen,
After a final scan with MBAM, it did pick something up in the IE subfolder and upon deletion, the virus took along most of the programs installed on the laptop. Office 10 is gone along with some of the other preinstalled apps. Running a System Restore and then will throw a Combofix and peek at GMER. Looks like a reinstall is in the near future. Anyone aware if this model has a restore partition, if it does, its hidden to the Host OS because I don't see a secondary partition.

Damn, just aggravating because it seemed so close to virus free. I'm 99% sure the restore will just bring back the virus and if so, if I cant blast it with the above and one other program, guess Ill just bite the bullet and backup and restore.

"You don't know what you got, till its gone..
80's hair band Cinderella or ode to data backups???
 
Upvote 0 Downvote
I know on a lot of new laptops over the last few years you are required to mask your own recovery disks, a one time only deal. There is a program that allows this operation under maintence or recovery, something along those lines, kind of time consuming but oh well
 
Upvote 0 Downvote
I would imagine that is a moot point now as Im not 100% sure where this virus is all located. I tried as BBB said and the pages still redirect. System restore errors out on numerous restore points and MSE or MBAM cant find anything else. Since it axed most of the programs with some of the virus leaving, guess Im just going to do a reinstall and back up whatever data I can still get.

"You don't know what you got, till its gone..
80's hair band Cinderella or ode to data backups???
 
Upvote 0 Downvote
For future reference System Restore can be launched in Safe Mode, and will sometimes work in that mode if Normal Mode fails. You can also run System Restore away from the Windows environment by using the Startup Repair options.

Using System Restore from the Vista Windows Recovery Environment (or Win 7)

Machines that have Recovery Partitions (OEM's) will probably have a "Startup Repair" option in the Safe Mode Boot Options screen instead of a DVD.


Malwarebytes performs in Safe Mode too and might pick up things missed in Normal Mode scans.
 
Upvote 0 Downvote
MBAM was originally ran in SM, but thanks. As far as the Recovery partition, no dice. Yea I suppose I could have done the restore form the Disc but deep down inside I guess I wanted to reinstall the OS anyway as I feel that I know 100% that the virus is gone.

Thanks for all the suggestions as they are good ones.

"You don't know what you got, till its gone..
80's hair band Cinderella or ode to data backups???
 
Upvote 0 Downvote
For anyone else reading through this with a similar issue, my wording wasnt accurate. WHen I said the virus "took along", or deleted, some of my programs, that isnt necessarily true. It removed the symbolic link between the Application location and the shortcuts throughout Windows. Meaning, according to the Program list, any Word/Excel/Access/Powerpoint doc it looked as if you couldnt run it because Office was uninstalled. If you traverse the Windows Program directory and find the actual program call, you can still launch the programs and set back up the link to Office.

"You don't know what you got, till its gone..
80's hair band Cinderella or ode to data backups???
 
Upvote 0 Downvote
Have you also checked your HOSTS file make sure there are no dodgy entries in there too?



ACSS - SME
General Geek

CallUsOn.png


1832163.png
 
Upvote 0 Downvote
Thanks again all,

Went with the reinstall. I'm not the greatest in HOSTS file or manual Reg file peeking, although I couldn't see anything super unusual.

SAS was what I would have tried next if I didn't just get fed up with wasting so much time trying to eliminate the virus. Easier usually just to cut ties and backup and reinstall. There has only been a small number of times that I saved time trying to remove the virus over a reinstall.

"You don't know what you got, till its gone..
80's hair band Cinderella or ode to data backups???
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question
Infection 4
Replies
7
Views
79
dik
dik
javierdlm001
  • Locked
  • Question
My Windows Boot Manager is gone! 1
Replies
9
Views
153
edfair
edfair
2ManyHats
  • Locked
  • Question
Laptop: Running two windows versions, No memory, can't delete partition 1
Replies
8
Views
142
2ManyHats
2ManyHats
DrJorde
  • Locked
  • Question
HP Laptop with W10 now but won't allow me to reset.
Replies
4
Views
99
edfair
edfair
goombawaho
  • Locked
  • Question
Scheduled task gone after upgrade
Replies
2
Views
88
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top