Kill a virus or a system restore?

Speaks for itself
Post Reply
User avatar
[JiF]War Trophy
Forum User
Posts: 698
Joined: Wed Jan 23, 2008 5:30 pm
Location: South Africa

Kill a virus or a system restore?

Post by [JiF]War Trophy »

My computer got hit by a nasty bit of malware yesterday, which slipped through my AVG8.
It was the Security Central virus and it pretty much hijacked my pc.
http://www.bleepingcomputer.com/virus-r ... ty-central
It installs a virus scanner in the background and will not allow you to run any anti-malware programs until the process is terminated somehow, or you purchase the software.
It disables Task Manager too, so you can't end the process. It also disables the System Restore function so I couldn't roll my pc back to an earlier date.
I eventually found and installed a stealthy application (RKill.exe) which stopped the Security Central process, but didn't remove the virus from the pc.
RKill recommended that I then download MalwareBytes Tool to detect and remove the virus.
I didn't have time to sit and wait for a full pc scan (I have a whopping 1000Gb of memory to scan) as I had work to do, but because the virus process was terminated, I was able to roll back my computer by a few days and this seemed to remove the virus.
My question is, is this actually safe, does rolling back actually remove all traces of the virus? Or is it better to use anti-virus applications and anti-malware to remove it?
To me it seems logical that there will still be some entries and traces of the virus left in the registry after a rollback. I mean, data is not really deleted is it? It's just made available for overwriting?
Any thoughts?

PS: For you Simpsons fans, don't watch videos on the "Watch The Simpsons Online" website (wtso.net). Their vids are are virus ridden!
Last edited by [JiF]War Trophy on Wed Feb 03, 2010 2:39 pm, edited 1 time in total.
Image
[JiF]Brick
Forum User
Posts: 823
Joined: Thu Apr 19, 2007 6:09 pm
Location: South Carolina, USA

Re: Kill a virus or a system restore?

Post by [JiF]Brick »

From my experience, the roll back should get it.
I would still do the scan when you have time.
You can never be to careful!

I would also get a anti spyware/malware software to prevent this from happening again.
I used to use AVG (paid version) but switched to Vipre, which is both AV and anti spyware
http://www.sunbeltsoftware.com/home-home-office/vipre/
User avatar
[JiF]major confusion
Forum User
Posts: 654
Joined: Tue Dec 09, 2008 5:09 am
Location: Grand Rapids, Michigan USA

Re: Kill a virus or a system restore?

Post by [JiF]major confusion »

I used to use AVG. But it doesn't catch everything. Now I use Avira AntiVir Personal - Free Antivirus.
This software is from Germany and was recommended by an expert in the business. Works for me.
I use it along with Malwarebytes’ Anti-Malware. Also free.

http://www.free-av.com/en/download/index.html
http://www.malwarebytes.org/
"You can't say civilization isn't advancing; in every war they kill you in a new way."
Will Rogers
Image[url=steam://friends/add/'.76561198080391609.']Image[/url]
User avatar
[JiF]zougathefist
Forum User
Posts: 2216
Joined: Fri Jan 11, 2008 11:20 pm
Location: Plymouth / Swindon, UK

Re: Kill a virus or a system restore?

Post by [JiF]zougathefist »

WT I would run the Malwarebytes software to be sure, just set it going overnight and lock your PC so no-one can access it
Better safe than sorry
He who fights with Monsters should look to it that he himself does not become a monster. When you gaze long into the abyss, the abyss also gazes into you
-Nietzsche

Nietzsche was stupid and abnormal!
-Tolstoy

Oderint Dum Metuant
-Caligula

Image
User avatar
Gnome-father
Forum User
Posts: 521
Joined: Mon Dec 28, 2009 2:05 pm
Location: Norway, Bødalen

Re: Kill a virus or a system restore?

Post by Gnome-father »

a little tip that may work when infected by a trojan: disconnect from the internett(the best way is doing it "mentaly". then ask a friend to download a anti-trojan. install it, run it and voila. the trojan should be removed. btw, i use the avira. none viruses have infected my computer anymore :viva:
[JiF]Gib

Re: Kill a virus or a system restore?

Post by [JiF]Gib »

WT I got my browser hijacked by something similar last week and I tried sys restore - it didnt work.

I finally went in and disabled addons in the browser and then in find/remove programs, found a new searchbar installation...that was a give away from prior experience a few years back with a hijaker and suprisingly simple to uninstall and remove. I can't remember the details but I think I also had to run msconfig and manually unckeck various suspicious looking startup programms and prevent certail dll's from loading on startup. The browser jackers have this triad of pesky ways to keep "restoring itself" if one or 2 of the others are gone by looking and recreating them from their internal code. That was a really nasty one too! (persistant). IE: the idea behind the "triad" is based off of our nuke "defense" triad idea, if our bombers and missles are taken out, then we have subs yet and around robin it goes. So if the virus maker does a triad(or quad using a hidden exe and the registry) then it detects that one or more of the others have been taken out and fires off its payload and re-creates the others. Actually brilliant programming when you think about it. I'm sure Shell-Shocked can explain it better than I as he's got more years in as a developer than I ;)

Make sense?

Gib
User avatar
Gnome-father
Forum User
Posts: 521
Joined: Mon Dec 28, 2009 2:05 pm
Location: Norway, Bødalen

Re: Kill a virus or a system restore?

Post by Gnome-father »

btw, i had something like this on my computer, but it was manualy downloaded. disc cleaner was a software i wantet to compare with crapcleaner. when i downloaded it avira says that a script was detected. denied acces and continued down. installed it and ran it. avira came with another warning but i denied it. disk cleaner found 1 GB of junkfiles! some had the same size as many others. but to delete them you had to purchase the full version/activate it. i clicked activate. avira warned a script but i denied. when i saw the price for activation i said: its not expensive but all those warnings have made this software as a malware? is this fake? and why had many files the same size? i choosed to uinstall the software, but save the screensaver by a unknow reason. maybe i thought that it was nice and usefull?
User avatar
[JiF]FrenchAfroman
Forum User
Posts: 1337
Joined: Sun Mar 16, 2008 2:26 pm
Location: Berlin, Germany and Dover, Delaware

Re: Kill a virus or a system restore?

Post by [JiF]FrenchAfroman »

i use Avira AntiVir Premium Security Suite just, i pay for it so i get a lil more then the free version. its very good had almost no problem since using it.
If we make prisons a living hell for them, then we might just be sending out devils once they are released. Cruel methods to achieve discipline are a thing of the past! So, keep on dancing! Byron F. Garcia.
User avatar
[JiF]BloodGod
Forum User
Posts: 348
Joined: Sat Mar 15, 2008 7:38 pm
Location: Indianapolis IN
Contact:

Re: Kill a virus or a system restore?

Post by [JiF]BloodGod »

I use Trend and have never had a problem for 3 years now. Yes the roll back should have done the trick.
We all have our time to die.....yours just happens to be now

Image
User avatar
[JiF]War Trophy
Forum User
Posts: 698
Joined: Wed Jan 23, 2008 5:30 pm
Location: South Africa

Re: Kill a virus or a system restore?

Post by [JiF]War Trophy »

The rollback seems to have purged the malware! I've since also done a full system scan with MalwareByte and there was no trace of the worm at all. It picked up some other adware lurking in the registry and did a purge. I'm disappointed that worm slipped past AVG though. The reason I like AVG is because it's a relatively minor hassle to disable it for gaming etc. Thanks for the advice all!
Image
User avatar
[JiF] General WarHawk
Game Admin
Posts: 281
Joined: Sat Apr 26, 2008 5:26 am
Location: Milford, MA
Contact:

Re: Kill a virus or a system restore?

Post by [JiF] General WarHawk »

I find Malwarebytes to do a very good job. But no Anti-virus software is ever going to catch every single bug. I used to use Norton, which was buggy on it's own, though there are others who swear by it. I use AVG, but have to disable it to let games run properly. McAffee is okay too, as is TrendMicro, which is fairly comprehensive.
I'm a man, but I can change, if I have to, I guess.
User avatar
[JiF]Trogdor
Forum User
Posts: 115
Joined: Mon Feb 16, 2009 4:31 am
Location: Charleston, SC

Re: Kill a virus or a system restore?

Post by [JiF]Trogdor »

Anyone ever use Avast? It seems to be less well-known, but I always liked how unobtrusive it seemed to be and never had any issues with virii and the like.
Last edited by [JiF]Trogdor on Sat Feb 06, 2010 5:34 pm, edited 1 time in total.
Image
Post Reply