Kill a virus or a system restore?
- [JiF]War Trophy
- Forum User
- Posts: 698
- Joined: Wed Jan 23, 2008 5:30 pm
- Location: South Africa
Kill a virus or a system restore?
My computer got hit by a nasty bit of malware yesterday, which slipped through my AVG8.
It was the Security Central virus and it pretty much hijacked my pc.
http://www.bleepingcomputer.com/virus-r ... ty-central
It installs a virus scanner in the background and will not allow you to run any anti-malware programs until the process is terminated somehow, or you purchase the software.
It disables Task Manager too, so you can't end the process. It also disables the System Restore function so I couldn't roll my pc back to an earlier date.
I eventually found and installed a stealthy application (RKill.exe) which stopped the Security Central process, but didn't remove the virus from the pc.
RKill recommended that I then download MalwareBytes Tool to detect and remove the virus.
I didn't have time to sit and wait for a full pc scan (I have a whopping 1000Gb of memory to scan) as I had work to do, but because the virus process was terminated, I was able to roll back my computer by a few days and this seemed to remove the virus.
My question is, is this actually safe, does rolling back actually remove all traces of the virus? Or is it better to use anti-virus applications and anti-malware to remove it?
To me it seems logical that there will still be some entries and traces of the virus left in the registry after a rollback. I mean, data is not really deleted is it? It's just made available for overwriting?
Any thoughts?
PS: For you Simpsons fans, don't watch videos on the "Watch The Simpsons Online" website (wtso.net). Their vids are are virus ridden!
It was the Security Central virus and it pretty much hijacked my pc.
http://www.bleepingcomputer.com/virus-r ... ty-central
It installs a virus scanner in the background and will not allow you to run any anti-malware programs until the process is terminated somehow, or you purchase the software.
It disables Task Manager too, so you can't end the process. It also disables the System Restore function so I couldn't roll my pc back to an earlier date.
I eventually found and installed a stealthy application (RKill.exe) which stopped the Security Central process, but didn't remove the virus from the pc.
RKill recommended that I then download MalwareBytes Tool to detect and remove the virus.
I didn't have time to sit and wait for a full pc scan (I have a whopping 1000Gb of memory to scan) as I had work to do, but because the virus process was terminated, I was able to roll back my computer by a few days and this seemed to remove the virus.
My question is, is this actually safe, does rolling back actually remove all traces of the virus? Or is it better to use anti-virus applications and anti-malware to remove it?
To me it seems logical that there will still be some entries and traces of the virus left in the registry after a rollback. I mean, data is not really deleted is it? It's just made available for overwriting?
Any thoughts?
PS: For you Simpsons fans, don't watch videos on the "Watch The Simpsons Online" website (wtso.net). Their vids are are virus ridden!
Last edited by [JiF]War Trophy on Wed Feb 03, 2010 2:39 pm, edited 1 time in total.
-
- Forum User
- Posts: 823
- Joined: Thu Apr 19, 2007 6:09 pm
- Location: South Carolina, USA
Re: Kill a virus or a system restore?
From my experience, the roll back should get it.
I would still do the scan when you have time.
You can never be to careful!
I would also get a anti spyware/malware software to prevent this from happening again.
I used to use AVG (paid version) but switched to Vipre, which is both AV and anti spyware
http://www.sunbeltsoftware.com/home-home-office/vipre/
I would still do the scan when you have time.
You can never be to careful!
I would also get a anti spyware/malware software to prevent this from happening again.
I used to use AVG (paid version) but switched to Vipre, which is both AV and anti spyware
http://www.sunbeltsoftware.com/home-home-office/vipre/
- [JiF]major confusion
- Forum User
- Posts: 654
- Joined: Tue Dec 09, 2008 5:09 am
- Location: Grand Rapids, Michigan USA
Re: Kill a virus or a system restore?
I used to use AVG. But it doesn't catch everything. Now I use Avira AntiVir Personal - Free Antivirus.
This software is from Germany and was recommended by an expert in the business. Works for me.
I use it along with Malwarebytes’ Anti-Malware. Also free.
http://www.free-av.com/en/download/index.html
http://www.malwarebytes.org/
This software is from Germany and was recommended by an expert in the business. Works for me.
I use it along with Malwarebytes’ Anti-Malware. Also free.
http://www.free-av.com/en/download/index.html
http://www.malwarebytes.org/
- [JiF]zougathefist
- Forum User
- Posts: 2216
- Joined: Fri Jan 11, 2008 11:20 pm
- Location: Plymouth / Swindon, UK
Re: Kill a virus or a system restore?
WT I would run the Malwarebytes software to be sure, just set it going overnight and lock your PC so no-one can access it
Better safe than sorry
Better safe than sorry
- Gnome-father
- Forum User
- Posts: 521
- Joined: Mon Dec 28, 2009 2:05 pm
- Location: Norway, Bødalen
Re: Kill a virus or a system restore?
a little tip that may work when infected by a trojan: disconnect from the internett(the best way is doing it "mentaly". then ask a friend to download a anti-trojan. install it, run it and voila. the trojan should be removed. btw, i use the avira. none viruses have infected my computer anymore
Re: Kill a virus or a system restore?
WT I got my browser hijacked by something similar last week and I tried sys restore - it didnt work.
I finally went in and disabled addons in the browser and then in find/remove programs, found a new searchbar installation...that was a give away from prior experience a few years back with a hijaker and suprisingly simple to uninstall and remove. I can't remember the details but I think I also had to run msconfig and manually unckeck various suspicious looking startup programms and prevent certail dll's from loading on startup. The browser jackers have this triad of pesky ways to keep "restoring itself" if one or 2 of the others are gone by looking and recreating them from their internal code. That was a really nasty one too! (persistant). IE: the idea behind the "triad" is based off of our nuke "defense" triad idea, if our bombers and missles are taken out, then we have subs yet and around robin it goes. So if the virus maker does a triad(or quad using a hidden exe and the registry) then it detects that one or more of the others have been taken out and fires off its payload and re-creates the others. Actually brilliant programming when you think about it. I'm sure Shell-Shocked can explain it better than I as he's got more years in as a developer than I
Make sense?
Gib
I finally went in and disabled addons in the browser and then in find/remove programs, found a new searchbar installation...that was a give away from prior experience a few years back with a hijaker and suprisingly simple to uninstall and remove. I can't remember the details but I think I also had to run msconfig and manually unckeck various suspicious looking startup programms and prevent certail dll's from loading on startup. The browser jackers have this triad of pesky ways to keep "restoring itself" if one or 2 of the others are gone by looking and recreating them from their internal code. That was a really nasty one too! (persistant). IE: the idea behind the "triad" is based off of our nuke "defense" triad idea, if our bombers and missles are taken out, then we have subs yet and around robin it goes. So if the virus maker does a triad(or quad using a hidden exe and the registry) then it detects that one or more of the others have been taken out and fires off its payload and re-creates the others. Actually brilliant programming when you think about it. I'm sure Shell-Shocked can explain it better than I as he's got more years in as a developer than I
Make sense?
Gib
- Gnome-father
- Forum User
- Posts: 521
- Joined: Mon Dec 28, 2009 2:05 pm
- Location: Norway, Bødalen
Re: Kill a virus or a system restore?
btw, i had something like this on my computer, but it was manualy downloaded. disc cleaner was a software i wantet to compare with crapcleaner. when i downloaded it avira says that a script was detected. denied acces and continued down. installed it and ran it. avira came with another warning but i denied it. disk cleaner found 1 GB of junkfiles! some had the same size as many others. but to delete them you had to purchase the full version/activate it. i clicked activate. avira warned a script but i denied. when i saw the price for activation i said: its not expensive but all those warnings have made this software as a malware? is this fake? and why had many files the same size? i choosed to uinstall the software, but save the screensaver by a unknow reason. maybe i thought that it was nice and usefull?
- [JiF]FrenchAfroman
- Forum User
- Posts: 1337
- Joined: Sun Mar 16, 2008 2:26 pm
- Location: Berlin, Germany and Dover, Delaware
Re: Kill a virus or a system restore?
i use Avira AntiVir Premium Security Suite just, i pay for it so i get a lil more then the free version. its very good had almost no problem since using it.
If we make prisons a living hell for them, then we might just be sending out devils once they are released. Cruel methods to achieve discipline are a thing of the past! So, keep on dancing! Byron F. Garcia.
- [JiF]BloodGod
- Forum User
- Posts: 348
- Joined: Sat Mar 15, 2008 7:38 pm
- Location: Indianapolis IN
- Contact:
Re: Kill a virus or a system restore?
I use Trend and have never had a problem for 3 years now. Yes the roll back should have done the trick.
- [JiF]War Trophy
- Forum User
- Posts: 698
- Joined: Wed Jan 23, 2008 5:30 pm
- Location: South Africa
Re: Kill a virus or a system restore?
The rollback seems to have purged the malware! I've since also done a full system scan with MalwareByte and there was no trace of the worm at all. It picked up some other adware lurking in the registry and did a purge. I'm disappointed that worm slipped past AVG though. The reason I like AVG is because it's a relatively minor hassle to disable it for gaming etc. Thanks for the advice all!
- [JiF] General WarHawk
- Game Admin
- Posts: 281
- Joined: Sat Apr 26, 2008 5:26 am
- Location: Milford, MA
- Contact:
Re: Kill a virus or a system restore?
I find Malwarebytes to do a very good job. But no Anti-virus software is ever going to catch every single bug. I used to use Norton, which was buggy on it's own, though there are others who swear by it. I use AVG, but have to disable it to let games run properly. McAffee is okay too, as is TrendMicro, which is fairly comprehensive.
I'm a man, but I can change, if I have to, I guess.
- [JiF]Trogdor
- Forum User
- Posts: 115
- Joined: Mon Feb 16, 2009 4:31 am
- Location: Charleston, SC
Re: Kill a virus or a system restore?
Anyone ever use Avast? It seems to be less well-known, but I always liked how unobtrusive it seemed to be and never had any issues with virii and the like.
Last edited by [JiF]Trogdor on Sat Feb 06, 2010 5:34 pm, edited 1 time in total.