Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Scan Ruined My Computer?


  • Please log in to reply
5 replies to this topic

#1 Derekle560

Derekle560

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 02 August 2011 - 12:44 AM

I use a Windows XP PC.I recently scanned earlier in safemode with Eset Smart Installer file that was recommend by someone on this site for an earlier problem. The scan completed (this is the first time I used this program) and then it came out with around 8000 infected files and it got rid of them/deleted them immediately. Now, I tried restarting my computer but nothing happened, and nothing froze but it just never responded. Another thing is that task manager wouldn't open up and when notepad opened, it gave the message "NOTEPAD.EXE has encountered a problem and needs to close." After having to shut off the power (which is bad I suppose), it lead me through the normal start up process, but then it had a black screen with a window to log me in my account; this isn't which isn't normal. Lastly, I got some warning or message that said something was missing. I didn't think about writing what happened down at the moment but it said something like "R-something file was missing" or some sort.



Any ideas what happened to my computer and how to fix it? Any help at all would very much be appreciated.

Edited by Derekle560, 02 August 2011 - 01:36 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:33 AM

Posted 02 August 2011 - 08:03 AM

From what you describe it appears you are dealing with a dangerous polymorphic file infector which Eset attempted to remove. Since many of the affected files are critical files required by the operating system, deletion is not a viable option since doing so often removes those which are used in the bootup process of a computer. That most likely explains why you are getting notifications about missing files.

File infectors primarily infect program executable files (those with .exe, scr, or .dll extensions) and script files (those with .asp, .htm, .html, .php extensions). They are classified as Parasitic (infects executable, scripts), Overwriting (replaces the code in an infected file with its own) and Companion (infected code is stored in a companion file instead of the host). This type of malware infection is known for injecting code into legitimate critical system files required for the boot up process. In most cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable, unbootable and irreparable.

Since file infectors are not effectively disinfectable and there is no guarantee the infection can be completely removed, the best option is to perform a full reformat and reinstall the operating system. Even many anti-virus vendors admit that some malicious programs like file infectors cannot be properly disinfected by their products.

File infectors are not on the top of their popularity nowadays (there’s not a wide variety of them ITW, but the few active – such as Sality or Virut – are difficult to defeat). One reason is the frequency of their updates and the complexity of their polymorphism, another reason is the fact, that these viruses are not perfectly tuned. If the file infector should be successful (and transparent to the normal system behavior), it simply should not produce corrupted files (the process crashes will quickly point out what’s going on). I will show you some examples of bugs in file infectors (below in this article). The problem is that these bugs often make the infected binaries uncurable...

avast: Buggy file infectors

...You can see some tools claiming they’re able to clean even the most complex infections, but believe me, there’s no guarantee to restore the system to its original state. A cleaned file (in my opinion) means a file that has no malicious functionality and does not contain any (even inactive) traces of the infection. My daily practice offers me many files cleaned from the Virut infection with some 3rd party tools, but they still contain significant parts of the infection and are thus detected by our engine....

avast: File infectors – part 2

...it is quite interesting to look at modern day polymorphic viruses and whether their propensity to junk files is wholly by accident or whether there is the occassional element of intent involved...a mass infection that leaves behind a large number of irreparably corrupt files can still be very damaging. Some members of the Virut/Vetor family will randomly choose not to leave an infection marker after infection. This leaves the way open to multiple infections (more headaches for anti virus companies) but also increases the chances that the end file will be corrupt...

Sophos: To Junk Or Not To Junk

...In many cases, files cannot simply be deleted as this would affect the stability or even basic functionality of the operating system and other software. Instead, the infected host program must be disinfected by removing the virus code from it and by carefully restoring the original contents and file structure if possible. This means detection and removal are still an issue for antivirus software....

Avira: Cleaning polymorphic infected files

...for infected users we have to offer no hope - fdisk - format and re-install is the only solution open to them...

avast: a file infector and why we cannot give false hope!

...it injects its code into running processes...The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files...unfortunately, some infections are corrupted beyond repair.

McAfee: polymorphic infector

The suggestions in this article are not intended to 100% guarantee removal of all threats...The file infector employs a technique to make sure its corrupted .DLL format will replace the targeted extensions found within the system. When the computer is rebooted it incidentally boots the infected file and continues its advancement throughout the system...

Norton (Symantec): File infector

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files...it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. Undetected, corrupted files (possibly still containing part of the viral code) can also be found. This is caused by incorrectly written and non-function viral code present in these files.

AVG: polymorphic infector

...you can try via rescue cd, or slave mounted hard drive. but there's no guarantee that some files won't get corrupted through the disinfection process.

Kaspersky: file infector

That's why most security experts say the best course of action is to wipe the drive clean, reformat and reinstall the OS.

If I guide someone with Virut (or any other File Infector) present and their Antivirus cannot properly disinfect it, then I recommend a format and reinstall...dealing with such infections is a waste of time and that's why I prefer the fastest and safest solution - which is a format and reinstall...After all, I think it would be irresponsible to let the malware "stew" (download/spread/run more malware) for another couple of days/weeks if you already know it's a lost case.

miekiemoes' Blog: Virut and other File infectors - Throwing in the Towel?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Derekle560

Derekle560
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 02 August 2011 - 11:45 PM

Thanks for replying. Is system restore an option I can take?

Edited by Derekle560, 02 August 2011 - 11:48 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:33 AM

Posted 03 August 2011 - 07:52 AM

Without being able to confirm the infection or what files were involved, I can only go by what you describe, so you can always give it a try.

Can I use System Restore to remove virus or malware infection?

NO. System Restore was not designed to be a virus or spyware removal tool and should not be depended on.


What's Restored when using System Restore and What's Not
Understanding System Restore
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Derekle560

Derekle560
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 04 August 2011 - 11:48 PM

Ok well my computer was honestly working a lot better before this. Also I don't seem to have the disk that would help me reinstall the OS. Does this mean I have no way of reformatting my computer completely?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:33 AM

Posted 05 August 2011 - 10:43 AM

If you're using an IBM, Sony, HP, Compaq, Toshiba, Gateway, Dell or other manufacturer built computer, you may not have an original CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. Please read Technology Advisory Recovery Media.

If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead. If you lost or misplaced your recover disks, again you can contact and advise the manufacturer. In many cases they will send replacements as part of their support.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users