Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How often do viruses corrupt personal files


  • Please log in to reply
6 replies to this topic

#1 bigbrown411

bigbrown411

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 17 February 2013 - 11:28 PM

A while back, my computer got infected with the FBI Moneypak virus. I
got it cleaned 3-5 days after the virus took place thanks to my college and their Resnet

(They used CCcleaner to remove it). After which, I got a
2 year subscription to Webroot Secure Anywhere anti-virus software. I'm
also being protected my avast and malwarbytes. I've run multiple scans
using all 3 anti-virus programs and each has not found any viruses, but a
few threats (which I eliminated of course). I just wanted to know 3
things:

1) Is it possible for my files to have been affected because of the FBI Moneypak virus?

2) What kind of viruses affect personal files?

3) Is it possible for viruses to not be detected with the amount of
protection I have? I haven't accessed any dangerous websites since the
incident happened. I'm just worried that because I got a virus, my
computer has been permanently affected and I should just go buy a new
one and trash the one I'm using.

 

Also, before the virus had taken place, I wrote down on a notepad the exact size of my personal folders down to the last byte. When I checked the folders after the virus had been cleaned, not a single byte had changed. That alone should tell me that my files have not been tampored with, but I'm still paranoid. Also, during the 3-5 period my laptop had virus, I had my laptop either on safe mode with networking or shut off. The only times when it wasn't off or on safe mode with networking was when I was checking to see if I had cleaned the virus myself using help from forums.



BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:06:40 AM

Posted 18 February 2013 - 03:44 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. welcome.gif
 

A while back, my computer got infected with the FBI Moneypak virus. I

got it cleaned 3-5 days after the virus took place thanks to my college and their Resnet

(They used CCcleaner to remove it). After which, I got a

2 year subscription to Webroot Secure Anywhere anti-virus software. I'm

also being protected my avast and malwarbytes. I've run multiple scans

using all 3 anti-virus programs and each has not found any viruses, but a

few threats (which I eliminated of course).

You should only run one antivirus program at a time. Having mutliple antivirus programs can cause conflicts and reduce your computer security, As you have purchased Webroot I strongly recommend uninstalling avast!, or disabling it and only using it for offline scans.
 
 

1) Is it possible for my files to have been affected because of the FBI Moneypak virus?

There are many variations of this infection. It is often related to the ZeroAccess rootkit. Generally it doesn't modify your files. There are a few nasty versions that encrypt files, with a code that is basically to hard to work out how to break. Given that you are able to use your files it is safe to say your files haven't been encrypted.
 
 

2) What kind of viruses affect personal files?

Some trojans do, and they generally try to patch or replace your files. Polymorphic file infectors are known for infecting particular file types, such as dll and exes.
 

3) Is it possible for viruses to not be detected with the amount of

protection I have? I haven't accessed any dangerous websites since the

incident happened. I'm just worried that because I got a virus, my

computer has been permanently affected and I should just go buy a new

one and trash the one I'm using.

ZeroAccess (often comes with the FBI ransom infection) can give backdoor access to your computer. It is wise to reformat after such an infetcion, just so that you know you can trust your computer 100%. Please see below about running some diagnostic scans. Antivirus programs are great, but they run on a database and so will sometimes miss certain infections.
 
=====
  • Please download DDS by sUBs from one of the following links.  Save it to your Desktop.NOTE:  Before scanning, make sure all other running programs are closed.
    There shouldn't be any scheduled antivirus scans running while the scan is being performed.
    Do not use your computer for anything else during the scan.
  • Double click on the DDS icon and allow it to run.
  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.

Edited by The Dark Knight, 18 February 2013 - 03:45 PM.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:06:40 AM

Posted 22 February 2013 - 04:18 PM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#4 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:06:40 AM

Posted 23 February 2013 - 04:24 PM

Just a side note: I am away until Tuesday.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:06:40 AM

Posted 01 March 2013 - 05:51 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any [ulr=http://www.bleepingcomputer.com/forums/index.php?act=members&max_results=20&filter=9&sort_order=asc&sort_key=members_display_name]Moderator[/url] a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#6 bigbrown411

bigbrown411
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 02 March 2013 - 02:19 PM

Here are the 2 documents from the scan:

Attached Files



#7 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:06:40 AM

Posted 02 March 2013 - 08:11 PM

Good morning bigbrown411,

 

Time to see if there any remnants of ZA.

 

For x32 (x86) bit systems please download the Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems please download the Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


To enter System Recovery Options by using the Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer, find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter.
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users