Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What need to be cleaned first after infection? PC or External devices(Flash,HD)


  • Please log in to reply
2 replies to this topic

#1 helloineedyourhelp

helloineedyourhelp

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 25 April 2017 - 02:27 PM

Hello, Its been over month since Virus/malware infected my pc and caused me a lot of problem such as Not delivering my final project in time (im student using 3d enviorment software).

 

I've tried boot and then boot to bios and yet infection returned. I've noticed only when I purchased external hard disk and ran .exe application which made behavior effect similar to "refresh" and nothing happened. Long story short PC barely preformed and most likely infection disabled gpu(3ds max cant work without and games wont launch).

I've connected to infected PC both study material Flash and later on Boot Flash, and of course lets not forget damn external hard disk.

At some point I asked IT to clean bios and he assured me no virus can survive bios reset. I attached Hard drive and Flash and virus returned.by the way External hard disk been formated before I attached it.

My questions:

So I wonder can it still be in External hard disk/Flash or maybe hacker using IP adress since he already acsessed before.

If its inside External device should I clean first PC or the devices?

 

Is it possible to track the person responsible in case its directed and not random(not saying i know because im not). Lets say through ISP tracking data. Most likely hacker will use proxy so unlikely to trace him, Am I right?

 

One more question,I've noticed inside Router settings that Ipv6 is disabled and Ipv4 is enabled. why is that? I remember I always used 6 and not 4. Does this endanger PC? And how?

 

I'll post my problem in malware section for help. Mean while id be happy to hear some answers to my questions.

If its make any difference virus/malware erases program data,takes away administrative permissions and there is weird folder in appdata/locallow/microsoft called cryptneturlcache, and always install VulkanRT

 



BC AdBot (Login to Remove)

 


#2 helloineedyourhelp

helloineedyourhelp
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 27 April 2017 - 06:41 AM

Anyone? In case i wasnt clea, ask me ill answer.


Edited by helloineedyourhelp, 27 April 2017 - 06:42 AM.


#3 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,244 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:12:25 AM

Posted 01 May 2017 - 01:45 PM

Resetting the BIOS will not clean the virus out. A BIOS reset is usually is done to fix a hardware compatibility issue. This is why you still have the malware.

Please follow the below steps.

 

Download Farbar MiniToolBox and save the file to your desktop.

  1. Open MiniToolBox by right-clicking it and selecting Run as Administrator.

  2. Make sure the following options are checked and then click Go:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change any settings here)

List Users, Partitions and Memory size

List Restore Points

  1. Paste the log file contents into a post.

 

Download Malwarebytes Anti-Malware from the provided link.

  1. Launch MBAM by clicking the .EXE file you downloaded.

  2. Run the installation wizard.

  3. Once complete, open MBAM and click Scan.

  4. Let the scan complete, then make sure all threats are selected and click Quarantine.

  5. Once done, go to History > Logs. Select the most recent Scan Log and paste its contents into a post.

 

 

Download Rkill from one of the below three links. (Use the one that runs on your PC without being blocked).

Link 1

Link 2

Link 3

 

  1. Double-click on the file you downloaded (either rkill.exe, iExplore.exe, or rkill.com) to launch Rkill.

  2. If a black box appears, the program is running correctly. If nothing happens, then try another link.

  3. Let the scan complete, then paste the contents of the text file that pops up at the end into a post.

  4. Important: Do not restart your computer once the scan is done!


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users