|
This morning my computer got struck by a virus. I spent about four hours fighting the damned thing. It was two viruses rolled into one, actually: a one-two punch consisting of the Windows 2012 Security Alert malware and the ping.exe virus.
![[image loading]](http://i.imgur.com/GxgTi.jpg)
Artist's rendition of what actually transpired inside the computer.
The Windows 2012 Security Alert thing was pretty easy to get rid of. I googled around and found the guide at
http://www.bleepingcomputer.com/virus-removal/remove-win-7-security-2012
Followed the instructions, killed the thing, rebooted my computer.
But wait, there's more! Fucking strange-assed popups, firefox redirects for no reason. In the good old days, when I got malware I would do a windows-F, search for all executable files created in the past two days or so, delete the files with strange names by strange companies (mircosoft, anyone?), and went on my merry way. This time however that didn't work. This was a smart virus. PING.EXE in all caps on the windows task manager. Couldn't end process or delete, and under properties it said the program was made by Microsoft with correct spelling and punctuation and everything. Malwarebytes, the program that removed the Windows 7 Security 2012 malware, couldn't detect anything wrong with PING.EXE.
I looked around some more on the internet but there was no easy to find universal solution for the damned thing. Some of the big tech forums wanted you to install programs just to create log files to paste on their forums so they can tell you what to do specifically for the system. Of course, being the seasoned virus buster, I couldn't be bothered (I'm actually a dumbass). I looked around for some other solutions. There are some shady assed sites out there with really weird walkthroughs on how to remove the virus. One walkthrough suggests letting the virus run its course and clicking "Scan" to let the bogus malware scan my computer because it would somehow "fool" the virus or w/e. There was also a powerful program called "Combofix" that could allegedly delete essential files on your computer if you didn't know what you were doing, and I didn't want to mess with that.
The solution that worked was downloading Avast anti-virus directly to my phone (using it as a USB drive of sorts) as well as WisePCDoctor (which itself sounds kind of shady). Installed the programs off the phone, did full scan + reboot scan to kill the virus. Which also killed my computer because it kept failing to boot after the scans completed (lol). System repair was also unable to fix the problem.
In the end I was able to do a system restore to yesterday morning, this seems to fix everything. PING.EXE isn't appearing on the task manager. I'm still not sure if it was Avast that killed the virus or if I could have just done a system restore from the start and solved the problem immediately.
TL;DR
Be fucking careful online, getting a virus isn't worth it. Also don't be cocky in thinking you can get rid of the virus easily. That shit can wreck your computer.
 
|
fighting the life virus was the most retarded ass boss fight -_-;
|
oh man i had a friends comp get Ping.exe combined with tons of other crap - they have no virus protection. Spend hours on that one, never saw ping.exe like that before.
Programs i used, the one that killed Ping.exe is the last one on this list.
Spybot search and destroy
Malewarebytes
TDSSkiller
Kaspersky Virus Removal Tool
Last two are free at
http://support.kaspersky.com/viruses/utility
Hope this helps anyone else with this problem. What a pain! i feel for yeah. Kill it in processes over and over and over and over asap to have the cpu power to actually run this stuff too. =o Glad you got it working!
|
Haha good job man!!! Thank god i never have gotten anything to bad on any of my computers(knock on wood now plz). I like the pic lol, doing some big damage there : )
|
Sucks ;(
I learned a while ago that the best way to remove a virus, was to format.
|
Oh wow, good job finally getting rid of the thing! Once my laptop got this massive virus and I couldn't figure it out so I took it to get fixed. The guy downloaded combofix on it actually he even said "This program is extremely powerful, only use it as a last resort!"
I'm afraid to even open it haha.
|
|
|
I try not to get viruses because i do not know how to fight them lol...At least you computer let you go online one time i got a virus that didn't let me even use the net. My uncle just wiped the computer and called me a dumbass.
|
sounds like you might have just booted into safe mode and killed it. worst comes to worst, a live boot disc and kill it from there
(point being to kill it when it's not loaded)
|
Yeah, the entire time I was thinking "what would r1ch do" 
On December 10 2011 07:52 DreamChaser wrote:
I try not to get viruses because i do not know how to fight them lol...At least you computer let you go online one time i got a virus that didn't let me even use the net. My uncle just wiped the computer and called me a dumbass.
True, a lot of luck was involved. I think a good solution would be to dual-boot Ubuntu on the machine (which I did with my last laptop) so I could basically have two computers on the same computer in case something fucks up irreparably on the Windows OS.
On December 10 2011 07:58 LaSt)ChAnCe wrote:
sounds like you might have just booted into safe mode and killed it. worst comes to worst, a live boot disc and kill it from there
(point being to kill it when it's not loaded)
I actually did boot into safe mode, it seemed like (I'm not extremely computer savvy) certain aspects of the virus were still activated. An interesting thing that happened which I forgot to mention was that the first time I booted into safe mode the computer mysteriously restarted all by itself into normal mode, except certain functions such as Task Manager and Explorer.exe were disabled/faulty. I suspected this was actually a design on part of the virus and rebooted back into safe mode, which made Task Manager and Explorer.exe functional again. That made me tread even more carefully than before.
|
I use most of the precautions that R1CH mentioned in his post. If I ever do get a virus anyway, I just reformat. It takes a couple hours either way so I might as well make sure I get everything.
|
As a computer technician this is my usual course of action:
1) Safe mode - install and update malwarebytes, do a full scan
- if .exe files are being blocked, use the Tools > Folder options > View > untick 'hide extentions for known file types', then change the .exe to .com. Go to your program files > malwarebytes - antimalware folder, then rename mbam.exe to mbam.com to open it if this is the case
- alternative: there's a registry fix that restores your .exe pathing to a normal state
- if you cannot go on the internet since the virus blocking you, open command prompt under administrator privileges (if vista/7, xp no need) and type in 'netsh winsock reset' and restart your computer
2) Normal mode - run another full scan of malwarebytes, and run a full scan on each user account.
3) Rip out hard drive and do a virus scan on a second computer (if I suspect actual virus infection)
4) Install some anti virus software (eg: AVG/Avast/Avira etc)
|
Why not just do a system recovery (to a previous state), then use anti-virus to scan the whole hard disk (work 95%)
If problem not solved, reinstall windows (work 100%)
|
I used to have a dual boot vista/XP, I got a virus once through entirely my own fault and luckily could boot off the other partition and sort things out.
Might consider having a dual boot on all my future PCs precisely for this reason, even though *touch wood* I hardly ever get viruses.
|
On December 10 2011 08:11 Zariel wrote:
4) Install some anti virus software (eg: AVG/Avast/Avira etc)
AVG? No way. Microsoft Security Essentials should be mentioned. Honestly, it's the best free anti-virus out there ^^ Not too sure of Avast and Avira though, never tried them.
|
On December 10 2011 08:07 Durak wrote:
I use most of the precautions that R1CH mentioned in his post. If I ever do get a virus anyway, I just reformat. It takes a couple hours either way so I might as well make sure I get everything.
Yup, reformatting is really nice anyway. It's like you just got a new computer
|
I had the same problem.. I also had NOD32 installed and it didn't do shit. Gonna pick up another anti virus instead..
|
Kaspersky is pretty much the strongest Antivir I ever saw. It's pretty awesome but can slow down your computer quite a bit.
|
I got the same virus and from the looks of Day[9]'s earlier tweet he did as well.
I just cleaned out an absolutely brilliant virus that pretends to be Microsoft Security Essentials. Anyone else had this? It's SO clever!
Seems strange that so many people are getting it and recently too..
|
On December 10 2011 10:37 Terrakin wrote:I got the same virus and from the looks of Day[9]'s earlier tweet he did as well. Show nested quote +I just cleaned out an absolutely brilliant virus that pretends to be Microsoft Security Essentials. Anyone else had this? It's SO clever! Seems strange that so many people are getting it and recently too..
Two days ago, I had to kill this same virus (Home Security 2012 fake AV into ping.exe) using the malwarebytes / tdsskiller / kapersky rootkit killer combo.
It popped up while I was browsing TL.net O_o did anybody else have it happen here?
|
|
|
|
|
|
EPT
