|
This morning my computer got struck by a virus. I spent about four hours fighting the damned thing. It was two viruses rolled into one, actually: a one-two punch consisting of the Windows 2012 Security Alert malware and the ping.exe virus.
![[image loading]](http://i.imgur.com/GxgTi.jpg)
Artist's rendition of what actually transpired inside the computer.
The Windows 2012 Security Alert thing was pretty easy to get rid of. I googled around and found the guide at
http://www.bleepingcomputer.com/virus-removal/remove-win-7-security-2012
Followed the instructions, killed the thing, rebooted my computer.
But wait, there's more! Fucking strange-assed popups, firefox redirects for no reason. In the good old days, when I got malware I would do a windows-F, search for all executable files created in the past two days or so, delete the files with strange names by strange companies (mircosoft, anyone?), and went on my merry way. This time however that didn't work. This was a smart virus. PING.EXE in all caps on the windows task manager. Couldn't end process or delete, and under properties it said the program was made by Microsoft with correct spelling and punctuation and everything. Malwarebytes, the program that removed the Windows 7 Security 2012 malware, couldn't detect anything wrong with PING.EXE.
I looked around some more on the internet but there was no easy to find universal solution for the damned thing. Some of the big tech forums wanted you to install programs just to create log files to paste on their forums so they can tell you what to do specifically for the system. Of course, being the seasoned virus buster, I couldn't be bothered (I'm actually a dumbass). I looked around for some other solutions. There are some shady assed sites out there with really weird walkthroughs on how to remove the virus. One walkthrough suggests letting the virus run its course and clicking "Scan" to let the bogus malware scan my computer because it would somehow "fool" the virus or w/e. There was also a powerful program called "Combofix" that could allegedly delete essential files on your computer if you didn't know what you were doing, and I didn't want to mess with that.
The solution that worked was downloading Avast anti-virus directly to my phone (using it as a USB drive of sorts) as well as WisePCDoctor (which itself sounds kind of shady). Installed the programs off the phone, did full scan + reboot scan to kill the virus. Which also killed my computer because it kept failing to boot after the scans completed (lol). System repair was also unable to fix the problem.
In the end I was able to do a system restore to yesterday morning, this seems to fix everything. PING.EXE isn't appearing on the task manager. I'm still not sure if it was Avast that killed the virus or if I could have just done a system restore from the start and solved the problem immediately.
TL;DR
Be fucking careful online, getting a virus isn't worth it. Also don't be cocky in thinking you can get rid of the virus easily. That shit can wreck your computer.
 
|
fighting the life virus was the most retarded ass boss fight -_-;
|
oh man i had a friends comp get Ping.exe combined with tons of other crap - they have no virus protection. Spend hours on that one, never saw ping.exe like that before.
Programs i used, the one that killed Ping.exe is the last one on this list.
Spybot search and destroy
Malewarebytes
TDSSkiller
Kaspersky Virus Removal Tool
Last two are free at
http://support.kaspersky.com/viruses/utility
Hope this helps anyone else with this problem. What a pain! i feel for yeah. Kill it in processes over and over and over and over asap to have the cpu power to actually run this stuff too. =o Glad you got it working!
|
Haha good job man!!! Thank god i never have gotten anything to bad on any of my computers(knock on wood now plz). I like the pic lol, doing some big damage there : )
|
Sucks ;(
I learned a while ago that the best way to remove a virus, was to format.
|
Oh wow, good job finally getting rid of the thing! Once my laptop got this massive virus and I couldn't figure it out so I took it to get fixed. The guy downloaded combofix on it actually he even said "This program is extremely powerful, only use it as a last resort!"
I'm afraid to even open it haha.
|
|
|
I try not to get viruses because i do not know how to fight them lol...At least you computer let you go online one time i got a virus that didn't let me even use the net. My uncle just wiped the computer and called me a dumbass.
|
sounds like you might have just booted into safe mode and killed it. worst comes to worst, a live boot disc and kill it from there
(point being to kill it when it's not loaded)
|
Yeah, the entire time I was thinking "what would r1ch do" 
On December 10 2011 07:52 DreamChaser wrote:
I try not to get viruses because i do not know how to fight them lol...At least you computer let you go online one time i got a virus that didn't let me even use the net. My uncle just wiped the computer and called me a dumbass.
True, a lot of luck was involved. I think a good solution would be to dual-boot Ubuntu on the machine (which I did with my last laptop) so I could basically have two computers on the same computer in case something fucks up irreparably on the Windows OS.
On December 10 2011 07:58 LaSt)ChAnCe wrote:
sounds like you might have just booted into safe mode and killed it. worst comes to worst, a live boot disc and kill it from there
(point being to kill it when it's not loaded)
I actually did boot into safe mode, it seemed like (I'm not extremely computer savvy) certain aspects of the virus were still activated. An interesting thing that happened which I forgot to mention was that the first time I booted into safe mode the computer mysteriously restarted all by itself into normal mode, except certain functions such as Task Manager and Explorer.exe were disabled/faulty. I suspected this was actually a design on part of the virus and rebooted back into safe mode, which made Task Manager and Explorer.exe functional again. That made me tread even more carefully than before.
|
I use most of the precautions that R1CH mentioned in his post. If I ever do get a virus anyway, I just reformat. It takes a couple hours either way so I might as well make sure I get everything.
|
As a computer technician this is my usual course of action:
1) Safe mode - install and update malwarebytes, do a full scan
- if .exe files are being blocked, use the Tools > Folder options > View > untick 'hide extentions for known file types', then change the .exe to .com. Go to your program files > malwarebytes - antimalware folder, then rename mbam.exe to mbam.com to open it if this is the case
- alternative: there's a registry fix that restores your .exe pathing to a normal state
- if you cannot go on the internet since the virus blocking you, open command prompt under administrator privileges (if vista/7, xp no need) and type in 'netsh winsock reset' and restart your computer
2) Normal mode - run another full scan of malwarebytes, and run a full scan on each user account.
3) Rip out hard drive and do a virus scan on a second computer (if I suspect actual virus infection)
4) Install some anti virus software (eg: AVG/Avast/Avira etc)
|
Why not just do a system recovery (to a previous state), then use anti-virus to scan the whole hard disk (work 95%)
If problem not solved, reinstall windows (work 100%)
|
I used to have a dual boot vista/XP, I got a virus once through entirely my own fault and luckily could boot off the other partition and sort things out.
Might consider having a dual boot on all my future PCs precisely for this reason, even though *touch wood* I hardly ever get viruses.
|
On December 10 2011 08:11 Zariel wrote:
4) Install some anti virus software (eg: AVG/Avast/Avira etc)
AVG? No way. Microsoft Security Essentials should be mentioned. Honestly, it's the best free anti-virus out there ^^ Not too sure of Avast and Avira though, never tried them.
|
On December 10 2011 08:07 Durak wrote:
I use most of the precautions that R1CH mentioned in his post. If I ever do get a virus anyway, I just reformat. It takes a couple hours either way so I might as well make sure I get everything.
Yup, reformatting is really nice anyway. It's like you just got a new computer
|
I had the same problem.. I also had NOD32 installed and it didn't do shit. Gonna pick up another anti virus instead..
|
Kaspersky is pretty much the strongest Antivir I ever saw. It's pretty awesome but can slow down your computer quite a bit.
|
I got the same virus and from the looks of Day[9]'s earlier tweet he did as well.
I just cleaned out an absolutely brilliant virus that pretends to be Microsoft Security Essentials. Anyone else had this? It's SO clever!
Seems strange that so many people are getting it and recently too..
|
On December 10 2011 10:37 Terrakin wrote:I got the same virus and from the looks of Day[9]'s earlier tweet he did as well. Show nested quote +I just cleaned out an absolutely brilliant virus that pretends to be Microsoft Security Essentials. Anyone else had this? It's SO clever! Seems strange that so many people are getting it and recently too..
Two days ago, I had to kill this same virus (Home Security 2012 fake AV into ping.exe) using the malwarebytes / tdsskiller / kapersky rootkit killer combo.
It popped up while I was browsing TL.net O_o did anybody else have it happen here?
|
I had that exact same thing before, seeing the PING.exe popping up in my processes was making me mad. I believe I forced a safe mode and then scanned/cleaned my computer, but it was a few months ago so I can't remember exactly.
|
Funny that this blog popped up. I just left school to visit my girlfriends house and, surprise, her dad got this virus. Now I'm being the nice boyfriend and fixing it... These pretend security viruses are just lulsy, and they are getting better and more difficult to remove.
|
Just an update... I got the same virus AGAIN this morning. Apparently the virus also disabled Windows Firewall in a way that couldn't be repaired, and re-installing it would be too complex.
Did a reformat, which ironically took less time than all those anti-virus scanning. Now re-installing a ton of shit, which is a pain in the ass. But at least I can safely take new precautions.
|
On December 11 2011 05:40 Newbistic wrote:
Just an update... I got the same virus AGAIN this morning. Apparently the virus also disabled Windows Firewall in a way that couldn't be repaired, and re-installing it would be too complex.
Did a reformat, which ironically took less time than all those anti-virus scanning. Now re-installing a ton of shit, which is a pain in the ass. But at least I can safely take new precautions.
You should make a Windows XP bootable pendrive. If I ever end up with a virus that is difficult to beat in my actual Windows I can just boot to the pendrive and delete it there. SO much easier than trying to do it from the infected Windows installation.
|
same thing is happening to my computer but i have no idea what to do and i dont have my windows vista disk anymore so i cant reinstall my windows.
|
You can safe-mode boot and delete or do it in command-line before Windows loads. All you really need is HijackThis and Windows Security Essentials.
|
^^You can't, really. Unless you know of a way to repair windows firewall after this virus breaks it. When I was working on a computer that had it, I searched a lot about ways to fix it and came up totally dry.
Seems like you get this thing through your browser, so just make sure you have DEP on for your browser, as well as the Enhanced Mitigation Experience Toolkit on forcing extra security measures for whatever browsers you have installed.
|
On December 17 2011 05:23 Deception-35 wrote:
same thing is happening to my computer but i have no idea what to do and i dont have my windows vista disk anymore so i cant reinstall my windows.
If you bought your computer whole, you probably have a recovery partition somewhere on your computer. Look in the manual that came with your computer to see how to restore your computer to factory condition.
Be sure to back up all important files before you use recovery though. Once you've recovered you can google online, there should be a way to create your own Vista DVD directly from your C drive. I created an XP disc a long time ago for an XP laptop I had.
|
Now I'm scared paranoid. Funnily enough I think I got the virus from a Chinese IP. *Prays to God and hopes it was not you hacking my computer and now your asking how to perfect the virus(*es)...
I hope I can take some of these steps and get rid of this.
I've tried McAffee, Malwarebytes, Spybot S&D, Trend-Micro's botkiller or whatever, TLDRSS (or whatever the name is), and manual searches and manual deletions of files/registries I knew to be malicious. VERY annoying virus!
|
You got me, I sent the virus as part of my new career in cyber crime.
+ Show Spoiler +I actually live in the States
|
I suffered from the same problem. I also had Avg installed but it didn't work. This blog: how to remove ping.exe virus introduced avast antivirus instead.
|
megaman.exe reference? 5/5
|
|
|
|
|
|
EPT
