Oh bugger it! Some git has managed to knacker my desktop pc :(

[PsYcHe]

You can just copy the VM with ETKA elsewhere if you have space.. Use the Files & Settings wizard as it should be safe.

[Adrian E]

I'm seriously contemplating buying a new hdd as the current one is 1TB and is about 2/3 full. At least then I wouldn't need to reformat it till I'm sure I've got everything I need off it, then I can use it for internal backup or storage.

Quite tempted by a small 60GB SSD for the OS and other software I use regularly - could easily mirror it to another HDD in case it fails. Checked and on my laptop Windows takes about 20GB plus about 12GB for the contents of both program files folders.....

Need to speak to the bank manager before I do anything else though

[ainarssems]

Another solution is to do in place Windows upgrade. You will need retail Windows installation disc with the same or newer Windows version.

Before that I would recommend to run full antivirus scan with several antivirus programs from uncompromised up to date installation either by transferring hdd to another computer or by installing a fresh copy of Windows on spare hdd with compromised hdd disconnected while installing window, antivirus and bringing it up to date.

[HPsauce]

Quote:

Originally Posted by Adrian E

Its been cleaned of the infection

How?
At the very least you need to take the hard disk out and scan it while slaved to a known clean system, using every deep anti-malware tool you can lay your hands on.

[briang9]

Adrian, before you try anything else, have a look at Kaspersky Rescue usb, best Google it, I'm not at home and I have it on a stick at homeand on my home PC, basically its a very deep cleaner which you download onto a USB stick and then boot your PC from that and it cleans up everything, it is wonderful and I have used it a number of times when nothing else would work.

http://support.kaspersky.com/8092



cheers

[Adrian E]

It's had RKill run on it which finds rootkits etc and shuts the processes down when running in Safe mode. It's then had full scans with Malwarebytes run through it a couple of times, AVG antivirus too, then Windows System File checker (system32\services.exe was pulled up as infected but couldn't be repaired by Malwarebytes or AVG) which replaced that file.

Wasn't impressed by AVG so removed that and replaced by Avast which found a load of historic Java vulnerabilities (probably ones long since patched) but otherwise clean - that's doing full system scans and a DOS based boot scan as well.

The issue I have now is that the virus has disabled and/or deleted various system processes including Background Intelligent Transfer Service which means windows update refuses to run.

RKill originally pulled up these disabled services:

BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

Haven't run it since realising what this means but I'm mid-repair with someone on Malwarebytes forum. I'm not using it now anyway - it's not connected to the internet either

ETA - it will get rebuilt in any case so my intention is to get it as robust as I can so I minimise the risk of transferring dodgy files to a clean install. Will disconnect the HDD when I do the clean install on another HDD, whether I go SSD or not

[notorious]

Mac ?

[mannyo]

99% of these fake antivirus solutions are easily repaired. I have done loads for staff members at work and have never failed to completely remove one. They are actually very simple to remove, you just need to know where to look and have the right tools.

I do IT support for a large multinational company, and very rarely have I found anything I have been unable to completely remove.

[Adrian E]

Quote:

Originally Posted by notorious

Mac ?

Perhaps if the money tree in my back garden ever sprouted I'd be in a position to consider it - this PC was bought new in 2010 for £700 which wouldn't even buy you half a Mac worth bothering with, unfortunately.

Quote:

Originally Posted by mannyo

99% of these fake antivirus solutions are easily repaired. I have done loads for staff members at work and have never failed to completely remove one. They are actually very simple to remove, you just need to know where to look and have the right tools.

I do IT support for a large multinational company, and very rarely have I found anything I have been unable to completely remove.

This one's pretty nasty and has only been doing the rounds since last month. It's a generic issue with Trojans that you can't be entirely sure the cleaned PC hasn't been left with a bit of code somewhere that allows it to be accessed at a later date, or a keylogger accessed. It's changed enough system files to worry about the ones it's not picking up....

Going to try and ID a decent SSD today and get that ordered - probably a 2TB HDD as well for storage. The WD Green drive in it isn't great - takes an age to fire up due to the energy saving features - so looking at a Black replacement which has longer warranty (5 years)

What's recommendation for a suite of security stuff (preferably free but don't mind paying a bit if it's worth it) for a PC? I've always used AVG/Malwarebytes/CCleaner to keep it clutter and virus free. Have now swapped to Avast as it gets a better write up than AVG but I'm concious that's only covering the basics. Still using Windows firewall and Defender at the moment.

I don't do p-2-p filesharing so not too worried about that side of things

[The_Laird]