windows 8 - Suspected Malware: Computer turning off all forms of virus protection automatically

08
2014-07
  • Alex

    I'm running windows 8.1 and very recently I got error messages saying that I had no virus protection on. I had windows firewall, avg free and spybot search and destroy running. All were turned off and I cannot turn them back on. I scanned my computer with Malwarebytes but yielded no results. Does anyone suspect a particular malware or know what I should try next?

    • Answers
  • LPChip

    Hitman pro has a kickstarter kit you can install to a USB stick (will clear the content of the USB stick upon installation, so backup or use empty) which will boot into a save windows environment to elimiate any virusses or spyware. Because hitman is the first thing that loads, virussus can't shut it down. An active internet connection is required, but that should not be any problem.


    • Related Question

    anti virus - Clean up infected computer from viruses
  • ripper234

    Possible Duplicate:
    What to do if my computer is infected by a virus or a malware?

    I have a computer which had AVG Free installed from day one. After several months of operation, it starts detecting viruses and trojans all the time.

    Besides running a full scan, what should I do to clean the computer? Should I install another anti-virus or anti-malware tool (can it help?), or once viruses infect a system the only real solution is a clean format?

    (Lately I've heard of viruses that burn themselves in the BIOS, so a clean format might not always work ... how common is this technique? Should I burn a fresh BIOS as well?)


    • Related Answers
  • Michael Borgwardt

    once viruses infect a system the only real solution is a clean format

    This. Once your system is infected, you cannot trust any program it's running not to be interfered with by the virus - including all antivirus software. Theoretically, you could boot an antivirus system from CD, but even then, you can't be sure that the virus hasn't hidden a copy of itself deep in some executable from where it can reinfect the system.

    Lately I've heard of viruses that burn themselves in the BIOS, so a clean format might not always work ... how common is this technique? Should I burn a fresh BIOS as well?

    Pointless, since you'd be doing so while a hypothetical BIOS-resident virus is running. The only way to be certain would be to remove the BIOS flash chip and rewrite it using dedicated flashing hardware.

    But I think BIOS-resident viruses have so far occurred only as proof-of-concept implementations and not been spotted "in the wild". It sounds nasty but is not actually very attractive to virus writers, since it would have to deal with (at least) dozens of different motherboard families, each with its own proprietary BIOS flashing protocol.

  • kmarsh

    To avoid reinstalling, simply pull your infected hard disk and disinfect it from another (known clean) PC, attaching it either with a USB/IDE/SATA converter or directly on the IDE or SATA as a second drive.

    This absolutely prevents the virus from defending itself, since it isn't running anything on the new host computer. Be sure to avoid auto-run if using a USB adapter.

    I've had complete success with this method with several computers. As for the BIOS virus, I'll believe it when I see it.

  • Tomas Sedovic

    I agree with Michael's answer -- clean install is the only way that really makes sense.

    On a side note, don't install more than one antivirus. They have to dig deep into the operating system and they usually don't play very well with each other.

  • TFM

    In couple of cases I have successfully cleaned up my computer from viruses with the help of Sysinternals' "Autorun", and a good anti-virus software.

    On the following pages you can find comparisons of anti-virus software:

    http://www.freewaregenius.com/2009/04/07/the-best-free-antivirus-a-comparison/

    http://www.sunbelt-software.com/ihs/alex/Results_2D2008m3b_US.htm

    http://virusinfo.info/index.php?page=testseng

    Basically, Avira, Avast, and AVG tops the charts, and the free versions are as competent as the priced versions.

  • lesmana 
    Method: A

    1) Change you AV(anti-virus) to Avast, Avira or some paid variant (Kapersky). Download you AV of choice before hand and put it on some media if possible.

    2) Before formatting C:\ or whatever drive you XP resides on , you might want to consider the following: do you have any wedding pictures or music files that are important and need to be backed up to some external HD?

    4) If so, back them up first, and then scan the external HD to make sure there is nothing on it, after backing up all the important stuff.

    5) Make sure you have access to all the drivers(sound, video, etc) via online or some CD on hand, cause you will need to re-install a majority of them if XP does not pick some of them up.

    6) Backup this file: wpa.dbl found in C:\windows\system32 . Wpa.dbl allows you to not have to activate your XP again or have issues activating XP, since you already did it, you just copy this file back into the same folder after re-install.

    Method: B (lazyman/I don't want to formact C:\ but have some time on my hands):

    1) Physically remove the HD from the infected computer, and change the jumper settings to slave.

    2) Install in a working PC, preferably one that is not infected with viruses or a Linux or Unix box and mount infected drive.

    3) Use a ton of standalone scanning tools for both malware and viruses to scan the infected HD.

    4) When this is done, switch over to some online tools and do the same thing, scan for malware and viruses.

    [Disclaimer: complete list of some tools I use for this are furnished upon request.]