windows 8 - Suspected Malware: Computer turning off all forms of virus protection automatically
2014-07
I'm running windows 8.1 and very recently I got error messages saying that I had no virus protection on. I had windows firewall, avg free and spybot search and destroy running. All were turned off and I cannot turn them back on. I scanned my computer with Malwarebytes but yielded no results. Does anyone suspect a particular malware or know what I should try next?
Hitman pro has a kickstarter kit you can install to a USB stick (will clear the content of the USB stick upon installation, so backup or use empty) which will boot into a save windows environment to elimiate any virusses or spyware. Because hitman is the first thing that loads, virussus can't shut it down. An active internet connection is required, but that should not be any problem.
Possible Duplicate:
What to do if my computer is infected by a virus or a malware?
I have a computer which had AVG Free installed from day one. After several months of operation, it starts detecting viruses and trojans all the time.
Besides running a full scan, what should I do to clean the computer? Should I install another anti-virus or anti-malware tool (can it help?), or once viruses infect a system the only real solution is a clean format?
(Lately I've heard of viruses that burn themselves in the BIOS, so a clean format might not always work ... how common is this technique? Should I burn a fresh BIOS as well?)
once viruses infect a system the only real solution is a clean format
This. Once your system is infected, you cannot trust any program it's running not to be interfered with by the virus - including all antivirus software. Theoretically, you could boot an antivirus system from CD, but even then, you can't be sure that the virus hasn't hidden a copy of itself deep in some executable from where it can reinfect the system.
Lately I've heard of viruses that burn themselves in the BIOS, so a clean format might not always work ... how common is this technique? Should I burn a fresh BIOS as well?
Pointless, since you'd be doing so while a hypothetical BIOS-resident virus is running. The only way to be certain would be to remove the BIOS flash chip and rewrite it using dedicated flashing hardware.
But I think BIOS-resident viruses have so far occurred only as proof-of-concept implementations and not been spotted "in the wild". It sounds nasty but is not actually very attractive to virus writers, since it would have to deal with (at least) dozens of different motherboard families, each with its own proprietary BIOS flashing protocol.
To avoid reinstalling, simply pull your infected hard disk and disinfect it from another (known clean) PC, attaching it either with a USB/IDE/SATA converter or directly on the IDE or SATA as a second drive.
This absolutely prevents the virus from defending itself, since it isn't running anything on the new host computer. Be sure to avoid auto-run if using a USB adapter.
I've had complete success with this method with several computers. As for the BIOS virus, I'll believe it when I see it.
I agree with Michael's answer -- clean install is the only way that really makes sense.
On a side note, don't install more than one antivirus. They have to dig deep into the operating system and they usually don't play very well with each other.
In couple of cases I have successfully cleaned up my computer from viruses with the help of Sysinternals' "Autorun", and a good anti-virus software.
On the following pages you can find comparisons of anti-virus software:
http://www.freewaregenius.com/2009/04/07/the-best-free-antivirus-a-comparison/
http://www.sunbelt-software.com/ihs/alex/Results_2D2008m3b_US.htm
http://virusinfo.info/index.php?page=testseng
Basically, Avira, Avast, and AVG tops the charts, and the free versions are as competent as the priced versions.
Method: A
1) Change you AV(anti-virus) to Avast, Avira or some paid variant (Kapersky). Download you AV of choice before hand and put it on some media if possible.
2) Before formatting C:\ or whatever drive you XP resides on , you might want to consider the following: do you have any wedding pictures or music files that are important and need to be backed up to some external HD?
4) If so, back them up first, and then scan the external HD to make sure there is nothing on it, after backing up all the important stuff.
5) Make sure you have access to all the drivers(sound, video, etc) via online or some CD on hand, cause you will need to re-install a majority of them if XP does not pick some of them up.
6) Backup this file: wpa.dbl found in C:\windows\system32 . Wpa.dbl allows you to not have to activate your XP again or have issues activating XP, since you already did it, you just copy this file back into the same folder after re-install.
Method: B (lazyman/I don't want to formact C:\ but have some time on my hands):
1) Physically remove the HD from the infected computer, and change the jumper settings to slave.
2) Install in a working PC, preferably one that is not infected with viruses or a Linux or Unix box and mount infected drive.
3) Use a ton of standalone scanning tools for both malware and viruses to scan the infected HD.
4) When this is done, switch over to some online tools and do the same thing, scan for malware and viruses.
[Disclaimer: complete list of some tools I use for this are furnished upon request.]