Spyware, Viruses, & Security

Question

Recommend Virus removal companies?

by marlieA / March 28, 2012 9:47 AM PDT

I have searched and read through the forum for a full day and can not find any similar queries or answers.

I am looking for recommendations for Online Virus Removal companies. I have read all the solutions here and don't have enough hours in the day to follow all the steps so I'm willing to pay but I don't have confidence in any local computer places to actually get it right.

My son's lap top has contracted win32/sirefef.p and I need to have it removed. This virus is VERY agressive and works very quickly.

Avast caught some of the files but not all and it had already started on the registry and bios so his keyboard is down and internet blocked. (Firefox browser) Avast actually blocked 119 attempts in less than 30 minutes. Only two root kits are in the virus chest though. I found the win 32 file and 2 more rootkits but couldn't remove them so we shut down the computer before any more damage could be done.
We did try to restart in safemode but with the keyboard down we couldn't get far. Windows and Avast were both scanning and found the files and gave direction to quarantine but no keyboard no work.

So if anyone can provide recommendations it would be greatly appreciated.

Thank you in advance.

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: Recommend Virus removal companies?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Recommend Virus removal companies?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
Answer
Just in case.
by R. Proffitt Forum moderator / March 28, 2012 9:56 AM PDT

Did you try Grif's ideas on removal of most pests?

http://forums.cnet.com/7726-6132_102-5098912.html?tag=posts;msg5099421

My thought is when it's that bad I boot up one of the Antivirus CDs and have it work on it.

Here's the list -> http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/


In response to your question. I find most places do more harm than good. That is, they usually wipe out your drive and data in the process.

Are you sure you don't want to backup your files then restore the OS? That will kill it and you can think why it got on the PC and close the loophole. Here's a note about getting the files out.

-> http://www.howtogeek.com/howto/windows-vista/use-ubuntu-live-cd-to-backup-files-from-your-dead-windows-computer/
Bob

Collapse -
Thank you
by marlieA / March 29, 2012 7:37 AM PDT
In reply to: Just in case.

Thank you. I'll check those options out.

I don't have any bootable Anti Virus CD.s but I think I have the OS disks that came with the computer. He has too much crap on there anyway.

I was afraid that was the response I was going to get and that's why I don't trust the locals or Geek squad because I usually know more then they do simply by experience but my time is more valuable and if I can pay some one who REALLY KNOWS what they are doing then I'm happy. Otherwise it usually costs me more time and money in the end hence the question here.

We know exactly were the virus came from. Mediafire! Wicked polluted with garbage. My son plays minecraft and was downloading texture pack and boom! He was running free Avast and the actual program need an update as the virus defs are constantly updated so being 12 he ignored the notice. Learned his lesson early, I hope!

Collapse -
Sorry to repeat this.
by R. Proffitt Forum moderator / March 29, 2012 7:41 AM PDT
In reply to: Thank you

But the link I gave was for FREE ANTIVIRUS CDs that you download and then create the CD. I use IMGBURN for this work (making the CD.)

My kid had the same lesson.
Bob

Collapse -
Thanks
by marlieA / March 29, 2012 8:04 AM PDT
In reply to: Sorry to repeat this.

I read further at that link and found that out. They also have an option for a USB drive so I'm doing that now. I'm going to have him run the fixes. More life lessons. Happy

Collapse -
Keyboard still won't work
by marlieA / March 31, 2012 10:12 AM PDT
In reply to: Sorry to repeat this.

So I ran all the scans and anti virus and we found more than one trojan and plenty of other little bugs. Unfortunately, the files are still corrupted for the keyboard, track pad and disc drive and I still can't access the internet. I've run ccleaner and deleted all the traces from removed files.

The keyboard will work in safemode but I it tells me not to do a system restore in safemode. When I try to go in normal it loads windows and then it crashes and I get the blue screen of death but it disappears before I can read it.

This is what was found and is quarantined:
Malwarebytes found:
Trojan.spyeyes - B6232F3A8B2.exe
Trojan.spyeyes - HKCU\software\microsoft\windowscurrentversionRun\4Y3Y0C3AUF7XDXWWCUKKS
Trojan.spyeyes - 8B83BC32D7E2578
Trojan dropper - TMP0000000641EE85D00EEF4FE

SuperAntiSpyware found:
Trojan.Agent/Gen-Multi - c:\windows\temp\.VKRIKC\setup.exe
c:\windows\Pretec\setup.exe - 1E4D46E2.pf
Trojan.Agent/Gen-Kryptik
c:\windows\WinSXS\X86. Microsoft-Windows-NetBt31BF3856AD364E35_6.0.6002.18005_NONE_6250416DF465F2B1\NETBT.SYS

Avast found:
afd.sys
cdrom.sys
cdrom.sys
i8042prt.sys
netbt.sys
smb.sys
tdx.sys

Is is safe to delete/remove these now? I have never had to deal with viruses especially ones like this. Now what do I do to repair the damaged files and get control of the internet connection? Firefox is his preffered browser.

Thanks for any help.

Collapse -
Do not remove the Avast items.
by R. Proffitt Forum moderator / March 31, 2012 10:36 AM PDT

Unless I know more, those are system files that will result in a dead OS.

The rest must go.
Bob

Collapse -
I wondered
by marlieA / March 31, 2012 1:08 PM PDT

That's exactly what I wondered. The Trojans were trying to get rid of them. I was a bit afraid to trust avast yet.

Collapse -
Windows firewall disabled
by marlieA / March 31, 2012 1:31 PM PDT

Also, I can't re-enable the windows firewall or any other security processes.

Please help! Anyone?

Collapse -
Sorry but I'd have to know more to proceed.
by R. Proffitt Forum moderator / March 31, 2012 2:40 PM PDT

For example, many of the Windows repair methods are not applicable to machines from HP, Asus, Acer and more. Why? The repair methods use the original full Windows DVD for the repairs.

Makers like HP and others rarely provide such media or versions because they do not want to support repair of the OS. Their repair method is to restore the machine to the factory load.

Sorry but until I know more about the restore media or the Windows DVD I can't go any deeper.
Bob

Collapse -
It's a Compac
by marlieA / April 1, 2012 4:21 AM PDT

The computer is a Compac (HP) about 4 years old. I think I have disks for it but I didn't want to go digging if I didn't need them. Should I try to find them?

Thanks,
Marlie

Collapse -
Let me state this.
by R. Proffitt Forum moderator / April 1, 2012 4:29 AM PDT
In reply to: It's a Compac

Let's say we try the common SFC /SCANNOW command. It's one of the oft used commands to repair corrupt OS files without reinstalling or restoring the OS.

That command may ask for the OS CD. And if we do this and you stop the machine, control+C or cycle we may have a dead PC. This is why I asked. I do not want to give advice the kills the OS.
Bob

Collapse -
A word of caution
by Carol~ Forum moderator / April 1, 2012 12:04 PM PDT

Marlie..

I don't know what actions you've taken at this point in time. But........

Based on Malwarebytes' Anti-Malware's (MBAM) findings alone, I would recommend changing your passwords and carefully monitoring any financial transactions while online. According to the results of the log, the files are in quarantine. Having said that, you can't be sure your system wasn't compromised, prior to that point.

Trojan.SpyEyes opens a back door. Methods may vary, but all attempt to steal information from the compromised computer. I'm not saying this is what happened. Only that it could have. Until such time the laptop is completely free of all infections, it wouldn't hurt to err on the side of caution.

My ¢ ¢ ..
Carol

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech Tip

Know how to save a wet phone?

It's not with a dryer and it's not with rice. CNET shows you the secret to saving your phone.