antivirus live. help

Discussion in 'OT Technology' started by TysonLee, Jan 18, 2010.

  1. TysonLee

    TysonLee New Member

    Joined:
    Jun 16, 2004
    Messages:
    18,500
    Likes Received:
    0
    so my mom calls me and tells me that she has some antivirus on her computer thats called antivirus live and she doesnt remember installing it :rolleyes:.


    anyways whats the best way to remove antivirus live? i have to deal with this shit after work tonight and i heard its a bitch to get off the computer
     
  2. cmsurfer

    cmsurfer ºllllllº

    Joined:
    Jun 6, 2003
    Messages:
    5,079
    Likes Received:
    0
    Location:
    NJ
  3. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Probably won't be able to clean it off while Windows is still running from that hard drive. Remove the hard drive, plug it into another computer, and BOOT UP USING THE HEALTHY COPY OF WINDOWS ALREADY INSTALLED ON THE OTHER COMPUTER. Run a full virus scan on the infected hard drive, and then run MalwareBytes Anti-Malware on it. That should clean it up enough that you can put it back in the computer it came from and boot it up. Once it boots up, if it appears to be working relatively normally, run another virus scan and install Anti-Malware on it and run it again too.
     
  4. negative zero

    negative zero New Member

    Joined:
    Oct 27, 2003
    Messages:
    6,328
    Likes Received:
    0
    Location:
    the Watchtower
    We just cleaned that off of a server saturday at midnight. My boss had a removal program on his thumb drive that he's used for several other machines. Didn't take long at all. Had to boot to safe mode with networking. Installed/updated it and then ran it. Booted back to windows and all was fine.

    I'll try to get the name of it.
     
  5. Hate Crime

    Hate Crime Don't Hate OT Supporter

    Joined:
    Mar 12, 2006
    Messages:
    5,255
    Likes Received:
    0
    Location:
    Minnesota
    Running windows on it is going to help a hell of a lot, unless you have something to load the remote registry hives to scan.
     
  6. cmsurfer

    cmsurfer ºllllllº

    Joined:
    Jun 6, 2003
    Messages:
    5,079
    Likes Received:
    0
    Location:
    NJ
    No need to pull the drive...
     
  7. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    The registry hives on the infected drive can't run the spyware if the spyware was deleted when you scanned the drive in another computer. Just don't be a dumbass about it, and don't reconnect the infected machine to the internet until AFTER you've had a chance to run the spyware scanner on the infected machine to clear out any bogus registry entries.
     
  8. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Says you. I've run into spyware multiple times at work that was able to disable the corporate antivirus and anti-spyware programs in a single shot, AND give itself permission to run in Safe Mode so it could fuck up any attempts to run a spyware scanner in Safe Mode. The only solution in each case was to scan the infected drive in another computer, to break the spyware badly enough that it couldn't prevent me from running the spyware scanner on the infected machine to clear out the last remnants of the spyware.
     
  9. retorq

    retorq What up bitch??

    Joined:
    Dec 14, 2006
    Messages:
    6,061
    Likes Received:
    0
    Location:
    Mohave Desert
    Says me too. BartPE/Ultimate Boot CD for Windows on either a CD or thumbdrive with the correct drivers for your environment = not having to pull the drive.

    :rofl:
     
  10. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Meh. A scanning on a spare computer is easier. Screwdrivers are not that hard to operate. What casual user is going to just happen to have a properly-configured BartPE CD ready to go? They're not, so they'll have to make one on a spare...oh wait, if they even have a spare computer to make the BartPE CD with, then they might as well just plug the infected hard drive into it and scan it that way, which will save them who-knows-how-much time trying to get the BartPE CD to work right.
     
  11. retorq

    retorq What up bitch??

    Joined:
    Dec 14, 2006
    Messages:
    6,061
    Likes Received:
    0
    Location:
    Mohave Desert
    Blah blah blah "No need to pull the drive..."
     
  12. cmsurfer

    cmsurfer ºllllllº

    Joined:
    Jun 6, 2003
    Messages:
    5,079
    Likes Received:
    0
    Location:
    NJ

    While I don't deal with spyware at work much, I'll format the machine before I pull the drive... No one said it's hard to pull the drive to scan it on another machine if you have that available, but there's no need to.

    And if you read through the link I posted in my first post, it walks you through removing the spyware in question without removing the drive. It even has a link to download an automatic removal tool. The key to getting rid of it is being able to end the spyware's process before running the scan.

    If the machine is that screwed up, a format is easier than spending hours trying to clean it up anyway.
     
    Last edited: Jan 19, 2010
  13. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    :dunno:

    I prefer to spend hours doing other stuff while my spare machine runs one anti-spyware tool after another to clean the drive, rather than spending the same number of hours actively reinstalling software on a reformatted hard drive. And it's only even that straightforward if you already have backups of all your personal data. Otherwise, you'll need a spare machine anyway so you can backup your personal data without needing to trust the infected copy of Windows to do it without infecting your personal files in the process.
     
  14. OniMinion

    OniMinion ...recalls when this forum was actually about cars OT Supporter

    Joined:
    Jan 26, 2005
    Messages:
    4,894
    Likes Received:
    1
    Location:
    Indiana/Minnesota
    I pull the drive on our home machines if this happens, but common; is it that hard now? I flick a switch and pull the drive box out of the case in under 30 seconds. Antec P182 for the wife, and Antec P183 for me. Great cases make life simple. Oh, and eSATA on the front means plug in is hot swappable...
     
  15. Cthalupa

    Cthalupa New Member

    Joined:
    May 5, 2006
    Messages:
    46,930
    Likes Received:
    0
    Location:
    Dallas, Texas
    Boot into safe mode, run combofix
    let it run
    log on to the user that got infected
    remove proxy settings from IE

    done
     

Share This Page