Virus removal and Network infection prevention

[Darkn3ss F4lls]

Greetings everyone,

So my desktop has started to act funky and so I did a scan while offline with the avast functionality. It detected several items on my Game / Music drive that contained what it described as a [Troj] one of which it gave me error 42111 which i didn't notice it was doing until the file it couldn't delete was off my screen.

The symptom that made me do this was windows would say there wasn't enough Memory and programs like Java needed to be closed, though when you pull up Task Manager nothing is there that would be even close to useing the memory.

So my problem is this, I use the computer to play Video games from steam or origin, and to do school work or browse Facebook. The odds that I downloaded this thing myself are quite slim. So this leads me to belive that its the Apartment network i'm forced to use if i want any internet at all this year.

So two problems i need help with are:
1) How do you remove these things completely when Avast Boot Time Scan is still unable to do so outside the operating system.
2) How do I prevent future infections coming in from the network besides of course the ultimate solution which is no internet / don't use the pc lol.

PS: All music is legally obtained from Itunes / Amazon.

[Darkn3ss F4lls]

Greetings everyone,

So my desktop has started to act funky and so I did a scan while offline with the avast functionality. It detected several items on my Game / Music drive that contained what it described as a [Troj] one of which it gave me error 42111 which i didn't notice it was doing until the file it couldn't delete was off my screen.

The symptom that made me do this was windows would say there wasn't enough Memory and programs like Java needed to be closed, though when you pull up Task Manager nothing is there that would be even close to useing the memory.

So my problem is this, I use the computer to play Video games from steam or origin, and to do school work or browse Facebook. The odds that I downloaded this thing myself are quite slim. So this leads me to belive that its the Apartment network i'm forced to use if i want any internet at all this year.

So two problems i need help with are:
1) How do you remove these things completely when Avast Boot Time Scan is still unable to do so outside the operating system.
2) How do I prevent future infections coming in from the network besides of course the ultimate solution which is no internet / don't use the pc lol.

PS: All music is legally obtained from Itunes / Amazon.

PPS: Network is wireless only

[Mokona512]

To clarify a few things, are you sharing the network with other people that you do not know, e.g., the apartment building providing everyone with "free" internet, which essentially puts everyone on the same LAN, or are you using your own dedicated internet connection while on your own password protected network?

If you have an infection that is impacting the system at the earliest boot stages, thus preventing an avast boot time scan, then you can do a manual removal using an ubuntu live USB if you know the exact infected file(s). http://www.linuxliveusb.com/

[Darkn3ss F4lls]

It's a provided network by the apartment. You do login to a web GUI and your devices cannot see each other.

[Darkn3ss F4lls]

What's crazy to me is this boot scan is still running it's like the longest I've ever seen it run. Started it roughly at 1/2 pm last night and here we are at 6:44 and it's still only at 90 percent. Went to bed at 90% lol

[Mokona512]

At the early boot stages, drive performance is not very good as none of the more advanced driver features will be active, thus you are stuck with tiny reads for the majority of the files, and very low queue depths, thus you you will be stuck with the worst case performance for the drive.

and if you are using a hard drive instead of an SSD, then a scan can become significantly slower if the drive has a higher than normal error rate (you can use programs such as spinrite (level 4 scan) to check and correct most error rate issues)


Also, even if you are not going to any shady websites, it is still possibly to access malicious content, most commonly though infected banner ads. since most website owners do not really vet the ads on the site, instead they just give someone else control over a div element on their site where they can pretty much put anything they want, since attackers have realized this, they find it easier to just take out an ad running a malicious script.

[Darkn3ss F4lls]

At the early boot stages, drive performance is not very good as none of the more advanced driver features will be active, thus you are stuck with tiny reads for the majority of the files, and very low queue depths, thus you you will be stuck with the worst case performance for the drive.

and if you are using a hard drive instead of an SSD, then a scan can become significantly slower if the drive has a higher than normal error rate (you can use programs such as spinrite (level 4 scan) to check and correct most error rate issues)


Also, even if you are not going to any shady websites, it is still possibly to access malicious content, most commonly though infected banner ads. since most website owners do not really vet the ads on the site, instead they just give someone else control over a div element on their site where they can pretty much put anything they want, since attackers have realized this, they find it easier to just take out an ad running a malicious script.

Aye my current setup is

120 ssd - Windows
3 tb - Games 1
3 tb - Games 2
2.5 tb - backups and iso's for MSDNA products

(Though after this i'm thinking of switching to like 1 120, 3 500 ssd's and maybe a hard disk for backups lol)

That stinks, but it does make sense as the boot time scan is a program and wouldn't have drivers in it for every device. Will check that spinrite application you mentioned and pick it up.

I have a couple ad blockers so I rarely see any banners etcetera when browsing the web. Though i suppose not seeing them and not executing them in the first place is two different things, i suppose that the ad blockers have to first see the thing and then decide its an ad, then block it. Of course this is all in micro seconds but thats all something needs.

[Mokona512]

adblock pretty much stops the request so the ad never loads in the first place. If you run your browser through a proxy application such as fiddler, you will see that for ad servers being blocked, never transfer any data, so it seems that adblock in intercepting the request.

One limitation introduced when they did a massive change to the firefox UI, is they changed how addons load, and if it has a saved session and you close and reopen firefox and it attempts to reload a web page at startup, then it will load some ads, as that process starts before all addons are loaded. (hopefully that will be fixed soon)

Spinrite is pretty much a $80 sector based data recovery application, (it will not recover deleted files, instead it focuses on bad sectors, or sectors where the data has become corrupted. If you need to recover a corrupted drive, be prepared to spend a few days as it takes a long time to calculate what was on the sector (PS do not run anything beyond a level 2 on an SSD. level 4 add a massive number of writes to the SSD and wear it out faster (only do it if the SSD is corrupting data due to bad cells and you want the SSD's own controller to spot the bad cells and reallocate them. If there is the chance of an error rate issue, I recommend checking the SMART data on the hard drive first to see if it is actually reporting it as an issue.

[rave2n]

Clean up with malwarebytes & Ccleaner

If you need a pro version of Malwarebytes, I have it. Free of charge, msg. Will provide active protection from nasties.

[Darkn3ss F4lls]

Lost my VMWARE lo science when I moved schools. Could try virtual box.