xxmatt3232xx
September 25th, 2009, 04:45 AM
So my Windows partition got infected with some nasty virus/spyware/malware/all of the above and I am unable to remove it AT ALL.
Symptoms:
* for a while logging into windows resulted in a "Critical error" occuring and an automatic reboot
* google searches return normal search results but when clicked I am redirected to sites trying to get me to buy stuff (copying the search result url or clicking the cache works fine)
* a freshly installed anti virus program will start, but when I start a scan it is closed
* once any kind of anti virus or anti spyware program is run the folder permissions are changed, the program will no longer run, I cannot rename any files or folders, the program cannot be uninstalled, repaired or really modified in anyway (I used a program called unlocker to rename files, but that didnt really help any)
* did I mention it still does all of this in safe mode?
Since I dual boot ubuntu and windows I decided to try to scan the windows partition from Ubuntu. It worked...sort of. I used BitDefender and it found 9 infected files which were taken care of. I boot back into windows and it actually does boot (before it gave a critical error and retarted) but the virus is obviously still on my computer.
I am now running BitDefender again to see if anything new comes up, but honestly I have no clue what to do next.
This guy (http://answers.yahoo.com/question/index?qid=20090826115720AAHEyJb) seems to have the same virus, but none of the suggestions there work, everyone suggests safe mode but this virus runs in safe mode.
Is there any other program (anti virus, anti spyware, anti malware...) that I can install on ubuntu to scan my Windows partition and fix it?
I really need some help here guys.
EDIT:
I know I got the virus from a keygen I downloaded. Here is a link (http://thenewamsterdams.net/utilities/760/tuneup-utilities-2009-801100-keygen-crack-serial-patch.html) to the website I downloaded the virus from, the page itself is fine I think, just dont download anything from the site. Yes I know Im an idiot for downloading it, but I scanned it using virustotal.com (http://www.virustotal.com/analisis/bb6981673aec5e15a52fc1b29f50591c1a58ab2fa7aa9fd433 8731c912e0df86-1253850966) first and as you can see if you follow that link (I hope) most of the major AV programs found nothing in it. I thought the ones that did were just false positives.
Symptoms:
* for a while logging into windows resulted in a "Critical error" occuring and an automatic reboot
* google searches return normal search results but when clicked I am redirected to sites trying to get me to buy stuff (copying the search result url or clicking the cache works fine)
* a freshly installed anti virus program will start, but when I start a scan it is closed
* once any kind of anti virus or anti spyware program is run the folder permissions are changed, the program will no longer run, I cannot rename any files or folders, the program cannot be uninstalled, repaired or really modified in anyway (I used a program called unlocker to rename files, but that didnt really help any)
* did I mention it still does all of this in safe mode?
Since I dual boot ubuntu and windows I decided to try to scan the windows partition from Ubuntu. It worked...sort of. I used BitDefender and it found 9 infected files which were taken care of. I boot back into windows and it actually does boot (before it gave a critical error and retarted) but the virus is obviously still on my computer.
I am now running BitDefender again to see if anything new comes up, but honestly I have no clue what to do next.
This guy (http://answers.yahoo.com/question/index?qid=20090826115720AAHEyJb) seems to have the same virus, but none of the suggestions there work, everyone suggests safe mode but this virus runs in safe mode.
Is there any other program (anti virus, anti spyware, anti malware...) that I can install on ubuntu to scan my Windows partition and fix it?
I really need some help here guys.
EDIT:
I know I got the virus from a keygen I downloaded. Here is a link (http://thenewamsterdams.net/utilities/760/tuneup-utilities-2009-801100-keygen-crack-serial-patch.html) to the website I downloaded the virus from, the page itself is fine I think, just dont download anything from the site. Yes I know Im an idiot for downloading it, but I scanned it using virustotal.com (http://www.virustotal.com/analisis/bb6981673aec5e15a52fc1b29f50591c1a58ab2fa7aa9fd433 8731c912e0df86-1253850966) first and as you can see if you follow that link (I hope) most of the major AV programs found nothing in it. I thought the ones that did were just false positives.