Ran Avast scan...Turned up a threat....Java:CVE-2012-4681-0(Expl).

Moved it to virus chest, do i just delete it now? Is it the one everyone else got?

byofrcs wrote:

Ironclad wrote:My main pc is still sick.
I've waited 30 mins and the thing is still unusable & won't fully boot, so again I'm starting in safe mode, running Mbytes & doing everything else on my phone or by tablet.
Mbytes isn't finding anything, Zone alarm isn't finding anything & I'm not sure what to do now.

I specialise in removing these and how it is done is more or less voodoo but as a quick start what I do is boot into safe mode (hit bash F8 when PC is starting) and then download and install Avira free version.

It is the bees knees in detecting malware. Run that and them PM me the report.

Still trying. Every time I try to run the downloaded for I get the message:
Installation of Microsoft runtime redist kit failed - please check to see if Windows update is running in parallel

Nothing is running in the background, I'm even offline when trying to install Avira.

byofrcs wrote:

Ironclad wrote:My main pc is still sick.
I've waited 30 mins and the thing is still unusable & won't fully boot, so again I'm starting in safe mode, running Mbytes & doing everything else on my phone or by tablet.
Mbytes isn't finding anything, Zone alarm isn't finding anything & I'm not sure what to do now.

I specialise in removing these and how it is done is more or less voodoo but as a quick start what I do is boot into safe mode (hit bash F8 when PC is starting) and then download and install Avira free version.

It is the bees knees in detecting malware. Run that and them PM me the report.

You are a gentleman and a scholar, byofrcs.

byofrcs wrote:(I am now gathering chicken livers, feathers and magic herbs for the exorcism....)

And a rather scary dude.

Ironclad wrote:

byofrcs wrote:

Ironclad wrote:My main pc is still sick.
I've waited 30 mins and the thing is still unusable & won't fully boot, so again I'm starting in safe mode, running Mbytes & doing everything else on my phone or by tablet.
Mbytes isn't finding anything, Zone alarm isn't finding anything & I'm not sure what to do now.

I specialise in removing these and how it is done is more or less voodoo but as a quick start what I do is boot into safe mode (hit bash F8 when PC is starting) and then download and install Avira free version.

It is the bees knees in detecting malware. Run that and them PM me the report.

Still trying. Every time I try to run the downloaded for I get the message:
Installation of Microsoft runtime redist kit failed - please check to see if Windows update is running in parallel

Nothing is running in the background, I'm even offline when trying to install Avira.

Now that is odd as I've not had Avira bork like that but others have,,,,

http://forum.avira.com/wbb/index.php?pa ... dID=110745

Go to http://www.avira.com/en/download/produc ... -antivirus and get the .ZIP version and unpack that and then run the setup.exe

byofrcs wrote:(I am now gathering chicken livers, feathers and magic herbs for the exorcism....)

You forgot tar and torches...

Damn thing killed my work laptop.

Took about 8 hours to reinstall but fortunately I didn't lose anything.

It was a ZeroAccess rootkit, or something like that.

Sgt Kelly wrote:Damn thing killed my work laptop.

Took about 8 hours to reinstall but fortunately I didn't lose anything.

It was a ZeroAccess rootkit, or something like that.

Ouch that's a particularly mean one.

Well I don't think everybody got the same malware, I guess whatever is loaded at that site is spawning random stuff.

My lappy is screwed, totally buggered. I can't follow byofrcs help because I can't open anything.

Would resetting to an earlier time actually help, or is my pc knackered regardless, if infected?

Ironclad wrote:My lappy is screwed, totally buggered. I can't follow byofrcs help because I can't open anything.

Would resetting to an earlier time actually help, or is my pc knackered regardless, if infected?

Could you boot to Safe Mode ?

I've tried a hundred times, buddy. I'm still trying to get avira running so I can get that report to you.

+1
That's horrible, IC!

I'm trying your earlier suggestion, Byof. I missed this.

Ironclad wrote:My lappy is screwed, totally buggered. I can't follow byofrcs help because I can't open anything.

Would resetting to an earlier time actually help, or is my pc knackered regardless, if infected?

Oh no! I'd be buggered if that happened to me. I'd be useless in any attempts to right it

You have to get to safe mode else stuff will never work. When it powers up after bios then just keep punching F8 until you get the safe mode questions that windows displays. Start safemode with networking enabled unless you have downloaded Avira free 2012 via another PC.

Why Avira ? because it has brilliant detection even if it is a cantankerous German package.

byofrcs wrote:You have to get to safe mode else stuff will never work. When it powers up after bios then just keep punching F8 until you get the safe mode questions that windows displays. Start safemode with networking enabled unless you have downloaded Avira free 2012 via another PC.

Why Avira ? because it has brilliant detection even if it is a cantankerous German package.

I see they now make it for the Mac. But I'll have to upgrade to Snow Leopard first, which I'm about to do anyway.

(I already have Intego AV etc installed, will Avira conflict with that?)

OK, i've finally gotten the .zip but I need a pointer, I always have trouble with these files even though I have 7zip.
When I extract the file I am getting a literal wall of folders, extensions, DAT files & text documents. What do I do now? Which of these blasted items do I click on? Even though the .zip was barely 100mb it is jam-packed.

You can't have two AV packages running at the same time without serious CPU chew and slowdown. No matter what people run I always add in Avira as a trial for the few hours it takes to clean up the infection no matter what they have installed.

What I'm after is not so much detected files but locked files. A locked file (other than hibernate/pagefile.sys) is usually where the virus is hiding and a running process is using it. You can't just delete it but must find how it is loading which usually means searching registry (regedit -> then F3 to search).