System compromised, how should I address it?

[Dan E]

Yes I somehow managed to get my pc infected again, but this time its a bit different. The infection isn't crippling my pc , it doesn't stop me in my tracks in other words like uh oh . Worst thing that has happened so far is just my ie 11 being hijacked with some credit card ads , and then followed by my two browsers being denied access...Palemoon and ie 11. Some control panel icons have been altered for a second , that is about as much as I have noticed off hand. So for some reason I thought I got rid of everything that could have been the source of the issue with Avast in full scan mode , rogue k. , and using a command prompt in emergency mode to fix corrupted files. Of coarse the issue persists being malware as it is.
So in a situation like this where there obviously is some kind of remnant somewhere either in my registry or elsewhere like a backdoor or something , how does one stop something from spreading or re accuring without having to do a clean reinstall of windows? Should I re configure my settings in comodo and take out Avast with something else? Or pile on more software programs to address it . Windows Registry is sensitive enough as it is , and seems like its fairly easy to spot sometimes stuff that isn't right , but then again virus total, and other scanners seem to lack a ability to thoroughly scan the registry in a way to address this and the tools out there just don't seem to lock down the registry enough or right. Shadow defender is too intrusive and difficult to manage with a system always needing to make or adjust changes/things within it in my opinion. I run voodoo shield , comodo a/v / firewall and avast with max settings, k-9 web filter, hitman pro alert, sandboxie, and a ton of third opinion scanners. I love the config now and I seem to not want to let it go . Any ideas? Thanks .

 

[hjlbx]

There is no way to back up your config without also backing up the infection

You have choice:

Post your issue on MalwareTips Malware Removal sub-forum and get help in disinfecting system.

or

Clean install OS and start over with clean slate.

.

 

[Dan E]

There is no way to back up your config without also backing up the infection

You have choice:

Post your issue on MalwareTips Malware Removal sub-forum and get help in disinfecting system.

or

Clean install OS and start over with clean slate.

.

Augh, well of coarse you wouldn't want to back up a infection, the oldest backup I have really is not the best date , it seems to still carry it. I'm a bit stubborn on asking for help like that, I have always just managed to do stuff myself. I was hoping maybe someone could refer to me a tool of some kind that can analyze my registry and so on/ compare it to the original windows format, or maybe a scanner that isn't so mainstream that I'm not aware of. Hey also I just recently found a program on Microsoft's website called EMT I believe, and it acts like a hardening tool for Java and other programs and you can add other stuff as well, is that any good?

 

[hjlbx]

Augh, well of coarse you wouldn't want to back up a infection, the oldest backup I have really is not the best date , it seems to still carry it. I'm a bit stubborn on asking for help like that, I have always just managed to do stuff myself. I was hoping maybe someone could refer to me a tool of some kind that can analyze my registry and so on/ compare it to the original windows format, or maybe a scanner that isn't so mainstream that I'm not aware of. Thanks

There are tools, but without knowledge of how to use them you might destroy your system; there is no guarantee with utilities without the intervention\over-sight of a malware removal expert.

@TwinHeadedEagle will help you. It is not as much of an inconvenience as you suppose...

 

[Smith83]

Here is a list of..... Free Malware & Adware Removal Tools.

 

[Rishi]

If you are infected you should seek assistance asap since you are online,normally with infections the internet stops working or it's used as a medium for data transmission/stealing and we cannot rule that out.Living on the internet is dangerous with a compromised machine.I agree with @hjlbx .

 

[Infamous]

If your system is infected with malicious software, depending on the malware infection will depend on if you should back up any files on the system at the present time (or transfer them elsewhere). However, please note that if you take a whole backup of your system whilst its infected for future use, you will just end up reverting back to an infected state of the system once that backup is used. If you have a virus infection for example and decide to transfer personal documents over to another system, once that system runs those newly transferred files if the files were a target of the virus infection then it will result in that other system becoming infected as well. When making backups or transferring files on currently infected machines you need to be very delicate, careful and patient. You could try contacting a professional to inspect the target files and see if they are "repairable". I do not recommend you do it, as it may result in other systems becoming infected and causing more hassle.

Sometimes it's just much easier to format the hard drive and reinstall the operating system, and start from scratch or with a backup from before the infection occurred. However, I recommend formatting the hard drive and then reinstalling the operating system as opposed to just reinstalling the operating system and having your files removed. The reason for this is simply due to the fact that some malware may actually write directly to the disk to cause the infection to continue after re installation of the OS. If you format the drive instead, it's much safer.

Upon realizing your system may or is infected, I recommend disconnecting the internet. By disconnecting yourself from the network (safer to just disable it as well as disconnecting), you are ensuring that the malware will be unable to connect to any Command and Control (also known as C&C for short) servers to send data and receive instructions from the attacker, or in the case of a backdoor infection the attacker would be unable to continue using an established connection to control your system, which may also prevent the continuation of transferring of your files or anything else the attacker was trying to accomplish. Of course not all infections will make use of your internet connection to function correctly; disabling it anyway is a first step which may have been useful at preventing any further damage was continuing.

Get hold of another device with an internet connection and support for transferring files to an external storage device and download Anti-Malware/Anti-Virus scanner tools, any other clean-up tools which can assist in scanning for present malicious software and cleaning of them. Transfer it over to your infected system, however make sure that you use a new spare external storage device for the transfer since if you do not, depending on the infection (e.g. worm infection) it may spread to the USB/external storage device which can result in infecting any other device the external storage is then plugged into, and of course you do not want such a thing to occur.

Make sure you securely transfer the files over to the target infected device and run them with administrative privileges. Should you have issues with running the program (e.g. malware searches for them and tries to prevent you from running them), try booting into safe mode and running the tools from there. Please note, even in safe mode malware does have the ability to auto-start.

If the scanners cannot find malware or have trouble removing it, result to getting assistance from somebody; for example, this forum provides Malware Removal Assistance. Since you've already signed up, I recommend just going straight over there and making a thread and having a malware removal expert assist you.

If you decide to use Shadow Defender, it will be more work with managing your system (for example making changes to the installed programs), however in the long run it will safeguard your system from becoming ruined in the case of a malware infection. Make sure your system is clean when you start using it, though.

Remember, always make a clean backup of your system. You can obtain free software to do this, Windows also comes with pre-installed backup software. An example of a third party software which can do this task would be: Paragon Backup & Recovery (free), Acronis True Image (paid) or AOMEI Backupper.

Just some tips which may be found useful by someone.

 

[Deleted member 178]

Wipe the drive several times, then clean install , it is faster and safer (if you dont have very sensitive datas) because at this point you can't take the risk of having leftovers.

 

[Kuttz]

Once the machine is infected its really difficult to remove them completely. Even if you do all kinds of cleaning stuffs how can you be 100% sure that there is no malware traces hiding somewhere in the system ?? It is highly recommended to do a format- fresh install of windows. Before doing so backup your existing data on to an external HDD (infections too may sneaks into it), Format/Wipe your entire internal HDDs of your PC. Then freshly install Windows, updates, Security software's (Browse MT for the best one of your choice). With all windows, security softwares are installed and up to date, you may connect the backed up medium cautiously to your PC again and do thorough multiple On-Demand scanners on the drive for malwares and clean if any infection may found. After that copy the required files back to your PC.

 

[Dan E]

OK guys, this is a lot of useful information , and I do appreciate it a lot . Thank you. My current knowledge goes about as deep as using my command prompt from my bios in worse case scenario , and I do the command diskpart/ clean. I then follow using the windows 8 installation disk. The time I did this, there was nothing in my bios to boot up windows to use it , and it was a scary scenario because I wasn't even sure If I could manage to recover windows at all, so I had to use a different way of doing my partition , its been a while. This was because of a virus that was surviving a complete mbr code re write. I also changed my hdd drive to my current ssd drive. Did it work, I am skeptical , but since then I have avoided using my administrative account side on windows 8 and it has managed to survive without doing a re install because of the system locking up. Oh one more thing I managed to find a lead on the virus , not entirely diagnosing what kind it was but I found a possible port it was operating out of so I closed it down through my windows firewall custom controls. It has not been altered since either obviously which I was surprised. I will monitor my system closely and if I suspect things are going south again I will be using this to do that with. Thanks again.