Virus question

[LoneWolf]

Hello,
I have a general question regarding virus's and how they work, when using safe mode or a bootable cd/dvd when connecting to the net can virus's do their dirty work and spread to other computers on that network, or do they need to run in normal mode?

 

[Tom172]

It really depends on the malware in question. Some malware isn't affected by Safe Mode and will run normal (Rootkits mostly) and in other cases it may be completely disabled in Safe Mode.

In a bootable environment however the operating system isn't running and that means the malware isn't either, so it can't do any harm.

 

[Vextor]

Relating to your safe mode question: Safe Mode is basicially normal windows but every single unnessacary process is removed, so it is the base Windows engine. In Safe Mode, the risk of viruses is reduced significantly.
Bootable CD's themselves cannot get viruses if they are only write-able once. They usually store their information on a temporary virtual hard-drive, so anything that goes on inside the disk is deleted upon re-boot.

 

[LoneWolf]

I see so a bootable disk is the safest way to remove any and all virus's?

 

[LoneWolf]

My cousin has a virus on her desktop, so she'll be bringing it to me soon and I was wondering which method will be safest for me

 

[Malware Maniac]

My cousin has a virus on her desktop, so she'll be bringing it to me soon and I was wondering which method will be safest for me

Like Tom172 it depends on the malware. Is it a root kit? If you can't fix it then you could go to the Malware Removal forum and post there to get help.

 

[LoneWolf]

What boot cd do you recommend?
I have no clue what is on it, she hasn't brought it yet

 

[Malware Maniac]

Try Sardu. It can have multiple boot CDs into one ISO. Watch this video to show you how it works.

 

[Plexx]

You could also use Comodo's rescue disk and Kaspersky Rescue Disk.

 

[InternetChicken]

ok dealing with a the removal of a unknown infection then this is hard to beat DR Web
whis i see is on Sardu

 

[madyrocksin]

using a rescue disk can be dangerous at times,
it would depend on the infected file, since you are planning to use a boot disk all important system files are vulnerable to getting deleted, for eg suppose your cousin's laptop has a rootkit infection in MBR file i.e. the Master Boot Record file, which is responsible for the system's boot up without which the boot up will fail, and the rescue disk you used deletes the mbr file then you will be all messed up.
I would suggest you to first make a back up disk of the system and have an installation disk of the system on which you are planning to use the rescue disk, like the XP or windows 7 installation disk.
when you are using the Antivirus Rescue Disk and at the end important system files gets deleted, first try the Installation disk to Repair if it fails the its better to use the back image you created and restore your system(Obviously the infected files too will be restored).
If you have to restore your system then revert back here, you might have to follow a different process.
And about using which cd,
you can go for Kaspersky Rescue disk, Avira Rescue disk or AVG Rescue Disk.

P.S. Please correct me if i am wrong.

 

[illumination]

This is just my two cents. It is obvious by your post of this thread and your initial comment that you are not familiar with bootable malware removal programs. It is also obvious that since you do not even have the infected computer, that you do not know exactly what you are facing. What are the symptoms that lead you or your cousin to believe it is a virus? Depending on what is happening with the system, it could be as simple as some adware. In which case, it is always good to do removal in safemode, but you can start off a little simpler depending on what it is your facing, say like using Malwarebytes in safemode, let it run a full scan and see what it finds. If the computer is still bootable you could even do this in normal mode.

Just my suggestion, as it seems like you may not have much experience with malware removal.

 

[MrXidus]

My cousin has a virus on her desktop, so she'll be bringing it to me soon and I was wondering which method will be safest for me

Hello.

If you wish for proper assistance, Please take a visit over at https://malwaretips.com/forums/malware-removal-assistance-for-windows.10/ and be sure to read these threads [1] [2] before posting a thread.


Is the computer bootable? Are you able to log in and see the desktop?

If no, Proceed to booting the PC into Safe Mode with Networking.

If yes, Attempt to download Malwarebytes Anti-Malware, Hitman Pro and SUPERAntiSpyware and run Quick scans.

Successfully booted into Safe Mode with Networking?

Open up Internet Explorer and download Malwarebytes Anti-Malware (Note this program can run in safe mode but is not designed too and works better if it was run from the normal desktop), OR download Hitman Pro, Another program you can try is SUPERAntiSpyware.

Assuming this infection is Safe Mode tolerant and doesn't allow you to do the above mentioned.

Using a spare or second PC, Download Kaspersky Rescue CD and burn it to a blank CD, Boot into it on the infected PC and let it scan.
(Note: We have a guide on how to create a Kaspersky Rescue CD here.)

Another alternative to try is DrWeb CureIt.

Safe mode: Depending on the PC, It can be either the F8 or F10 keys as your computer is just turned on. If you don't press the correct key fast enough, The computer will proceed to just boot normally.

Boot from CD: Usually this option is F12, F11 or Del, In some cases this option is not enabled and must be enabled via the BIOS.

If you have any other questions, Post back here.

 

[Gnosis]

I have a general question regarding virus's and how they work, when using safe mode or a bootable cd/dvd when connecting to the net can virus's do their dirty work and spread to other computers on that network, or do they need to run in normal mode?

Viruses need a host program to do their thing where worms can operate independently. Worms are what typically move from PC to PC on the network and hog bandwidth; the gist being that if safe mode shuts down a driver that the host program is using, then it is an advantage. How you confirm that, I am not sure.

using a rescue disk can be dangerous at times,

That is why I ALWAYS QUARANTINE what I am not sure about instead of healing or removing alleged infections. That way I can go back in with baby Linux and restore the file if Windows won't boot properly.

 

[LoneWolf]

I apologize for the delay, I haven't heard from her so i'll jump back here once I get it but I think i'll try Kaspersky Rescue disk first, thank you all.

 

[Gnosis]

I have a general question regarding virus's and how they work, when using safe mode or a bootable cd/dvd when connecting to the net can virus's do their dirty work and spread to other computers on that network, or do they need to run in normal mode?

Safe Mode limits drivers, which severely cripples the worst of the rootkits that are making malicious runtime patching possible.

If you are experienced, I would run ComboFix after you have disabled your real time protection, including the firewall. Then I would boot with a Kaspersky Rescue CD, and do a final clean up with MBAM, and HitMan Pro. If you are not experienced with bootable rescue disks and Combofix, you should seek assistance from an expert beforehand.

If it is just some mickey mouse virus, HitMan Pro, and (or) Dr. Web CureIt's on-demand scanner might get it without major surgery. You have to be careful because both of those are known for false positives. Dr. Web is really bad about it if you do a "full scan".

 

[LoneWolf]

Well she finally brought it and told me she wanted me to wipe it because her soon to be ex-husband has been going to porn sites and caught alot of virus's so sorry for the delay but it's fixed now.

 

[parihar7]

a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc. Use an antivirus program like Advanced System Protector to prevent your system from viruses.

 

[jim lin]

hello parihar7

i don't think Advanced System Protector is a Antivirus program so i would not rely on it

it says on there website malware and spyware and i don't see where thay call there self
a Antivirus program

also some info here

http://malwaretips.com/Thread-Review-Advanced-System-Protector

so i hope this program is not your main Antivirus software


:s

 

[parihar7]

Hello Jin lin,

Firstly, I don't have a deep knowledge about the difference among virus, malware and spyware. What I know that these are the infections form which your computer system should be protected.

Few days ago, I faced a virus named Live Security Platinum in my laptop, than I came to know about Advanced System Protector. I installed it on my laptop and the virus has been removed by this program. That's why, I called it an antivirus program.

I agreed with you that it says on there website malware and spyware removal, but i have shared what i have experienced with it.
Currently I am using this program and it is working fine for me.