Viruses on my Computer

S

srr89

Content Creator,Reskinner
After visiting a certain website, my computer got a couple viruses on it called HackRoot.Toolkit and Bloodhound.Exploit.196. I did some google searches on these things and found a few things on what and what not to do. Right now I am backing up all my Trainz stuff to an external hard drive. My dad is trying to fix my computer right now, but he hasn't had much luck. He may have to wipe the hard drive if nothing works, but at least I will be able to save my trainz stuff. I was wondering if anybody had any information on what could be done, and if anybody had any info on these viruses.

Robby :wave:
 
If your PC is up to date with Windows, you should have a Malware remover, I would recommend running that.
 
I'm pretty sure Windows is up to date. I'll have to ask my dad about that. Luckily the viruses haven't done much, except for the fact that when my dad tried to have Norton run a scan, it wouldn't do anything. I'm guessing that has something to do with the virus.

Robby :wave:
 
Back up any data you have on the hard drive first. Then the clean way is to reinstall the operating system. I might buy a new hard drive for the boot drive and partition it to 50/60 gigs as c: that way if you need to do it again you can format the c: partition without wiping out any data. Install software where possible elsewhere than this c: drive.

After that create limited accounts as well as Admin accounts.

Firefox 3.0 together with NoScript add-on in one of the safest browsers available today.

Make sure Windows autoupdate is enabled, then go to the Windows update page and download the appropriate updates. IE 8 is safer than ie7 if you wish to go that way.

An alternative would be to go to Windows update download and install all the updates then pray the Microsoft Malware detector will sort out you machine.

Cheerio John
 
Right now I'm backing up all my Trainz stuff. My computer is mainly used for Trainz and anything related to that, so backing up my Trainz stuff is the only thing I need to do. I'll reinstall Trainz, Gmax and everything else after the hard drive is wiped. But I'll talk to my dad about what you said and he'll see what he can do.
 
except for the fact that when my dad tried to have Norton run a scan, it wouldn't do anything. I'm guessing that has something to do with the virus.
Click to expand...
Exactly. That's what a trojan horse will do. You need to open your computer in "safe mode" and then temporarily disable "system restore" (otherwise when you remove the virus it will remain in the "restore" component). Then run your Nortons and it should remove the virus. Reset system restore, reboot the computer and choose normal mode to open it and you are good to go.

Worked for me a year or so ago.
 
My dad already started the computer in safe mode and temporarily disabled system restore, Norton still won't run a scan.
 
honestly, the best way to get rid of this stuff is doing what no one wants to do. back up the stuff you want to save (ie dvd, ftp, etc) and then reformat. out of the half dozen viruses i've ever got, only 1 time i was able to get rid of it. but even at that, the system never worked right. just backup and reformat.

Brian
 
Try Malwarebytes Anti Mailware recommended by AVG.
It found and dealt with 3 Trojans on my PC that my virus software could not kill
Here is a link to download the free version once you have it update it first then do a full scan.

http://www.malwarebytes.org/
 
aodgh0st said:
honestly, the best way to get rid of this stuff is doing what no one wants to do. back up the stuff you want to save (ie dvd, ftp, etc) and then reformat. out of the half dozen viruses i've ever got, only 1 time i was able to get rid of it. but even at that, the system never worked right. just backup and reformat.

Brian
Click to expand...

I'm doing that as we speak. Luckily there isn't too much information on my computer that I need to back up, considering that my computer is only used for Trainz purposes, so it's no big deal.

@robin_hoods

We'll see what my dad feels like doing, my computer is pretty much screwed so my dad may have to wipe it anyway.

Quick question for anyone to answer, my dad decided to disconnect the internet on my computer, will that prevent the viruses from doing anything?

Robby :wave:
 
Well, once the virus / malware is inside your computer, it's a bit late to disconnect it from the internet....As already advised, archive your Trainz stuff to a CD if you want to, and do a complete manufacturers' default system restore, which should wipe the hard-drive clean of any nasty monsters.....When you re-boot it you have to start afresh and I would suggest your first job would be to get the avast antivirus programme downloaded off their website, it's free, which will pop up a box when you go anywhere near any future suspicious websites and warn you accordingly, it never downloads anything, it tells you what it finds and you can steer clear of that site. I'm sure your Dad will tell you not to go anywhere away from Trainz sites anyway, but, you've learnt your lesson, just like we've all done in the past, so you're not alone.....:hehe:

Cheerz. ex.
 
Last edited:
ex-railwayman said:
Well, once the virus / malware is inside your computer, it's a bit late to disconnect it from the internet....As already advised, archive your Trainz stuff to a CD if you want to, and do a complete manufacturers' default system restore, which should wipe the hard-drive clean of any nasty monsters.....When you re-boot it you have to start afresh and I would suggest your first job would be to get the avast antivirus programme downloaded off their website, it's free, which will pop up a box when you go anywhere near any future suspicious websites and warn you accordingly, it never downloads anything, it tells you what it finds and you can steer clear of that site. I'm sure your Dad will tell you not to go anywhere away from Trainz sites anyway, but, you've learnt your lesson, just like we've all done in the past, so you're not alone.....:hehe:

Cheerz. ex.
Click to expand...


No web site is safe these days. The normal attack vector is to infect a web site and then infect the visitors so the old advice about be careful which ones you visit doesn't hold any more. All web sites are potentially problem ones. Some larger web sites have better defenses against attack. Sites hosted on 1&1 should be slightly safer.

CheeriomJohn
 
Robby,

I don't know how far you're dad has gotten into the repair process, but with some of the root kits, they put master boot record (MBR) loaders on the hard drive.

The problem with this is they will remain even though the hard drive has been formatted and the partitions have been removed. There is a utility available called mbr.exe

Copy this to a bootable floppy disk or Flash drive.

and run it with the following command line switch.

mbr.exe -f

http://www2.gmer.net/mbr/ (Scroll to the bottom for the link to the program).


This will "fix" the problem should there be any.

Good luck. These root-kit malware things are a real pain to remove.



John
 
Last edited:
John --

Are you sure about that? From what I've read I always thought that formatting would remove a rootkit virus.

The other thing to consider is a firewall. After suffering an almost terminal Trojan infestation and a rootkit virus (Trojan.Agent) I'm now using the Comodo firewall. Freeware. Seems to do its job.

Phil
 
I found it also helps to have Windows Defender installed and active. Other things that helped save my computer: CCleaner, Avira AntiVir, AVG Antivirus.

Those two antivirus programs are free and they work really really good. I've heard AVG as signicantly better than many payware programs. It'll pick up a lot.
 
SR6900 said:
I found it also helps to have Windows Defender installed and active. Other things that helped save my computer: CCleaner, Avira AntiVir, AVG Antivirus.

Those two antivirus programs are free and they work really really good. I've heard AVG as signicantly better than many payware programs. It'll pick up a lot.
Click to expand...

I do have Windows Defender installed on my computer as well as Ad-aware, which basically goes into a more deeper search into files and finds more problems than Norton does. I may try to see about getting avast or AVG.

But yeah John are you sure reformatting would not remove the rootkit virus?
 
philskene said:
Are you sure about that? From what I've read I always thought that formatting would remove a rootkit virus.
Click to expand...
That depends on where the rootkit stuffed itself.

It is true that a fresh reformat will take care of most malware, but those that also bury themselves in the MBR, take more than a format.

The MBR is outside of the partitions on the drive, at the 'beginning' of the disk.

It is this area that contains things such as your partition table, and other low-level programs, such as a sector-translation utility (which is necessary to use large hard drives on old kit that would otherwise be incapable of seeing the entire drive's available space. On-Track Disk Manager is one example of these utilities)

Any malware contained in the MBR will be executed, and in memory, waiting for your computer to boot up the operating system. Particularly nasty malware, may prevent the OS from booting up at all, among more unfriendly things, like killing the hard drive. I had one grind my drive last year until the motor gave out when I tried to remove it. I'm good at removing malware too, so this one was particularly nasty.

Go use that MBR utility posted above. Before you do tho, go into your computer's BIOS and see if there is an option that is supposed to write-protect the MBR. If it is enabled, disable it. Then run the MBR utility, and when you get your OS reinstalled, go back into the BIOS and re-enable that option. (not all computers have it, and of those that do, many still don't protect the MBR... again, personal experience)

I second the advice on Avast! tho... I use it... it is very resource-friendly. You may even see a performance boost with Trainz, without Norton anymore.

Good luck!

-- Smoovious

ps: Most of that advice is actually for Robby, not Phil. I didn't notice until I finished the post and went back through the thread. My bad.
 
Last edited:
Smoovious said:
That depends on where the rootkit stuffed itself.

It is true that a fresh reformat will take care of most malware, but those that also bury themselves in the MBR, take more than a format.

The MBR is outside of the partitions on the drive, at the 'beginning' of the disk.

It is this area that contains things such as your partition table, and other low-level programs, such as a sector-translation utility (which is necessary to use large hard drives on old kit that would otherwise be incapable of seeing the entire drive's available space. On-Track Disk Manager is one example of these utilities)

Any malware contained in the MBR will be executed, and in memory, waiting for your computer to boot up the operating system. Particularly nasty malware, may prevent the OS from booting up at all, among more unfriendly things, like killing the hard drive. I had one grind my drive last year until the motor gave out when I tried to remove it. I'm good at removing malware too, so this one was particularly nasty.

Go use that MBR utility posted above. Before you do tho, go into your computer's BIOS and see if there is an option that is supposed to write-protect the MBR. If it is enabled, disable it. Then run the MBR utility, and when you get your OS reinstalled, go back into the BIOS and re-enable that option. (not all computers have it, and of those that do, many still don't protect the MBR... again, personal experience)

I second the advice on Avast! tho... I use it... it is very resource-friendly. You may even see a performance boost with Trainz, without Norton anymore.

Good luck!

-- Smoovious

ps: Most of that advice is actually for Robby, not Phil. I didn't notice until I finished the post and went back through the thread. My bad.
Click to expand...

Thanks smoovious, I'll let my dad know of this. He hasn't really touched my computer in a couple days, so when he does I'll let him know about this.

Robby :wave:
 
Can't people learn some common sense and not goto dodgy websites after this problem is fixed? I use the internet far too much, and have done since about '97, and haven't picked up a single virus. Oh well. Avoid any programs which have anything to do with Microsoft and Windows, and you should be fine.
 
You must log in or register to reply here.

Similar threads

W
Files on old hard drives
Replies
2
Views
119
HiBaller
H
J
Don't Give Up on Pre-Built
2 3
Replies
51
Views
2K
JCitron
J
J
Notes on toys for backing up
Replies
4
Views
439
JCitron
J
S
What stock PC is best for Trainz 2019?
2
Replies
24
Views
1K
Paul_Bert
P
H
can not work it out
Replies
12
Views
714
pware
P
Back
Top