Tag : virus

Remove a Virus from a USB using CMD

Viruses change the attributes of a file or folder, such as the read, write, or execute permission, making such files or folders extremely hard to access. In order to recover a file, we can change the attributes of a file and reset the file’s internal structure. Thats why it is a great tool to know how to remove one using CMD. Amar Shekhar, writer for FossBytes, gives us the low down.

A virus can present itself in your system as a file format that can be hidden from a user, present in a form ‘autorun’ or ‘autoexec’, an exec file or a file with different attribute properties. Examples of such would be, Autorun.inf, Ravmon.exe, New Folder.exe,  and svchost.exe. So how do you remove a virus using CMD from any USB ? Assuming you are already on Windows 10 that is.

Using the cmd command called ‘attrib’ command, will change the attributes of a file, folder, or directory responsible for display, setting and removing attributes such as read-only and archive.

Say there is a virus on your drive.

Run command prompt as administrator. 

Change the drive to the one with the virus, in the case of the researcher this is the D drive. Then press Enter. 

Type attrib and press enter. This command lists all of the files inside the current drive, which makes it easy to identify which is housing the autorun.info virus. 

autorun.inf-in-D-drive

To remove the Virus using CMD, type into your command prompt, attrib -r -a -s -h *.* and press Enter. This removes the read only, archive, system and hidden file attribute from all the files. 

  • -r is for removing the read-only files
  • -a is for removing the archive file
  • -s is for removing the system file
  • -h is for removing the hidden file
  • *.* for all the files with all different types of file extensions 

attrib-command-to-remove-virus-using-cmd

To delete the virus, type del autorun.inf and Enter 

virus

  • Once you have pressed enter, that file should get deleted from the current drive. In case, you want to delete that file from a USB stick, then you can change your current drive to USB drive current drive in step 2 and follow the commands.
  • You can again type ‘attrib’ command to see if the deleted file exists or not. As seen above, it does not exist anymore in the D drive.
  • To remove other viruses with extensions such as ‘.ink’, ‘.exe’, just type Del *.ink or Del *.exe respectively to delete those suspicious files.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : http://fossbytes.com

Windows 7 Recovery (Spyware)

I recently encountered a spyware/virus infection on a Windows 7 PC that was quite interesting. It was entitled Windows 7 Recovery. At first the spyware makes you think that your hard drive has failed and that you have many errors on your system. What actually happens to your desktop is the interesting part. The spyware takes all programs, desktop items, as well as the startup programs and marks them as hidden. This gives you the impression that something is wrong with your hard drive and you need to fix it. The fake Windows 7 Recovery then informs you that it has the ability to fix the issues for you if you purchase the software. This should be your first sign that it is not a legitimate piece of software. If you did not install it and it’s asking you to buy it, then stop immediately and contact your IT support. Also, do not worry about your files, as they are still there just hidden.

How to Fix:

I ran the sysinternals tool “autoruns” to find out exactly what program was automatically running and causing the problem. I went to the logon tab and under the registry keys for run I found 3 suspicious files consisting of randomly generated characters. I removed all three of these as well as the registry keys associated with them.

I also found a few other registry keys that were affected, which block certain things such as the ability to change the desktop background and use task manager. Remove the below registry keys if found on your system:

NOTE: If you do not know anything about the registry consult a technology professional.

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “<random>.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “<random>”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “CertificateRevocation” = ‘0’
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “WarnonBadCertRecving” = ‘0’
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop “NoChangingWallPaper” = ‘1’
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments “SaveZoneInformation” = ‘1’
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableTaskMgr” = ‘1’
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “DisableTaskMgr” = ‘1’
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced “Hidden” = ‘0’
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced “ShowSuperHidden” = 0′

Additional error messages that you may see:

“Hard Drive Failure The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system”

“System Error An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors”

“Critical Error Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can’t find hard disk space. Hard drive error”

“Fix Disk Windows 7 Recovery Diagnostics will scan the system to identify performance problems. Start or Cancel”

“Windows 7 Recovery Diagnostics Windows detected a hard disk error. A problem with the hard drive sectors has been detected. It is recommended to download the following certified <sic> software to fix the detected hard drive problems. Do you want to download recommended software?”

“Requested registry access is not allowed. Registry defragmentation required Read time of hard drive clusters less than 500 ms 32% of HDD space is unreadable Bad sectors on hard drive or damaged file allocation table GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash Drive C initializing error Ram Temperature is 83 C. Optimization is required for normal operation. Hard drive doesn’t respond to system commands Data Safety Problem. System integrity is at risk. Registry Error – Critical Error”

“Critical Error! Damaged hard drive clusters detected. Private data is at risk”

“Critical Error Hard Drive not found. Missing hard drive”

“Critical Error RAM memory usage is critically high. RAM memory failure”

“Critical Error Windows can’t find hard disk space. Hard drive error”

“Critical Error! Windows was unable to save all the data for the file System32496A8300. The data has been lost. This error may be caused by a failure of your computer hardware”

“Critical Error A critical error has occurred while indexing data stored on hard drive. System restart required”

“System Restore The system has been restored after a critical error. Data integrity and hard drive integrity verification required”

“Activation Reminder Windows 7 Recovery Activation Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features”

“Low Disk Space You are running very low disk space on Local Disk (C:)”

“Windows – No Disk Exception Processing Message 0x0000013”

Malware Terminology

The Information Technology world has a definite jargon of its own, which can be confusing to both the end users and (sometimes) to the IT people themselves. One of our biggest problems these days is Malware (mal meaning “bad”) infections on our users’ computers. In the interests of making the problem a little clearer, here is a basic (if not necessarily complete) dictionary of terms, in plain English.

Adware: Advertising-supported software. This is software that automatically plays, downloads or displays advertisements to a computer. A classic example would be a “helper toolbar” that causes advertising pop-ups on your screen.

Backdoor: Some spyware can install a credential and password that make unauthorized and unexpected entry into a computer possible by an outside user, who can then plant more malware and/or harvest available data.

Bot: A piece of software designed to grant an outside user complete control of your computer at will. A computer affected by bots is called a zombie, and “armies” of like-infected machines can be used to launch simultaneous attacks on other systems, or send out spam email messages.

Browser Hijacker: Code that replaces search pages, home pages or error pages with its own, allowing further browsing to be redirected to wherever it wants you to go (as opposed to where you wanted to go).

Rootkit: Code designed to gain root-access to your computer and manipulate it into allowing viruses or spyware to install and operate, while hiding from anti-virus scanners by appearing to be a part of the operating system.

Spyware: Differing from viruses in that they are not out to wreck your system, but to gain from it – controlling functions or accessing data for financial gain. Spyware might include keystroke loggers, backdoors, or browser hijackers, among other things.

Trojan: A disguise for malicious software, which may be brought into your computer as something apparently safe, but which can drop one or more harmful programs once inside. For example, an image file might contain code that operates only when the image is viewed, which installs backdoors, bots or viruses at that time, but which is otherwise inert.

Virus: A self-replicating program, intended to cause damage in computers. Pretty much pure vandalism, there is generally no gain for the perpetrators…

Worm: A program that looks for holes in your computer’s security, to get itself inside your computer where it can drop its payload (viruses or spyware). It is not, itself, either a virus or spyware, but may be thought of as something like a trojan. It scans IP addresses, opportunistically looking for entry points to exploit.

Certain Key Words in Searches Attract Malware

Have you ever gone on the web and searched for “free stuff?” I know I have quite a bit, and did not realize the risk I was putting myself in. According to a study done by McAfee released in September of 2010, your chances of being directed to a malicious site are greatly increased when you use the word “free” while searching for music, movies, and other digital content.

In the report, it notes that you are 300 percent more likely to land on a malicious site if you search for free music ringtones. Also, the report states that searching for artists lyrics puts you at twice the risk than searching for “ringtones” for the same artists (first five pages of results).

Including the word “MP3” within your search immediately puts you at risk of reaching malicious sites. According to McAfee, there has been a 40 percent increase in the number of sites that host malicious MP3 files.

In order to protect yourself from these types of issues, it is recommended to not use the word “free” in your searches related to digital media, keep your antivirus up to date, don’t click on suspicious links, and use your best judgment when not sure about the safety of certain websites.

(Credit: McAfee)

Social Viruses

The other day, an acquaintance had sent me an email with the following content:

How to protect your e-mail address book

A computer repairman says this is like having gold.

This is a good thing.
I learned a computer trick today that’s really ingenious in its simplicity.

As you may know, when/if a worm virus gets into your computer

It heads straight for your email address book,

And sends itself to everyone in there,

Thus infecting all your friends and associates…

It went on from there, detailing a scheme to foil malware through the creation of a fake email address in the very beginning of your address book.

The sender, in all fairness, sent this to me to vet before he passed it on to everyone he knew – that was the unusual part.  Normally I receive these emails as a part of a mass-mailing, delivered as Gospel Truth by some well-meaning friend.

First of all, I NEVER forward ANYTHING that was sent to me in a mailing list – especially if it says “Send this to everyone you know!”, even if it threatens me with bad luck!  I know that the purpose of these messages is to cause well-meaning but gullible people to clog up email systems and bring mail servers to their knees. They play on one’s sense of guilt, sympathy, or sense of humor to encourage you to do their dirty work. They NEVER have any other purpose.

On those rare occasions that some new message actually tempts me to pass it on (and this can happen to anyone who is not paying attention – these are designed for it!), I know I can Google the subject or the first line of the message to see what’s REALLY going on.

One of my favorite resources is SNOPES.COM. A Google search of a message like the sample above will almost always turn up a hit from Snopes.  Read what they have to say – it’ll generally cure your momentary weakness. And if the sender is a friend, you might want to send the URL for their particular message back to them.

If you are interested, the information on the above message is right here.