Getting rid of a virus yourself
Community Forums/General Help/Getting rid of a virus yourself
| ||
| Hi, does anyone here know how to get rid of a virus by editing the affected .exe in Notepad? I've noticed that when McAfee fixes it, all it seems to do is delete a section of code at the end. But when I tried to do the same thing, the rocket icon got replaced by some other icon, and when I ran it, all it did was show a small DOS like window for a second before quitting. I want to learn how to do it myself because my trial version of McAfee's going to run out soon, and it's the only program that's ever been able to fix the virus I have, which is called W32/Virut.n.gen. It's a low risk virus, but it's enough to get my programs blocked whenever I try to run them on other computers. Here's some more information about it. http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=154055# Last edited 2010 |
| ||
| Low risk? Says right there this will download malware and install it on your computer! You should really get Hiren's Boot CD, which comes with AV software on it - boot your computer through this CD (which uses Linux) and let it scan/remove all infected files from your HD. Really - manually editing files trying to remove virus is a waste of time. Also, the virus is clearly running in the background, and will re-infect everything you just edited. Better option is to run a LiveCD like Hiren's - which can't be infected, and be sure to have a clean system. |
| ||
| does anyone here know how to get rid of a virus by editing the affected .exe in Notepad? First off, you're going to need to use the proper tools. Using Notepad is guaranteed NEVER going to work. Notepad will automatically replace any carriage return OR linefeed with a carriage return PLUS linefeed characters. Open an .exe and immediately save it under a different name, and you'll see that it now has a different file size and will no longer function, and that's without you making any direct changes yourself.) At the very least, you're going to need a HEX editor, like xvi32 or something. That said, it's most likely an exercise in futility, since you may need to 'fix' thousands of files on your computer. I'd strongly recommend having an actual antivirus program take care of it. If nothing else, try Microsoft's Security Essentials -- it's free, and not half bad. (It was able to clean some infected files for me where McAfee would only scream that they were infected, but could not clean them) http://www.microsoft.com/security_essentials/ Low risk? Says right there this will download malware and install it on your computer! to some antivirus vendors, "low risk" simply means that "you're unlikely to catch it", not how much damage it can do if you ARE infected. I've run into a trojan recently that got a "low" rating from McAfee, and "Critical" from Microsoft. Last edited 2010 |
| ||
| Yeh, but the files are probably the least of your problems at the moment. Have you got a 'Virut.n.gen' (or similar) process running on your system? Search your hard-drives (mainly C: (boot)) for 'W32' or 'Virut' to see what is installed. |
| ||
| I bring your attention back to this: http://www.blitzbasic.com/Community/posts.php?topic=89502 Sometimes people say they get virus warnings from my downloads though. Does anyone else have this problem? You posted that 7 months ago. EDIT: You need to go back and delete any download links that you have posted that may be a threat: http://www.blitzbasic.com/Community/posts.php?topic=86761#983487 Last edited 2010 |
| ||
| I say you take off and nuke the entire PC from orbit. It's the only way to be sure. |
| ||
| The problem with the method of "editringt the file yourself" is that by opening the file, you risk "running the virus code". It's not recommended. Ideally, I'd suggest turning off any backup/sytstem restore fuincitonality, totally deleting the file (Not placed in recycle bin), then running the virus chcker again to make sure. Since you mentioned it, you can get a dedicated removal tool for Virut from Grisoft I could emnail you it if you cannot find it. |
| ||
| I say you take off and nuke the entire PC from orbit. It's the only way to be sure. But this is a multi million dollar application, he doesnt have that kind of authority hes just a coder ;) |
| ||
| Xlsior, I've always wondered about that kind of stuff, thank you. I'll look for xvi32, and I've now downloaded Microsoft's Security Essentials. I thought you had to pay for any good antivirus program these days. Puki, thank you for reminding me about those files. I'll replace them all with fixed versions today. Sorry to anyone who might have downloaded them before, that was back when all the antivirus programs I ran into blocked them, but wouldn't tell me why, so I thought it was just because they thought Blitz3D programs looked suspicious. Malice, that's really useful, thank you. Here's a link to it if anyone else needs it. http://www.avg-antivirus.com.au/avg_virus_removal.htm Last edited 2010 |
| ||
| You cannot edit an exe in notepad (or any other 'binary' file for that matter), if you save that then you will screw up the binary by adding text encoding to it. What you need is a hex editor with built in dissasembler.. and you need to be pretty cluey with assembly language (which is just human readable machine code). Best bet is to use a virus tool. Edit: ok already covered, sorry :D Last edited 2010 |
   |