VIRUS ATTACKED!

Ghostrider

Donator
Donator
Joined
Feb 16, 2008
Messages
3,606
Reaction score
2
Points
78
Location
Right behind you - don't look!
I've once solved a problem like this by putting Portable Clamwin (http://portableapps.com/apps/utilities/clamwin_portable) on a SD card in Read-Only mode and launching it from the computer in Safe Mode. The malware can't attack the program on the card and unless it can stop it from running, it should work.
Otherwise, take the HD out, hook it up to a SATA/E-IDE USB device and use another computer's AV software to cleanse it.
 

Urwumpe

Not funny anymore
Addon Developer
Donator
Joined
Feb 6, 2008
Messages
37,588
Reaction score
2,312
Points
203
Location
Wolfsburg
Preferred Pronouns
Sire
me7vv.dll is sketchy. That's not a system dll.

Exactly, it is a random name. Possible that it restores itself if it is still resident in memory when you delete it.

I personally recommend using a Linux liveCD or USB stick, too. It is the most powerful tool against such malware. Also, I recommend you to stop browsing the internet as Admin, and use your administrator rights only when really needed. Requires maybe a bit more skills to set some badly programmed software up then, but without Administrator access rights, it is very hard for a virus to install itself.
 

cjp

Addon Developer
Addon Developer
Donator
Joined
Feb 7, 2008
Messages
856
Reaction score
0
Points
0
Location
West coast of Eurasia
My response to such a situation would probably be:

  1. Make a full backup of all data files to an external medium, e.g. an external hard disk or CD-ROMs. This is ALWAYS a good first step. Do not yet allow your other computers to access the data on this backup, because your backup could contain the virus. To minimize the risk of making an infected backup, only make backups of data files, not of software. I hope you already have a backup of all software installers you need for restoring your system.
  2. Try to identify the virus. If you can not run a virus scanner when booting the infected computer from hard disk, maybe there is something like a Linux live-CD with a built-in virus scanner.
  3. Make sure all your other computers have good anti-virus software, which is completely updated. Try to confirm that the latest updates protect you against the virus you found on the infected computer. If they don't, you'd better wait for a virus scanner update that gives you this protection, before you continue with the next steps.
  4. Using one of your other computers, scan your backup for viruses. If any infected files are found, the best response is to delete those files. If the infected files are valuable documents, you may instead want to send them to an expert who can try to separate the contents from the virus. Maybe your anti-virus software is already capable of doing this for you.
  5. Once the backup is free of viruses, you may want to make an extra copy of it, e.g. on the hard disk of one of your non-infected computers. Just to be sure you don't lose the data because of a mistake.
  6. What I'd do next is re-install windows on the infected computer, by booting from the installation CD-ROM. Make sure to start the setup by booting from CD-ROM, and not by starting the setup after booting from the hard disk. During setup, choose to completely format all partitions on the infected computer. It is extremely hard to get rid of a root kit, so you want to use the most powerful measures. Note that this erases(*) all data on your computer, so having good backups at this point is essential.
  7. After windows is re-installed, but before installing anything else, install the anti-virus software. Perform a full virus check, just to be sure nothing is left of the virus.
  8. Install all the drivers and applications you want to have on the computer. This is a good time to start a habit of checking whether you can trust the source of the software (e.g. don't install things downloaded from obscure websites) .
  9. Restore the data backup you made.
  10. Run a full virus check again.
(*) Technically, most data isn't erased at all, but the file system no longer refers to the data, so the data isn't loaded by the software on your computer. The virus probably still is there somewhere, but it isn't activated anymore, so it should be harmless. It will be overwritten as soon as the disk space is claimed for other files you save on your hard disk.
 

zeldafan156

New member
Joined
Mar 14, 2010
Messages
139
Reaction score
0
Points
0
Location
somewhere over there.
i hope you all realize i don't have a external backup hard drive. i only have a 2 gb usb flash drive(full do to backup of orbiter folder) and some blank cd's.
 

cjp

Addon Developer
Addon Developer
Donator
Joined
Feb 7, 2008
Messages
856
Reaction score
0
Points
0
Location
West coast of Eurasia
i hope you all realize i don't have a external backup hard drive. i only have a 2 gb usb flash drive(full do to backup of orbiter folder) and some blank cd's.

The backups I make of my documents always fit on just a few cd's. And these backups include all digital pictures I ever stored on my computer, all software I've ever written (source code only) and hundreds of pages of documents, reports etc..

I don't know what you need to backup that doesn't fit on a 2gb flash drive. If you have a large movie collection on your hard disk, then you probably have to choose between:

  • losing your movie collection
  • buy some device to make a backup on
  • keep the risk that the virus is still active
 

Urwumpe

Not funny anymore
Addon Developer
Donator
Joined
Feb 6, 2008
Messages
37,588
Reaction score
2,312
Points
203
Location
Wolfsburg
Preferred Pronouns
Sire
also, a one TB external HD does not cost that much today. And such a HD has a longer life-time as any DVDR you can burn
 

Hielor

Defender of Truth
Donator
Beta Tester
Joined
May 30, 2008
Messages
5,580
Reaction score
2
Points
0
i hope you all realize i don't have a external backup hard drive. i only have a 2 gb usb flash drive(full do to backup of orbiter folder) and some blank cd's.
What do you need to back up your entire Orbiter folder for? I imagine that the vast majority of what's in there can just be re-downloaded...
 

Cerebus

Lurking
Donator
Joined
Mar 26, 2008
Messages
52
Reaction score
0
Points
6
Location
Fife
Sounds a lot like XP Antispyware 2010, which will continually flash up loads of fake virus warnings, drop porn links, and disables a lot of antivirus software, also disables task manager and regedit.

Having had this on my wife's laptop I can confirm it is difficult to remove, however this link saved my bacon: http://forums.malwarebytes.org/index.php?showtopic=38629

If you read it through and have some or all of the described symptoms the chances are you have this particularly nasty virus/malware on your computer.

Good Luck
 

Kveldulf

New member
Joined
Jul 7, 2008
Messages
231
Reaction score
0
Points
0
Location
Chicago, Illinois
i hope you all realize i don't have a external backup hard drive. i only have a 2 gb usb flash drive(full do to backup of orbiter folder) and some blank cd's.
My suggestion? Format the USB drive. You can always download Orbiter stuff again. If you really need to keep everything, talk to a friend or family member, and store the files there. Any virus is something to get off your system as soon as you are able. Simply by leaving it, even if it appears to be inactive, you may still be at risk, and if you do any online shopping, that is not a risk you want to take.

I went through backups when my old PC failed. The best I can suggest is go through everything, and sort it into three catagories: Keep, Keep if able, Forget-about-it.

"Keep" is the stuff that you absolutely cannot replace (pictures, movies, school/work documents).

"Keep if able" items are things like save-games for your favorite games, Steam games, Orbiter, and other similar items. Basically, the stuff you can replace if you need to, but would rather not.

"Forget-about-it" items are everything else.

Then, back up everything from the Keep category, rank the rest in order of importance, and back-up down the list until you run out of room.

Or, if you've got $50 to spare, external HDDs are pretty cheap. Wal-Mart actually has some decent computer accessories (hell, I got my laptop there for $300, and I've had no problems with it).
 
Last edited:

MJR

C++ developer in the mix
Addon Developer
Tutorial Publisher
Donator
Joined
Mar 19, 2008
Messages
2,460
Reaction score
5
Points
0
Location
United States
me7vv.dll is sketchy. That's not a system dll.
That is exactly what I was thinking. I was going to make a comment about it, but wasn't sure that is why I asked for him to check it again on the analyzer.
 

Bj

Addon Developer
Addon Developer
Donator
Joined
Oct 16, 2007
Messages
1,886
Reaction score
11
Points
0
Location
USA-WA
Website
www.orbiter-forum.com
also, a one TB external HD does not cost that much today. And such a HD has a longer life-time as any DVDR you can burn

I bought a 300 GB external Western Digital HD a year or two ago. The absolute best $100 I spent. I had a few viruses in the past and it is really a pain to burn them all to dvds/cds in safe mode. Much simpler to have an external HD.

Now you can get the same for still $100, which really makes me mad... :mad: though I still have only even filled up maybe 30% of it.

1TB-My-Book-Essential-USB-2.0-External-Hard-Drive

i hope you all realize i don't have a external backup hard drive. i only have a 2 gb usb flash drive(full do to backup of orbiter folder) and some blank cd's.

Um ok, you can burn your Orbiter media onto a DVD if you want, but you said your using your dads computer am I right? So I would guess that he has a couple gigs you can borrow. Use the network, that's what it's there for.
 

eveningsky339

Resident Orbiter Slave
Addon Developer
Donator
Joined
May 3, 2008
Messages
1,062
Reaction score
1
Points
0
Location
Western Maine
Sounds a lot like XP Antispyware 2010, which will continually flash up loads of fake virus warnings, drop porn links, and disables a lot of antivirus software, also disables task manager and regedit.

Having had this on my wife's laptop I can confirm it is difficult to remove, however this link saved my bacon: http://forums.malwarebytes.org/index.php?showtopic=38629

If you read it through and have some or all of the described symptoms the chances are you have this particularly nasty virus/malware on your computer.

Good Luck
My wife's desktop had a similar (or the same?) virus a few months ago. If I recall correctly I had to download a rootkit removal program specifically made for that infection on my Linux, and then put it on the infected machine via my ipod. Long story.

As for the subject of this thread... it sounds like the OS is pretty burned. The simplest thing to do at this point is a complete re-install of Windows, which after XP became a cumbersome process to say the least.
 

Bj

Addon Developer
Addon Developer
Donator
Joined
Oct 16, 2007
Messages
1,886
Reaction score
11
Points
0
Location
USA-WA
Website
www.orbiter-forum.com
after XP became a cumbersome process to say the least.


You mean for data recovery? or for OS installation? I found Win7's install actually really easy. About as simple as XP or Ubuntu..

The only problem was that my Nivida card is 'old' and not initially supported by 7, so I had to download a driver from Nividia for it to work.
 

doggie015

Addon Developer
Addon Developer
Joined
Oct 17, 2007
Messages
351
Reaction score
0
Points
0
You mean for data recovery? or for OS installation? I found Win7's install actually really easy.

Well, I can tell you one thing: for data recovery the Win7 install DVD is a real pain in the :censored: as it was not designed for that, I recently used something called UBCD4WIN (Free for private non-commercial use. Available from http://www.ubcd4win.com/ NOTE: You need an XP CD (Preferably SP2+) to build the WinPE environment it runs in!) to restore my Win7 MBR after a ubuntu ininstall went bad and windows could no longer boot, and it worked very well.

If you are installing Win7 from the install DVD, then it is the simplest installation process yet; just accept the defaults, press the big "Install Now" button, accept the defaults again and away you go!
 

eveningsky339

Resident Orbiter Slave
Addon Developer
Donator
Joined
May 3, 2008
Messages
1,062
Reaction score
1
Points
0
Location
Western Maine
You mean for data recovery? or for OS installation? I found Win7's install actually really easy. About as simple as XP or Ubuntu..
I'm thinking of Vista's lack of a bootable disc, specifically. Did Win7 reverse this nasty change?

The only problem was that my Nivida card is 'old' and not initially supported by 7, so I had to download a driver from Nividia for it to work.
I've had to install both Nvidia and wireless internet card drivers. Try downloading those without the wireless. :lol: Yet another use of my iPod to transfer files...
 

Bj

Addon Developer
Addon Developer
Donator
Joined
Oct 16, 2007
Messages
1,886
Reaction score
11
Points
0
Location
USA-WA
Website
www.orbiter-forum.com
to restore my Win7 MBR after a ubuntu ininstall went bad and windows could no longer boot, and it worked very well.

Did you restart and see the GRUB screen? Then did you select Win7? If that didn't work, use Gparted next time to set bootable, or you can use fixmbr...



I'm thinking of Vista's lack of a bootable disc, specifically. Did Win7 reverse this nasty change?


I've had to install both Nvidia and wireless internet card drivers. Try downloading those without the wireless. :lol: Yet another use of my iPod to transfer files...

Vista's lack of bootable disk? what? You can boot from any OS disk AFAIK, you just cannot boot windows from a disk like you can Ubuntu.

If you had wireless driver problems, why not use a wired connection to first get the driver? Oh well, interesting use of an iPod anyway :lol:
 
Top