Removing a virus

So I went to bed two days ago, and my laptop was perfectly ok. Sometime in the night, I heard it restart but I didn't think anything of it. The next morning, I wake it up and it has one of those viruses that are disguised as an anti-virus.. MB data tools I think it's called or something like that. Anyway, just wondering how you're suppose to get rid of it, and if it's not possible by now, how to format my computer.

I've tried system restore, and I was able to restore it to about two months ago but it was still there (so maybe is was just chilling on my computer for more than two months? idkbro).

Now it's blocking all my programs such as system restore, my actual antivirus, all that shit. How do you remove this sucker?

Also, how do you format a computer? I try right clicking on my C drive and clicking format, but it doesn't let... I'd tell you what it says exactly, but I'm at work right now, didn't bring my laptop...

 

Virus' usually shut down/disable anything that could remove it indefinitely, I would say take it in asap to a computer shop and let them deal with it. If you haven't had experience cleaning computers with virus' I think that would be the best option.

Alternatively, have you tried reinstalling your OS?

 

Oh yeah, meant to put that, my laptop didn't come with it's OS disk, so I can't format it through that means.. I'll see how much my tech shop charges to format but I don't want to pay 60 dollars to do something that I could do myself if anyone can instruct me on how

 

You can't format the C:\ drive when you're using it..

First, I'd try creating a new user account and logging into that one to see if it is a user-specific virus. A lot of the fake AV viruses tend to be that way. Make sure you use an account you just created, not one that was there before you got infected.

EDIT: Oh, don't format anything unless you have a backup plan. If you format the drive of your only computer, then what are you gonna do without the disks??

 

I was going to pirate a copy of the OS on my desktop, burn it to a disk, and use it on my laptop.. :>

What do I do if an alternate account works?

 

All laptops come with a format function. Mine, while booting will enter in recovery mode if I hit F9...

Try reading the manual or something.

 

If an alternate account is able to run virus free, then in most cases it means the virus is user-specific. This means that you can usually "deactivate" the virus by changing the name of the infected user.
Are you using Win7?
If so, go to your C:\ drive, click "Users" and a folder should open up with all your user files in it. Find the name of the infected user and right click on it. Select "rename." Change the name of the folder to something other than what it was before. Any small change should suffice. One way I like to do it is to just keep the same folder name but add ".old" to the end of it.

So if the name of the user was "Sythe", You should change it to something like "Sythe.old"

I am not guaranteeing that this will work, but it tends to be a quick-fix for user-specific viruses. It will not mess up anything if it does not work though, so no worries.

 

Would be pointless if he doesn't have the OS on a disc/usb.

 

Ok. first you can't format the partition with your OS installed on it using windows.

The only way to do that is by using a formating disk such as Dariks Boot and Nuke.

If you still had the Windows OS Cd. I recommend you do a clean install to remove all viruses.

If you do not have one, may i suggest installing a portable version of SuperAntispyware: http://www.superantispyware.com.

This scanner can resist being caught by any sorts of viruses.

Good luck!

 

Holy shit I think I beat it out... initially the virus wouldn't let me use the internet at all, nor any program, but I got safe mode to work and got into msconfig. I found the only program set to run on startup which had to have been it because one, the command line had /secret/autorun at the end (whatever that means) and before my computer was infected, I had unchecked everything for faster startup. I went through and deleted it everywhere I could find it. Even in the regedit (which I don't know if that was the right thing to do, but it seemed to have worked.) So I created a new profile, erased everything I could, and now I'm able to open anything I want, no intrusion of the virus, and I got malwarebytes downloaded and running.

All in a days work, I suppose! Although, I still might get it wiped at a local tech shop, just for good measure. I've already backed up my pictures and documents.

 

Glad you got everything figured out.

 

With that virus, all you need to do is wipe your all users App data folder and it will get rid of it. I help out with my brothers small computer fixing company and this virus happens on so many laptops for some reason. Don't bother with getting it wiped, if you really want, re-install windows yourself. For this kind of Virus, I recommend AVG .

 

Format function inside the HDD... That's why you hit F9 while booting, to enter that function.

 

Thanks for the help guys. I think I'm still going to format once I burn a copy of W7 just because I want to be sure, and I want to remove all my apps and I don't want to have to go through and manually delete them all.

 

You have an option with every OS disc to format HDD, so its pretty easy.

 

When you are virused etc, you can almost never fully remove all aspects of the virus or of the program as it has so many mini sub files that plant themselves through out your computer. My suggestion would to be to do a full hard-disk reformat. You would need to make a backup of any important files and pictures that you would need, and then you would have to install windows and burn it onto a CD. I will post a guide on how to do this and PM you the link as it is a thing many people would probably need to know how to do, It will wipe your whole harddisk and you can start from fresh, the safest thing to do.