The other day I was trying this on my pen drive.To my consternation I found an autorun.inf file and another named qawsx.exe.The second file got me suspicious.
These files remained even after multiple scans using my anti-virus software.I noticed that these files were created when a usb drive was plugged to my pc.
That told me two things:
1.A running process was copying these files to the usb drive.
2.My usual anti-virus and anti-malware software were not detecting this malware.
I uploaded the file to virustotal.com for further analysis.The result indicted that only 4 software indicated that this was malware.A google search indicated that Prevx would remove this malware;this was also one of the softwares that detected malware in the virsustotal result.
I downloaded Prevx and scanned.It gave me the location of the malware but would not remove it without me purchasing the license. The malware was present in a hidden folder in the system partition alongside system files.
I simply deleted the file using my method.This was successful as a another scan using Prevx indicated that the malware was not present anymore.
Saturday, November 28, 2009
Tuesday, November 24, 2009
How to Delete Viruses Manually?
Previously I've described Unlocker,Virustotal.com, and how to view hidden folders.At present these are the tools needed to manually delete viruses.
1.Start off by viewing the target drive using a file manager.
2.Most viruses are stored in hidden folders;these can be easily viewed in a file manager.
3.Next browse for files that are not user created;especially ones with suspicious names including autorun.inf files.
4.However some folders like the system volume information folder and others are system data;dont delete them unless you know what you're doing.
5.Then delete the file;in case a message "unable to delete,file is in use" or something similar is displayed use unlocker to unlock the file.
6.Now in case of doubt use the virustotal service to get a broader opinion.
In my next post I'll describe my experience when I tried this on my usb drive.
1.Start off by viewing the target drive using a file manager.
2.Most viruses are stored in hidden folders;these can be easily viewed in a file manager.
3.Next browse for files that are not user created;especially ones with suspicious names including autorun.inf files.
4.However some folders like the system volume information folder and others are system data;dont delete them unless you know what you're doing.
5.Then delete the file;in case a message "unable to delete,file is in use" or something similar is displayed use unlocker to unlock the file.
6.Now in case of doubt use the virustotal service to get a broader opinion.
In my next post I'll describe my experience when I tried this on my usb drive.
Saturday, November 14, 2009
Antivirus Software Uninstallation Issues
One thing I've faced about a few antivirus software is that they will not install if any other anti-virus software is present.In most cases no other softwares are installed;just leftover files are present in the C drive.
These traces can then be removed using anti-virus removal tools made by the respective companies.These tools can also be used if the software cannot be removed using the Add/Remove option in control panel.
For example to remove avast download the avast uninstall utility,boot into safe mode and run the utility.Here's the download link:
Avast Uninstall Utility: http://www.avast.com/eng/avast-uninstall-utility.html
The steps to be followed are similar for other anti-virus software.Here's the link to download these tools:
1.AVG Remover: http://www.avg.com/download-tools
2.BitDefender Uninstall Tool: http://www.bitdefender.com/KB333-en--How-to-uninstall-BitDefender.html
3.F-Secure Uninstall Tool: http://support.f-secure.com/enu/corporate/downloads/removeav.shtml
4.Norton Removal Tool: http://www.softpedia.com/get/Tweak/Uninstallers/Norton-Removal-Tool.shtml
5.McAfee Consumer Product Removal Tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml
These traces can then be removed using anti-virus removal tools made by the respective companies.These tools can also be used if the software cannot be removed using the Add/Remove option in control panel.
For example to remove avast download the avast uninstall utility,boot into safe mode and run the utility.Here's the download link:
Avast Uninstall Utility: http://www.avast.com/eng/avast-uninstall-utility.html
The steps to be followed are similar for other anti-virus software.Here's the link to download these tools:
1.AVG Remover: http://www.avg.com/download-tools
2.BitDefender Uninstall Tool: http://www.bitdefender.com/KB333-en--How-to-uninstall-BitDefender.html
3.F-Secure Uninstall Tool: http://support.f-secure.com/enu/corporate/downloads/removeav.shtml
4.Norton Removal Tool: http://www.softpedia.com/get/Tweak/Uninstallers/Norton-Removal-Tool.shtml
5.McAfee Consumer Product Removal Tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml
Monday, November 9, 2009
Troubleshooting Inaccessible Websites
At one point I was asking myself "what would I do if a website was not opening".A year back I would've left it at that.Coming to the present I came across a some interesting sites and did a little research.This blog is the result of that...
Coming back the first thing to do is to check if others can access the site.A very popular way is through Twitter.Or ask people who you can chat with.In case you want todo it yourself head over to downforeveryoneorjustme.com and enter the site name.Clicking on just me will tell whether the site is accessible to others.
In the first scenario (site is down for you alone) try opening the site in different browsers.Check your network,firewall settings and so on.
In the other scenario (site is down for all) the solution is to access a cached version of the page stored on a different server.Here's a few ways to do that:
1.Search the url in google and clicked on cached to access the page.
2.Add nyud.net to the url.For example in the case of google.com change the url to google.com.nyud.net
3.Try web archives like web.archive.org or webcitation.org.However they usually have older versions stored in the site.
But if you're using firefox just use this addon to automatically search in these sites.
This is all I've on the topic..atleast for now..
Update:There is another addon for firefox users that performs the same function:https://addons.mozilla.org/en-US/firefox/addon/13694
Coming back the first thing to do is to check if others can access the site.A very popular way is through Twitter.Or ask people who you can chat with.In case you want to
In the first scenario (site is down for you alone) try opening the site in different browsers.Check your network,firewall settings and so on.
In the other scenario (site is down for all) the solution is to access a cached version of the page stored on a different server.Here's a few ways to do that:
1.Search the url in google and clicked on cached to access the page.
2.Add nyud.net to the url.For example in the case of google.com change the url to google.com.nyud.net
3.Try web archives like web.archive.org or webcitation.org.However they usually have older versions stored in the site.
But if you're using firefox just use this addon to automatically search in these sites.
This is all I've on the topic..atleast for now..
Update:There is another addon for firefox users that performs the same function:https://addons.mozilla.org/en-US/firefox/addon/13694
Subscribe to:
Posts (Atom)
Posts
