Probable Virus - I need Advice

Last night a friend was using my laptop and this morning I had several open IE windows and a small open window in the top left of the screen saying something like "script run". The only way I could close the windows was to go into Task Manager and do it from there but when I tried to shut down the computer it went to the shut down screen but would not shut down. The only way I could shut it down was to hold the power button and even that took a long time. My computer has a SSD as the C Drive and Platter HD as the D Drive with an mSATA cache on the D Drive and when next I started the computer it froze at the RAID setup screen with an error message which stated that the D Drive was incompatible. After Windows started Norton reported that my virus definitions was out of date and my spyware was turned off. Norton ran to up date its definitions and now states all is okay but the definitions were updated 13 hours ago which I know from experience is not right. Also my D Drive has disappeared. It is visible in BIOS only. I decided to un RAID the D Drive to try and get the drive back so it is visible so when I run a virus scan it looks at the D Drive also and during the computer restart I hit Control I to set the drive to Un Raid and I got an error message saying doing so will delete all data on the drives. If the drives were a standard RAID0 then this is true but can some one confirm that it will not damage the data on the D Drive if it is only a mSATA cache setup? Well the good news is Norton has reinstalled correctly and now reports all is okay. I have done a scan and removed several threats but I have no idea if these "threats" was the cause of my problem. After a couple of restarts IRST did a check and now the D Drive has come back. I am in the process of doing a comprehensive scan of both the C and D drives and tonight I think I will have a little chat with my friend about on-line security

 

Yeah, you need to keep them from the admin account too..................

 

You know that is a really good idea. Usually I am the only one who uses my computer so I only have the one account but I think I will set up a Guest account and make sure whenever I allow her to access my computer she is using the Guest account.

 

If you want to make sure there is no virus or malware I suggest you join MajorGeeks Forum

Then follow the instructions in the thread READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker)

One of the experts will help you check and clean your computer

All the best, woz of oz

 

Thanks for the advice Woz.

I run Nortons 360 and after I got it running properly it fixed my problems. After that when I next did a restart of my computer the D Drive came back and the subsequent scan of everything came up clean.

 

This should be a lesson to learn the hard way never give your admin account to your friend to use. And considering the spyware detector was off would mean your so-called friend was most likely looking or doing something on your computer that they wouldn't do on there computer. I would say the next time she ask tell her to get her own computer and do her own damage to her laptop and not yours unless she is willing to pay for the fix. That isn't a real friend to run unauthorized scripts and turning off your spyware would mean they weren't treating you as a real friend. And again never allow your friend to use your admin only guest and you should tell them they now have a Time-Out from using your computer and they should think really hard about getting their own computer if they feel they want to do what they did to you computer and never told you what they did. Real Friends don't damage anothers computer.....tell them that....

 

^^^^^ Some excellent advice right there...

I have a separate laptop to be used by guests in my household. No one - but no one - touches my wife's or my machines if they want to die with as many fingers as they were born with. No exceptions. End of story.

 

I've had to fix my daughters machine because she was shopping for things at sites that just ended up getting her. Not that she was shopping for something bad just not educated enough on what not too click. The same can be said for my son in law. It isn't that they are going anywhere underhanded etc. just that these people out there just keep trying new ploys and even the best of us can get caught. No matter how smart you think you are there is someone out there that is smarter and if not there will always be a few combined that are.......................

 

I had a look at the Internet history and she was poking around on some Russian XXX sites. My guess is she hit the wrong button and the site did the rest. She is literate but not computer literate and she wouldn't know how to turn the Spyware off herself much less know what a script is. So I am guessing a little popup window came up with a "just press this button to gain access to exclusive content" or some such thing and she pressed the button.

I take your point about the lesson. I have always used good quality AntiVirus and Spyware software but I also take care about what I do online. Maybe the Antivirus actually saved me from more permanent damage. Anyway I now have a Guest Account set up on my computer and tomorrow when she comes around we are going to have a little talk

 

You've probably read this already or know about it.
It is a good idea, even for an owner/administrator, to run his machine for daily work in a standard user account - not in an administrator account.
When the system is run as administrator, everything is wide open. Certainly with the newer Win versions the UAC will still popup to help but it might be to late with smart malware.

You can use KeePass Password Safe to store passwords and easily access the administrator account while running in a standard acct. if needed. By using it you can create a stronger password for the admin acct. than you would without it. A guest acct for this one might be a good idea too.

No one touches my primary machine

My $ .02 cents

 

Yes, a little extreme for in the safety measure but yeah those sights and going there can be a nasty business when you get scripted. But those sights popup because they failed to observe proper computer usage on another person account and computer. But do tell her in the future if that happens she need to inform you and not just walk away as though nothing happened. Just make a Guest account as you mention and but better yet if your using Windows 7 make a user account with limited rights cause I think even guest accounts might have some issues at least with a user account you wipe it clean and any attempted installs will fail to work or install. But also have a talk with your friend about how it happened cause if it wasn't any malicious then she should be able to just talk to you about it. But yeah as I tell friends and family never leave your admin account open usage as your asking/inviting trouble to head your way. Just be sure the next time to maintain your A/V-Malware spyware detectors up to date and only with the admin account so no one can turn those off if they should think to try it again. Scripts can be a tricking business to kill but as long as that sight isn't able to install without admin account then you put some stop to it and just wipe/delete the user account associate with that user and all info/data on that account will be wipe away then do a complete scan to make sure nothing is left behind.

 

Heck, I recommend Keypass myself and it's free - I have it installed on my admin account and a portable so when I go somewhere I don't have to remember all the many site and passwords should I forget them which there are lots of them. But make sure if you get keypass make it password protected as well and don't leave that wide open either.

 

Maybe one of the mods will let you borrow their secret weapon. Use it directly on your hard drive and it will wipe out that virus hands down!

 

Nothing that I hate more when using a computer than feeling like it's been compromised.

Have you tried the Systernals Rootkit Revealer tool? I've never found anything useful with it (this is a good thing), but If you've done all the other routine checking (startup folder, registry, temp folders), then might be worth a try.

Might also try the Trend House Clean (free online AV scan and clean). I always like to try multiple different AV vendors, as sometimes one catches what the other doesn't.

Finally, if you notice a file is suspicious (such as in Task Manager), maybe take it and upload it to virustotal for a free scan. Virustotal checks it against a billion different AV engines (it's a good bet if something is wrong with the file, virustotal will find it).