My response below assumes your friend is using Windows. I guess I
shouldn't necessarialy make that assumption. I am a bit biased.
Anyway, if he is not running Windows, then please ignore my removal
instructions. However, the backup suggestion is still applicable.
While I appreciate the sincerity and truthfulness of Jason's response,
it is a bit pessimistic. Getting a virus is not all that rare and
therefore you don't always just want to wipe out your data. :) I think
it is worth a shot to see what you can do to fix it first, even though
the risk of the virus persisting exists.
For a long term solution, your friend might want to think of a good
backup system. I like to use rdiff-backup. The key is versioning.
Mozy gives you similar functionality for a small cost (free if it is
<2GB) and I think it is really slick (and it works with Windows). The
problem is that, like Jason said, the virus could be anywhere and, when
you backup your stuff, the virus might get in a backup. With
versioning, if you end up having to wipe your system, at least you can
restore your precious data from a certain date when you are comfortable
the virus was not present.
However, since hindsight does not afford this luxury, here are a few
very general ideas to try to remove the virus manually. Most of these
require the internet, but just to look stuff up for the most part. You
could probably use a different computer to look up stuff on the
internet.
1) Viruses have to put themselves somewhere where they can be executed
in order to have any effect. There are divers ways which this can be
accomplished, but here are some common ones that are easy to fix:
- The start up folder (I forget what it is called exactly since I
dont' use Windows, but I know there is a folder in Windows where each
executable the folder contains will be executed at startup).
- The registry. Once again, I wish I could remember exactly where
but here is my best guess (do this at your own risk because you can
really mess stuff up in the registry).
* Open registry with "regedit" command
* Look under "HKEY_LOCAL_MACHINE" -> "SOFTWARE" -> "Microsoft"
-> "Windows" -> "Current Version" ->
* Look for anything fishy. If you are not sure if something
belongs, you can always Google it and you'll usually find a pretty
clear answer. There shouldn't be more than about 1 to 15 items, so you
could just check each one if you want.
* If you find something that doesn't belong, first check what
they value is, then delete the entry. This should stop it from being
able to start up. The value is what is actually being executed. Find
that file and do a search for anything like it and delete all of that
stuff, but try to be careful not to delete anything that looks
important. ;) You should probably also search online (Google it and/or
search existing virus definitions on the Symantec website) for specific
removal instructions relating to the file you found.
2) Look at the running processes. (Ctrl+Alt+Delete -> Processes Tab).
Once again, look for anything fishy and Google it if you are not sure.
Also search Google/Symantec like in the previous step for any further
removal instructions you can find.
3) Lastly, you could try putting the drive in an external enclosure or
even directly into another computer (but don't boot from it) for the
purposes of at least being able to run antivirus software on it (rather
than just trying to copy your files directly off). Maybe you'd have
some luck with that.
I hope this is helpful to you. I am no virus expert, so I apologize if
I said anything incorrect or even stupid. I hope everyone will feel
free to correct me or add to what I have said. Good luck!
Dustin McQuay
Jason wrote:
On Thu, 6 Sep 2007, Kenneth Buu wrote:
One of my friends has a virus in his computer that will not allow him to
access internet whatsoever, thus preventing him from downloading any
anti-virus software on the internet(I guess he didn't have any anti-virus
before). He has tried downloading anti-virus software from other people's
computer, but the computer refuses to recognize it. What shall he do?
The only safe way to clean up after a virus is to wipe the disk and reinstall
everything from scratch. If you're feeling lucky, you can put the disk in an
external USB enclosure and pull your files off, but you run the risk of
copying over infected files that can end up reinfecting your system.
Installing anti-virus software can *sometimes* make a system safe after an
infection, but it's a losing battle (despite what the manufacturer might tell
you). There's no guarantee that your system is actually clean, even if the
software says it removed the virus. It's only clean as far as the anti-virus
software can tell.
--------------------
BYU Unix Users Group
[1]http://uug.byu.edu/
The opinions expressed in this message are the responsibility of their
author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG.
___________________________________________________________________
List Info: [2]http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
References
1. http://uug.byu.edu/
2. http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
--------------------
BYU Unix Users Group
http://uug.byu.edu/
The opinions expressed in this message are the responsibility of their
author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG.
___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
