March 29, 2024, 01:10:40 AM

News:

IonicWind Snippit Manager 2.xx Released!  Install it on a memory stick and take it with you!  With or without IWBasic!


A little help against a virus.

Started by Andy, May 03, 2018, 06:44:20 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Andy

May 03, 2018, 06:44:20 AM Last Edit: May 03, 2018, 06:57:29 AM by Andy
Recently, I decided to start updating my alternative task manager which has the option to kill off a running process.

My friend contacted me and said he had a virus on his PC - so I went to have a look...., when one program was opened, it kicked off another one, the virus.  Now I've done a lot of work over the years playing cat and mouse with viruses and cleaning machines, so I thought this might be of interest to you.

This little program I wrote for my friend - simply to see if I could stop the virus - which it does.

Of course the correct thing to do is to clean the machine (which I did), but you might like to have a play around with it.

Instructions:-

Create a folder,
Build the program (Single build)
Then run it as Administrator.
Click "Start"
Open notepad
Open cmd.exe (command prompt)


cmd.exe should be killed off instantly (but only when notepad is running).

Type in two .exe names, here I'm using notepad and cmd.

This program will first check if notepad is open, if it is, it will then check to see in cmd.exe (command prompt is ALSO open), if so it kills off cmd.exe

So it's looking for one exe that invokes another and stops the second one.  This behaviour is typical of what a virus does - but it does need the exe names to stay constant.

You can of course enter two different exe program names of your choice, just click "Stop" then enter the two new exe names and click "Start" again.

This code shows you how to check if multiple processes are running at the same time - another use for it, if you can do it for 2, then why not 4, 8, etc...

Just a little offering, it may be of some use.

Andy.



Day after day, day after day, we struck nor breath nor motion, as idle as a painted ship upon a painted ocean.

aurelCB

A little help ..maybe
you may stop process but you cannot kill virus because most of them
create copy in restore point on windows .
Only 100% proper way to remove viruses from your HDD is to
kill partitions with linux tool called GParted and new clean installation of windows.
Also good help is Kaspersky Antivirus.

Andy

May 10, 2018, 03:49:39 AM #2 Last Edit: May 12, 2018, 05:04:55 AM by Andy
That is one good way of getting round a virus problem, what I've found is people want to keep their existing windows system so removing virus without destroying the system is another skill in itself.

What people do forget is that when their machine is clean again, they go and plug in a USB stick / drive that they were using whilst the machine was infected - and would you believe it - they virus get back on again.

My process to clean a machine:

1. Run Malwarebyte and delete everything it suggests.
2. Run Superantispyware and again delete everything it suggests.

If the problem persists, take the drive out and connect it to another (clean) machine and scan it from there.

Worst case:

Copy all the documents, photos etc to a clean machine (scanning as you copy), deleted the partition and start a clean install of windows.

One very common thing a virus will do is to turn off system restore - now I've covered this before, once system restore is turned off, you lose all the restore points - so you cannot go back to them.

Turning off system restore can be done in the registry, but I'm not going to post how, as some people will use it for the wrong reasons  >:(. Something I've made great effort to stress in my registry tutorials (what I share and what I won't).

The above code was simply an exercise just to see if I could stop the virus - not stop it from running again, anyway I cleaned his PC of it and everyone was happy - just the way I like it!

Andy.
:)   
Day after day, day after day, we struck nor breath nor motion, as idle as a painted ship upon a painted ocean.

h3kt0r

I'm running windows 10 and found out that "restore points" were disabled.
I went to search for an alternative and found "Rollback RX" which is free for personal use.
This saved my ass a few times already. Virus, bad update, wrong driver, whatever : "Rollback RX" will
do the trick...
100% recommended.

http://horizondatasys.com/