New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
HTML Virus
Guys
one of my pc is infected with a virus and it is doing the following to my pc
1, add a long stuffs to each of the html files i have on the pc
2,the files are now 245kb each (prev max of 15kb)
How do i get the virus off the pc
the pc is hp 650 ,windows7 core i3 and i have windows essential installed
Comments
In all seriousness, install Malwarebytes Anti-Malware and run their scanner. They are amazing at catching malware.
Yup Malwarebytes AM should do the trick. As for restoring the HTML files, I have no idea.
i have plenty backup for that.....
thankx
@enitan092, I would like to know, do you have a weird running process in Task Manager?
Try to make an empty .html files, put it in the Desktop, press Refresh/F5, and try to see if the .html file modified or not. If yes, then the virus is running in the background.
Try to make an empty .html files, and open it using browser such Internet Explorer and Firefox, if it's modified, then the browser were hijacked.
If Malwarebytes didn't work, try to use Avira to scan the system, or use HijackThis to remove it manually.
any newly created blank html increase in size ...
Malwarebytes is busy scanning....
will get back to you guys on this..
thanks alot
Could you pastebin the source code of one of these HTML files? I'm curious
If you had a hacked server, you'd nuke and reinstall the OS. Why would you treat a desktop any differently?
Some people just don't have the time or balls to do it.
If this malware was adding crap to HTML files, it was probably also adding to other files too. If I were to make something like this (I wouldn't) I would also target other frequently shared file types like pdf, docx, images etc. You might want to compare all your files to a trusted backup. Just don't mount the backup on the infected computer without a complete reinstall.
I'm curious if you noticed the modifications because you had the files open or did the file's date modified attribute get changed?
I suggest that you run the trail version of ESET Smart Security, the real-time protection shields should detect the virus pretty fast.
Since the empty .html were modified, try to check the folowing :
I've reinstalled multiple times with the same license key. Never had an issue. Activated every time without issue.
I've also changed hardware - even mobos/CPUs - and never had an issue.
If I did have an issue...I'd call Microsoft and by all accounts, they're pretty generous.
Every time I reinstall (laptop license) it wants me to ring Microsoft with some code. It always accepts it when I do, and it's all automated so no problem but it's just annoying to have to do, so I'm fine with that "this copy of Windows is not activated" popup and not having a background lol
but yeah you can reinstall Windows as much as you want
Hehe.. There's a time, when they limit the maximum number of re-activation.
And not only Microsoft Windows licensing, but also another application which is sometimes only worked for one time, and only at a limited promo ( giveawayoftheday, for example), and sometimes only worked for one motherboard/cpu/something unique.
Imagine too, if we had to reinstall some of Adobe applications, some multimedia player, some programming stuff+license, some antivirus license+updating the database, plus backup the Webmoney, cryptocurrency database (like Bitcoin, Dogecoin, Diamond, 42coin), etc etc
Maybe we can do that, but it took some amount of time to complete it all.
Normaly you should nuke your computer after a virus instead clean it up.
Reinstall and selectively restore from backups - don't open any executables from backups!
You really keep all that on your Boot partition?
No, but not all Windows users care to move the installation location. Some people are not expert, not all of them
So, we should understand how sometimes we had to clean the virus rather than just simply reinstall the OS.
here is the paste bin link.
pastebin.com/c1L2EqXx
Looks like it's basically trying to delete svchost.exe when the HTML file is executed.
svchost.exe still exist
the vb script is just making the files larger
Hmmm, I could be wrong then. It was just a guess
svchost.exe seems to be the target
This won't work unless you run it in internet explorer
superantispyware, anti malware bytes cc cleaner and eset nod 32 should do the job also checking files and folders and running processors.
Backup, Wipe and Re-Install.
so everybody...
the following got me out of the virus issue.
malwarebytes and avast premier.
it took avast 3hr plus to scan and delete close to 4000 of files
To me it looks like it's trying to inject some code into svchost.exe, rather than deleting it. Assuming you don't run it in IE with administrative privileges, there shouldn't be any damage.