Ramon Niebla writes:
My Dell Inspiron Windows 7 laptop has a trojan virus, and it has taken over the Services.exe file. So if I restore it to a previous time, the chance of it still being there is high since I’m not sure exactly when I got the virus.
I found the virus after I installed AVG Antivirus (from the actual website, so I know I did not get it from there); it told me that it was unable to remove it unless I did it manually. So after getting an official service.exe file from my other Windows 7 laptop (Home Premium 64-bit, just like the infected one) and trying to replace it, it would not let me. So I’ve come to the decision to reinstall Windows through a USB drive, but also format the hard drive in order to remove it and start clean.
I’m doing this because I would rather not pay Dell tons to do it since I know there is a way that I can do it for free. I have researched extensively and am still worried that I will do something wrong since this is the first time I am doing a reinstall and format. Have you ever done any self repairs like this on your Windows laptops? If so, how difficult was it for you and do you have any tips that will keep me from messing up?
This type of virus is particularly nasty. One of the first things it does is attempt to blind the anti-virus software on your system so that it can do whatever its malevolent intent is without hindrance. AVG is one of the packages that can be blinded. This does not mean that AVG is bad. Many people use is and are comfortable. However, you are dead in the water without additional help.
You could take the hard drive out of your laptop and install it as an external drive on another machine. Then any good anti-virus package should get it. You could also download a live version of anti-malware that is run without being installed on your hard drive. In the past, I would also have recommended downloading RKill from Bleeping Computer. This is a little app that dives deeply into your machine and attempts to close open processes known to be harmful. This does not clean your machine, but it might allow your anti-virus software to work. So cleaning becomes a two-step process.
A better solution is one discussed by Sherman E. DeForest here at LockerGnome. In essence, you can download either the free or paid version of Malwarebytes (I have both). This latest version comes with Chameleon already installed. Chameleon pretends to be various other things and looks for harmful operating processes to kill. When it is done, Malwarebytes starts and goes about cleaning out any infections. The paid version will be active always. The free version must be started manually.
The important thing about Malwarebytes is that it can be resident on your Dell (or other computer) simultaneously with other anti-virus software such as Microsoft Security Essentials. The combination of Malwarebytes and MSE can give you very good protection. Both come free, but you can upgrade Malwarebytes.
Note that while Windows 8 gets some mixed reviews, the anti-malware protection included with it is similar to MSE, but does not require a separate installation. It also does a good job.
You can also try making a bootable USB drive with Malwarebytes on it. This will allow you to boot the machine without opening any infected files on the hard drive. This is a simple solution, and as a side benefit, you will be able to boot even if some hard drive failure prevents normal booting.
But once you have a clean computer again, you are not done. I strongly advise you to retrace your steps and try to figure out how you picked up the infection in the first place. Otherwise, you might do it again. Do not depend on anti-virus software to protect you. Develop good surfing habits. If you have not installed the Web Of Trust (WOT) app on your browser, do so. It is another tool, not a cure-all.
Also, I never click on warnings that I need an upgrade for things like Adobe products. It is too easy to become a victim of spoofing. If an app says that an upgrade is available, I prefer to navigate to the website and manually download it. Of course, I let Windows download updates automatically.
Emails that have been forwarded to you should be opened only after confirming that they are valid. Emails with generic subject lines are always suspect.
So there you are. Your Dell computer can be working as good as new without going through an expensive tech support service session. Let us know how it turns out for you. We care.
Image: Virus by Daquella Manera (via Flickr)