Recent Posts

Pages: [1] 2 3 ... 10
1
RogueKiller / Re: I was dumb - got a virus
« Last post by markem on August 08, 2020, 05:08:57 am »
Ok. For the FUTURE - here is my solution

Step #1 : Do a Google search for a site that has the top 25 FREE antivirus programs including such things as Malwarebytes, SuperAntiSpyware, Avira, Kaspersky, and CLAMWIN. ClaimWin is a really neat free piece of software. It is still running but so is Kaspersky. Anyway - a small plug there for free software. :-) I currently have HitManPro running, RogueKiller running, Kaspersky running, and ClamWin running. This is to keep my system safe while I get rid of the virus stuff.  Also I have #3 below running.

Step #2 : Download or RE-download all of your drivers. Look for the USB driver install and RE-install it. Then, reboot, then check to see if you can see every USB device you own. If not - RE-install it again and repeat. At some point you should be able to see your devices.

Step #3 : YOU NEED TO HAVE THIS AND RUN IT if netsh.exe (or NETSH.EXE) shows up in your Task Manager. Or better yet - download Microsoft's excellent Process Explorer and then look for the above program. If you have it you REALLY NEED my little program. This is called process.au3 (or PROCESS.AU3). It is an AUTOIT program. You can find and download AutoIt by Googling it, click on the download, go ALL THE WAY down to the bottom and download it. There is also a Script Editor (I use VIM). Install AutoIt and then run this simple program. What does the program do? It looks at your tasks, checks to see if netsh.exe is running, and if so - it kills it. It does this until there ARE no netsh.exe programs running, then it sleeps for 30 seconds and checks again. Here is the program:

Code: [Select]
#include <WinAPI.au3>
#include <Date.au3>

Local $iConsole, $hConsole, $aGetConsoleWin

$iConsole = _WinAPI_AttachConsole(-1)
If $iConsole = 0 Then Exit
$hConsole = _WinAPI_GetStdHandle(1)
If $hConsole = -1 Then Exit
_WinAPI_WriteConsole($hConsole, @CRLF & @CRLF & "Hello World" & @CRLF)
$aGetConsoleWin = DllCall("kernel32", "ptr", "GetConsoleWindow")

local $c = 0

while 1
$c = $c + 1
; if $c > 10 then exit
$iPID = ProcessExists( "netsh.exe" );
If $iPID Then ; Check if the Notepad process is running.
killProcess( $iPID )
_WinAPI_WriteConsole($hConsole, @CRLF & @CRLF & _Now() & " : NETSH is running" & @CRLF)
Else
_WinAPI_WriteConsole($hConsole, @CRLF & @CRLF & _Now() & " : NETSH is NOT running" & @CRLF)
sleep( 50000 );
EndIf
wend

If Not @error Then
    DllCall("user32", "bool", "PostMessage", _
            "hwnd", $aGetConsoleWin[0], _
            "uint", 256, _  ; WM_KEYDOWN
            "wparam", 13, _ ; VK_RETURN
            "lparam", 0)
EndIf
end


Func getProcess()
    ; Run Notepad
    Run("notepad.exe")

    ; Wait 10 seconds for the Notepad window to appear.
    Local $hWnd = WinWait("[CLASS:Notepad]", "", 10)

    ; Display a list of Notepad processes returned by ProcessList.
    Local $aProcessList = ProcessList("notepad.exe")
    For $i = 1 To $aProcessList[0][0]
_WinAPI_WriteConsole($hConsole, @CRLF & @CRLF & _Now() & " : " & _
$aProcessList[$i][0] & @CRLF & "PID: " & $aProcessList[$i][1] & @CRLF )
    Next

    ; Close the Notepad window using the handle returned by WinWait.
    WinClose($hWnd)
EndFunc   ;==>Example

Func killProcess( $iPID )
    ; Run Notepad

    ; Close the Notepad process using the PID returned by Run.
    ProcessClose($iPID)

EndFunc   ;==>Example

You should be able to run the program by just typing "autoit3 process.au3". This will keep netsh.exe from downloading more viruses onto your system. Ok - so first you download AutoIt3, install, run this program AND THEN you run something like Kaspersky and ClamWin (I am running a lot of them and none of them seem to interfere with the other antivirus programs.)

Step #4 : So you have made it this far - after days of reading information online about what to do I FINALLY found how to stop netsh.exe. This is how you do it:

Code: [Select]
netsh interface ip reset log.txt
This resets your internet interface, gets rid of any commands that might have been put into netsh.exe's execution loop. You MUST reboot after this or netsh.exe will just continue to start up new instances of it.

This is what I have so far. I have NOT yet rebooted because I am backing everything up and I am making a DVD with drivers for my laptop.

PS: The Preview didn't seem to do anything. Let me check this again. Ah! That got it! :-)

PPS: The AutoIt3 program was taken, in part, from examples in the AutoIt3 documentation. The netsh command was taken from:

https://lizardsystems.com/articles/configuring-network-settings-command-line-using-netsh/

You can also use:

Code: [Select]
netsh interface ip delete arpcache
Which can clear the arpcache.

And - argh. Netsh.exe is still trying to run - but wait! I still have not rebooted. Ugh. I will reboot tomorrow. Hopefully all of the 7-zip programs will have finished and yes - I know the archives might have a virus in them. Probably not with all of the antivirus software that is running - but we shall see! :-)

Mark
2
RogueKiller / Re: I was dumb - got a virus
« Last post by markem on August 06, 2020, 06:26:44 pm »
Ok. I'll give that a try. Should be simple. I own a dell.
3
RogueKiller / Re: I was dumb - got a virus
« Last post by Curson on August 06, 2020, 04:25:37 am »
Hi markem,

OK, I better undersand the issue.
Your best bet is to reinstall the motherboard's drivers. They should be available on your computer manufacturer website.

Regards.
4
RogueKiller / Re: I was dumb - got a virus
« Last post by markem on August 06, 2020, 01:06:10 am »
Would that it was that simple. Both the Desktop and Laptop have software that you MUST uninstall BEFORE wiping and reinstalling. Otherwise - it is just a huge hassle. Not just for me but for all of the software companies. Not to mention I also have to reset all of my 700 website locations. So yeah. Simple. Really. :-)
5
RogueKiller / Re: I was dumb - got a virus
« Last post by Curson on August 06, 2020, 12:11:31 am »
Hi markem,

If you do a full system reinstall, all these problems will be gone.
Regards.
6
RogueKiller / Re: I was dumb - got a virus
« Last post by markem on August 05, 2020, 08:24:15 pm »
Found the problem with USB. Uploading info. need to know how to fix if possible. It is beiginning to muck with laptop;s keypad.
7
RogueKiller / Re: I was dumb - got a virus
« Last post by markem on August 05, 2020, 08:06:04 pm »
Here are the laptop's files.
8
RogueKiller / Re: I was dumb - got a virus
« Last post by markem on August 05, 2020, 07:43:33 pm »
Let me  add a new twist to this problem. The virus has some kind of a part to it that kills USB devices. Ugh. Now on my laptop. Going to run the program again and upload the text file.

Running Avira PC Cleaner and ClamWin. Avira has found 6 viruses so far.
9
RogueKiller / Re: I was dumb - got a virus
« Last post by Curson on August 05, 2020, 03:43:29 am »
Hi markem,

You are welcome.
Sorry I was not able to help you further.

Regards.
10
RogueKiller / Re: I was dumb - got a virus
« Last post by markem on August 04, 2020, 09:50:23 pm »
Thanks and thanks for your help. System is really acting weird right now. :-/
Pages: [1] 2 3 ... 10