mongatu

NOD32 is a very powerful (and highly rated by AV-Comparatives) anti-malware program with a 30 day free trial that would probably solve your problem. It will find stuff in memory, archives and system restore, among other things.

Second choice would be AVG Anti-Spyware (formerly Ewido Anti-Spyware) also available on a 30 day free trial.

Download, install these programs, then update their respective malware database definitions, and then run scans with either or both of these.

SpaceBass

I hate to suggest this...but...
can you ever trust an infected machine again?

What makes you think that the spyware hasn't affected the results of the scan?

I'd save my data and re-format and re-install....

This is coming from the guy who has a separate wireless subnet for guests b/c Im scared to let them on my lan

ALadyNCal

Funnily enough that is what we use and what had expired. So once we clear the virus, her pc will have that current + running again.

PTravel

Highly unlikely that the BIOS is infected. There are a number of anti-virus programs that have free trials, and some are free. I use a free one -- Grisoft AVG. A google search should get you a link.

Boot the computer in safe mode by pressing F8 when you see the initial POST screen (the one that reports your hard drives and other configuration specs). Select "Safe Mode - no networking." Run the anti-virus software. That should do it.

Alternatively, restoring the system to a date prior to the infection may solve the problem, but may not if the virus is in the master boot record or is some form of rootkit (the latter are the hardest to remove).

If you wind up re-installing the OS, make sure you re-partition the hard drive and don't just re-format it.

ALadyNCal

Yes, it definitely is. My husband has been working on it yesterday and all morning today. Plus the keyboard map has been changed so you cannot type properly. Also system restore has been turned off -- so that isn't an option Also, cannot boot into safe mode....

winkydink

And if there's a rootkit installed, even that isn't guaranteed. TI hate to say it, but these days, the only way to be absolutely certain that you have removed all infection is to start over with a clean install and restore your data files from backup.

ALadyNCal

Thanks, but as I mentioned before, can't get into safe mode

PTravel

Everything you've described can be something other than BIOS. I've never heard of BIOS malware, but I suppose anything is possible. The only way to fix an infected BIOS is to reflash it, and that might not even be possible. You'll have to see if your manufacturer offers flashing software and a BIOS image (many do, but not all). If you can get the flashing program, boot the machine from a clean CD or floppy disk, run the flashing program, and then, to be on the safe side, I'd repartition and re-install the OS. However, what you're describing sounds a lot more like a rootkit or MBR infection than a BIOS infection.

ALadyNCal

He's already reflashed the BIOS and also run rootkit detector -- nothing was spotted. FWIW, we think it happened sometime in late December, so it might be some new variety

PTravel

Anti-virus and anti-spyware programs have libraries that are updated daily and, in some cases, hourly. It's unlikely that you have a variant that hasn't been discovered yet.

If, in fact, the BIOS is infected, reflashing and then rebooting off the same hard drive will simply re-infect the machine. However, this thread sparked my curiosity, and I did some surfing -- I can find no credible reports of a BIOS virus. Viruses that wipe out the BIOS, preventing the machine from booting, yes, but a virus that actually re-programs the BIOS, no.

If you still think that's what you have, boot from a floppy or CD (or from the original system disks), reflash the BIOS from a floppy or CD, and follow the procedure below. Otherwise, you can skip the re-flashing step and just proceed as follows.

Notwithstanding the rootkit detector, a root kit or master boot record infection is what I'd suspect. These are extremely hard to detect, and no one program can detect all of them. I'd suggest backing up all data to a CD or DVD, re-partitioning the hard drive, and then re-installing the OS from the original system disks. Either do not leave the computer connected to the internet when you do this, or make sure you have it connected through a router that provides a hardware firewall (virtually all of them do). Once that's done, I'd immediately install a good virus program and spyware program (I'm aware of none that do both well). Then you can reconnect to the internet. Then scan the backed-up data on the CD or DVD to ensure that it's not infected. Then you can copy it back to the computer after you re-install your applications.

nkedel

http://free.grisoft.com/

I second the recommendation for it; even taking cost out of the comparison the free version of AVG is better than Norton/Symantec in my experience, although the commercial AVG is worth considering (especially since the free anti-spyware from them, unlike the anti-virus, is not a full time monitor.)

MisterNice

I have had a few nasty things (>10) on my computers and a System Restore eliminated all but 2. Eliminating these took hours and hours of my (mostly forgotten) DOS knowledge.

MisterNice

ALadyNCal

This 'virus' disabled System Restore At this point, he is installing a new copy of the OS, then will flash update the BIOS, and hopefully it will be eradicated.

My husband (who has a degree in software engineering) has a relative in the IT Dept of a MAJOR corporation who told him today that BIOS viruses definitely exist, are created specifically for data mining, and that anti-spyware and anti-virus software does not necessarily catch them. Whereas he was fuming that some 14 y.o. was creating these evil things, turns out it is more likely to be commerically developed. Hope I have reiterated that properly...I do not have a degree or work in IT

SpaceBass

You are right on the money...
BIOS viruses do exist and they are nasty but fortunately very rare. Typically you have 2 options. A) reflash the bios with a bootable CD from the manufacturer or B) pop the chip and replace it.

I also want to reiterate my previous statement- once you suspect infection, backup your files and format and re-install... you can never trust that system (OS Install) again. Once a virus or malware is in the system it can do anything, including cause your virus and malware scanners to report a clean system when they aren't clean.

USAFAN

Which one

-Windows Defender

or

-Microsoft® Windows® Malicious Software Removal Tool

Thanks