Questions tagged [virus-removal]

The process of removing a virus or malware from a system.

88 questions
181
votes
11 answers

Help! My home PC has been infected by a virus! What do I do now?

This is an attempt to ask a canonical question as discussed in this old meta post. The goal is to create something helpful that can be used as a duplicate when non experts ask about virus infections. Let's say that I have determined beyond doubt…
Anders
  • 64,406
  • 24
  • 178
  • 215
44
votes
9 answers

How can I watch porn, safely, and not get a virus on my machine or infect corporate data

I'm part of a small office in the middle of nowhere, and we just got absorbed into a large mega corporation. Sometimes we watch porn, at the office, on company computers, using the company Internet. It makes good for a good background distraction.…
TLDR
  • 700
  • 1
  • 7
  • 17
20
votes
2 answers

How to remove quarantined virus securely?

There is a file found by antivirus program and it was put into the virus' quarantine section (its not a false positive). Now I don't know how to handle this "quarantined" files. What is the best practice and secure way to deal with them? Delete…
johnsmiththelird
  • 483
  • 7
  • 16
17
votes
3 answers

Where Does ClamAV Get Its Virus Signatures?

I see that ClamAV has virus definition files which are mostly hash codes in md5, sha1, and sha256 formats, which either look at the whole file or what are called PE sections of an executable file. Of course, there are variations outside that which…
Volomike
  • 275
  • 2
  • 8
7
votes
3 answers

How can I kill minerd malware on an AWS EC2 instance?

I have an AWS EC2 instance running RHEL 7.2 which seems to have been hacked by a BitCoin CPU Miner. When I run ps -eo pcpu,args --sort=-%cpu | head, it shows that there is a CPU miner that's taking up more than 90% of CPU utilization. %CPU…
Anish Sana
  • 289
  • 1
  • 2
  • 10
7
votes
2 answers

Detecting Process Hollowing

I was brainstorming methods of detecting process hollowing and other forms of code injection, and this one seemed pretty robust. Would it be possible for a "process hollowing scanner" to enumerate all the executable pages in a process' memory,…
7
votes
3 answers

Does malware persist after wiping hard drive and reinstalling OS from manufacturer disc?

This question is related to a computer where users other than the owner have had access for periods of several hours at a time. The following steps have been taken to clean the computer: Used partition assistant to erase both the main partition and…
MM1926
  • 79
  • 1
  • 2
6
votes
5 answers

Why do some antivirus programs find infections that others miss?

I have Avast Free antivirus on my Windows 7 PC and yesterday I used Bit Defender quick scan addons, which spotted a virus. In rechecking with Avast, it didn't pick it up. In scanning my system with ESET Online Scanner it shows no virus, but when I…
illsecure
  • 157
  • 3
  • 9
5
votes
1 answer

How do you know if the bios has been compromised?

To secure my PC I have setup a BIOS password, preventing any access from a live-cd. Recently I've noticed that when the BIOS asks for my password, I just have to press Enter to boot. It doesn't work if I type just anything, but it works if I type my…
0x1gene
  • 783
  • 1
  • 6
  • 10
5
votes
1 answer

Identifying the source of a Crypto Locker attack

We believe a Crypto Locker virus may have found its way into our network. We're having trouble identifying which computer was responsible for originally bringing the virus in. Does anybody have any experience identifying the source of a crypto…
Sam Selikoff
  • 151
  • 4
5
votes
1 answer

Unable to get rid of Sality on my Dropbox

The story... As a group of rookie security researchers who deal with malwares, viruses etc., me and my team-mates sometimes do commit mistakes in handling the binaries. And so, I ended up infecting my own pen drive with one of the malware binaries…
pnp
  • 1,818
  • 2
  • 26
  • 42
5
votes
1 answer

Can you recognize this virus?

Yesterday i noticed a folder with a strange name, it looked like this from the inside: I was cautions not open any of the files, but i opened the .sql in a text-editor, to realize it's not SQL but some hash, i renamed the folder to "virus" to…
Maged E William
  • 153
  • 1
  • 4
4
votes
3 answers

What do I do, I got a virus warning on a webpage

I went to the web address (hxxp://www.asanka.com) (WARNING: BE CAREFUL WHEN VISITING) on Safari, then suddenly I got a warning message [image below] What do I do? I'm freaked out. I have a lot of personal stuff on my Mac that I don't want anyone to…
M.S.E
  • 143
  • 1
  • 7
4
votes
2 answers

What is the best way to screen potentially compromised USB or flash devices?

I've got some flash devices. It is a bit like playing Russian roulette. The devices are of unknown origin containing information of unknown value. However, the potential value is great enough to be worth the effort to recover and exfiltrate the data…
3
votes
2 answers

I ran a virus on a PC. What should be the next steps?

I wanted to remove a probably malicious executable, but instead inadvertently double-clicked on it while using an account with administrative privileges. Nothing visible happened during a few seconds, then the executable removed itself (something a…
Arseni Mourzenko
  • 4,644
  • 6
  • 20
  • 30
1
2 3 4 5 6