My windows pc has been hijacked. need help

[LostSoul01]

Hello friends, I have a big problem, my Windows has been hijacked. I am totally sure that it was because a friend tried downloading a zip file, but I guess it was not that thing. I got a message that my program was being blocked. So I was ignoring it. Later received a message that my Firefox had been infected. I performed a scan with a antivirus and cleaned up everything that was found. After performing the scan I restarted my computer. I saw that Very few processes were booting. The most surprising thing was that few processes did not have names and few programs were not able to start running. I then turned it off and unplugged the power cable. Later I made a live Ubuntu installation on a thumb drive and after that I ran Avast!. I found approx 6 infected files that my dumb antivirus could not find. I want to know how could I get the help regarding fixing this error?

[Lemog]

Even I am facing the above problems, but that’s not it. I have many other doubts that I want to ask and want to know how could I get help from this thing. My queries are as follows:

1. should I do multiple passes or Will a single reformat be enough?
2. could there be some sectors that had virus hiding or Will a reformat wipe everything?
3. Was anyone able to access my computer as virus was nothing but a program that infected my computer by the malicious coding?
4. Is my social security number in danger?
5. Though I am running live Ubuntu on the infected Windows computer, can I access my computer?
6. How important is unplugging the power cable?

Please help me out regarding the above issues..Thanks in advance.

[addie]

I would like to explain you with the doubts you have.

1)should I do multiple passes or Will a single reformat be enough?

A single format is sufficient. You will not gain anything by doing multiple formats. If we are talking real hard going to clean and what I wanted was to avoid the forensic recovery of data then it would sense. However, to get rid of a virus that would be unnecessary and excessive.

2)could there be some sectors that had virus hiding or Will a reformat wipe everything?

A normal format does not actually erase the data (overwritten with garbage), but only mark the sections of the file system partition as free, so it can be overwritten by the data. That's fine, but really do not need to overwrite the virus code. Any piece of code that belongs to a virus or not, it's just data: it is how to interpret what he does is run and do things. As long as it is not running, it is not just a bunch of ones and zeros. In order that the virus is executed, there must be something that starts somewhere between the time you start your computer and when operating system starts up. Generally, the operating system is compromised, when your installing a clean copy, and you try erasing all existing files, the code is physically on the disk but there is nothing to find and nothing to run.

3)Was anyone able to access my computer as virus was nothing but a program that infected my computer by the malicious coding?

Hard to say without knowing exactly all the rubbish that could have been there, unfortunately ... If you have the patience to troubleshoot this further, you could get help from our SFDC Malware and Adware more Recovery Team Forum malware removal, the guys are very good and stay on top of latest threats so you should be able to diagnose what kind of infection he had. They manage to clean things. I just read this for general instructions on what they need to run.

4)Is my social security number in danger?

It might cause a problem, depends whether you had a keylogger installed.

5)Though I am running live Ubuntu on the infected Windows computer, can I access my computer?

Of course not. Any software on your hard drive, wont run under the alternative operating system. The only way you can run software if executed manually, and even then you would have to use something like wine to run it, it would be a Windows program, which does not work in GNU / Linux.Unless of course they were infected by a virus very sophisticated multi-stage infecting the BIOS, to load a second stage of a reserved area on the hard drive, more intelligent that contains code that can stay resident and interact directly with hardware network card. That is highly unlikely, however. It is certainly far from trivial to implement a TCP / IP stack in x86 real mode, not to mention the generic Ethernet controllers, etc.In short: no, you do not have to worry about being vulnerable while running Ubuntu.


6)How important is unplugging the power cable?

It wont hurt, but most unlikely. possible that the virus would not mess with the power of Windows by code so that only puts the system into a sleep state to RAM, but I notice that when it comes back. Of course, you can also follow a POST, but that's absurd. However, you lose nothing by being very careful.

[LostSoul01]

Thank you so much, it really made a big difference. I guess the only thing to worry about is my social security number, but now you cant do anything, and "hopefully" nothing you can do with it. It I just came to know that it’s a XBE.EXE application. I tried doing a Google search on it, but could not find much information. Do you or someone else is aware of that?

[Sabastiaan]

I just want to say that change all your passwords online. It would also be better off buying a credit monitoring service that notifies you if new lines of credit opened in his name, that should be worried because their Social Security number could be known by another person. I hope it will help you a lot and then you could solve the problems. If any further doubts then do tell me.