So my DH got a virus from 4chan last night (please no lecturing it’s not me, it’s him. I just happen to have the working laptop.) I know way less about this than he thinks I do but here’s what I do know:
As soon as Avast said malicious URL detected he turned off wireless and ran a virus scan. Avast found astro.exe, astro[1].exe and another one that was a string of 9s & 8s all in his “Users/HisName” folder and sub folders. But when he turned he wireless back on, same thing.
So he turned the computer off until we could mess with it today. He ran a boot check and found suspicious files in the SysWoW64 folder that a google check says are, or should be legit. But he tried to delete them anyway and he was told her didn’t have permission.
I took over and booted to safe mode, used Avast to get rid of the above mentioned astro.exe files (because it hadn’t, and there was an error message saying it couldn’t put them in the virus vault either.) I also found a whole new User (password locked and everything) that shouldn’t have been on the computer. So I cleaned that up, we deleted the profile, cleared the recycling bin and ran virus scan again, everything came back clean. For good measure we also checked internet explorer (his only browser) and there were no new page added as home pages to be automatically loaded.
He booted up to regular, everything seemed fine, until he turned on wireless. Then again Avast went nuts with “Malicious URL blocked” until after three popups it said his computer was under a virus attack, so we flipped off wireless again.
It’s duh (right?) that there’s a program somewhere automatically trying to connect to malicious urls, but Avast is not picking it up as a virus. Right now we have it in safe mode again with Avast making sure the virus attack didn’t leave anything new on the hard drive. My next best guess is keep wireless off, start as normal then just google everything running to try to find out what it is, load in safe mode and get rid of it.
But honestly I’m just feeling lost, he’s irritable as heck and has to head for work (and doesn’t want to leave me with unsupervised access to his computer). So what now?