Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingRemoving Malware from a computer - bloody scammers!
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
1024kb
1197 posts

Uber Geek
+1 received by user: 519

ID Verified
Lifetime subscriber

  #2557425 5-Sep-2020 13:11
Send private message

 There's also the particularly sneaky method of hiding malware scripts in RAM. The script lives there & gets kept alive by the CMOS power.  The result is that after you've cleaned, reinstalled, replaced, re-everythinged, you fire up your fresh new machine with the same old virus on board.

 

Which can be confusing as well as enormously frustrating. 

 

It's not that often you'll see this method, but to make sure the infection isn't resident in RAM, disconnect the 240v power supply then remove the RAM sticks. Press & hold the power button to remove any last vestiges of power, then reinstall your RAM & reconnect the power.

 

You may never come across a RAM-resident virus, but the extra 2 minutes taken to ensure you've removed that possibility is time well-invested.

 

 




Megabyte - so geek it megahertz



Scott3
4176 posts

Uber Geek
+1 received by user: 2990

Trusted
Lifetime subscriber

  #2557432 5-Sep-2020 13:50
Send private message

OMG, so frustrating.

Good work getting to the Bank ASAP.

 

Next step is to scrub and change passwords on various cloud sites. (trademe, email etc). Can be hard if the scammers have already changed passwords, recovery mobile phone numbers etc to take over those accounts.

 

PC is relatively less urgent. I would fire it up air gaped, and take copies of any important files not already backed up to a USB drive, and check the autofill password memory for any accounts that may have been missed above.

I would then do a clean install of everything. Either fully formatting the hard disk, or taking the opportunity to do a hard drive upgrade.

K8Toledo
1018 posts

Uber Geek
+1 received by user: 311


  #2557590 5-Sep-2020 17:17
Send private message

freitasm: System restore doesn't really do much - reset is a lot better.

 

Not to mention System Restore should be disabled before a virus removal.....:)



K8Toledo
1018 posts

Uber Geek
+1 received by user: 311


  #2557594 5-Sep-2020 17:28
Send private message

1024kb:

 

 There's also the particularly sneaky method of hiding malware scripts in RAM. The script lives there & gets kept alive by the CMOS power.  The result is that after you've cleaned, reinstalled, replaced, re-everythinged, you fire up your fresh new machine with the same old virus on board.

 

Which can be confusing as well as enormously frustrating. 

 

It's not that often you'll see this method, but to make sure the infection isn't resident in RAM, disconnect the 240v power supply then remove the RAM sticks. Press & hold the power button to remove any last vestiges of power, then reinstall your RAM & reconnect the power.

 

You may never come across a RAM-resident virus, but the extra 2 minutes taken to ensure you've removed that possibility is time well-invested.

 

 

 

 

CMOS power comes from 5v battery. 

 

 

 

RAM is powered by the PSU......

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright