Folks;

Looking for advice on this one. I think I may have a "boot sector" virus on my main PC (so I'm typing on my astro laptop at the moment).

My wife told me that she'd received a "spam" e-mail from my e-mail address, and she didn't open it because it had mis-spelled her name. Considering I hadn't had to send her anything in a while, I immediately ran a virus check on my machine.

I'm using ESET antivirus (paid version) running Windows 10. I use a VPN whenever I'm online. My machine is a few years old and is 64bit, with updates regularly installed. I use Zone Alarm as a firewall. I've used EST for many years with no issues.

Whenever I turn the PC on, as soon as windows starts up I get a message from my antivirus software saying that a particular web page - always the same one - has been blocked. Hmm. Yet when I ran a full scan of my machine using the program, no virus was detected. I then ran a second scan of the machine, hand picking things like system files or the registry, again, there's apparently no virus present. However if I go online with the machine, someone from my address book gets spammed.

I got a gremlin in there somewhere. :computer:

So while I think it may be a boot sector type virus, I'm open to suggestions, as well as any recommendations as to how to go about fixing the everlastingly-to-be-damned thing.



:help2:

Can you tell me the webpage blocked at bootup? That may be a clue.

Chris

The address that's being blocked - which ends in ".com" appears to be a random collection of numbers, letters and special characters that is quite lengthy. I'll try to get a snapshot of it.

Technically, that's a Windows Start-Up infection, not a boot-sector virus.

Grab a copy of MalwareBytes and give your machine a scan with that.

Generally, the nasty has added something to either your Windows 'Start up Items' or the windows Registry (more sneaky) to run when the machine starts up.

V.

That would explain why the virus scan didn't catch it. :doh:


My humble thanks! I'll chase that up and let you know how it goes.

OK, I got and ran a copy of Malware Bytes as suggested. It picked up two pieces of malware that I didn't know I had - my thanks - but the issue continues, so I'm open to suggestions.:help3:

Well, that's a piece of good news to start with.

The next step is probably a bit daunting and potentially destructive if you get it wrong.

Grab the website name that keeps getting blocked by ESET and make a note of it.

From the Windows 'Search' box, enter 'regedit' and then select 'Run as Administrator'. You might need to right-click on the search results to bring up the context menu that gives this option.

Once in regedit, hit F3 (from memory - it's been a long time since I used regedit) and enter the website name into the search box.

If/when you get a result, delete the registry key and continue searching until you hit the bottom of the registry.

Save your work (there should be a menu item to do this) and then reboot your machine.

If it's still there when your machine comes back, then I'm afraid I'm out of ideas and the next thing on my list would be a complete reformat and re-install of Windows. A bit of a 'nuclear bomb' approach, I'm afraid.

Regards,
V.

Cheers mate. I've done something similar previously (a long time ago, in a galaxy far, far away...) and I'm aware of the potential for calamity.


I'll see if I can find another alternative before I try that, but if all else fails, that's probably what I'll end up doing.


Thanks!

Download SysInternals autoruns (https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns) and check the list of "everything" for any programs without a signature or with suspicious looking file names. If you find an obvious culprit in that list, then you should be able to just delete the executable. However, in some cases you may need to start Windows in safe mode to be able to remove it.

My thanks! I was just about to go about it all the hard way, but I'll give that a go first. Cheers!

Purely for reference and research purposes, things appear to have returned to normal.
My sincere thanks for the help folks! I am not worthy... :prey2: