Thread Rating:
  • 1 Vote(s) - 1 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Some annoying virus. Help?
#1
Ok, Was on rapidshare, all of a sudden infected.

Wallpaper was changed and locked [Fixed]
Tsk Manager Locked [Fixed]
Folders Hidden + Folder Options Locked [Fixed]
Registry Locked [Fixed]
And a host of others.

Now i need to fix:

Fake antivirus messages in taskbar [Was gone, but returned]
Fake messages (File Cannot Be Executed, (Any app i open).exe is infected.)
[The messages also stop any application Bar my Mozzila and Open NOD32 from running]

------------

Before it got to this point i was able to open apps, i ran MBAM completed, 11 infections, Ran NOD32 Scan, Completed (Got nothing).
Security Task Manager to remove internet explorer add ons

etc..

Now i am unable to run anything i can do no such things.

Any help to resolve this problem is greatly appreciated.

P.s.

I will not reformat
I cannot do system restore graphically, possibly on XP disk boot?
I cannot open safe mode.

I DO Have a second Windows 7 Partition.
Reply
#2
Bump

[Too short]
Reply
#3
Bump

[Too Short]
Reply
#4
Hello;

Post an HJT log and perhaps a user on this forum will know how to read them.

-LS
[Image: r7g7j89si72ysmkv4yzm.png]

"Knowledge is often mistaken for intelligence. This is like mistaking a cup of milk for a cow."
Reply
#5
Find out the infected file if you can. Use multiple antivirus scans. Only keep one active obviously.
Uninstall any questionable programs. Remove all restore points.
Check your startups. Stop anything questionable.
If this does not stop it then try below.

Get a live linux disk. Now this is a live disk so no install needed then once your running live identify the file and deleted it from within linux.

Beyond that its hard to know whats up without more info.
Sounds like the fake antivirus one though.
The Rules!
FTW Forum <-- Home of the Damned! --> Join me On MM


Reply
#6
Find out what is poping up for instance

if it says so and so file it infected with "Bla" then google "bla" or if the program is named "Ha"then good removal of "Ha"

99% of the time it is going to be ether something obvious in program files like spyware remover or virus tool or a bunch of number. Also possibly in program data (depending on operating system either in c: as a hidden file or your user profile)
Reply
#7
(01-08-2010, 10:08 PM)Whinis Wrote: Find out what is poping up for instance

if it says so and so file it infected with "Bla" then google "bla" or if the program is named "Ha"then good removal of "Ha"

99% of the time it is going to be ether something obvious in program files like spyware remover or virus tool or a bunch of number. Also possibly in program data (depending on operating system either in c: as a hidden file or your user profile)

Could be named anything. I used to name my trojans mcafeee.exe and you would be amazed how many times it worked.
The Rules!
FTW Forum <-- Home of the Damned! --> Join me On MM


Reply
#8
Use BartPE's boot disc builder to make a XP boot disc, then obviously boot from it, and it will let you use everything you need to remove the virus. (ie regedit). (If you have a sata harddrive you will also need to add the intel sata driver to the boot disc)

If you don't know how to load the registry hive for the XP install, google "BartPE's editing registry offline".
Reply
#9
Please do what Scorch said to do and download HijackThis, http://download.cnet.com/Trend-Micro-Hij...27353.html
After that post your log in here http://www.supportforums.net/forumdisplay.php?fid=48.
[Image: 29ol3br.png]
Reply
#10
HijackThis may not work if the virus is claiming all exe's are virus's and stopping them from running. The setup would never be able to run
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  link getting redirected ? virus ? prince76 25 12,407 07-11-2013, 05:59 AM
Last Post: ven0m
  What Anti-Virus do you guys use? 0 554 12-14-2011, 09:24 AM
Last Post: ๖ۣۜHacker™
  What anti-virus do you use? Mystic Guru 121 47,192 11-27-2011, 08:42 AM
Last Post: New Jersey
  What do you think the best anti-virus is? +GFx 55 20,607 07-21-2011, 06:58 PM
Last Post: Liquid X
  Fake Anti-Virus's [How to know when you have one] Atmosphere 23 5,949 03-13-2011, 11:53 AM
Last Post: Atmosphere

Forum Jump:


Users browsing this thread: 1 Guest(s)