peterg Posted May 16, 2011 Posted May 16, 2011 I found the below procedure a good way to get rid of this quickly (where [random] is a mixture of numbers and letters such as Jy3gxtpfrs) QUOTE System Tool manual removal: Kill processes: [random].exe Delete registry values: KEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce "[random]" Delete files: [random].exe Delete directories: C:Documents and SettingsAll UsersApplication Data[random] Quote
RichP Posted May 16, 2011 Author Posted May 16, 2011 Struggling with this a bit - all downloadable options won't run (.exe files are blocked) and I can't see how to change a file extension from .exe to anything else. Humph. Also tried downloading the Windows Mal Software Removal Tool which again won't run. Quote
pete275 Posted May 16, 2011 Posted May 16, 2011 I'd look at using one of the bootable recovery CDs to try and fix it "offline", rather than from within the infected OS. There's a number of options listed here: http://www.malwarehelp.org/anti-ma....ad.html I've had good results from the bitdefender ISO in the past, download the ISO image, burn to CD. Boot infected machine from the CD and follow the instructions. Any of these should work on a non-encrypted file system. HTH Quote
RichP Posted May 16, 2011 Author Posted May 16, 2011 Seem to have made some progress Ran something called the "Doug Knox Fix" as found here: Link which seems to have helped. Also ran RKill as recommended by Mr Stanton which killed three processes: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\PROGRA~1\MOZILL~1\plugin-container.exe C:\WINDOWS\system32\grpconv.exe Then tried to run Malwarebytes which seems to have changed into Reimage here but that says it can't run as I have a hardware (hard drive) problem causing my PC to malfunction. So I'm not sure the laptop is completely "clean" now or whether there's still a problem. Plan to try and update McAffee and re-run a scan but that didn't pick anything up before. Might then ditch it (license runs out this month anyway) and try Avast or AVG. Quote
Blatman Posted May 16, 2011 Posted May 16, 2011 To change a file from a .exe to anything else, right click and rename... AVG... I did. Won't ever again... Avast Quote
RichP Posted May 16, 2011 Author Posted May 16, 2011 Tried that - tried to change from .exe to .com All that happened was to end up with a file called filename.com.exe I must be doing something wrong. I updated McAffee and ran a scan - found nothing wrong. It's now in the bin and I'm in the process of downloading Avast. Will leave that scanning overnight and see what happens. Fingers crossed! Thanks for everyone's help. Quote
Blatman Posted May 16, 2011 Posted May 16, 2011 Make sure the file extensions are visible when you rename. What O/S is it? IIRC Windows Vista and 7 hide file extensions by default. To reveal them (for most M/S versions) click on any folder (My Documents will do) then go to: Tools > Folder Options. Then click the View Tab. UN-tick the "Hide Extensions for Known File Types" Then try the rename gig again... Quote
PeP Posted May 16, 2011 Posted May 16, 2011 Sounds suspiciously like a MBR virus a friend of mine had recently on their laptop, took me a few days to clear out as I didn't have all the discs. The virus loads and replicates before windows and your virus software starts running and re-infects the computer every time you reboot it even after you've cleaned it, it stopped all internet traffic apart from a site selling AV software and all .exe files failed to run meaning installing any tools to help cleaning was very hard. Cured it in the end by running in safe mode to do an initial clean with Avast and Malwarebytes then had to copy a clean Master Boot Record from a windows disc to the hard drive to stop the re-infection. Quote
PeP Posted May 16, 2011 Posted May 16, 2011 Sounds to me like you may have one of those fake Windows security malware things. They are a pain in the A***, tell you that your PC has loads of viruses when it doesn't and get you to call someone, spend £50 for nothing and they run off with your card details. What happens when you use Internet Explorer? If you can post if pic of the 'windows security' message that may help. They usually consist of a few registry entries, setting IE to use a proxy and a random executable somewhere on your hard drive. Not too difficult to get rid of but a PITA. Mike Thats the one, apart from the easy to rid bit. Unless you are up to speed on your MBR. Quote
RichP Posted May 17, 2011 Author Posted May 17, 2011 So, update. Deleted McAfee having run a scan and found nothing. Installed Avast and scanned with that - promptly found some win32 malware somewhere and deleted that. Avast then requested me to run a boot (or was it Root) scan, which threw up countless "installer archive corrupted" and "CAB archive corrupted" messages. It didn't appear to fix these - just identify them, so I'm not sure what to do about that. In addition, every time Windows (XP btw) starts it runs a disk check and available space check - takes a very long time. Again, I don't know why it's being triggered to do this. Reminds me of the Malwarebytes error mentioned above that said it wouldn't run as there was a hard drive hardware problem. Hard drive on the way out? The laptop is ~5 years old and is used a lot - don't suppose they last forever. So, things are better (I can now run .exe files) but all is not well. Since Avast found and apparently sorted the malware, I'm more inclined to connect to my NAS, back up all important files and rebuild the whole thing. PITA if I have to do that as (as I'm sure you've twigged) I'm no expert in this and it probably won't be plain sailing. What's MBR btw? Quote
peterg Posted May 17, 2011 Posted May 17, 2011 MBR = Master Boot Record Rich, check with Regedit to see if you have any 'RunOnce' entries as per my post above as it is that which triggers this process every time you boot the machine up Quote
Blatman Posted May 17, 2011 Posted May 17, 2011 DON'T hook it up to the NAS. Even if it's a non Windows NAS, the files and the virus' will sit there dormant in any infected files until re-imported back in to Windows where they will again start causing havoc. I would try the Norton tools now you can run .exe's and get to t'internet... Quote
PeP Posted May 17, 2011 Posted May 17, 2011 I thought it was Root Kit, not an MBR issue... You are probably correct it's just some of the symptoms are similar to the problems I encounted on my friends laptop and replacing the MBR is easy if you have the original dvd. It seems the virus installed a root kit every time you rebooted the computer over and over even after cleaning until I replaced the MBR. Quote
RichP Posted May 17, 2011 Author Posted May 17, 2011 Humor is failing me I've run Combofix which did lots but I don't understand what. Ran RKill, can't run Malwarebytes as it claims a hard drive problem. Pep, in your guide there are loads of apparently random process names in the list so I couldn't tell you which should and should not be there. Blatters, Norton appear to want money and having just stumped up for Avast last night I'm hesitant to blow more money on antibug stuff. I think I don't know enough about what I'm doing. If I can't offload my files onto the NAS and rebuild the whole thing then I'm stuck. Sorry to sound grumpy but I'm fed up with it. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.