I have googled my ass off to try and get rid of this problem, even doing a post at bleepingcomputer.
My 1st post at bleepingbleep:
Posted Yesterday, 07:48 PM
This activated on my system yesterday, Feb14th, at 10pm est.
My Microsoft Security Essentials notified me that it caught a Trojan and I allowed it to remove it. Or so I thought.
The fake scanner popped up and did not allow me to close it. Even task manager would not open, in order to close it.
I was hoping that a reboot would help so I did so with the power button, the only option to reboot available.
No good...I had the long, narrow error message about no disc found and could perform no function.
I took the system to a friend's place and we managed to do some virus scans (microsoft security essentials, malwarebytes, and I later did
one with Trend Microsystems Housecall). We recovered the system to the point of ensuring that all files were still there (though they had
become hidden) and networking was possible. Of course, my taskbar, start menu and desktop were all empty and I have done what I can to
manually restore it's lost state. We tried system restore, from a few points, and it wouldn't get past the 'initializing' stage, so after about
10 minutes or so, each time, we gave up on that idea.
I have two main concerns at this stage:
1. Is the virus actually eliminated or is it lying dormant somewhere?
2. Is there a way to restore my systems settings to how they were previously?
Obviously, I am also interested in knowing where it came from in the first place, but I'm guessing that such will be difficult to pin down.
If virus protection software would indicate such information then it would be infinitely more valuable. All I can suggest, for this concern, is four possible sources: I was watching a downloaded mpeg movie at the time, I had a video downloading via a torrent and I had, a few minutes prior, just started to download the part 2 of a 3-part rar. The 3 just mentioned were from reasonably trusted sites though the rar in question came from a site that I thought had become corrupted about 6 or 7 months ago (and fixed subsequently). The 4th possibility, as I found out a few hours ago, was that an e-mail I received was not actually sent from the sender but apparently from a possibly nefarious source; I did look at the e-mail but didn't open any attachment as I won't open e-mail attachments. There was a hyperlink--to a website--in the e-mail but I honestly can't recall if I clicked on it or not...I don't think so. Regardless, opening this e-mail was done several days before problems started (I'm pretty sure late on the 10th).
I should add that my friend claims that my system restore points might have been corrupted and perhaps I should eliminate them. I do have some
registry back-ups--done with crap cleaner--available. I am not sure if they are the entire registry or just info regarding corrections that
crap cleaner was about to make, and searching for info on that has provided ambiguous information. A crap cleaner representative claims that
right-clicking and selecting 'merge' restores those registry backs, but didn't state whether they were full-backs or just of any changes.
I am not sure what else to add presently, save that I am considering trying another registry repairer, perhaps wiseregistrycleaner or fixncr,
that latter of which I'm pretty sure is available from this site.
Any helpful information would be appreciated.
Thanks.
This post has been edited by shipoffools: Yesterday, 07:58 PM
==============================
The response I got looked a little useless:
http://www.bleepingcomputer.com/forums/topic442804.html/page__gopid__2600011#entry2600011
================================
Seems to keep putting something nasty in my AppData file. Also some other weird stuff, like I am not allowed to even put a background on the screen (only shows at log-in ad shut-down, otherwise remaining blank.)
Somebody on here can give me some useful info and it will help me to prove a point (not to mention fixing my bleep).
I'll start pimpin' for you if this works, Jack.
My 1st post at bleepingbleep:
Posted Yesterday, 07:48 PM
This activated on my system yesterday, Feb14th, at 10pm est.
My Microsoft Security Essentials notified me that it caught a Trojan and I allowed it to remove it. Or so I thought.
The fake scanner popped up and did not allow me to close it. Even task manager would not open, in order to close it.
I was hoping that a reboot would help so I did so with the power button, the only option to reboot available.
No good...I had the long, narrow error message about no disc found and could perform no function.
I took the system to a friend's place and we managed to do some virus scans (microsoft security essentials, malwarebytes, and I later did
one with Trend Microsystems Housecall). We recovered the system to the point of ensuring that all files were still there (though they had
become hidden) and networking was possible. Of course, my taskbar, start menu and desktop were all empty and I have done what I can to
manually restore it's lost state. We tried system restore, from a few points, and it wouldn't get past the 'initializing' stage, so after about
10 minutes or so, each time, we gave up on that idea.
I have two main concerns at this stage:
1. Is the virus actually eliminated or is it lying dormant somewhere?
2. Is there a way to restore my systems settings to how they were previously?
Obviously, I am also interested in knowing where it came from in the first place, but I'm guessing that such will be difficult to pin down.
If virus protection software would indicate such information then it would be infinitely more valuable. All I can suggest, for this concern, is four possible sources: I was watching a downloaded mpeg movie at the time, I had a video downloading via a torrent and I had, a few minutes prior, just started to download the part 2 of a 3-part rar. The 3 just mentioned were from reasonably trusted sites though the rar in question came from a site that I thought had become corrupted about 6 or 7 months ago (and fixed subsequently). The 4th possibility, as I found out a few hours ago, was that an e-mail I received was not actually sent from the sender but apparently from a possibly nefarious source; I did look at the e-mail but didn't open any attachment as I won't open e-mail attachments. There was a hyperlink--to a website--in the e-mail but I honestly can't recall if I clicked on it or not...I don't think so. Regardless, opening this e-mail was done several days before problems started (I'm pretty sure late on the 10th).
I should add that my friend claims that my system restore points might have been corrupted and perhaps I should eliminate them. I do have some
registry back-ups--done with crap cleaner--available. I am not sure if they are the entire registry or just info regarding corrections that
crap cleaner was about to make, and searching for info on that has provided ambiguous information. A crap cleaner representative claims that
right-clicking and selecting 'merge' restores those registry backs, but didn't state whether they were full-backs or just of any changes.
I am not sure what else to add presently, save that I am considering trying another registry repairer, perhaps wiseregistrycleaner or fixncr,
that latter of which I'm pretty sure is available from this site.
Any helpful information would be appreciated.
Thanks.
This post has been edited by shipoffools: Yesterday, 07:58 PM
==============================
The response I got looked a little useless:
http://www.bleepingcomputer.com/forums/topic442804.html/page__gopid__2600011#entry2600011
================================
Seems to keep putting something nasty in my AppData file. Also some other weird stuff, like I am not allowed to even put a background on the screen (only shows at log-in ad shut-down, otherwise remaining blank.)
Somebody on here can give me some useful info and it will help me to prove a point (not to mention fixing my bleep).
I'll start pimpin' for you if this works, Jack.
