Jump to content

Change Mode

Nasty System Restore Virus


Recommended Posts

Just great. Today I was looking for wedding dresses online and when I went to one of the sites, I could tell something was not right so I pressed escape, but it was too late. I now have a virus that is showing a fake system restore program and also giving me hard-drive errors. All of my desktop icons, files and folders are gone, I only have System Repair under my start menu, I have nothing in my administrative tools folder so I can't do a system restore, and to top it off, when I go to your website and tried to start a new topic, the button disappeared...just now I tried and it let me, but since a have already typed this on my laptop, I'll just go from here.

 

On a final even more crappy note, I am getting married and my invitation design was in one of the folders I can't get to as well as all my wedding inspiration. HELP. You guys have been awesome in the past, so I'm hoping you can help me this time to. Just so you know, I bought your pc pitstop virus protection package a while back and this is the first problem I've had...won't let me start it up to do a manual scan.

 

Please help me! Jennifer

Link to comment
Share on other sites

Hi Scoobeedooo (Jennifer), see if you can download Malwarebytes and run it. Here's how:

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform a full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

 

 

 

 

:geezer:

Link to comment
Share on other sites

Turn of your PC and reboot,and continually tap the F8 key,when the menu appears choose "last configuration that worked" hit enter........if can`t get into this menu by tapping F8 turn your computer off at the wall (Not normally recommended) reboot and by default the menu mentioned above should appear.

Link to comment
Share on other sites

Here is the log malwarebytes generated...checked all of them and then removed and restarted. I now have a few icons on the desktop, but still no other programs under start except for system repair and its still acting funny...

 

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

 

Database version: 7077

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

7/12/2011 3:27:18 AM

mbam-log-2011-07-12 (03-27-18).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 267797

Time elapsed: 2 hour(s), 11 minute(s), 33 second(s)

 

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 3

 

Memory Processes Infected:

c:\documents and settings\all users\application data\19062564.exe (Trojan.Agent) -> 3492 -> Unloaded process successfully.

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\documents and settings\all users\application data\kllvsyppatgy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\jennifer rufenacht\local settings\temporary internet files\Content.IE5\ZR97TG1U\info[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\19062564.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Link to comment
Share on other sites

O.K., now I'd like for you to download HiJackThis and save it to it's own folder on your desktop. Now open the program and select to "Do a scan and save a log". When the scan finishes, it will open the log in Notepad, copy/paste the contents of the log in a new thread that you start here > http://forums.pcpitstop.com/index.php?/forum/25-hijackthis-logs/

Please include the log from Malwarebytes first and please wait for help there from one of our Trusted Advisors; they are quite busy so it may take a day or two for someone to help but they'll get you cleaned up.

 

 

 

 

:geezer:

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...