BLEEPINGCOMPUTER NEEDS YOUR HELP!
BleepingComputer is being sued by Enigma Software because of a negative review of SpyHunter.
A case like this could easily cost hundreds of thousands of dollars. If we have ever helped you in the past, please consider helping us. To learn more and to read the lawsuit, click here.
CONTRIBUTE TO OUR LEGAL DEFENSE
All unused funds will be donated to the Electronic Frontier Foundation (EFF).
LET OTHERS KNOW
System Fix Virus Removal
Posted 01 December 2011 - 10:08 AM
This is the first time I have been to this site. I am very grateful and felt compelled to make an addition to the instructions of a work-around I stumbled upon while try to fix my Windows XP that was not mentioned in the instructions. If it can help someone else, then I've done my part.
The problem I was having was I couldn't see anything so just getting started with these instructions wasn't working. Couldn't use Internet Explorer, couldn't see My Computer, etc. All files were hidden. Since I am a novice, I decided to try safe mode because I had seen other articles talking about starting in safe mode. When I started in safe mode, I was able to use an administrator account (that I didn't even know existed) to see a thumb drive that I had put all of the programs you would need to use to remove this cr*p I had dl'ed from my good computer. I was able to go through the entire process and it seemed to work, but when I restarted without safe mode, the virus was still there and my files were still hidden (some had returned but all files were empty).
Since I found that random administrator account in safe mode, I hit the start button and right clicked to open up all user accounts. I had done this before to view my son's account to see if the virus had hit there and noticed it took a couple of minutes to take hold, but back to the point... I created a new administrator account aptly named "virus". Before the virus took over the account, I uploaded the "IExplorer" named version of "IKill" and ran it. It worked!!! From there, the rest of the instructions worked flawlessly.
Just felt I should share.
BC AdBot (Login to Remove)
Posted 01 December 2011 - 03:25 PM
If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
The easiest and safest way to do this is:
- Go to > Programs > Accessories > System Tools and click "System Restore".
- Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Then use Disk Cleanup to remove all but the most recently created Restore Point.
- Go to > Run... and type: Cleanmgr
- Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
- Click the "More Options" tab, then click the "Clean up" button under System Restore.
- Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
- Click Yes, then click Ok.
- Click Yes again when prompted with "Are you sure you want to perform these actions?"
- Disk Cleanup will remove the files and close automatically.
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
BleepingComputer is being sued by Enigma SpyHunter. Help defend its right of Free Speech!
Posted 04 December 2011 - 03:08 PM
However there are a few improvements I would make in the instructions.
Rkill (downloaded under disguised name iexplore) will kill off the virus from memory, but leaves it still on disk. The virus will come back the life as soon as the computer is rebooted. Rkill reports the file names of everything it kills out of memory. After Rkill finishes, you should immediately use Windows Explorer to search for and delete ALL the files rkill reports. Malwarebytes did NOT detect or delete any of the System Fix files. It's doubtless a worth AV program, but it doesn't have System Fix's number yet.
For good measure I used Windows Explorer to search and destroy ALL files listed as part of System Fix off the hard drive. Them I used Regedit to exterminate all its registry entries.
When you come out of the System Fix killing, your files are still hidden, which is kind of alarming. However Unhide brings everything back.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users