BleepingComputer.com: Infected with "system diagnostic" malware?

hey, a friend reccomended me this website after he tried to help me get rid of this problem himself, but everything he tried hasn't gotten rid of the issues.

last night i was on my machine (windows xp) and it threw a few warning boxes up, then it shut down. i turned it back on and all the icons on my desktop were gone, and one of those fake virus scanners started running, calling itself system diagnostic. it's also hidden everything in my program files (except if i download something new)

so i've tried all the usual fixes (according to friend) which was running rkill, then malware bytes and super anti spyware. both find errors and apparently remove them, but on system restart the problem still occurs. also when these programs say the virus is gone, the desktop icons and program files are still gone. something which i read will return after this virus is deleted.

help?

I'm having the exact same problem, here's my thread: http://www.bleepingcomputer.com/forums/topic384229.html

If you look at the C Drive you can see that the data is still there because of the size of it but you can't access it.

yea, it really sucks. luckily my friend showed me how to run any programs i need today from command prompt so all of the programs are still there, they're just hidden by this nasty virus

This post has been edited by strawberrytoothbrush: 10 March 2011 - 05:37 PM

whats up guys, I am currently working on fixing a computer with the same issue. The "infection" apparently turns all file/folders into hidden files. To reveal all of your files/folders go to My Computer, open the C: drive, now click tools in the menu bar up top, click folder options, now click the view tab, without scrolling down you'll see two options at the bottom, click the bubble that says "Show hidden files and folders" this will reveal your entire desktop and all other file/folders. I'm still in the process of removing the enitre stupid ass program. I'll let you guys know if I figure anything else out.

This post has been edited by moneygts: 11 March 2011 - 12:33 PM

Ok I have completely, or i'm pretty sure i have, removed the virus. First you will need to download this process explorer because the task manager is diabled. http://download.cnet.com/Process-Explorer/3000-2094_4-10223605.html, copy and paste the link in your browser, download and run the program. Find the icon towards the bottom that is the colored puzzle pieces, that is the program you need to kill. Right click it and hit kill process tree. Next open the C: and open documents and settings, open All Users, now go to tools, then folder options, then go to the view tab again and click the bubble that says "show hidden files and folders", now delete the 2 that stats with 17, i dont remember the exact numbers but there are 2 files that start with 17 and are a bunch of numbers. Once you have deleted those open the run box and type msconfig. go to the start up tab and at the bottom there is a program that starts with the letters OB, i dont rememebr the rest of the letters sorry. now uncheck the box next to it and hit apply and let the computer reboot. Now go back to the same documents and settings folder where you deleted the last 2 files and there wil be the OB file and it has the registry editor icon. Delete that one too, empty the recycle bin and restart the computer. Now go back to my first post and i explain how to unhide all of you C: drive, do that proces again and you should be good. Sorry if this isn't too clear but im at work and im rushing to help you guys lol.

EDIT: Right, got to the point where I can now see hidden files and folders. So I can now see all my files and folders but can't find these files starting with 17 that I have to delete, any help?

This post has been edited by Diddymow: 11 March 2011 - 04:13 PM

Bump

Thanks for that dude. It worked for me to, all my icons/programs etc have returned. My task manager wouldnt show up though, so here's another small fix for you if you're still having problems...make sure you've gone through basically everything and unchecked hide, so all of your stuff is returned...

Run a search for "system diagnostic" it should appear in this folder C:\Documents and Settings\username\Start Menu\Programs *delete the system diagnostic file!*

Once that was deleted my quick launch and everything else restored itself. I think I'm clean now, but I'm gunna run a few programs to check, and do a restart. Hopefully it's gone.

strawberrytoothbrush, on 12 March 2011 - 10:28 AM, said:

Thanks. How do I make all my folders and files no longer hidden? I can now see them but they are still classed as hidden folders so they are greyed out. Doesn't make too much difference really though.

How to see hidden files in Windows


Next run an online scan.

ESET Online Scan
I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check and check Remove found threats
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
  
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

Diddymow, on 12 March 2011 - 08:12 PM, said:

I'm sure it's been explained in the post above, but right click on the file/folder, and click properties, in this window go to the view tab, and uncheck the box that says "hidden". This will restore all you're stuff, so that it is visible.

To let you guys know, I'm fully clean now no more malware woo

TASK MANAGER PROBLEM FIX!


Open the run box, type gpedit.msc, expand the selection Administrative Templates under User Configuration. Now expand the System folder. Now click first selection Ctrl+Alt+DEL, Now look on the right hand side, right click Task Manager and click Properties, Select the disabled bubble, hit apply, close the window and see if the task manager is available, if not log off and log back on. it should work.

hey i have had the same problem as diddymow^^ can someone please tell me where i can find these files staring with 17 please ive tried the search but the only thing that comes up with 17 is a song

Diddymow, on 11 March 2011 - 03:32 PM, said:

HEY DID U FIND THE FILES THAT START WITH 17 ?? IF SO WHERE CAN I FIND THEM ?

THANKS

See post 5