Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.w32.looksy Virus


  • Please log in to reply
6 replies to this topic

#1 flyer84

flyer84

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 25 September 2007 - 09:50 PM

Last week my computer was infected with the W.32.Looksy virus and I managed to get rid of most of the problem. However, I am still getting an alert from my anti-virus program that says Possible Virus Threat. Let me explain every step that I did to get rid of the virus so far and then hopefully I can get some help on how to get rid of it completely.

First, I downloaded SuperAntiSpyware and ran a complete scan. Then I deleted all possible threats. I also downloaded Smitfraudfix and ran a report of the infected files. After that I rebooted into safe mode and selected smitfradfix.cmd. I hit 2 to delete the infected files and it also cleaned the registry. AFter this, I rebooted again into normal mode and it seemed like the problem was gone for the most part. However, I keep getting a popup from Fix It Utilities 7, which is my anti-virus program, that says "Potential threat detected, Name: TROJ_DLOADER.NVT, Infected File: C:\System Volume Information\_restore{A91E49FD-ED75-4E13-AC93-ECA8E2A... This only pops up if I leave the computed idle for 5 minutes or more otherwise it never appears. Does anyone have any suggestions?? Please help so that I can get rid of this thing COMPLETELY. Thanks.

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 26 September 2007 - 01:51 AM

We need to purge your infected system restore points.
On the Desktop, right-click My Computer, then click Properties.
Click the System Restore tab near the top of the window.
Check Turn off System Restore, click Apply, and then click OK.
More information on how to disable your system restore can be found here.

We want to create a new, clean restore point. Please first reboot your computer.
On the Desktop, right-click My Computer, then click Properties.
Click the System Restore tab near the top of the window.
Uncheck "Turn off System Restore", click Apply, and then click OK.

Click Start | All Programs | Accessories | System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point - Something like "After trojan/spyware cleanup".
Click Create, and after it has created the restore point, click "Close".
Further instructions on creating a restore point can be found here

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:33 PM

Posted 26 September 2007 - 09:18 AM

Welcome to BC flyer84

The System Volume Information Folder (SVI) is a part of System Restore - the feature that allows you to set points in time to roll back your computer to a clean working state. The System Volume Information folder is protected by permissions that allow only the system to have access and is hidden by default unless you have reconfigured Windows to show it.

Keep in mind that System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points. When you scan your system with anti-virus or anti-malware tools, you may receive a message that a virus was found in the System Volume Information folder (System Restore points) but the anti-virus software was unable to remove it. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you use an old restore point.

Following rookie147's instructions should resolve this issue.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 flyer84

flyer84
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 26 September 2007 - 10:38 AM

I did exactly what you told me, rookie147 and I think the problem is resolved. Thanks a lot! I just have one other question. What exactly did the trojan.w32.looksy virus do to my computer? When it happened, I received the windows security alerts and it said that my personal information was being hacked. Is that true?

Anyways, I appreciate the welcome quietman7 and again thanks for resolving my issue rookie147.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:33 PM

Posted 26 September 2007 - 11:00 AM

Smitfraud is a generic description for a family of rogue applications/trojans that uses misleading advertising, downloads rogue security products, changes (hijacks) the Windows Desktop and infects system files. The Trojan uses bogus security warnings and fake alerts to indicate that your computer is infected with spyware or has critical errors. It is responsible for downloading and installing programs that purport to scan for spyware and then uses false scan reports as a scare tactic to goad you into purchasing one of several rogue programs to fix it. Trojan.w32.looksy is just one of the more recent variants.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 excavator_man

excavator_man

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 14 October 2007 - 03:15 PM

I had exactly the same problem as flyer 84 and took much the same route to clean the system up including clearing the system restore but I still have a persistent problem with a kind of pop up which attaches itself to the top of all my interenet pages and says the following:

"Warning: possible spyware or adware infection! Click here to scan your computer for spyware and adware..."

Of course if it is clicked it re-activates the virus problems.

I would appreciate any ideas on getting rid of this.

Thanks

Richard

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:33 PM

Posted 14 October 2007 - 03:32 PM

Welcome to BC excavator_man

If you have an issue or problem you would like to discuss, please start your own topic account. Doing that will help to avoid the confusion that often occurs when trying to help two or more people in the same thread with different problems. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using.

Further, posting for assistance in someone else's topic is also known as "hijacking a thread", which is not considered proper forum etiquette.

Thanks for your cooperation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users