Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Xp Service Center And Vundo Viruses Have Unrelentlessly Taken Over My Computer.


  • This topic is locked This topic is locked
4 replies to this topic

#1 kairi2

kairi2

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:51 PM

Posted 03 August 2008 - 12:50 AM

Hello all! I have been fighting with this devastating virus for 8 hours straight now, and it has gotten progressively worse and unbelievably frustrating. The person that was halfheartedly assisting me gave up and told me to reformat the computer, but there are so many important documents, emails, and pictures I will lose if I do that. I don't even have the reformatting CD either. So I turn to you guys for help.

This is a relatively new virus apparently because I can't find much helpful information on it. I got it from downloading a registry cleaner torrent and extracted the .rar without thinking. Immediately my computer rebooted and an icon popped up saying I was infected with spyware, and then a window that was trying to impersonate Windows Security started doing a scan. Suddenly porn site and fake security program icons appeared on my desktop, popups appeared demanding me to buy remover software, and my background changed to a red wallpaper with a biohazard symbol saying I was infected with a Virus. It was pretty surreal and moved way too fast before I knew what was going on. Avast caught the viruses but didn't act fast enough.

At first I tried to scan using TrojanHunter, but the virus froze it midscan. Rebooted and tried Adaware, it finished (it found some other virus called Vundo) but didn't completely remove the viruses. Then my computer started freezing up, and the taskbar would flash and dissappear every five seconds, as well as my desktop icons dissappearing. My wallpaper was replaced with a blank blue wallpaper and my mouse would stop working. I wasn't able to run TaskManager because it said it was disabled by an administrator. I tried booting up in Safe Mode, but it had taken away the ability to do that too. All I got was a black screen with the words "Safe Mode." I couldn't do System Restore because the virus erased all my restore points. If I acted really quick when the computer first started up, I could open some programs to use after my taskbar and desktop icons disappear. Sometimes I could do this, other times my computer would freeze up and I'd have to restart again.

I grabbed the other laptop to research, and randomly found different programs to try. I tried the Malwarebytes program that was recommended for this "fake security center" virus. It detected the viruses and removed what it could, and restarted my computer to remove the rest. I just got a frozen computer again. I tried SuperAntiSpyware, that didn't help. The virus took over Firefox too, because when I would try to browse the internet, it would take me to different sites than I typed in, and sometimes go to a site with the fake security center scanner and all the fake warning popup windows. We tried deleting registry values, running a Check Disk scan through the Safe Mode with cmd.exe, and deleting the files that the scanners couldn't get to. The virus would come right back like nothing ever happened.

I started reading on this site and tried to restart the computer again so I could open Firefox to download HijackThis and access the Malwarebytes log. Now the computer is stuck on the Windows Welcome screen, and I can't get past it. I tried Safe Mode again but it's stuck on a completely black screen.

What can I do? Is there any way to get rid of this virus from [bleep]? How can I get back into my computer? If not, is there any way I can make copies of a few important files? What do you do when you misplaced the reformatting cd that came with your computer?

Any help would be greatly appreciated. Thank you so much!!

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 03 August 2008 - 09:46 AM

Hello please read thru quietman7's comprehensive post #6 here and see if you can can't past that.
Please let us know.

http://www.bleepingcomputer.com/forums/t/135646/downloadergeneric6ambn/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 kairi2

kairi2
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:51 PM

Posted 03 August 2008 - 12:33 PM

Thank you for directing me to that post. I created a Recovery.iso CD and used it to boot up the computer. I got into the Recovery Console but all I could find was a list and descriptions of the commands to use, with no instructions on how to use them. So I tried to use the Langa Letter site to do a nondestructive rebuild, but a screen comes up that says I can't go any further because I don't have an End User Licensing Agreement (EULA) and to press F3 to quit.



edit: In the recovery console I did manage to use the fixboot command, and the computer did get past the windows welcome screen when I restarted. Just like before, it loaded my background and looked like everything was starting up normally, then I guess the virus kicked in and the screen went blue and I couldn't click on anything. So now what should I do?

Edited by kairi2, 03 August 2008 - 12:36 PM.


#4 kairi2

kairi2
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:51 PM

Posted 03 August 2008 - 02:41 PM

i've made it to the registry via command prompt in safe mode, i can't find the virus anywhere. please help!!!

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,720 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:51 PM

Posted 03 August 2008 - 05:33 PM

Hello kairi2,

I see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/161282/hijack-this-and-malabytes-log/ Because you have this log posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users