Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting Virus that renames itself to my computer name


  • Please log in to reply
1 reply to this topic

#1 rachdgard

rachdgard

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 06 July 2009 - 12:51 PM

I've been trying to get rid of this stupid windowsclick, overclick.cn some other kind of virus for some time now. It seems to remname itself to the computername / username that it infects, (if your username is "jon" it executes itself as a process called "jon.exe")
I've been lurking trying to see if I can resolve the issue myself, but to no avail. I sucessfully used spybot search and destroy which stopped the redirecting for short runs of times (like two days), but the virus is still on my computer. It always comes back after a few days in full force making it difficult to surf the internet. It has passed to all of our computers through a pindrive, and seems to be impossible to get rid of. I'm looking for some guidance.
I have tried to rid the computer of the jon.exe, rachel.exe file manually, but am not allowed access. I restarted the computer in safe mode and accessed it through the administrator program but was still denied access. Making the program file visible took some effort, as I could not just click to show hidden files (when clicked it would ask if i was sure that i wanted to see everything, i would say yes, and then it would go right back to being checked hidden again.) I used the registry editor and created a show all hidden files reg dword value to actually see the file. I tried to use ccleaner to get rid of any kind of excess registry problems, and my computer seems to run faster, but the process is still there. I tried to delete it using ccleaner and spybot and have tried to remove it manually through msdos commands but nothing. It's still there and it keeps showing up. It will execute on startup and when i try through msconfig to turn it off or even delete the process it just ignores my command or tells me that i do not have access.

I'm praying that i'm just retarded and that it's supposed to be there, but I really don't remember any kind of process that was named specifically for the computer that you're on.
I sure hope you can help, and if this has already been discussed I apologize.
Anything that i can do to get rid of this thing I will.

Thanks so much
Rachel

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 07 July 2009 - 01:48 AM

Please download RootRepeal Rootkit Detector and save it to your Desktop.

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.
* Create a new folder on your hard drive called RootRepeal (C:\RootRepeal) and extract (unzip) RootRepeal.zip. (click here if you're not sure how to do this. Vista users refer to this link.)
* Open the folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...
* Click on the Files tab, then click the Scan button.
* In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
* When the scan has completed, a list of files will be generated in the RootRepeal window.
* Click on the Save Report button and save it as rootrepeal.txt to your desktop or the same location where you ran the tool from.
* Open rootrepeal.txt in Notepad and copy/paste its contents in your next reply.
* Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "Safe Mode".
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users