Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Protector Virus


  • Please log in to reply
11 replies to this topic

#1 allstrz

allstrz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 04 March 2010 - 09:04 PM

I recently got the Virus Protector virus on my computer. All the fixes I've seen involve going in Safe Mode with Networking which doesn't work. Can anybody help me?

Edited by Orange Blossom, 04 March 2010 - 09:33 PM.
Move to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 allstrz

allstrz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 04 March 2010 - 11:34 PM

bump.

#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:22 PM

Posted 06 March 2010 - 08:33 AM

Hi,

Can you see Safe Mode with Networking in the Safe Mode boot options? Do other Safe Modes work?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 Digitalcherub

Digitalcherub

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 08 March 2010 - 05:55 PM

Dear Virus Protector Victims,
A friend of mine recently became infected with this malware and it truly did a number on his system. It did all the above symptoms and disabled many of the services that the computer uses to transfer information (Ex: external USB/internet) making it difficult to acquire MalWareByte's software to cleanse the system. Normal, Safe-mode, and Safe-mode with Networking were all affected. I discovered a way to bypass any of the following: removing the internal hard drive and using a clean system; performing a complete system format/re-installation; loading from a System Restore point that may have undesirable results. My tutorial simply removes the malware and fixes the damage done.

OS affected: Windows Vista Home Premium (base installation, neither Service Pack 1 or 2)

ATTENTION: The following tutorial only works with Windows Vista. Attempting to apply these steps to infected Windows XP OS will not work.

Here are the steps that I performed to do so:

1) Boot the system normally and login to the system. The Virus Protector will start and flood your screen with all the jargon it's known for.

2) Press 'WindowsKey+U' to open the Utility Manager window. This window gives you access to the root structure to the hard drive via the navigation edit box up top. Note: VP will prevent access to the Registry, Task Manager and the Internet, so don't bother.

3) Navigate to your System32 folder located under the Windows installation folder (Generally: c:\windows\system32\). Run "msconfig.exe" located in the System32 directory.

4) Under the "System Configuration Utility" you want to do the following:
a) Under the "Services" Tab, click "Enable All".
B) Under the "Startup" Tab, click "Disable All".
c) Under the "General" Tab, select the "Selective Startup" with the only sub-option checked: "Load System Services"
d) Under the "Boot" Tab, check "Safe boot" leaving the "Minimal" option as the only sub-option selected.

5) Click "OK" in the "System Configuration Utility" and upon exiting a dialog will pop-up and ask if you wish to restart the system. Click "Restart Now". Note: You DO NOT have to hit F8 anymore to select "Safe Mode with Networking".

6) The system will boot into the selective Safe Mode and the Virus Protector will continue to load at this time. BUT, press 'WindowsKey+U' to open the Utility Manager window again. Use the navigation edit box above and type in "http://www.malwarebytes.org/". You now have access to the internet! YAY!

7) I chose to go to MalWarebByte's website and download their free edition of their MalwareByte's Anti-Malware program. You should do the same, and go ahead and click "Run" when clicking to download.

8) When it finishes downloading, the program will run and proceed to update it's database with the most current version. Run a "Full System Scan", the program may state that it is going to fix access to the registry, click to continue and it will run the scan. Note: Virus Protector had infected files located outside the search scope of Malwarebyte's Quick Scan.

9) Once the program's scan is complete. Delete all the infected files discovered. You may close the program.

10) Press 'WindowsKey+U', navigate to the System32, and launch "msconfig.exe" as described above.
a) Under the "Boot" Tab, deselect "Safe boot".
B) Under the "General" Tab, select "Normal Startup"

11) Click "OK" and choose to reboot.

12) The system will reboot into Normal mode and you will discover that the Virus Protector is now gone. BUT, your Task Manager and Registry are still disabled. First we need to gain access to the registry (a.k.a. "regedit.exe"):
a) I used "Symantec's | Tool to reset shell\open\command registry keys" inf-file, located at "http://www.symantec.com/security_response/writeup.jsp?docid=2004-050614-0532-99".
B) Download this inf-file to your Desktop. Right-click the inf file and choose "Install". This will re-enable your registry.
Note: I chose this tool because I believe this may have fixed other problems besides the registry.

13) Re-activate the Task Manager (a.k.a. "taskmgr.exe"):
a) Press 'WindowsKey+R' to bring up the "Run" dialog.
B) Enter this string exactly as provided, "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f"
Note: Don't include the quotations :)

14) You now have removed Virus Protector and re-enabled all disabled system functions.
a) Update/Install Virus protection softare
B) Run Windows Update and download all Service Packs and Critical Updates available.
c) Run "msconfig.exe" once more and go to the "Startup" Tab. Select the programs you wish to load at startup.

GOODLUCK!

If there is any missing information that I have not provided please let me know and I will append it to this tutorial.

Edited by Digitalcherub, 08 March 2010 - 08:39 PM.


#5 jdamelio

jdamelio

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 08 March 2010 - 07:49 PM

The WindowsKey+U gets me to the Utility Manager but the only thing I see are starting up Magnifier and Narrater!!! I do not see anywhere I can navigate to anywhere.

#6 Digitalcherub

Digitalcherub

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 08 March 2010 - 08:24 PM

The WindowsKey+U gets me to the Utility Manager but the only thing I see are starting up Magnifier and Narrater!!! I do not see anywhere I can navigate to anywhere.


What version of Windows are you running? If you are running Windows Vista, there should be a navigation box at the top of the window. It appears as a blue circular icon following by a right-arrow then says "Control Panel" etc. You want to click the right-arrow and it will drop a list box where you can select the "Computer" revealing the hard disk drives. Post back.

#7 Digitalcherub

Digitalcherub

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 08 March 2010 - 08:29 PM

The WindowsKey+U gets me to the Utility Manager but the only thing I see are starting up Magnifier and Narrater!!! I do not see anywhere I can navigate to anywhere.


It sounds that you are running Windows XP, I tried the WindowsKey+U on my XP system and it only yielded a dialog box with accessibility options for the OS. I only wrote the tutorial for the Windows Vista OS. :thumbsup:

#8 Digitalcherub

Digitalcherub

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 08 March 2010 - 08:40 PM

The WindowsKey+U gets me to the Utility Manager but the only thing I see are starting up Magnifier and Narrater!!! I do not see anywhere I can navigate to anywhere.


Instead of WindowsKey+U, attempt 'WindowsKey+E'??? Please post back if this works and I will adjust my tutorial.

Edited by Digitalcherub, 08 March 2010 - 08:41 PM.


#9 jdamelio

jdamelio

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 09 March 2010 - 06:19 AM

Yes, XP home, with all updates. I'll try that.

#10 jdamelio

jdamelio

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 09 March 2010 - 07:33 AM

E is not the answer. No responses from any letter combination other than U.

#11 Digitalcherub

Digitalcherub

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 09 March 2010 - 12:07 PM

E is not the answer. No responses from any letter combination other than U.


Without an infected system to work on I will struggle finding a method.

#12 jdamelio

jdamelio

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 09 March 2010 - 07:29 PM

I appreciate your position. I think the best thing for me is to take the drive/machine to a third party so they can play with the drive as a slave and run the various programs.

I d/l the lastest update from Malware Bytes Monday morning. I was able to start a scan. But for some reason the scan stopped and the machine rebooted, with out my input.

So you can have the necessary software but if you don't have access it doesn't do you a lot of good!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users