Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WindowsSafemode malware


  • Please log in to reply
4 replies to this topic

#1 magicmonster65

magicmonster65

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 07 March 2011 - 10:25 AM

Same virus, uploaded a video here:



The administrator account thing you mentioned doesn't work for me. Can't get onto windows, can't get onto task manager, safe mode doesnt work, can't run any programs. Clever little virus....

BC AdBot (Login to Remove)

 


#2 magicmonster65

magicmonster65
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 07 March 2011 - 10:42 AM

Solution here: http://www.bleepingcomputer.com/forums/topic383117.html/page__gopid__2159971#entry2159971

JerinDS, on 05 March 2011 - 10:29 PM, said:

I had this issue on my General Manager's computer today. I was so frustrated and defeated I didnt even think of the obvious. Here is how I defeated this beast using system restore.

1. restarted in safe mode with command prompt (was lucky enough to get cmd up)

2. here is the filepath for system restore C:\windows\system32\restore\rstrui.exe

After the restore and reboot i ran rkill and Malwarebytes to make sure and computer is fully functional.

It worked for me hopefully it works for you!

Good Luck

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:12 AM

Posted 07 March 2011 - 12:17 PM

Thank you for letting us know what worked for you. Unfortunately System Restore is not a reliable way to get rid of this malware; components of the malware may have been stored in the used System Restore point.

Please let me know if you need any other help making sure your computer is clean.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 JerinDS

JerinDS

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 08 March 2011 - 11:56 AM

Elise,

Shouldnt running RKill, and a malware removal tool(I use MalwareBytes) after the restore be good practice when removing any type of these Hijack annoyances? I am in no means a computer guru, I just figured I'd try the system restore form CMD when I was frustrated beyond repair myself! I don't see any traces of the "WindowsSafeMode" left on his computer, but would also hate for it to come back and nip me in the hind (especially after taking advantage of the free Flyers tickets for my services :P)

If anyone doesn't know what RKill is, click here for a description.

In addition, Thanks for this site. I have used it many times in the removal of viruses and such, just never had the chance to put in my own bit.

Thanks much!

JerinDS

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:12 AM

Posted 08 March 2011 - 12:20 PM

Hi JerinDS,

RKill is only useful when there is active malware running (for example a rogue application) and tools like Malwarebytes Antimalware cannot be started. However, it can never hurt to run it, since it only stops processes. If there are no malicious processes to terminate, it simply will not do anything.

I never recommend using System Restore to get rid of an infection, because often malware will infect restore points as well. This can lead to malware being restored as well, or, if malware has corrupted the used system restore point, it can result in a computer that will not function properly (or even not start Windows at all).

When you choose to do a system restore in such a situation, it is indeed a good idea to run a scan with for example MBAM afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users