Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "system diagnostic" malware?


  • Please log in to reply
18 replies to this topic

#1 strawberrytoothbrush

strawberrytoothbrush

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 10 March 2011 - 05:23 PM

hey, a friend reccomended me this website after he tried to help me get rid of this problem himself, but everything he tried hasn't gotten rid of the issues.

last night i was on my machine (windows xp) and it threw a few warning boxes up, then it shut down. i turned it back on and all the icons on my desktop were gone, and one of those fake virus scanners started running, calling itself system diagnostic. it's also hidden everything in my program files (except if i download something new)

so i've tried all the usual fixes (according to friend) which was running rkill, then malware bytes and super anti spyware. both find errors and apparently remove them, but on system restart the problem still occurs. also when these programs say the virus is gone, the desktop icons and program files are still gone. something which i read will return after this virus is deleted.

help?

BC AdBot (Login to Remove)

 


#2 Diddymow

Diddymow

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 10 March 2011 - 05:27 PM

I'm having the exact same problem, here's my thread: http://www.bleepingcomputer.com/forums/topic384229.html

If you look at the C Drive you can see that the data is still there because of the size of it but you can't access it.

#3 strawberrytoothbrush

strawberrytoothbrush
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 10 March 2011 - 05:36 PM

yea, it really sucks. luckily my friend showed me how to run any programs i need today from command prompt so all of the programs are still there, they're just hidden by this nasty virus

Edited by strawberrytoothbrush, 10 March 2011 - 05:37 PM.


#4 moneygts

moneygts

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 11 March 2011 - 12:32 PM

whats up guys, I am currently working on fixing a computer with the same issue. The "infection" apparently turns all file/folders into hidden files. To reveal all of your files/folders go to My Computer, open the C: drive, now click tools in the menu bar up top, click folder options, now click the view tab, without scrolling down you'll see two options at the bottom, click the bubble that says "Show hidden files and folders" this will reveal your entire desktop and all other file/folders. I'm still in the process of removing the enitre stupid ass program. I'll let you guys know if I figure anything else out.

Edited by moneygts, 11 March 2011 - 12:33 PM.


#5 moneygts

moneygts

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 11 March 2011 - 01:28 PM

Ok I have completely, or i'm pretty sure i have, removed the virus. First you will need to download this process explorer because the task manager is diabled. http://download.cnet.com/Process-Explorer/3000-2094_4-10223605.html, copy and paste the link in your browser, download and run the program. Find the icon towards the bottom that is the colored puzzle pieces, that is the program you need to kill. Right click it and hit kill process tree. Next open the C: and open documents and settings, open All Users, now go to tools, then folder options, then go to the view tab again and click the bubble that says "show hidden files and folders", now delete the 2 that stats with 17, i dont remember the exact numbers but there are 2 files that start with 17 and are a bunch of numbers. Once you have deleted those open the run box and type msconfig. go to the start up tab and at the bottom there is a program that starts with the letters OB, i dont rememebr the rest of the letters sorry. now uncheck the box next to it and hit apply and let the computer reboot. Now go back to the same documents and settings folder where you deleted the last 2 files and there wil be the OB file and it has the registry editor icon. Delete that one too, empty the recycle bin and restart the computer. Now go back to my first post and i explain how to unhide all of you C: drive, do that proces again and you should be good. Sorry if this isn't too clear but im at work and im rushing to help you guys lol.

#6 Diddymow

Diddymow

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 11 March 2011 - 03:32 PM

EDIT: Right, got to the point where I can now see hidden files and folders. So I can now see all my files and folders but can't find these files starting with 17 that I have to delete, any help?

Edited by Diddymow, 11 March 2011 - 04:13 PM.


#7 Diddymow

Diddymow

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 12 March 2011 - 07:01 AM

Bump

#8 strawberrytoothbrush

strawberrytoothbrush
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 12 March 2011 - 10:28 AM

Thanks for that dude. It worked for me to, all my icons/programs etc have returned. My task manager wouldnt show up though, so here's another small fix for you if you're still having problems...make sure you've gone through basically everything and unchecked hide, so all of your stuff is returned...

Run a search for "system diagnostic" it should appear in this folder C:\Documents and Settings\username\Start Menu\Programs *delete the system diagnostic file!*

Once that was deleted my quick launch and everything else restored itself. I think I'm clean now, but I'm gunna run a few programs to check, and do a restart. Hopefully it's gone.

#9 Diddymow

Diddymow

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 12 March 2011 - 08:12 PM

Thanks for that dude. It worked for me to, all my icons/programs etc have returned. My task manager wouldnt show up though, so here's another small fix for you if you're still having problems...make sure you've gone through basically everything and unchecked hide, so all of your stuff is returned...

Run a search for "system diagnostic" it should appear in this folder C:\Documents and Settings\username\Start Menu\Programs *delete the system diagnostic file!*

Once that was deleted my quick launch and everything else restored itself. I think I'm clean now, but I'm gunna run a few programs to check, and do a restart. Hopefully it's gone.


Thanks. How do I make all my folders and files no longer hidden? I can now see them but they are still classed as hidden folders so they are greyed out. Doesn't make too much difference really though.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:55 AM

Posted 12 March 2011 - 08:55 PM

How to see hidden files in Windows


Next run an online scan.

ESET Online Scan
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 strawberrytoothbrush

strawberrytoothbrush
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 13 March 2011 - 12:21 PM

Thanks. How do I make all my folders and files no longer hidden? I can now see them but they are still classed as hidden folders so they are greyed out. Doesn't make too much difference really though.

I'm sure it's been explained in the post above, but right click on the file/folder, and click properties, in this window go to the view tab, and uncheck the box that says "hidden". This will restore all you're stuff, so that it is visible.

To let you guys know, I'm fully clean now :) no more malware woo

#12 moneygts

moneygts

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 13 March 2011 - 03:52 PM

TASK MANAGER PROBLEM FIX!


Open the run box, type gpedit.msc, expand the selection Administrative Templates under User Configuration. Now expand the System folder. Now click first selection Ctrl+Alt+DEL, Now look on the right hand side, right click Task Manager and click Properties, Select the disabled bubble, hit apply, close the window and see if the task manager is available, if not log off and log back on. it should work.

#13 reyrey

reyrey

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 13 March 2011 - 08:08 PM

hey i have had the same problem as diddymow^^ can someone please tell me where i can find these files staring with 17 please ive tried the search but the only thing that comes up with 17 is a song

#14 reyrey

reyrey

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 13 March 2011 - 08:17 PM

EDIT: Right, got to the point where I can now see hidden files and folders. So I can now see all my files and folders but can't find these files starting with 17 that I have to delete, any help?



HEY DID U FIND THE FILES THAT START WITH 17 ?? IF SO WHERE CAN I FIND THEM ?

THANKS

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:55 AM

Posted 13 March 2011 - 08:38 PM

See post 5
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users