Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that deleted all of my programs


  • Please log in to reply
6 replies to this topic

#1 dubnj11

dubnj11

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 26 April 2011 - 09:24 AM

Hello,
I received a virus 2 days ago and have been trying to repair since then. I have tried Microsoft Security Essentials. The detected items include,..
Trojan Downloader:WIN32/Renos.LX (removed)
Rogue WIN32/FakeRean (found twice within 9 minutes and removed)
Rogue WIN32/FakeYak (removed)
Rogue WIN32/FakeRean (again)
Trojan:WinNT/Alureon.S (removed)
------ I also attempted to run Combofix.
Combofix (will not complete properly) when it starts it reads "cannot find the file specified (or along those lines) and then begins what appears to be the scan, but about halfway through I receive the message (between the steps that it Cannot create file "C:\qoobox\Quarantine\registry_backups\tcpip.reg. Access is denied", at which point it continues on and seems to complete the scan although I get no report log and nothing has changed.
--------------
Tried Super Antispyware as well and that does not seem to finish properly either.
When I click "Start\programs it is "empty"

Most of my desktop items are gone as well. I have lost almost everything.
is anyone familiar with this same issue and is there any hope that I can get these files back?
Thanks in advance for any assistance. Your time and help is greatly appreciated.
Dave

BC AdBot (Login to Remove)

 


#2 Dayzed

Dayzed

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 26 April 2011 - 10:30 AM

I might be dealing with the same thing. In my case the files were there just hidden. I went to folder options and checked "show hidden files" and everything reappeared. I've posted here and on the safer forum looking for help but so far to no avail. Good luck

#3 Computerproblem101

Computerproblem101

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 26 April 2011 - 01:17 PM

Can you do a system restore? Restore to the point right before you lost everything. If not, we will need to kill the virus that has seemed to take control of your programs. I am going to need you to download and run a few things. First of all: Malwarebytes from Http://www.Malwarebytes.org - update it & run QUICK scan. Full scan is nearly useless and will take up to 8 + hours. Remove any infections found and reboot your PC. - a Malwarebytes log will be given to you in Notepad, save that log and post it here when possible

After that, download Spybot Search&Destroy from here http://www.safer-networking.org/en/spybotsd/index.html - *IMPORTANT* - right click Spybot once it is installed and select the Run As Administrator scan as Spybot needs a higher elevation level to remove infections properly. After this, update it & run the scan. Remove anything found, and once again reboot. Tell us everything it found.

Due to the fact that many Trojans were detected in your first scan log, we will need a strong online antivirus scan to clean the rest of the Trojans up. Go here: http://housecall.trendmicro.com/ and click Download HouseCall 7.1 - either 32 or 64 bit, please do note that it doesn't truly install a program, it just gives Housecall the right to run and remove things. - again, inform us of anything it found

After all of this is done, let us know how the machine is running. Good luck

#4 dubnj11

dubnj11
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 26 April 2011 - 02:21 PM

Thanks Dazed.
Computerproblem101,..Thanks for the information, but I am having trouble even getting the mbamsetup completed for malwarebytes.
as I start the mbamsetup, it starts and then I receive the following messages..
1) program_error_missing_file (2,0,mbamcore.dll)
the system cannot find the file specified
2) Run time error- Access is denied
3) setup was not completed. Please correct the problem and run setup again.

----------------
I have not moved on to the next step that you recommended because I couldn't get the malwarebytes part done. Should I try the other options? suggestions?
Thanks for your time.
dave

#5 Computerproblem101

Computerproblem101

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 27 April 2011 - 05:48 PM

Do the other scans listed in the post, can you download MBAM in Safe Mode?

#6 JohnnyTurbo69

JohnnyTurbo69

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 11 May 2011 - 10:26 AM

I have the same virus on a customers machine. I can't install malwarebytes in safe mode or normal mode. I mounted the drive on my test bench computer and ran a full scan of malwarebytes and MSE (Microsoft Security Essentials) Malwarebytes found and fixed some problems; however, the main problem still remains. I can't even go to recovery console to do a fixmbr or fixboot. The pics and docs are still there, but they are hidden. System restore give me an error "System Restore is not able to protect your computer. Please restart your computer, and run system restore again."

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:07 PM

Posted 11 May 2011 - 01:48 PM

Hello JohnnyTurbo69

If you have an issue or problem you would like to discuss, it's best to start your own topic. Doing that helps to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

I have moved (split away) your ComboFix log to the Virus, Trojan, Spyware, and Malware Removal Logs forum as they are not permitted in this forum.

Please go here, click on the Options button in the upper right corner of that thread and choose Track this topic. Subscribe to that topic to ensure you are notified when a helper replies.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean so there is no need to start a new topic.

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users