Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible "windows restore" infection?


  • Please log in to reply
No replies to this topic

#1 renrose

renrose

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 10 May 2011 - 04:06 PM

Hi all - total newbie here and if I am posting in the wrong topic - yell gently and point me to the right one.

Ok so last night I am minding my own business doing my thing online, I am a couponer so I am all over the place to various sites getting my precious pennies. Fool that I am I was doing this in IE8. Yeah I know - I smacked myself for it after too. Neeeeways, I have Windows 7, 300GB plus HD and about 8GB ram so system is pretty stout. It's an out of the box Gateway about a year old. I have some computer experience but it has been 12 years since I have done anything of import so I must admit that I am WAY out of touch and quite honestly, got lazy about my security.

So as I was saying, last night a window pops up on the ol screen there, looks like any number of the other annoying windows that MS deemed important to annoy you with to the point where, what do you do? click through them. Yup, that's what I did, you know how when you have a java update and the box asks you if you trust SunMicroSystems yeah well - it was a box like that. And I did the lazy thing and clicked through and told it to go right ahead and make a royal jelly mess all over my computer. And boy did it.

First thing is I all of a sudden start getting critical hard drive failure error messages, I 'x' out of those 'cause right away I know that I did a VERY bad thing and I don't want to give any more permissions to the demon than I already have. So, I am running AVG free version and it starts yelling that there is a boogie on board. I close everything down and now I want to go grab something off my drive and yeah - WOW - there are no folders on there. So me knowing what I know, I can surmise that although I can't see my folders, they have to be there because I can still operate my computer (for the most part)

Download malwarebytes - reboot into safe mode, run MWB, toss all the goo it found, run a virus scan, hmmm - seems ok - boot back to normal, run MWB again, finds some more stuff get rid of that.
Run Trend HouseCall - found some more little tidbits "tr/kazy.mekml", 'tr/crypt.xpack.gen3" , got rid of those
back into windows: folder views and check to see hidden files - oh gee there are all my windows files, hmmm no favorites in IE, how come... OHHH>...CRUD...the ding dang virus has "hidden" just about every single folder of any import and then picked a few random ones like 2/3 of my desktop icons and marked them all as "hidden" so one by one I am "right-click/properties-uncheck hidden" on any file or folder that is pale in color. huge amount of work - me being mad at me the whole time for being lazy and careless.

SOO now I have installed Firefox 4 and thunderbird. Happy with those - I have enabled the "no script' add-on. I think I have ran as many cleaning agents as I can find and I think I am pest quarantined. I do have a few concerns, my user folder (c:users/<username>) has a padlock icon on it as do some of the other folders that I am sure should not have 'padlocks on them.

Where do I go next to make sure I have completely ousted the beast and can chastise my self on the bad reminder to not play in the road because very likely you will get smucked by something.

Thanks in advance for all help and info.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users