Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Vista Repair Virus YAY!!!!!1!!!

  • Please log in to reply
1 reply to this topic

#1 superdead


  • Members
  • 1 posts
  • Local time:10:29 PM

Posted 24 June 2011 - 08:32 AM

Hi. I have a couple of questions to ask so I'll just tell you what happened. I was looking through google images, and suddenly AVG tells me it's detected a trojan. I end the process straight away (i got it through some flash.exe thing idk). Later on, all my quick launch buttons have gone to hell along with all my desktop icons etc you know the story. So I open up Task Manager, lo and behold, a weird nonsense program called WinHex.exe is running, as well as some apparently safe (so the internet told me) unfamiliar program called attrib.exe (i'd checked the internet with this before and they said it was safe, but i later realised if it's not familiar it shouldn't be there). There was also some suspicious looking file called img0ing2eaTurc0mput3rz.oat or something

This program kept restarting periodically, and went FULLBLOWN into action after i restarted the computer, and that's the first time i saw the name "Vista Repair". So I decided to Open File Location and then went into safe mode to delete it ('twas in the Program Data folder). I restarted, deleted registry edits using this source (please tell me this was right because I have only ever used regedit to make bubbles appear on my screensaver and I understand the perils of being a n00b), and used unhide.exe successfully.

In between this, I ran AVG about 1478934257 times and it would detect nothing. Not even before I went into safe mode and deleted the original trojan exe files in the Program Data folder. Question1) Why?

I practise Safe Internet. I have a million adblocks on firefox, and I'm always warned about malicious stuff before I hit a website. I was seriously only on google images when this happened. I have a few other tabs open all the time, like twitter, gmail, and youtube, which can't have been the source of this attack. I NEVER pressed accept on anything. Question2) How did this virus download itself? Did it just download automatically? I never accept anything that is undue.

and of course Question3 - is there anything left to do? any residual files that have remained from this Trojan battle? I'm currently 51 minutes into running a full-on fully sick full scan on MBAM, and nothing so far.

Danke in advance.

BC AdBot (Login to Remove)


#2 Clairvoyant


  • Malware Response Team
  • 1,564 posts
  • Gender:Male
  • Location:somewhere in time
  • Local time:01:29 PM

Posted 24 June 2011 - 01:57 PM

Hi superdead, and welcome.

About the questions 1 and 2, if you don' t install directly the malware it may be comes through an exploit, imho.
Are all software installed on your pc up to date?

The registry changes that you have made seems right but could be not enough ( however you shouldn't edit the registry unless you know what you do, it can be dangerous ).

I suggest scan your pc with ESET Online Scanner, following this steps:

  • Disable your Antivirus and other security software
  • Hold down Control and click on the above link to open ESET Online Scanner in a new window
  • Click the Posted Image button
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer and Save it to your desktop
    • Double click on the Posted Image icon on your desktop
  • Check Posted Image
  • Click Posted Image
  • Accept any security warnings from your browser
  • Under scan settings, check Posted Image and UNcheck Remove found threats
  • Click Advanced settings and select:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will download updates and install itself, then begin the scan. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Click Posted Image, and save the file to your desktop using a unique name, such as ESETScan
  • Click Posted Image
  • Click Posted Image
clean temp files with Temp File Cleaner:

  • Double click on TFC.exe to run the program
  • Click on Start button to begin cleaning process
  • TFC will close all running programs, and if ask you to restart computer allow it
then download Security Check, save it to your Desktop and:

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box
  • A Notepad document should open automatically called checkup.txt; save it to you desktop
Finally, rember to re enable all the protections that you have previously disabled .

Please, include the contents of all reports in your reply.

Edited by Clairvoyant, 24 June 2011 - 03:50 PM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users