Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hidden files system restore virus


  • Please log in to reply
No replies to this topic

#1 MikeMc83

MikeMc83

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 02 November 2011 - 04:43 AM

So ive been going through this site for a few hours and I believe I have narrowed hown my issue, but have not been able to correct it.

Im not positive on what iniated the problem as it is my parents computer. They were having a problem with not being able to pick up the printer wirelessly and chose to "uninstall" the software, and "reinstall" using the disc from the maker.

An hour or so later of my father doing whatever he was doing (Sorry, I think if he acually knew he could tell me, and I could tell you) There are no longer any Icons on the desk top, and no files, or programs shown under any tabs in the start menu. As my mother was scared that she lost picture (that she has no backup for) I started the task manager, and was able to find the pictures when I went to "file", then "Start new task" As quickly as all the thumbnails came up, they all the disappeared. And showed all those folders as empty.

The only thing on the desktop is Internet explorer, and what I believe is the "System Restore" virus. Along with their interface offering to fix my problems, I get 20+ error messages popping up.
I have found topics here discussing the fixes.

It is making the desktop incrediably slow, but I was finally able to download and install "Rkill,"
However, when I double click the Iexplorer.exe icon to start the program, (before I am able to see the software do anything)
The screen goes blue, with text that rapidly shoots down the screen, and restarts the cpu. (faster than I can make out what it really says) When it restarts rkill is no longet on the desktop, and isnt found when I try to run it from "start, then run"

So I then tried and downloaded malwarebytes. I after a long while, was able to download, and install the software.
I had a bit of success as I was able to run the software, but after an hour and six minutes it did the blue screen , and restart deal again.

After restart the setup file was still on the desktop, but i had to reinstall. this time directly after install it blue screened and restarted. (the blue screen and text stays up for roughly 2-3 seconds)

I then decided to restart in safe mode with networking. It seems a bit useless because i cant seem to get the internet working in this mode. It makes my network unknown, and doesnt allow me to access the web. Ive sifted through some setting, but i cant seem to resolve that issue either.

However, i decided to run malwarebytes (without being able to update it due to no internet connection, I believe it said it was 62 days old)
Currently in that safe mode malwarebytes completed its scan and found 186 items. As of now the only means I have to copy the items over is to manually type them in here. Many of them have common file names so I will list a few of the different name types below. If more, or particular ones are requested I can type them here.

I apologise for this message being kinda all over the place. As soon as I tried to start typing I realised that figuring out what information is useful is harder than I thought. Im sorry if I left too much out. This is my first time posting to any site of any issue. Ive been working on this for about 9 hours and am tired. Im going to leave the malwarebytes software where it is and call it a night. In case anyone could find of use anything that is listed there. I'll get back to trying to fix this mess tomarrow.
All of the info that seemed useful I got from this site. By googleing the issues it brought me here, and it seemed like people here had helped, so I will thank anyone in advance that takes any of their time to aid me.

A few examples of what malwarebytes found
Im listing what it says under "vendor", than "Item"


Adware.Agent.Gen c:\programdata\Wyeke\wyeke199.exe
Adware.Agent.Gen c:\programdata\Wyeke\wyeke.dll

Exploit.Drop C:\Users\Karen\AppData\Local\Temp\wpbt0.dll

Rogue.SecurityAntiVirus C:\Users\Karen\AppData\Roaming\microsoft\windows\startmenu\security antivirus.ink

Trojan.Agent c:\program files\winupdater

Pum.Hijack.taskManager (catagory Reqistry Data) HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\CURRENTVERSION\POLOCIES\SYSTEMDISABLETASKMQR
There a bunch of things similare to this. Some are Reqistry "Key" instead of "data" Some say the vendor is "Security.Hijack" or Adware.MyWebSearch, or Shopper Resports

Trojan.Vundo (catagory: Reqistry HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0


Those are a few examples, there a lot that have similarites.
I don't know what any of those things, are, or mean. I don't know if they mean anything to anyone here.
Like I said im just leaving that screen on overnight, and im going to continue tomarrow. I hope someone smarter than me here knows something simple I dont. :)

btw Im on windows vista, on a Hp Pavillion the sticker on the side says its a "a6157c TV PC"

This is being sent from my other computer. CPU is acting way to screwed to get this site on. Im also connected to that same internet connection that wont work on the desktop.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users