Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Fix (already removed?), more use of hard disk in idle now and whats invokesi.exe?


  • Please log in to reply
No replies to this topic

#1 Asound

Asound

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 04 December 2011 - 08:09 PM

Hello,

I just got infected by the virus/scareware "system fix". Which I already seem to have got ridden of, thanks to Malwarebytes Anti Malware. Only the hard disk is used now more often, even when the system is not in use. The system reads/accesses the hard disk now every second, which is not normal. I dont remember that it accessed the hard disk that often in idle. And there are still some few files, that got installed with "System Fix" and I found an invokesi.exe stored in Users/public, which seems to be something bad too.

My system is Win 7 professional 64b and my av-scanner is the free version of Avira Anti-Vir.

Here the background how the infection happened and what I did so far:
I was just browsing the web with the firefox 9 (beta) until it completly disappeared. Avira Anti-Vir (free version) informed my about a malicious file (I dont know the name anymore), which was placed in a temp folder (as far as I remember the temp folder by Firefox, but I'am not shure). I just deleted the file and ignored it, since I was browsing on only pretty well known sites and big communitys which I have been on for many years now nor download anything from an unsecure source. Then I restarted Firefox which just restored my last session.
Now the madness begann. Firefox disappeared again. My wallpaper was black, I was not able to reach the task manager, almost every folder and file was about to get hidden and a lot of messages and warnings appeared (which I just ignored).
Okay, I was able to install, update and run Malwarebytes Anti Malware (in windows safe mode) without a problem. I just did a qick-scan. The software found some stuff (PUM.Hijack.TaskManager, Trojan.FakeAlert and 3 other with almost identical name), which I removed of course. Now the problems seems to be gone. The system itself seems to be in the original state as it was before the problem occured. I only had to unhidde everything (thanks for the unhide.exe !) and restore a few desktop icons.
Besides the fact that the hard-disk seems to get used now more often, no problems at all! I did ran a full scan with Malwarebytes Anti Malware now (only on the system partition) and nothing was found. And all running windows-processes are nothing malicious, only from the system itself or the software that I had installed myself.
So now there are still some few files left, that are installed with system fix. Like the "system fix.ink" on the desktop, some others ink files and 3 randomly named files in the ProgramData folder. two files (with no extension?) and one exe (all have the exact same name). I guess that those 3 files are installed with system fix.
And the invokesi.exe. I searched the internet and it seems to be a virus or so, at least it is something bad. Avira is not warning me about the file and only 2 scanners (of 41) on virustotal.com found something malicious in it.

So could my system still be infected with something? I restarted my system a few times now, still no problems so far nor any malicious processes, besides the fact that my hard-disk is getting used more. Can I just delete all those files, which I named before, by my own hand?

Edit: I just made a virus scan with anti-avir on the systempartition. Nothing was found. And the one malicious file, it once warned me about, was located in the temp folder of my user account and is called "TR/Alireon.FL.2" by anti-vir (the name of the exe is just something random).

cheers Asound

Edited by Asound, 04 December 2011 - 09:19 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users