It's my sister-in-law's HP laptop. Last week she got the System Fix virus, and I went over to her house and ran through the online instructions on how to eradicat using Malwarebytes and Spybot, etc. It looked OK afterward, but I didn't have time to really do an in-depth recheck. A couple days later, she's calling again with the same problem. This time she brings the machine to me and I start to get invasive. At that point, she'd already lost all her Start button shortcuts, so I suggested doing a restore as far back as we could, but she had important business Quickbook data that she didn't want to lose, and she's desperatedly afraid of losing all her iTunes music files. So, instead of the restore, I set about to get the machine stable enough to export Quickbooks data and her iTunes songs. Turns out, she's able to use a flashdrive backup of her QB data to get it loaded onto my brother's machien, so she's ok there. Still, she's desperate to not lose the iTunes...
So, I set about to eradicate again using Malwarebyte, Spybot, and using whatever info I could glean off the net regarding this and it's associated malware (ooopppps... just got another Microsoft Essentials warning that JS/blacole.A is trying again to infect...). Having jumped through most of the hoops now two to three times, the machine is as clean as I can get it in order for her to actually run it long enough to export iTunes, but is that safe? Could these exploits/trojans/viruses get passed on to whatever machine she uses?
In all likelihood, we'll have to do a complete system restore, and not just use a restore point. After all the efforts to eradicate, all the browsers are still redirecting, even after installing IE 9 and giving it a go for highest security settins. Here's some of the names of the nasties.
These have all been ID'd by Microsoft Security Essentials after I gave up on the Malwarebytes and Spybot efforts:
With Malwarebytes I kept getting a program error, even after mulitple safe mode installations and runs... Sometimes it would run ok and ID stuff, but I'd get an error message saying it failed. I think the same thing happened with AVGFree. Wasn't sure what to trust.
Initially this all started with the Win7 Security Fix [Virus] 2012. At that same time, there were also multiple Interactive Service Detections (since have shut it off...). Some of the initial virus/trojan/exploits that Malwarebytes supposedly removed were:
knh.exe - win32\cryptor
jgfhtdt.exe - trojan horse dropper.generic5.nb
trojan horse generic_r.ju
Ok. so at this point, I'm of the opinion that since all of her regular shortcuts are gone (either by her running a cleanup of the temps or whatever...), and since this redirect c-r-a-p just doesn't want to go away, and since I could just do a complete system restore and get her back to store bought (if it's not an infection in the root...) THE ONLY REAL ISSUE is trying to save her music files and getting her back and working system with MSE installed from the gitgo and wean her off her Incredimail (never used it, but read all the bad publicity...).
The big question then is, DO YOU AGREE? Is it worth trying to restore functionality to this totally messed up system. I'm thinking NO. (I've already spent about 30 hours "learning all about this nonsense" I really didn't need to know about.) Secondly, do you think it's safe to get her music files exported, or would they (the virus idiots) have already suspected you'd do that and created a pathway to infect another machine??? I did merge this laptop into my home network to see if I could have transferred her files (~36 gb) over to one of my machines with AV running, but I then decided against that since this mess seems so pervasive.
What do you all think? While I was writing this and had that MSE warning and removal, I've lost the desktop, so I'm gonna hit POST and hope this gets posted. I'd post a logfile, but can't get to them now since I don't have a even have a Start button or task bar (at the moment...).
Frustrated beyond belief, but I know the answer is out there.
Thanks for your time and patience.
PS - I'm on my personal computer now, while running a full scan with MSE to see what happened during the time I was writing to you all. I should have mentioned that I did try to do Windows Updates but Service Pak 1 failed to install twice, leaving me returning to a restore point. Once it would not restore until I finally hit a restore that worked, but otherwise I was locked out. Can't think of all the other nasty stuff that has been happening, but the main question remains: IS IT WORTH trying to get this cleaned up as opposed to a complete RESTORE?
PPS - I thought I'd be able to add a (dds?) logfile to this message, but I've currently got a completely black screen on the laptop (with an MSE window running) until I finish the MSE scan. Consequently, I don't have much additional "machine info" to add here, but it's a Win7 64bit Home Premium HP laptop with (now) all the miscellaneous antivirus programs removed (or so it seems...), just running MSE now.
Edited by JMK2012, 10 December 2011 - 02:28 PM.