Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system check virus variation


  • Please log in to reply
3 replies to this topic

#1 Alugwin

Alugwin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 25 January 2012 - 03:09 PM

Alright, so I am working remotely on a computer trying to remove the System Scan virus. Now I have followed all steps, and removed countless viruses from safe mode using both super-antispyware and malwarebytes. I followed all instructions given in the removal guide on this site, including using rKill and the tdsskiller. I seem to remove the virus sucessfully, but as soon as I restart in normal mode from my users account, the virus is right back. Is there a known variation of this virus that reinstalls itself? Are there any other recommendations? Otherwise I will have to go onsite, pull the harddrive, and hope that I can clean it from my sata drive.

BC AdBot (Login to Remove)

 


#2 akoch

akoch

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 25 January 2012 - 04:05 PM

A lot of times these bugs will regenerate if any trace is left in them.

Your best bet is to google it and see exactly every registry entry it makes, every file it stores and their locations, then run your tools and before rebooting, manually check each spot to ensure all traces are gone.

I personally am tired of messing with these. If they start to fight me at all like that I just re-image, haha.

About a year ago, you could simply boot into normal mode with the bug running, open process explorer (which I had renamed to iexplore.exe so the bug would let it run), then I'd find the path to the 3219fhdsf189232190312.exe (random string), kill it, and instantly delete it. After that I'd run a quick scan on MBAM and it'd be gone. 15 minute job for 100 bucks usually, LOL.

Edit: OH, and you'll 9 times out of 10 have to uncheck the proxy checkbox in IE, and just to be sure, check to see that your hosts file isn't infected.

for IE: tools -> internet options -> connections -> Lan settings (The only box that should be checked is automatically detect settings)

For hosts file:

Start -> run -> C:\Windows\System32\drivers\etc\hosts

Open w/ notepad, and make sure it looks like this:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost

If not, just copy paste that into it and save, then reboot.

Edited by akoch, 25 January 2012 - 04:07 PM.


#3 Alugwin

Alugwin
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 25 January 2012 - 04:11 PM

Thanks after much trying, it ended up I needed to run all my programs, and get everything unhidden, then Ccleaner to clean the registry, which was the one step I hadn't done because I was afraid of deleting any temporary files. It's working fine now.

#4 akoch

akoch

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 25 January 2012 - 04:14 PM

Great! CCleaner's registry cleaner is an amazing tool. It looks for registry entries that have no tie to anything and removes them. I use it after I uninstall programs to clean up what the installer didn't.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users