Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


HDD System Fix recovery

  • Please log in to reply
2 replies to this topic

#1 Vallius


  • Members
  • 2 posts
  • Local time:08:58 AM

Posted 30 March 2012 - 05:55 PM


I've been battling this virus (what I now know to be System Fix) for a couple days now. When I first received the virus my spybot was run and deleted my temp folders. I was on this site following a guide from a guy named "Gringo" to see what steps I should take to restore my computer. After following that thread (http://www.bleepingcomputer.com/forums/topic443982.html) I was able to remove the virus and restore my system to somewhat normal functionality. I did not run DDS, however.

Things I've done:
I followed along with what was done in that thread almost to the "T" (sans DDS as I didn't notice it before). I Ran Defogger, ComboFix, Tdsskiller, aswMBR, I then had to do a CFScript to Combofix because it wasn't running properly. I've tried to run Unhide.exe but since my AppData/Smtmp folder are apparently missing I haven't been about to complete this successfully. I've uninstalled my old Java suite and reinstalled new ones, as with Adobe reader.

I also ran Photorec to try and recover files that were deleted by this monster and I've saved what I've found to a folder on my desktop. These files include everything from registry entries to jpegs. I have not messed with any of the found files.

Here are the issues I'm still having: My Appdata folder and smtmp folder are not where they should be and it's causing all kinds of headaches. My computer *can sort-of* find the smtmp folder but when I type "smtmp" into a search bar in my C:\ drive I see it located here > Temp (C:\Qoobox\Quarantine\C\Users\Richelle\AppData\Local). No idea what that means.

Also, all of my shortcuts from my start menu (the ones that appear on the LEFT in the white area) are missing. "All Programs" is still there, but everything above it is missing. As for the contents of "All Programs" most of the items are in there now but a TON of the folders have (empty) beneath them. I do not know if these files were removed when spybot cleared the temp files or what. I have made sure to show hidden files, too, and still can't see anything in these folders. I've checked my installs and a great many of my programs still work if I dig far enough for the .exe's, however, a lot of program associations are all messed up now. Another weird thing is that all the icons I hover over now have this little checkbox that appears next to them in the upper-left corner of the icon. No idea how that happened.

Whatever this virus did it also took out my Restore Points in System Restore so going back to a previous date (as far as I know) is impossible. I even had a Norton Ghost backup/partition that is now missing. (I think this was done when I got my new HDD).

Any assistance would be -greatly- appreciated! :(

Edited by Vallius, 30 March 2012 - 05:58 PM.

BC AdBot (Login to Remove)


#2 hamluis



  • Moderator
  • 56,430 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:58 AM

Posted 30 March 2012 - 06:37 PM

I suggest that you initiate a topic of your own, following the guidance provided at Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html .

IMO...following malware removal/neutralization guidance specifically provided to someone else...is somewhat misguided. The base assumption that the malware items are the same, so the treatment should be the same...well, I don't believe that holds water, since the systems are not the same, the problems which are not malware on the systems may not be the same...and, most importantly...the determination of what malware is present can be erroneous.

Once the requested logs are prepared and submitted in the forum linked to in the Prep Guide...any doubts/variables can be eliminated by the Malware Response Team.


#3 Vallius

  • Topic Starter

  • Members
  • 2 posts
  • Local time:08:58 AM

Posted 30 March 2012 - 06:50 PM

I'll do that, thank you for your response :)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users