Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was infected with Smart HDD. Now I cannot save files


  • Please log in to reply
6 replies to this topic

#1 Lisajo

Lisajo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 02 April 2012 - 12:04 AM

Hi Everyone, I was infected today with this little monster. Thank GAWD I found you guys. I was infected from the filezilla website. I was trying to get a newer version of the software. Ugh...

I think I've corrected everything, thank you for your great instructions. I only have one problem that I know of so far, I can't download anything! I've tried to download a different program from CNET and it gives me this error:

"____ could not be saved, because an unknown error occurred.

Try saving to a new location."

I've tried changing the location but cannot save anything anywhere. I've tried this at least 5 times. Any idea what's going on? Answers are appreciated.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:49 PM

Posted 02 April 2012 - 07:42 AM

Have you tried saving on your desktop? I am still looking for some complete samples in order to fully analyze what this infection may be doing.

#3 Bill_L

Bill_L

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 02 April 2012 - 04:03 PM

I also ran my antivirus scanner, which did NOT however identify this malware as a virus or shut it down. However, once I regained control of my computer, I activated Task Manager and shut down the process I could not identify (Bsy05V4MFLu7iT.exe). This shut down the malware.

A File Search on Bsy05 led to some very recently installed files, which I deleted. I also deleted everything associated with Bsy05V4MFLu7iT in my Registry Editor.

My computer now seems under control, and I can see my files although several icons are still missing from my desktop. The fact that using Task Manager to kill Bsy05V4MFLu7iT.exe shut down the malware suggests however that this is a good solution.

I also reported this incident as Internet crime to the FBI (http://www.ic3.gov/default.aspx) because, as far as I know, it is a felony to install a virus on another person's computer. I pointed out very specifically that the program kept me from accessing my control panel, Task Manager, and most of my file system.

Edited by Grinler, 02 April 2012 - 04:26 PM.


#4 tely5

tely5

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 02 April 2012 - 09:55 PM

Hello,
I'm glad I found this forum. I've been removing the infected files, I think I found one other not mentioned in the manual removal list yet, if I am correct, it appears to be (on Windows XP) c:\windows\prefetch\YNJsomethingetc (I added the "somethingetc" as I cannot remember the whole thing). Hope that helps. This appears to be a hot topic. Good luck to everyone fighting this crapola.

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:49 PM

Posted 03 April 2012 - 08:29 AM

Thanks for the info! Prefetch files are harmless for the most part. Removing anything from there won't hurt or help your system. That file would be the same name as the original infection and is created because it was recently started. It would be automatically removed by Windows after a certain amount of other programs are run.

More info about the windows prefetcher can be found here:

http://en.wikipedia.org/wiki/Prefetcher

#6 Joey Rebar

Joey Rebar

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 03 April 2012 - 11:13 PM

Hello Everyone, first post. I had this virus hit my office computer last Thursday just my computer no one elses not even the server, I got rid of it but I am still having problems, I used all the resources I could find from this site to youtube. I fiannly got it out of my computer this morning. I too could not run TDSS Killer, but after renaming it several diffrent ways it finally worked. I also used malwarebytes, and hitman and rkill to finally get rid of it all. Now I have to go back and redirect all my missing programs so they appear on my desk top and work, and yes I also used unhide. This virus was real bad. Good luck everyone withh the removal if I can help based on what I went through justt let me know.

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:49 PM

Posted 04 April 2012 - 09:17 AM

Joey, unhide did not restore all the files to your start menu, desktop, quick launch, etc?

Do you have the %temp%\smtmp folder?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users