I am going to nuke my computer and re install. I was infected with a malware virus of the most nasty sort. Complete recovery was not possible.
It dug in deep and totally hosed everything.
I am running Windows XP professional on an Athlon X2 dual core processor and 2 gigs ram.
The virus was downloaded by my youngest son who wanted to play the old game "duke nukem". If your old you will remember this game. It was my fault because I told him about it...LOL
The file finished the download from explorer and without any action on my part immediately delivered the payload.
The payload was:
Erased all desktop icons
Erased programs list and removed all system icons in the start menu
disabled task manager
Erased/disabled my home network on the infected machine
Hide ALL files...every single one
Corrupted video drivers.
Made extensive changes to the registry.
Total browser hijack - redirects from any search on firefox, chrome and explorer.
Prevents any tool such as Rkill from working....disabled any command line commands like "netstat"
Attempts to initiate outgoing hidden connection to random ip addresses.
Consumes system resources....explorer crashed due to over 300 mb of memory use.
Delays or chokes out any FTP upload.
Displays fake windows warning messages like "thank you" and "xyz is corrupted" etc.
I would like to know how to prevent ANY changes to the registry and prevent any ADMIN changes to the system such as file permissions.
Is it possible to lock the registry down?
Is it best to log on as a simple user versus logging in as the Admin account?
The point - is it possible to stop a payload from executing by locking the registry down?
I have now installed
registry mechanic paid but older version.
Superanti spyware free
Maleware bytes paid
Can someone advise me on the best way to lock this down so a payload can not be executed without a human approving any changes.
Edited by johnny_fever, 02 April 2012 - 05:32 PM.