System restore virus

...Sigh...

Got one of those damn viruses that pops up and tells you that your computer is fucked, then runs a phony scan and offers you a full repair if you purchase their product. This one os so devastating, it had hidden ALL of my files, shortcuts... EVERYTHING. I've managed to access IE by going through the control panel and then going back a directory until it appears. But even with the ethernet cable plugged directly in, I can't get on the internet to update Mbam. It's totally hosed. Any suggestions? Help?

 

Log in or Sign up to hide all adverts.

http://trojan-killer.net/modified-version-system-restore-virus-delete/

A link with more info.

 

Log in or Sign up to hide all adverts.

Sorry to hear about your problems. If Mac was here I'm sure he would help but I'll give you something I've done to get rid of things like that. I've gone into the "Run" then "MSCONFIG" then "start up" and removed the program that was initiating the problem. If you can find the name of the program that's infecting your PC then that will be the way to go in order to remove it. Good luck in the removal of it.

Please Register or Log in to view the hidden image!

 

Log in or Sign up to hide all adverts.

First, Never trust a compromised computer ever again, until to reformat and reinstall (in the old days you didn't trust until a low level format - virus writers are too lazy to be that sophisticated unless they work for military now).

If you need to do banking or anything that is very important to your identity... You need to reformat and reinstall windows from scratch. You can use a ghost program if you made an image too. DO NOT TRUST THIS COMPUTER. I have seen several people get their bank accounts wiped from this virus.

2nd.

I fight this virus all the time, if you have admin rights on your PC you are probably going to spend months before it stop re-infecting. You do need to turn system restore off. You need to login with another admin account (make one if you don't have one - if you have to make one clean the shit out of the default user directory first with a good AV program(Microsoft's is actually one of the best now). Login with the admin account. The virus mostly resides in the user profiles. Delete them all. Yup even you main one - it's go to be re-done at the very least.

Do not delete all users and default user - but clean the shit out of them. THe actual .exe is in there and it will stand out a bit too (a bit of googling will tell you the lates names they are using) You may need to manually delete the virus .exe. Run MS AV several times and go into add remove programs, sometimes it makes it there esp if you has an admin account when infected.

LOG OFF. LOG in your regular ID and you get a new profile(some profile specific things will need to be re-done but not too painful). RUN A AV SCAN AGAIN.

LOG OFF. LOG in your new admin account. In explorer , in folder options, view you need to turn off hide systemfiles, hidden files etc so everything is visible - do this for every account you use also. Run a scan again.

REBOOT. LOG in your new admin account. RUN A SCAN AGAIN.

If clean log in your reg account and carry on.