Virus warning from our 'puter guy...

pwd72s · 01-05-2012, 09:08 AM

As many here know, I'm a computer illiterate. I use a local guy for computer service, etc. Here's a cut & paste from his latest newsletter about a tricky virus that needs a heads up:

"Virus Alert
Right before Christmas we have several customers who have been hit with some pretty bad viruses.

One really bad one is called the Win7 Virus. It tries to look like Windows security, but it is not. These viruses are so bad we have had to reload several systems. It makes repairing it with our normal tools and processes almost impossible.

Remember, do not touch any weird windows or pop ups with your mouse. If you try to close the window by clicking on the X, that virus will own your computer.

Hit Control/Alt/Delete all together, then go to task manager, and select the window, and choose end task."

slodave · slodave's Garage

The Win 7 antivirus 2012 malware is horrible. I had a client get the xp version recently and it deleted files related to networking and registry entries. My laptop, running 7, was hit with it earlier this week and it's pretty much hosed. I've done everything but an in place install and worse case, full reinstall.

MSE is useless against it as are most other programs.

J P Stein · 01-05-2012, 09:16 AM

Yeah.....got the pop-ups but never opened them. Just getting rid of the pop-ups was bad enough for a semi-puter literate soul.

pwd72s · 01-05-2012, 09:21 AM

Normally I don't post the usual email "virus alerts" I get....but this one seemed worth posting the warning.

It seems that Ctrl-Alt-Delete is your only friend in this case.

stomachmonkey · 01-05-2012, 09:24 AM

Yeah, my daughter managed to get it on one of my dev PC's last weekend.

It can be removed but doing so totally hoses the registry and you lose all app associations.

It basically associates .exe with itself so no matter what app you try to run it opens the malware.

Easiest fix I found to avoid reinstalling the system is to remove it, create a new user account then migrate the user data from the infected one to the new one.

slodave · slodave's Garage

Not quite. It'll come back when you restart. There is a way to clean this one, but the steps have to be followed. Time for me to adapt. My old tricks for removing the previous versions no longer work.

One hint, but I did not get to try it, is to set your computer clock ahead by 7 days. It's reported that it will uninstall itself when this is done.

slodave · slodave's Garage

It's easy to fix the exe association. A lot of files needed for networking have their permissions removed. I had to go into the system32/drivers folder and put them back. On XP, it deletes AFD.sys and it's registry entries.

stomachmonkey · 01-05-2012, 09:43 AM

Restarting did not help in my situation.

javadog · 01-05-2012, 09:47 AM

Look into running a sandbox. I do this and have had no virus issues since I started. Part of your disc is quarantined and that's where you run a web browswer. Get a virus? Delete the contents of the sandbox and you're done.

Sandboxie - Sandbox software for application isolation and secure Web browsing

JR

slodave · slodave's Garage

Nice for home users. Not so much for the business clients.

rick-l · 01-05-2012, 10:02 AM

Malwarebytes worked for me

Windows Vista Antispyware 2012

Rot 911 · 01-05-2012, 10:08 AM

1. Get a good anti-virus program. I use the free version of avast.
2. Never use Internet Explorer for your web browser.

slodave · slodave's Garage

The Win antivirus gets by everything.

It also doesn't care which browser you use.

LeeH · 01-05-2012, 10:23 AM

Just curious if any of you have any idea where/how your computers were infected.

slodave · slodave's Garage

For me, I think based on some of the file creation dates I found, it was when I was cleaning a clients pc.

It's network aware and scans for computers on the same network.

Time for me to isolate a network at home for this.

I'm gone for now. Taxiing to take off from Las Vegas and heading to Death Valley.

Zeke · 01-05-2012, 10:36 AM

If and when it gets to me, I will pick this unit up and toss it as far as it will fly. I got it out of the trash, held on to it in case. Well, the in case happened last year and my computer with all my stuff sits on the floor behind me.

I know I can last the rest of my life on older castaways. In fact, really all I need is older castaway HD's. Or out of date crap from overstock.

Afet having been enamored with computers for 15 years, I now find they are really, really boring time sucking machines.

Thanks for the warning Paul, but if I suddenly disappear, you'll know what happened.

red-beard · red-beard's Garage

I had one earlier this year on our neighbors laptop. It had some autoclose sequence on the task manager. It also would move the cursor if you got near certain things. Really tough. I had to use Combofix and then Malwarebytes.

slodave · slodave's Garage

Hello from Death Valley.

The 2011 and prior versions were easy to get rid of with combo fix and MB. 2012, not so much.

red-beard · red-beard's Garage

Glad you made it!

Jandrews · 01-05-2012, 06:13 PM

I got this and lost all my file associations. I was able to get rid of the "virus" itself with Malwarebytes, but the damage is done. It completely cleared my desktop. In order to run any applications, I have to go to "My Computer", and find the application file in the appropriate folder, right click on it, and choose "run as administrator".

Can anyone help me get the file associations back? Heck, I even tried to install a copy of XP over the top of this Vista just to start over and I even got an error when booting from the Windows CD!

Thanks,

JA