Bobbye
Posts: 16,313 +36
The symptoms you describe are typical of the Rogue Windows Repair and it cousin, Rogue.ErrorFix. You will find the description and screen shots here:
http://www.bleepingcomputer.com/virus-removal/remove-windows-repair
You have to be really careful when you search for the malware because most of the sites you will see, are rated RED by the WOT Site Advisor- meaning it has unreliability.
There are at least 2 malware programs affecting the system by making it appear there are no programs, or that you are locked out and various other false alerts. The scam is to get you to click on a site to "fix" the error, which actually doesn't exist.
Windows Repair is a fake computer analysis and optimization program that displays fake information in order to scare you into believing that there is an issue with your computer. It is installed via Trojans that display false error messages and security warnings on the infected computer. will be configured to start automatically when you login to Windows.
Once started, the program begins the fake security warnings. The "defragment tool" it will state that it needs to run in Safe Mode and then show a fake Safe Mode background that pretends to defrag your computer.
When opening folders, such as C:\Windows\System32\ or various drive letters, instead of seeing the normal list of files it will instead display a different folder's contents or make it appear as if the folder is empty.
Windows Repair also attempts to make it so you cannot run any programs on your computer
Source: Bleeping Computer
The bottom line is that there are fake alerts. What you do to respond to these usually compounds the problem. Just understand the the alerts and error are false.
========================================
Before I go any further with script for Combofix, I'd like for you to update and do a new scan with Malwarebytes. But this should be a Full Scan instead of the Quick Scan you did originally. Note: The update is to add any new entries from the database. That program should find some of the entries
=======================================
Follow with Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
http://www.bleepingcomputer.com/virus-removal/remove-windows-repair
You have to be really careful when you search for the malware because most of the sites you will see, are rated RED by the WOT Site Advisor- meaning it has unreliability.
There are at least 2 malware programs affecting the system by making it appear there are no programs, or that you are locked out and various other false alerts. The scam is to get you to click on a site to "fix" the error, which actually doesn't exist.
Windows Repair is a fake computer analysis and optimization program that displays fake information in order to scare you into believing that there is an issue with your computer. It is installed via Trojans that display false error messages and security warnings on the infected computer. will be configured to start automatically when you login to Windows.
Once started, the program begins the fake security warnings. The "defragment tool" it will state that it needs to run in Safe Mode and then show a fake Safe Mode background that pretends to defrag your computer.
When opening folders, such as C:\Windows\System32\ or various drive letters, instead of seeing the normal list of files it will instead display a different folder's contents or make it appear as if the folder is empty.
Windows Repair also attempts to make it so you cannot run any programs on your computer
Source: Bleeping Computer
The bottom line is that there are fake alerts. What you do to respond to these usually compounds the problem. Just understand the the alerts and error are false.
========================================
Before I go any further with script for Combofix, I'd like for you to update and do a new scan with Malwarebytes. But this should be a Full Scan instead of the Quick Scan you did originally. Note: The update is to add any new entries from the database. That program should find some of the entries
=======================================
Follow with Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
- Extract it to a directory on your hard drive called c:\HijackThis.
- Then navigate to that directory and double-click on the hijackthis.exe file.
- When started click on the Scan button and then the Save Log button to create a log of your information.
- The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- Come back here to this thread and paste (Ctrl+V) the log in your next reply.
NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.