TechSpot

Ironically named Virus destroys control panel

By ncl1994
Oct 26, 2008
  1. Disaster! I'm ashamed to say that I've been fooled by a virus. A trojan to be precise and it presented itself as a Microsoft AntiVirus product which was really very believable (for a virus that is!).

    Now I think it started off as a download for an activeX control which I accepted but once I downloaded it my homepage turned to a 'AntiVirus 2008' program which looks like Vista's windows security centre. As soon as I saw that the toolbars were non-interactive images I knew I'd been scammed. It kept popping up asking me to download it because of some fake security problems. I reported this site to McAffee, my security peeps.

    Later on my desktop background vanished to black and the next time I tried to access my control panel it took about thirty second to load and then for about one second the control panel's window is blank. I've tried to access control panel through run and it doesn't load. On the Start menu's control panel menu it comes up as (empty). This is what leads me to believe that it has been totally uninstalled or perhaps relocated.

    So I need to know how to reset my vista control panel with all it's features (the only ones I think I can access at the moment are the Speech Recognition and the Acer Sync Centre :mad:). Any ideas, however far out would be much appreciated.
    Thanks in advance :cool:
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  3. ncl1994

    ncl1994 TS Rookie Topic Starter Posts: 34

    Hmmn that's something else this Virus has affected. My internet speed. While I'm downloading the files I have enough time to post. From nearly 100 kB/Sec to under 20 kB/Sec. Dammit. I don't know much about viruses but do you think it could still be on my system? It's offline symtons are still here even though I deleted the algg.exe.
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  5. almcneil

    almcneil TS Guru Posts: 1,277

    AntiVirus 2008 is a spyware program. Open msconfig and deselect it from the startup list. Then download/install run Spybot Search & Destroy from the Download section at this site. Make sure you download/install the latest updates before running it.

    Repost with results.

    Best,
    -- Andy
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I contacted Julio today, about the Spybots S&D on this site, it has not been updated
    Actually I haven't checked if it's ok now or not
     
  7. ncl1994

    ncl1994 TS Rookie Topic Starter Posts: 34

    I'm pretty sure that this 'AntiVirus program' is a fake which probably infringes several copyright laws and will really annoy a legitement anti spyware antivirus company. It doesn't show up in the startup list but the algg.exe (not to be mistaken for the slightly more important alg.exe) did until I deleted it. I'm not sure deleting it like that was the wisest move but the online effects made it nearly impossible to browse. The programmes are going good btw.

    I suppose it's also kinda ironic that I picked up this virus earlier on in my browsing for a solution to my other PC problem.
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Which idea did you take?
    My enditall program
    Or almcneil MsConfig idea?
     
  9. ncl1994

    ncl1994 TS Rookie Topic Starter Posts: 34

    I'm taking your advice but it was getting really late. The last scan is finishing shortly so I will be posting the logs. Actually in retrospect I never installed the antivirus 2008 program, just th trojan which kept forcing me to buy it. This came with an unremovable toolbar, my new fake virus scanning homepage and the fake security window which appears when I open a new site.
    Did two scans last night and this one's nearly done. I'll post again shortly. Thanks for helping me.
     
  10. ncl1994

    ncl1994 TS Rookie Topic Starter Posts: 34

    Here are my logs (Uh err Mrs)

    They are attached rather than here because they are so long

    By the way I clicked fix on all of these programmes. I take it that was the right thing to do:rolleyes:
     
  11. almcneil

    almcneil TS Guru Posts: 1,277

    I've removed that AntiVirus 2008 many times. Both AVG and Spybot target it and remove it. I also found there is usually an entry in the startup list in msconfig for it. If Kimsland program doesn't remove it, run the ones I recommend, it shoudl do the trick.

    Anyhow, it's definitely spyware, not virus.

    Best,
    -- Andy
     
  12. ncl1994

    ncl1994 TS Rookie Topic Starter Posts: 34

    I'm pretty sure it's gone but I truly has killed the control panel. How can I reset it and get it back?
     
  13. almcneil

    almcneil TS Guru Posts: 1,277

    One way is to use Task Manager

    Task Manager -> Run -> control panel

    I forget if it's "control panel" or "controlpanel" but tyr and see if one or the other works.

    if that doesn't, start My Computer, open Folders, and look for Control Panel.

    Best,
    -- Andy
     
  14. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Malwarebytes scan states: No action taken, on found issues.

    • Please download Malwarebytes' Anti-Malware from from Here or Here
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
     
  15. ncl1994

    ncl1994 TS Rookie Topic Starter Posts: 34

    I thought I already did this but it didn't stop the poblem
     
  16. almcneil

    almcneil TS Guru Posts: 1,277

    Tried what?

    -- Andy
     
  17. ncl1994

    ncl1994 TS Rookie Topic Starter Posts: 34

    Oh sorry guys I did post the malwarebytes log didn't I? Because I've done the scan and it detected quite a few items
     
  18. ncl1994

    ncl1994 TS Rookie Topic Starter Posts: 34

    Ahh, none of these solutions have been able to restore my control panel. Only thing I haven't that has been suggested is AVG. Don't mean to sound like a cheapskate but I'd rather only pay in as last resort. I've tried everything else to the last detail. Should I look at a way of reinstalling the control panel?
     
  19. almcneil

    almcneil TS Guru Posts: 1,277

    AVG is free (well, one version is free, the business one isn't)

    -- Andy
     
  20. kimsland

    kimsland Ex-TechSpotter Posts: 14,524


    You need to fix the found issues (Not done yet)

    Please re-run Malwarebytes and remove anything found (as per the instructions)

    AVG not required

    As per the guide

    Try Free Antivirus like Avast or Avira
     
  21. ncl1994

    ncl1994 TS Rookie Topic Starter Posts: 34

    Malwarebytes. Ohh I thought I'd fixed them. Sorry, I'll do it again
     
  22. ncl1994

    ncl1994 TS Rookie Topic Starter Posts: 34

    Oh yeah forgive me, they were still in quarintine. I have these four logs because I think I interuppted the scan. I removed all of the items in quarintine. Logs are attached. Goodnight for tonight.
     
  23. ncl1994

    ncl1994 TS Rookie Topic Starter Posts: 34

    Well here's something I'm now sure of. The control panel has not been totally deleted because the .cpl files in System32 are still there. I think it must be down to some evil registry editing.

    *Edit* Actually that gives me a great idea which might just work. I'm gonna try the regsvr command in command prompt and see if the control panel works again.

    p.s. I works (with about half it's features) in Safe Mode. Does that give any clues to the cause?
     
  24. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    To put all Windows files back in place

    Start->Run-> SFC /ScanNow

    Have your Windows CD handy
     
  25. ncl1994

    ncl1994 TS Rookie Topic Starter Posts: 34

    I'm afraid this Vista Laptop didn't come with a CD. Should I still do this?

    Oh yeah and the last post. I was a bit Duhh. You can't dllregister .cpl files :eek:

    Also it doesn't look the the control panel cpl files have been in any way edited. Their modification/creation dates are all normal i.e. bottom end of this year and before I purchased this laptop.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...