Red Biohazard wallpaper, "Error Cleaner/Privacy Protector" icons

Status
Not open for further replies.
penkosey

penkosey

Posts: 9   +0
So my PC (Windows XP) got the red "biohazard" wallpaper ("YOUR PRIVACY IS IN DANGER! DOWNLOAD PRIVACY PROTECTION SOFTWARE NOW"), along with the new icons "Error Cleaner", "Privacy Protector", & "Spyware & Malware Protection".

I get the window that says "Windows has detected an Internet attack attempt...someone's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from internet attacks, hijacking attempts, and spyware! Click here to download spyware remover for total protection."

I've searched around and seen several posts regarding this malware. I may be a bit worse off, though, because I can't explore or run any programs! I tried inserting a disc of anti-spyware programs, and it wouldn't let me open/explore the disc. Not even in Safe Mode. The "Start" button at the bottom left of the screen is gone, and when I try to run anything, I get a message that says something like "Windows cannot find the .exe file"...

That seemed to happen right after I ran KillBox and let it delete a file called "Spools.exe" that Ad-Aware found. Yes...my computer is really screwed up.

I'm using a borrowed computer right now, and disconnected the other one from the internet. Since I can't run anything or explore on that computer, I'm not sure how I'm going to fix it, or run any kind of Hijack This log, etc.

When I hit Ctrl/Alt/Del, my "Task Manager" button is greyed out. The time has changed to military time, like this: 6/10/2008 16:25: VIRUS ALERT! The time at the bottom right of my screen also says VIRUS ALERT.

When this first happened, I did a search and tried to follow some instructions that said to download/run something called Smitfraud. I wonder if this was fake, because the SmitfraudFix.exe had yellow Biohazard icon (like the red Biohazard wallpaper)...?

Anyway, this is obviously a mess. I greatly appreciate any assistance with getting it fixed. Thanks!
 
You do need to run smitfraudfix by S!ri option 2 from safe mode. I would prefer to see a hijackthis log first though to give more specific instructions.

First let's see what we can do to at least get you some control back.

1) Can you boot into last known good configuration

2) You can download this with your borrowed computer, but make sure you install it to the infected computers desktop.

Download to your Desktop this self-extracting ZIP archive FixPolicies.exe

• Double-click FixPolicies.exe
• Click the Install button on the bottom toolbar of the box that will open.
• The program will create a new Folder called FixPolicies
• Double-click to Open the new Folder, and then double-click the file named Fix_Policies.cmd
• A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.

-------------------------------------------------------------------------------------

If you can get it to work, I need a hijackthis log

Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.


Let me know how you make out
 
Well, here's what happened.

I burned a disc of the things you mentioned. The infected computer would not let me access the CD (neither in Safe Mode or normal mode). Interestingly, I noticed I could still access an external hard drive. So I went back to the borrowed computer, put the stuff on the external drive, and tried again.

Unfortunately, I'm still not able to run any .exe. "Windows cannot find C/Windows/FixPolicies..." I tried running the Hijack This file with the same results.

By the way, to even be able to use Safe Mode, I have to "trick" it. After Safe Mode boots up, I see all the Desktop icons for a minute, but then they all black out, and all I see are the "Safe Mode" words at the top + bottom of the screen. To even be able to use Safe Mode, I noticed I have to quickly click on any folder while it's loading...when the folder opens, the Desktop icons remain visible...then I have to use the folder window to do any searching or opening (since my "Start" button is gone).

When using a folder window, I noticed (at the top of the window, where "File, Edit, View, Go, Help", etc, are) that those spyware icons added themselves to Favorites. So in any folder, under Favorites, it now says "Error Cleaner", "Privacy Protector", & "Spyware & Malware Protection". :rolleyes:

Looking around the internet, I've seen mentions of running a .bat file or a "script" to fix the inability to run Explorer or an .exe file. But I have no idea how to do such a thing. I even saw something called XP Emergency Utilities...but again, it's an .exe file, which apparently I can't run right now. Hopefully we can figure this out...is there some missing component I can drag + drop? I read that malware often disables key Windows commands, so you have to replace + rename them so as not to be recognized by the malware.....? Ughh. :mad:
 
Must have corrupted your registry.

Question 1 - can you access regedit? hold windows key + R = type regedit

if so...

Navigate to
[HKEY_CLASSES_ROOT\exefile\shell\open\command]

Right click the value
Default

Change the value to "%1" %*

----------------------------------------------------------------------

If holding windows key + R opens the command prompt then you may also try typing explorer and hit enter to see if your desktop comes up
 
When I held down the Windows key + R, "regedit" automatically came up.

Unfortunately, I get the same message--when I click on it, it says "Windows cannot find..."

Sorry...
 
see below, I was going to suggest booting to the recovery console, but I would need to walk you through that
 
I have to leave in just a minute, so wanted to give you a better option but I wont be able to help you fix it tonight

*Restart your computer, press F8 at the Windows XP Startup menu, and then select Safe Mode with Command Prompt.

*At the command prompt, type regedit, and press ENTER.

*HKEY_CLASSES_ROOT\exefile\shell\open\command

If the above registry key is set to C:\recycled\sirc32.exe "%1" %*, your computer is infected with the W32/SirCam worm virus:

This is what the value should be: "%1" %*

-------------------------------------------------------------------------

We need to know if this is the problem before treating it.

If you find that it is indeed this infection set the value of the registry to "%1"%*

At a command prompt, type cd \, and then press ENTER.
At a command prompt, type del /f /s /a sirc32.exe, and then press ENTER.
At a command prompt, type del /f /s /a scam32.exe, and then press ENTER.
At a command prompt, type shutdown -r, and then press ENTER.

Upon reboot hopefully it wont be running and you can run a full virus scan.

-----------------------------------------------------------------------------

If you are not infected with this, or you can't access the registry still - this may be only option -

1. Boot from your XP installation CD.
2. At the welcome screen, choose enter.
3. Once at the license agreement, press F8.
4. At the next screen, choose to repair the selected Windows XP installation by pressing R.
5. The files will begin to install and then your PC will reboot. During the reboot you will be presented with option of booting from the CD again by pressing any key. Don't press anything. Allow it to finish the install without booting from the CD again.

You shouldn't lose all your data but you will have to reinstall service packs/ updates from MS


Either way let me know how you make out and I will help when I can
 
No problem about tonight; I'll read over what you just said and try to do either/or. I'll post/check back here in the next day or two. Thanks!
 
I have the same Red Biohazard screen came up. I got rid of that, but the Error Cleaner", "Privacy Protector", & "Spyware & Malware Protection keeps popping up. Also, I know that its a dummy task bar with the time etc. I'm a novice at computer cleanup so I need help.
 
This thread is for the use of the original poster.

If you can please run a hijackthis scan for me to get started

Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.


Then start your own thread in our security section -> https://www.techspot.com/vb/menu28.html

Thanks
 
Not a problem - just run the hijackthis program per my instructions above, then click the link and select New Thread to start your own thread instead of taking over somebodies existing thread
 
I'm using another computer. I got the red screen off, but the fake task bar, etc is still there, and the short cut icons keep popping up. I can get to safe mode, but can't get into registry.
 
Should I run it on the infected computer? I've not tried to get online since it happened
 
If I put the Hijackthis on a thumb drive from this computer, I'm not sure I can access it from the infected computer, when I try to open up My Computer, I don't see the Drives as before?
 
I'm the original poster, and I'm checking back in. Sorry this is taking me a while; it's been difficult since I've had to borrow a computer. Thanks! I'm still on top of this...
 
Man, this is really frustrating. I tried to run Safe Mode With Command Prompt, but my computer said I didn't have "administrative privileges" when I typed in "regedit".

Also, when I've tried to run it in Safe mode, it shows all the normal desktop icons for a few seconds...then the screen turns black. It's all black except for the words "Safe Mode" in all 4 corners. There's nothing to see, at all...

How annoying, to not be able to access the computer at all, to get the problem fixed...
 
Your best bet at this point is to insert your windows disk, boot from that, and do a clean install - or do a repair install then attempt to clean it
 
OK.

I have a ton of important photos, documents on that computer that I don't want to lose. If I take the hard drive out to move the files to a different computer (or if by some chance, in Safe Mode, I can dump them onto an external hard drive)...am I going to give another computer that virus? I'm not sure how that works...hopefully moving some photos won't cause the virus to find its way to another computer, right?
 
I'd like to save all the photos, etc, that are on that computer. So, could I take the C drive out, and install it as a secondary drive in a different computer? Then I could hopefully make backups of everything, before re-installing Windows?
 
yea you can do that - I am not going to guarantee that infection wont be transferred as well - I haven't seen logs of what you even have so its impossible to say
 
Status
Not open for further replies.

Similar threads

A
Opera starts offering local access to LLMs and AI chatbots
Replies
2
Views
139
Eldritch
Eldritch
Z
Microsoft Edge under fire for stealing Chrome browser tabs
Replies
18
Views
384
Bamda
Bamda
midian182
Cloudflare launches invisible, privacy-focused Captcha to take on Google
Replies
4
Views
676
bviktor
B

Latest posts

Back