AlbertLionheart
Posts: 1,997 +3
And here we go again - same nasty threatware but under a slightly different guise. This one masquerades as a Windows warning that there are, among other faults, serious errors on your hard drive and offers to provide a downloadable fix for a fee.
Whatever you do, do not download the fix as it is a scam.
It also interferes with the links to programs and makes changes to your desktop, hides the desktop and also clears all entries in the Start/Programs menu.
It will not allow Task Manager to run but will allow msconfig to run so the {randon character}.exe file is easy to identify and stop from running. You can also use the {randon character}.exe filename to find the references in the registry and remove them.
It also stops system recovery from working.
It also stops some programs from running in Safe Mode.
It does not appear to damage any data files so you can attach the hard drive to a second computer to recover any files that you have not backed up.
It arrives via a drive-by infection on an insecure website, and the last system I had to repair was running Kaspersky IS 2011 which filed to protect the system.
Malwerebytes, Rkill, fix.exe and unhide.exe were tools I used to clear it. I am told that StopZilla is also effective but so far nothing has repaired or undone the damage to the registry - don't even think of RegCure as that turns out to be another scam download!
In this case I have formatted the drive and reinstall the OS.
Whatever you do, do not download the fix as it is a scam.
It also interferes with the links to programs and makes changes to your desktop, hides the desktop and also clears all entries in the Start/Programs menu.
It will not allow Task Manager to run but will allow msconfig to run so the {randon character}.exe file is easy to identify and stop from running. You can also use the {randon character}.exe filename to find the references in the registry and remove them.
It also stops system recovery from working.
It also stops some programs from running in Safe Mode.
It does not appear to damage any data files so you can attach the hard drive to a second computer to recover any files that you have not backed up.
It arrives via a drive-by infection on an insecure website, and the last system I had to repair was running Kaspersky IS 2011 which filed to protect the system.
Malwerebytes, Rkill, fix.exe and unhide.exe were tools I used to clear it. I am told that StopZilla is also effective but so far nothing has repaired or undone the damage to the registry - don't even think of RegCure as that turns out to be another scam download!
In this case I have formatted the drive and reinstall the OS.