New virus? Have you seen this behavior?

Status
Not open for further replies.
Vigilante

Vigilante

Posts: 1,634   +0
This is now the second time I've had a system do this.

Here is the symptoms I've seen:

-File associations all screwed up. LNK, EXE, and likely more.
-All icons missing in start menu, or just some sticky ones (like Run and Help)
-You can't open All Programs at all.
-In the Start Menu, "My Computer" is renamed "Files" for some reason.
-IE missing toolbars. Address bar and Links bar are gone. Not just pushed to the side or unchecked in the view menu, they are GONE. They don't come back or show up no matter what's checked.
-You can, however, change the home page in settings, BUT NO page can display. Instead, any page with "http://" tries to download instead of display. So for example if you set the home page to www.google.com and then open IE, a box pops up right away asking to save the file "google" and where to save it to. If I save the file, it saves the HTML file. If you open the file, you see the HTML code. So basically it doesn't display a page, it just wants to download it. Very strange. If I set the home page to an ftp page, it actually tries to open it, but of course can't do it. At least it doesn't try to download it. Meaning somewhere in the registry the MIME types are screwed or whatever.


Now here are some other notes.
I can't find out what this virus/malware is because it will not do a virus scan. You can't do anything with IE. Safe Mode is trashed as well. You can't use Firefox or Netscape for online virus scans, don't even know if other browsers would work anyway. I took the HDD out of the system and tried to scan it on my own box, it crashed my virus scanner and locked up. Then caused a "Delayed Write Failed" message to keep coming up.

Like I said I've seen this now only twice. I can't find any information about it, what virus causes this, how to kill it, etc... Both completely different systems with XP, and exhibited the SAME behavior. So that leads me to believe it is just one virus that does all this stuff as it's payload.
It's a bad one, trashes associations, kills IE toolbars, kills Start Menu, kills HTTP protocols, kills virus scanners, trashes IE. All I can really do is reload.

Anybody else seen this? I'm trying to find out what it is so I can research it.

Any ideas? Thanks.
 
All problems still exist in Safe Mode.

I am able to clean startups, run ad-aware, spybot, HJT, CWS, BHO Captor, Registry cleaners. All the normal stuff.

This is where is get's hairy though. See it's not that there is something EXTRA in the system that needs "cleaned" out. It's there the virus REMOVES stuff so that Windows won't work right. Registry keys are missing or screwed up, files deleted. That sort of thing. Which NO "cleaner" will fix.
Instead you have to repair each damaged thing one by one. For example I am able to use a REG file script to repair the LNK and EXE file associations. But as for the other stuff, it would be way to much of a pain to try and repair each issue one by one.
That's why I have to reload.

But does anybody know what the virus IS?
 
The only thing I can do is reload.

But now that I think about it. While this did happen on two different machines. They were BOTH nearly the same model of a newer HP. Hmmm

I'm not worried so much about fixing this, as I am about knowing what it is. Cause honestly, there aint a thing you can do except reload, because it's so trashed. I would NOT trust a system restore or even a repair install with this particular problem. It just needs a reload.
 
No this is a different machine. But it's to late now, it's already reloaded and gone. But it was very strange behavior.
If I get another one with these symptoms again, I'll certainly post again. Thanks!
 
Vigilante: here's an interesting clue!

I'm new to this forum. It will be obvious to you that I'm not as sophisticated and skilled as you, but here's a clue to what you posted about the mystery behavior.

I think I have the same problem with my computer. A few things will still work, if I go to them using the "Run" function or if I enter them through the "Safe mode, with command prompt" (I get there by rebooting and holding down F8 during boot.)

I ran Windows search and found that 870+ exe and com file extensions have been changed to lnk. Initially, as well, the file association to exe extensions was gone, but I found a fix on line that showed how to go to command prompt and put in two simple dos instructions that brought it back.

I downloaded Registry Fix and Registry Mechanic and I ran my McAfee and Ad-Aware virus killers and a few other spy killer programs. They're not much help -- basically all those fix-it programs agree I've got a registry problem, but they don't fix it.

So I'm still stuck with most of my programs not running. I called some techies on the phone who told me to wipe out my hard drive and start over, but I've got way too much to lose to do that, even if the alternative takes hours or days...

Here's the interesting thing, related to your comment about HP. I don't have any hardware or software that's HP, but my Windows Start Up Menu suddenly has a couple of new things on it with HP in the name.

I hope someone has some good ideas for me!

I recently bought my computer from a one-person vendor. Could someone please tell me, would it work for me to ask him to copy a working registry file to a disk from another of his new computers as a txt file, then write that over my corrputed registry file?

dgward@hotmail.com
 
Whatever YOU changed since you received that PC would be gone when you overwrite your registry. It would also not work if the hardware from the other PC is different.
Also, it would not change back all those .EXE files and whatever else was changed!
Backup your personal info, then wipe your HD and start from scratch.
I would even advise to zero-fill the disk first. Go to the HD-manufacturer's website to get the proper program.
 
Ya if you had the same thing I did, better reload.

Another option is to buy a new hard drive and load WIndows on that. Then put the old drive as a slave and copy data off that way.

It is nigh-impossible to put someone else's registry into your machine, what with serial numbers and product key and activation information in there.

good luck
 
Has anyone else seen this? I noticed these exact same symptoms on my friend's computer. Antivirus and antispyware with latest definitions doesn't detect anything. Some sort of special purpose malware?
 
"Some sort of special purpose malware?"

Either that or a virus's payload. Luckily, I haven't seen it since my original post.
 
I found this thread in Google.

I thought this might be a new virus at first, but after reading everyone's description here, I think that this problem is actually more mundane. I'm guessing that it involves developing a disk Bad spot in the File allocation table. Windows routinely deals with disk problems by moving what it can outside the damaged region, but it can't do that if the damage occurs to the main index itself.

By the way, the forums have a Search engine bug. It presents a non-formatted version of the content to search engines, but the site gets a lower conversion rate off of this traffic than it should because it is nearly impossible for a search traffic referree to figure out how to post from that. I almost gave up myself.
 
Status
Not open for further replies.

Similar threads

learninmypc
How to Transfer Photos from iPhone 6 to PC in Windows 11, 10, 8, 7
Replies
4
Views
1K
Nelson28
N
M
Virus warning popup
Replies
1
Views
539
Mark Fuller
M
Skeezix
How Can I remove the Start Menu Icons in Open-Shell Version 4.4.170? [Solved]
Replies
3
Views
2K
Skeezix
Skeezix

Latest posts

Back