Very nasty virus! Locks system restore - need expert help!

By Raventops ยท 4 replies
Sep 5, 2005
  1. I will throughouly explain my problem and what I have done to take action againts it. It is a virus that has locked system restore, appears to be disabling programs and is a real pain with Instant Messengers. It is always trying to duplicate itself too!

    Antiviruses will not pick this up (AVG free and norton wont detect it)

    Hello and I'd like to thank you for reading my post. I have encountered many viruses simular to this - but not one this nasty. I am also not a newbie to computers - I do know how to do the basic security check and get rid of my viruses.

    I will first start off explaining what it has done to my computer, that I have noticed.

    1. A few more pop ups than usual. This looks like typical adware. but i am unable to find this adware and delete it.
    2. Programs like Ares and Imesh and Doom 3 will not open! Nothing happens at all when i double click them.
    3. I got the virus on August 27, at 11:05pm, and when i go to System Restore - that is the ONLY checkpoint available. What a surprise :suspiciou
    4. It always tries to spread itself through instant messenger by sending automatic fake and nasty messages including a link.

    Ok. Now I got the virus through a friend. I clearly was not thinking. Out of no where on MSN he says

    "Hey! Check this out! http://ri.passport/!" <<<< not exactly that URL though.

    This was obviously an automaticly generated message that my friend did not send.

    As soon as I clicked on it, my browser froze up, some activity with my computer took place and explorer closed and then refreshed itself.

    Immediatly following that, I began sending automatically generated messages saying the same thing - and my friends of course clicked them. After every message (seemed as if it was timed on an interval of 5 minutes) my MSN chat window would close down by iteself.

    I then tried system restore and realized I had a nasty virus.

    I immedietly went into my windows folder and deleted , or tried to delete, everything created within the last 20 minutes.

    I then went to my Local Settings and deleted my entire temp and temporary internet settings folder contents.
    I then ran HiJackThis and deleted anything that need to be gotten rid of (a BHO and some toolbars and a homepage)

    I then tried system restore but of course that was not an option either. So i restarded my computer, then did a virus scan upon re-boot. It found nothing.
    (oh and there was no suspicous processes or files in my temp folder either..the only suspicous process was "Dark.exe" but I don't think that was associated with it).

    Now it's starting to show effects. The process I took got rid of it sending through MSN, but now it seems to be "disabling" programs other small but noticable things on and off.

    I was just wondering if somebody could walk me through how to get rid of this virus. A couple of files I noticed snuck into my 'Add or Remove programs' section were:

    ANOTHER UPDATE : I just started up AVG and it gave me a notice saying "WARNING: Windows Firewall has activly failed"

    RX Bar

    EDIT: I just checked, and now System Restore has been turned off. And I cannot turn it back on...

    but thats about it.

    I cannot even post a HJK log file because it will not work. And YES, I do have the HiJackThis folder in my Program Files. As soon as I click on HiJackThis, A blue screen litterally engulfs my entire screen, then goes away, and im left with MSN and my other programs but not HiJackThis. Help!!

    Help soon is greatly appreciated. Thanks much.
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  3. Raventops

    Raventops TS Rookie Topic Starter


    Ok Thanks a bunch. I ran stinger and it found quite a few nastys. Some trojan proxys, backdoors and other stupid viruses. I then did the ewido scan and it found some adware and trojans also. 57 of them. It is still scanning, but I would just like to know if that should take care of my problem, or do you want me to continue and post a hijackthis logfile if it works?

    Thanks in advance
  4. Raventops

    Raventops TS Rookie Topic Starter


    Ok I did all that, and hijackthis works again. I deleted a couple things with it then i restarted. Upon reboot I got some error messages like "System32 could not be accessed" and things like "so and so file could not be found" and a few others. I checked my system restore but, it doesnt let me go back to august. September is the only month I can view in checkpoints (and i got the virus in august). I ran a checkdisk then restarted again. When I started up, i got the same error messages.

    What do I do? I am not convinced this virus is gone and now it seems as if another problem is on hand.

    I really do not want to do a system repair! Please help

    Thanks in advance,

  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Click on Start/Run and type sfc /scannow and click OK. Keep your windows-CD handy.
    That checks for missing/corrupt files.
    Then post a new HJT-log.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...