new worm/virus about?

**Rulke** · 2010-12-02 22:33

Greetings,

So my wife somehow fucked up our laptop while watching a show on Casttv. All she can remember is a pop up appeared wanting to install something, she clicked no, but then the comp turned off and its been down hill from there. She thinks the program was some 3 letter word or something.

Whatever it is, it doesnt allow us to open hardly anything, like IE, Adaware, our antivirus program and other things. Ive tried several differnt system restore points but no change. Anyone heard about similar things happening? I could reformat, but I'd prefer not too if I can avoid it.

**SwampdonkeyPLD** · 2010-12-02 22:49

http://www.engadget.com/2010/12/02/p...wont-start-to/

Maybe?

**Rulke** · 2010-12-02 23:49

Hm, thanks for the guess, but I dont believe so. I can get to my desktop, but when I click a program like I.E or Symantic, it just thinks about starting up, then nothing. The laptop has win7 64bit though. Programs like skype dont seem to work either.

edit: Most programs wont open: MS word, or ventrilo etc. Solitare and the calculator do, but never seen/experienced anything like this. Guess I'll be reformatting this weekend. joy. :/

**Mici** · 2010-12-03 01:44

Have you looked into the virus sticky? (link) It really is a good way to remove most things. SafeMode is a god for dealing with things like this.

**Rulke** · 2010-12-03 02:03

I just looked it over now at your suggestion. The problem is I still cannot start up any programs, reguardless of what mode I am in. I am going to call it a night now and ask my coworker tomorrow if he remembers the name of what he got on his computer. might give me a good direction to look rather than stabbing in the dark like I currently am.

**Jefe** · 2010-12-03 02:11

Try to get your hands on combofix. Make sure to rename it to some random shit because w/e you have is preventing you from executing anything. Have said laptop dc'ed from the internet. Once CF detects the problem it will try to fix it , which it will probably let you start your antivirus software. Then you can take it from there.

**Gustave** · 2010-12-03 09:07

Dunno if this is related but AVG pushed out an update the other day the gave Vista/7 64 bit a lot of problems. The symptoms do not match you description though. If you are using AVG you might want to Google "AVG system loop" and click latest on the advanced search. I've gotten a few calls about this. It's a pretty easy fix and has made me a few bucks

Edit: Nvm was lazy and did not check Swamps link.

**Ratatapa** · 2010-12-03 10:44

I had a similar virus on a PC and lucky me the Virus was affecting 1 account

So I logged on anther account and did the virus scan and it worked (in safe mode)

**Cephius** · 2010-12-03 12:22

Sounds like a rootkit or other serious infection, if you can't get combofix to run it's likely your best bet to just backup your data and reformat the computer. It'll end up saving you time in the end.

**Gustave** · 2010-12-03 12:33

This ^

Even if you do enough messing around to pull the rootkit it will probably damage some system files or registry values. If not that you will most likely have some other OS system troubles or weird quirks. On top of that you may not get it all and it will come back.

Back up your data , reformat , clean OS install and you could come out in the plus with that fixing / cleaning some other issues you didn't really notice.

**Crowort** · 2010-12-03 14:51

Try making this into a .reg file and merging it

Code:

[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]

[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]

[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOT\secfile]

It just resets the .exe file settings. It is a fairly common thing with new spyware to messup. Thou it normally changes it so no matter which program you try to run it opens a fake AV / error message. This type of malware normally only effects one user account so logging into another is the easiest way to remove it. MSE is shockingly good at removing this when Malwarebytes fails. Combofix should be a last resort, it will get rid of it but might make windows unbootable in the process.

**Arcien** · 2010-12-09 00:53

You can try to check on your task manager and see what processes are running. If you run to any unfamiliar process, that might be the virus. I usually use Microsoft Security Essentials to detect where is the virus and perform manual delete. You may also try to check the regedit to see if you can find the process is in there. I usually just delete the virus in regedit and have no problem so far.

From my experience, virus usually stays in documents and settings\users\....\local\temp or something. Those are hidden folders. Just my 2 cents.

**Eanae** · 2010-12-09 01:05

Make sure your wife knows... to click the x next time. Clicking "no" is still part of the ad. Anything you click in that box is going to install the virus no matter what.

**chiyio** · 2010-12-09 12:52

Backup data and redo OS gets my vote. Also, teach the wife how to use firefox + noscript. Noscript really is the only safe way to touch the web. Also don't give her administrator rights next time, heh.

**Rulke** · 2010-12-09 13:39

Thanks for the advice everyone, I eventualy had to just reformat, oh well. We dont keep any real data on the laptop so it was just more annoying. Combofix is a pretty sweet program but it too was disabled by whatever it is she did.

**Rockstaru** · 2010-12-09 14:16

I actually just fixed a friend's computer that was having issues like what you described. She somehow got one of those fake virus scanners through a facebook app that was preventing her from starting any programs, and kept claiming every single internet site she tried to visit was infected and she needed to buy a new browser. Safe Mode + Malwarebytes did the trick, though. I also found some startup process called bnlnlpxy (or something to that effect) that had been created around the exact time she started having problems, so I assumed that was part of the problem (seemed to be, as I was able to boot normally after disabling it in startup). See if you can get into msconfig, and disable any processes that look suspicious; that might help.

**bungiefan** · 2010-12-09 17:00

So I just ran into a new scam that someone got hit with and brought me their computer... Apparrently it's not too new, but it's been going on less than a year.

http://www.avforums.com/forums/compu...pert-help.html

http://www.avforums.com/forums/isps-...ll-scam-2.html

http://www.wilderssecurity.com/showthread.php?t=280935

They cold call you, tell you your computer is sending excessive error reports, and talk you into downloading a remote desktop program so they can control your computer to fix it, and ask you to fill out a web form while connected to subscribe to their service.

The credit card company told this guy they won't chargeback the transaction or halt it because he gave out the card information willingly.

They put what appears to be a pirated version of K7 Total Security on his system over his Kaspersky install.

They ask you to download and install AMMYY or TeamViewer.

Feel free to have fun with them and waste their time if they try this on you, as some of the examples in the links above show.

Thread: new worm/virus about?

Thread Tools

new worm/virus about?

Similar Threads

Need a new computer for about $600

Latest Threads

Up & Coming Threads

Hottest Threads