A family member brought over a laptop with a nasty virus. They told me the virus started out by telling them that their hard drive was failing and then all of their files, shortcuts, desktop background, and even start menu links disappeared. The virus hid every file on the computer. I had never seen anything quite like this one.
The remedy was to run Malware Bytes in safe mode to remove the virus and this tool to unhide the files:
http://www.bleepingc...ownload/unhide/
The machine had Microsoft Security Essentials installed but it didn't catch the viruses. It did flag a few files, but MBAM was the only thing that cleaned it up.
0
Just fixed a nasty virus
Started by
rridgely
, Aug 16 2012 11:37 PM
5 replies to this topic
#1 OFFLINE
rridgely
-
- Moderators
-
- 9,087 posts
I hate computers
- Gender:Male
Posted 16 August 2012 - 11:37 PM
#2 OFFLINE
eL_PuSHeR
-
- Members
-
- 511 posts
Power Member
Posted 17 August 2012 - 01:57 AM
Are we talking MSE 2.x or 4.x? Yes I know MSE doesn't have the best detection rate. Glad to hear you cleaned it out. I also use MBAM and Superantispyware too.
#3 OFFLINE
Andavari
-
- Moderators
-
- 15,009 posts
.
- Gender:Male
- Location:U.S.A.
Posted 17 August 2012 - 07:21 AM
If I were you I'd also definately run Hitman Pro (trial but you can manually deal with stuff found), and also perhaps Comodo Cloud Scanner (freeware).
#4 OFFLINE
rridgely
-
- Moderators
-
- 9,087 posts
I hate computers
- Gender:Male
Posted 17 August 2012 - 09:32 AM
The machine did have the latest MSE installed. It would flag a file at boot up but couldn't remove it permanently.
I had never seen a virus that will hide all the files on a computer before, the desktop looked crazy when I booted it up! I cant try any other scans thought because I backed up and formatted the machine. The laptop had a recovery partition, so this seemed like the easiest way to get a clean and safe windows install.
I have bookmarked hitman pro, seems interesting. I think I remember that program a while ago needing to have a bunch of different programs installed, now its getting all of their definitions from the cloud?(just from their description it what it seems like).
I had never seen a virus that will hide all the files on a computer before, the desktop looked crazy when I booted it up! I cant try any other scans thought because I backed up and formatted the machine. The laptop had a recovery partition, so this seemed like the easiest way to get a clean and safe windows install.
I have bookmarked hitman pro, seems interesting. I think I remember that program a while ago needing to have a bunch of different programs installed, now its getting all of their definitions from the cloud?(just from their description it what it seems like).
#5 OFFLINE
hazelnut
-
- Moderators
-
- 11,318 posts
try to stay calm
- Gender:Female
- Location:Huddersfield uk
Posted 17 August 2012 - 10:09 AM
Use Hirens to do an Eset Online Scan if you cannot use safe mode with networking.
Also rridgely when using HMPro if you hold down the Ctrl key and double click the installer it kills all running processes so it can do its job without interfence (like rkill)
Don't know if you are aware that MBAM, free and paid, has rkill built in sort of now (start-all progs-mbam-tools-chameleon)
Also rridgely when using HMPro if you hold down the Ctrl key and double click the installer it kills all running processes so it can do its job without interfence (like rkill)
Don't know if you are aware that MBAM, free and paid, has rkill built in sort of now (start-all progs-mbam-tools-chameleon)
CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND HERE
http://www.piriform.com/docs
http://www.piriform.com/docs
#6 OFFLINE
Super Fast
-
- Members
-
- 2,210 posts
Super Hero
- Gender:Male
Posted 18 August 2012 - 03:34 PM
I have seen viruses that hide all the files quite a few times.
Yes, it does look weird. The start menu folders, desktop folders, & other places are affected because their folders are marked hidden.
Glad you got it sorted out!
Yes, it does look weird. The start menu folders, desktop folders, & other places are affected because their folders are marked hidden.
Glad you got it sorted out!
