System 32 Virus anyone?

[Techman]

Both of you are welcome too stop fighting it. Do not use geeks or any other box store techie. Those guys have no clue.

Send those machines to me... PM me for an address... I fix it or else.. Simple.. I do this all the time. There is no way a virus or mal ware can defeat me yet.... I am sure the day is coming but not yet. Its that simple. This is not a boast.

Signguy1 sent his machine after he was told by several techs it had to be reformatted. He was online when I looked it his machine and it was running in about 2 minutes.

I just got another one that no one could fix. I got it in exactly 21 seconds after it booted. It was fixed so fast the owner didn't believe i did anything.. I laughed because he said.. It didn't run this after noon.

The most recent difficult challenge was a lappy that took about 17 tries over 2 days to get it after I found his anti virus was defeated and his wireless connection was hijacked. That was a fun challenge because they maggot ware author tried something new..

The problem does not lie in the registry. Not in the CD ROM. Not in the browser. It resides in some hidden folder very likely in the system32 or some strange named .exe file or a DLL file. Also the maggot ware is hiding in the system restore files too.

Sometimes the bad stuff is hidden in the host file. Or it is hidden in the dns cache. you just have to know where to look.


As for this...

One thing he said is that it was installing itself in the CD rom

This is just about impossible...

So send them machines my way and be done with it.

 

[buttons]

Jill I have the same problem. I turned the system restore off on my old drive and tried finding it with all the programs curtis suggested in safe mode and the lil bastard can't be found by any virus/rootkit remover/malware/spyware software,but I still get redirects in my browser,..even after putting in anew drive the problem represented itself so formatting and starting over hasn't helped any. neither did using a totally new drive,..I've scanned everything that is sitting anywhere remotely close to my system much less actually hooked up to it here and it keeps reinventing itself,...the redirect disable for my browser is the only thing that remotely affects the symptoms and still I get the occasional redirect or blank window popping up in the background,..me thinks the ppl that wrote the virus that infected the Iranian nuclear reactors have a hobby,...So far the only thing we can find it is messing with is the browser.

If you reformatted AND replaced the hard drive. It's not your computer. It's something YOU are doing on the internet.

 

[Ian Stewart-Koster]

We got stuck with an autorun trojan, or call it a virus if you want to.
It came from probably one of the kids at school, and despite AVG, it quickly infected everything.
PrevX 3.0 found it, but it was a slow manual job clearing out what suddenly became hundreds of infections.
"PeeTechFix-Win32.PSW.OnlineGames 2.0.7_AVDB-097" was the best help in stopping it from re-propagating itself.
Otherwise it would hide & install a new autorun.inf file & an exe file on any plugged-in drive/key/card, which then infected the next thing it was plugged in to.
Disabling autorun also helped, but didn't entirely fix it.
There was a registry healing app you could download also. I'm not sure that and the Peetech app removed the trojan, but at least the PCs didn't infect anything else that was plugged into them, and if an infected USB memory key was plugged-in, it didn't autorun & so could be wiped of its vermin.
I'm still a bit of a mug at these fixes, but I'd follow Techman's advice if I was in North America!

 

[round man]

finally figured out it was an infected ad on a local newspaper site and it reinstalled itself every morning when I read the local news and have my coffee seems I have gotten rid of it now,..at least I kept all my stuff backed up and I have an extra 80 gb usb drive now,....we had a half dozen or more folks at school who read the news site each day with the same problem

 

[Jillbeans]

OK, knock on wood.
Signage helped me over the phone and via emailed links.
Via MajorGeeks, which was one of the first suggested fixes.
Not sure if I am totally clean yet or not but it seems to be better today.
Of course, I may just be delusional at this point.

Thanks to everyone who offered advice.
I may be back here tomorrow morning whining again though.

 

[jtrainor56]

I am in IT and do this crap all day, here is what you want to do:

From another PC download from my bleeping computer, RKILL and Malwarebytes and put them both on a usb drive. Boot the infected PC into safe mode. Copy the two files to the desktop of the infected PC and run RKILL. This will kill and processes that might be running. Install and update Malwarebytes and run the quick scan. When Malwarebytes completes, reboot and do the same all over again... safe mode, run RKILL and Malwarebytes. If Malwarebytes comes back clean, reboot into windows and run Malwarebytes again and your AV software. If both come back clean, you got it.

 

[signmeup]

I'm going to buy a KVM(?) switch and run a separate computer for internet only though my monitor after reading all this, and keep my work computer off the internet entirely.

 

[hightop]

I am in IT and do this crap all day, here is what you want to do:

From another PC download from my bleeping computer, RKILL and Malwarebytes and put them both on a usb drive. Boot the infected PC into safe mode. Copy the two files to the desktop of the infected PC and run RKILL. This will kill and processes that might be running. Install and update Malwarebytes and run the quick scan. When Malwarebytes completes, reboot and do the same all over again... safe mode, run RKILL and Malwarebytes. If Malwarebytes comes back clean, reboot into windows and run Malwarebytes again and your AV software. If both come back clean, you got it.

This worked for me. I wasn't in safe node, but all else was the same and ***fingers crossed*** it worked.

 

[Todd M Castle]

I'm the guy in my family who everyone calls with computer issues. I always keep malewarebyes, Rkill and Combofix on a thumb drive. Just a tip for everyone. Good to have when you need it.

 

[hightop]

@Pat - OH NO!! What a pain!! My fingers are still crossed (and it's hard to type that way ) but ever since I took jtrainer's advice, my computer has been working.

I'm the guy in my family who everyone calls with computer issues. I always keep malewarebyes, Rkill and Combofix on a thumb drive. Just a tip for everyone. Good to have when you need it.

Good idea!!

 

[Jillbeans]

Signage's advice was the same and it really worked.
But I am ultra paranoid now.
I never leave my PC connected to the Net if I'm not around, I run SuperAntiSpyware every day, among other strange and ritualistic behavior.

 

[phototec]

One sure way NOT to get a virus!

I'm going to buy a KVM(?) switch and run a separate computer for internet only though my monitor after reading all this, and keep my work computer off the internet entirely.

YEP! This is the ONLY for sure way to keep your sign business going and not be down due to a virus.

It's sad that their are people out there creating these viruses, and many cleaver ways of getting them onto your computer while connected to the internet.

My dual-monitor graphic workstation is NOT connected to the internet, period!

If you have your design work station connected to the internet, it's only a matter of time before you get a virus.

 

[signage]

Well Pat did you get this straightened out?