I have had the pleasure of having an machine infected with this insidious malware at work...

Now I am not unfamiliar with dealing with buggered machines but this one threw me a bunch of new curves.

"All 'I' know is 'I' clicked on a drawing file and this thingy popped up saying its infected and if 'I' want to fixt it"... :oops: "Did you click anything?" I ask. "No you told me not to...". "Good thanks.. may I please have your chair?"

She gets up and peers over my shoulder. I click the no button (hell no was not available) and up pops another window... [This computer is under attack ! By hooded demons in Saigon] and POP up comes some random porn site... AWKWARD :haha:

I reach for the reset button... and well I never bothered to hook it up... this just keeps gettin better. Press and hold and after 12 seconds of a strange mix of arousal and embarrasment pass the machine goes click and a black screen.

After apologies... "Would you mind finding another computer while I fix this one?" and off she went... no winks no nuttin :har:

Back on topic.

Rebooot... as soon as the desktop is up I notice updates not running.. then a few moments later... "Your coumputer is infected !", click no, get rid of random page pop... viagra this time (even though i had pulled the net cable).

What made this particular malware so infurating was that it would not let you open any other freakin app. Not even explorer, couldent even run regedit.. honest !

So off to another machine to find the cure...

Boot in safe mode.... find and eleminate obscure files with random names. Regedit obscure keys with random names.. Reboot (normal mode), do a system roll back, re-install antivirus (norton), update, get windows updates, system scan (2.5 hours), more windows updates,.....

I left it doing another system scan after I checked that local net work and internet access worked. I then locked the internet access :nope:

I made sure the windows automatic update was on.

Sheese.. she cost me a whole freakin day.

I really wish I could bring some sort of legal action aginst 'Antirvusoft'.

By the way I highly recommend avoiding their website and product. They use bully and scare tactics to force unaware users into paying for they 'protection' and left with little.

I have several non-technical co-workers that have been hit by this particlar bug as well.

It sucks..

After the first two repair marathons I got smarter. I just backed up the user data files, flattened the harddrive and re-installed the OS. Then it was a simple matter of putting back the user data.

It is far faster and less painful.

Lord how I hate wiping drives around here... so many huge apps, drivers, and networking quirks. A wipe and re-configure about 4 to 6 hours per machine.

Not to mention hearing all the whining about lost wall papers icons etc. :03:

Oh yeah, I've got hit by a similar virus, it hides in adverts and pretends to be a proper windows message coming up in the bubble you get in the bottom right hand corner. At first they were fairly easy to kill, stop it from starting up on load up, track down the root exe and kill it and then remove any registry entries on it. However, the last one I got was a bastard, it used a rootkit to hide itself and wormed its way into Internet Explorer AND Firefox and threw up so many instances of itself at startup that you couldn't manually kill it before it started throwing up its messages and neither msconfig or Ccleaner could see the damn thing to stop it from starting itself up, and once it HAD started itself up, you couldn't use anything that was an .exe file! So Ccleaner was out, Malwarebytes was out, everything! :damn: Eventually I managed to kill it long enough to access the internet and find a ploy someone had done to drop a text file named after the file the rootkit was hiding into where the file was hiding (which I had discovered through the registry) which stopped it loading long enough to strip out all references of it in the registry and reinstall IE and Firefox.
I now use Firefox with noscript. :up: