I downloaded the wrong thing this morning, and my computer is paying for it. First it installed one of those "Your computer has problems. We can fix them" messages, which took me forever to get rid of. Now all my desktop work and icons are gone, but if I try to make a new shortcut for, say Explorer, it asks me if I want to replace the old one. But the old one is gone, or at least I can't see it. Now I've found that my 'Favorites' folder is empty. But when I tried to set Subsim as a favorite again it told me that it can't because it's already there. But I can't see it.

A System Restore didn't change anything. Also missing is all my Ship Names works since February.

Any ideas beyond simply recreating everything?

You're not using Microsoft Security Essentials?
Recommended! http://www.microsoft.com/en-us/security_essentials/default.aspx


Here's a link to Microsoft Security Scanner and how-to:
http://windows.microsoft.com/en-us/Windows7/How-do-I-remove-a-computer-virus

Generel tips:
http://www.removevirus.org/
http://www.bleepingcomputer.com/tutorials/tutorial101.html

Once clear, scan your backups as well.

But the "Also missing is all my Ship Names works since February"-part makes me wonder why you haven't backed up such stuff much more frequent. DVD's are next to free these days...


Good luck though! :up:

You're not using Microsoft Security Essentials?
Recommended! http://www.microsoft.com/en-us/security_essentials/default.aspx
Yes I am. It got by anyway, and MSE politely warned me that my hard drive was compromised.

Thanks for the other links. I'm going over them now.

As for backing up my work folders, I have a copy in My Documents and another on a flash drive. I seem to have forgotten to rewrite them this time. On the other hand I downloaded my own April file, and it won't take long to reconstruct my work files using it. It's just annoying is all.

ok, so first of all, you will have to back up your files
don't try to back up your files using the infected system

burn yourself a copy of this:http://www.ubcd4win.com/

boot into windows pe, and backup your files from there

after that, you can try to remove the virus yourself
or hire an antivirus company to do it for you
or just format the drive and reinstall the system

Sorry to hear about that Steve:dead:? One thing you could do is get you a set of hard drive cables to USB and plug the infected HD in two a second computer and scan from there. You can also move your non-infected files off the drive.

Ok all might not be lost. Here's a quick fix if you have the same nasty malware virus. Some Malware hides your files they are not gone deleted just hidden from view.

First get rid of the malware using malwarebtyes program.

http://www.malwarebytes.org/ latest version is 1.50.1

Or unless you killed it with some other program good enough, open up any folder then in the menu go Tools - folder options - view. Then in the 'Hidden files and folders' check the 'Show hidden files and folders' box. Click the apply button below then the 'Apply to all button' up top. Applying to all means every folder will do the same, could take a while to complete.

Might not work if its more nasty than just hiding your stuff but worth a try.

Can you give specifics as to which bug it was that got you?

Ok all might not be lost. Here's a quick fix if you have the same nasty malware virus. Some Malware hides your files they are not gone deleted just hidden from view.
I kind of figured that part out when I tried to creat new icons for some of the main files and it asked me if I wanted to replace the old ones. I did a couple of searches and found that the folders were indeed there.

First get rid of the malware using malwarebtyes program.
I think between SpyBot, Advanced System Care and MSE I've done a pretty good job of that. I'll run Malwarebytes too.

Then in the 'Hidden files and folders' check the 'Show hidden files and folders' box. Click the apply button below then the 'Apply to all button' up top. Applying to all means every folder will do the same, could take a while to complete.
Okay, I can see (and access) everything now. Unfortunately they are still technically 'hidden' and look kind of ghostly. How do I make them back into real-looking folders?

Can you give specifics as to which bug it was that got you?
I think it's called WindowsRepair. It wasn't in the list that Jan linked, but it looks a lot like some of the ones on that list. No way am I going to go find it again to make sure of the name. I'm not sure exactly what I did, but I was checking out some music files and when it turned up I probably just clicked 'Download', overriding MSE's settings. It looks like one of those annoying things that tells you something's wrong with your registry and saying you need to buy their product. The difference with this one was that it only had options for 'Scan' and 'Purchase'. It wouldn't go away no matter what I did. Luckily some of the main folders were unaffected. Between those three programs we managed to get rid of it, at least as far as I can tell. I'm going to run some deep scans tomorrow.

Oh, my 'Favorites' section in IE is still empty. I know they are there too, because it won't let me add new folders with the same names.

[edit] Never mind about the Desktop. I figured out how to 'Unhide' the folders. 'Favorites' is still a problem though.

Need to create backup Steve. Regularly like once a week. Ideally to external HDD.


Scan with good AV like Avira or COMODO.


Run dos command type sfc /scannow in windows directory to repair windows file.

I think it's called WindowsRepair.... It looks like one of those annoying things that tells you something's wrong with your registry ... It wouldn't go away no matter what I did...Oh yeah, have come across those a couple of times. Can't close pop-up window, can't close IE either.

Normally I just use Ctrl-shift-Esc to open the Windows Job-list and on the tab labelled 'Programs' I close IE there.


You could contact webmaster on the site and tell him what happened.


And to the folks behind the "utility" - may you suffer a long time from all kinds of nasty things! :stare:

Okay, MSE says the actual name of the thing was WinNT/Alureon.s.

Need to create backup Steve. Regularly like once a week. Ideally to external HDD.
Did you miss the part where I do back up my work to two different externals? Sometimes I forget, because I'm old, but I know I need to to do that.

Good news! I figured out where the Favorites thing was, and now it's unhidden as well!

I have almost all my files back.

That's odd MSE did let it pass? Do you keep updates on auto?
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWinNT%2FAlureon.S

Safe removal of above trojan horse: http://www.removespywaresupport.com/how-to-remove-trojanwinntalureon-s-how-to-remove-trojanwinntalureon-s.html

Not odd at all if I accidentally told it too. Idiot. :damn:

I've now run MSE, SpyBot and Malwarebytes, and it mostly seems to be back to normal. I have a couple of registry fixers, and will run those later tonight.

Sailor Steve just called me an idiot! :wah:


But still I think MSE should have prevented the thing installing itself, even if you said "yes, please"? Strange...



/edit:
Found a nice guide to remove the Alureon here (post #3 and #5): http://forums.techguy.org/virus-other-malware-removal/970343-cant-get-rid-alureon-even.html

Just ran the one from post #3 - no threats detected.

Am running the online scan from post #5 now.

I have all my files, folders and histories back. The only problem I'm having right now is that every once in awhile Windows Explorer will malfunction, locking everything up and forcing me to reboot the hard way. I'm looking for solutions.

One more thing: What on Earth does DrWatson do other than to tell me it has encountered a problem and needs to shut down?

Red seat for you sailor.:o (sorry couldn't resist:D)

One more thing: What on Earth does DrWatson do other than to tell me it has encountered a problem and needs to shut down?Ah! Good old Dr. Obvious! :yeah:

Perhaps try running a System File Check: http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Won't do any harm and may solve your IE problems... but good to hear you weren't badly hurt! :up:

I would strongly recommend NOT using MSE. It's let fairly nasty stuff through twice on my system - to the point of potentially almost needing to install windows. There are a number of other free virus scanners out there. I've used both Avast and AVG in the past and both seem OK.

If your files are still hidden, select them and either right-click and go to properties or hold Alt and press Enter/Return. Make sure the 'Hidden' box on the 'General' tab isn't selected and OK it all. This will take a while if you have a lot of files.

I've tried both AVG and Avast with little or no luck in the past.

But it's all irrelevant now. The thing is back, and with a vengeance. I can't get rid of it this time, and I can't access anything on my hard drive. It's going to be tough to do a complete reinstall because all my discs are in my storage unit somewhere. Looks like I'm back to posting from the library for awhile.

High time for the Klingon solution. Accept no compromise. I would have chosen it already earlier. When nasty stuff has hit you once, you never can be sure you really got rid of it after you are finished with your repair - and every Windows repair is just improvisation. Time passes by, you invest trust, make backups of your working files - and they all get infested in the background.

And DO NOT trust into free scanners only, but use a payware solution, the full package, make it a solid one. I have learned that lesson myself just before switching systems:

http://www.subsim.com/radioroom/showthread.php?t=180346

Neal brought it to the point in there: "Sticking with pay/premium anti-virus software here. I cannot imagine some free AV group has the same resources as Norton or McAfee. If they're not brining in real $$ to pay employees and stay on top of emerging threats, how secure can it be? You get what you pay for. "

Avira Premium for example does not leave you any need to run Spybot. It includes what Spybot does - and then so much more.

[...] Avira Premium [...]
Wise choice.


Avira Antivir + ZoneAlarm firewall = best free antivirus+firewall combo. :)
But you've still got to be careful, and not to open an email attachment/link provided by some anonymous guy.

So far all's well that ends well. I was able to reach Microsoft's Service Center and a knowledgeable expert spent seven hours of his time helping me get everything sorted out, running various scans and even remotely running my computer until we're pretty sure the thing is truly gone.

Oh, and the cost was exactly $0.00. :sunny:

Good to hear that he was able to remove it! Brilliant service from Microsoft :up:

Think I ran into that exact same virus at the center I volunteer at. Annoying but fairly easy to get rid of (for someone of my skill level anyhow). The good thing is that it didn't seem to bring in a pile of other viruses or delete anything. It did take a lot of manual editing though in the registry to fully restore everything (as usual mcafee, which they have, failed to prevent, detect, or remove it).

BTW as a computer expert, I don't agree with the assessment that norton or mcafee are any good. My personal experience with both of them is that they are very poor anti virus solutions, and utterly abysmal firewalls (and zone alarm isn't a whole lot better).

Last I checked Comodo was the best firewall available (though very naggy). It's virus scanner is decent, though I prefer ClamWin. Both are free, the second is open source. It's also a good idea to overlap anti-virus software as none of them are perfect (also helps with false positives a bit)

http://www.matousec.com/projects/proactive-security-challenge/results.php

I'll post some av testing when I have more time

Anyhow did some re-reading up on where the different virus scanners are atm.

For free anti-virus, Avira personal seems to be the best choice.
For payware, Lavasoft Total security seems good, as do some others (like Avira Pro).

So one of them combined with Comodo firewall seems like the best option.

Some of the sources I used:
http://www.av-comparatives.org/en/comparativesreviews
http://www.virusbtn.com/vb100/latest_comparative/index

Me, I tend to end up dealing with viruses retroactively (since I usually have to clean up already compromised systems). So my toolbag contains various programs like
Spybot S&D
ClamWin Portable (it is very good at detecting viruses once active, and installer packages, but does not have any proactive defense, it is strictly a scanner)
HijackThis
and various other software and anti rootkits

BTW as a computer expert, I don't agree with the assessment that norton or mcafee are any good.

I don't recommend them either, particularly not Norton as it places about a million, (only a very slight exaggeration), entries in your registry. That plus the fact it fails to detect a lot of 'designer' viruses simply because the authors reverse engineer the algorithm as part of the creation process.

IMO, you're better off going with a less popular AV - combined of course with a good firewall and an even better sandbox.