Nasty Virus

[Sailor Steve]

I downloaded the wrong thing this morning, and my computer is paying for it. First it installed one of those "Your computer has problems. We can fix them" messages, which took me forever to get rid of. Now all my desktop work and icons are gone, but if I try to make a new shortcut for, say Explorer, it asks me if I want to replace the old one. But the old one is gone, or at least I can't see it. Now I've found that my 'Favorites' folder is empty. But when I tried to set Subsim as a favorite again it told me that it can't because it's already there. But I can't see it.

A System Restore didn't change anything. Also missing is all my Ship Names works since February.

Any ideas beyond simply recreating everything?

[Jan Kyster]

You're not using Microsoft Security Essentials?
Recommended! http://www.microsoft.com/en-us/secur...s/default.aspx


Here's a link to Microsoft Security Scanner and how-to:
http://windows.microsoft.com/en-us/W...computer-virus

Generel tips:
http://www.removevirus.org/
http://www.bleepingcomputer.com/tuto...torial101.html

Once clear, scan your backups as well.

But the "Also missing is all my Ship Names works since February"-part makes me wonder why you haven't backed up such stuff much more frequent. DVD's are next to free these days...


Good luck though!

[Sailor Steve]

Quote:

Originally Posted by Jan Kyster

You're not using Microsoft Security Essentials?
Recommended! http://www.microsoft.com/en-us/secur...s/default.aspx

Yes I am. It got by anyway, and MSE politely warned me that my hard drive was compromised.

Thanks for the other links. I'm going over them now.

As for backing up my work folders, I have a copy in My Documents and another on a flash drive. I seem to have forgotten to rewrite them this time. On the other hand I downloaded my own April file, and it won't take long to reconstruct my work files using it. It's just annoying is all.

[the_tyrant]

ok, so first of all, you will have to back up your files
don't try to back up your files using the infected system

burn yourself a copy of this:http://www.ubcd4win.com/

boot into windows pe, and backup your files from there

after that, you can try to remove the virus yourself
or hire an antivirus company to do it for you
or just format the drive and reinstall the system

[nikimcbee]

Sorry to hear about that Steve? One thing you could do is get you a set of hard drive cables to USB and plug the infected HD in two a second computer and scan from there. You can also move your non-infected files off the drive.

[kiwi_2005]

Ok all might not be lost. Here's a quick fix if you have the same nasty malware virus. Some Malware hides your files they are not gone deleted just hidden from view.

First get rid of the malware using malwarebtyes program.

http://www.malwarebytes.org/ latest version is 1.50.1

Or unless you killed it with some other program good enough, open up any folder then in the menu go Tools - folder options - view. Then in the 'Hidden files and folders' check the 'Show hidden files and folders' box. Click the apply button below then the 'Apply to all button' up top. Applying to all means every folder will do the same, could take a while to complete.

Might not work if its more nasty than just hiding your stuff but worth a try.

[CaptainHaplo]

Can you give specifics as to which bug it was that got you?

[Sailor Steve]

Quote:

Originally Posted by kiwi_2005

Ok all might not be lost. Here's a quick fix if you have the same nasty malware virus. Some Malware hides your files they are not gone deleted just hidden from view.

I kind of figured that part out when I tried to creat new icons for some of the main files and it asked me if I wanted to replace the old ones. I did a couple of searches and found that the folders were indeed there.

Quote:

First get rid of the malware using malwarebtyes program.

I think between SpyBot, Advanced System Care and MSE I've done a pretty good job of that. I'll run Malwarebytes too.

Quote:

Then in the 'Hidden files and folders' check the 'Show hidden files and folders' box. Click the apply button below then the 'Apply to all button' up top. Applying to all means every folder will do the same, could take a while to complete.

Okay, I can see (and access) everything now. Unfortunately they are still technically 'hidden' and look kind of ghostly. How do I make them back into real-looking folders?

Quote:

Originally Posted by CaptainHaplo

Can you give specifics as to which bug it was that got you?

I think it's called WindowsRepair. It wasn't in the list that Jan linked, but it looks a lot like some of the ones on that list. No way am I going to go find it again to make sure of the name. I'm not sure exactly what I did, but I was checking out some music files and when it turned up I probably just clicked 'Download', overriding MSE's settings. It looks like one of those annoying things that tells you something's wrong with your registry and saying you need to buy their product. The difference with this one was that it only had options for 'Scan' and 'Purchase'. It wouldn't go away no matter what I did. Luckily some of the main folders were unaffected. Between those three programs we managed to get rid of it, at least as far as I can tell. I'm going to run some deep scans tomorrow.

Oh, my 'Favorites' section in IE is still empty. I know they are there too, because it won't let me add new folders with the same names.

[edit] Never mind about the Desktop. I figured out how to 'Unhide' the folders. 'Favorites' is still a problem though.

[Castout]

Need to create backup Steve. Regularly like once a week. Ideally to external HDD.


Scan with good AV like Avira or COMODO.


Run dos command type sfc /scannow in windows directory to repair windows file.

[Jan Kyster]

Quote:

Originally Posted by Sailor Steve

I think it's called WindowsRepair.... It looks like one of those annoying things that tells you something's wrong with your registry ... It wouldn't go away no matter what I did...

Oh yeah, have come across those a couple of times. Can't close pop-up window, can't close IE either.

Normally I just use Ctrl-shift-Esc to open the Windows Job-list and on the tab labelled 'Programs' I close IE there.


You could contact webmaster on the site and tell him what happened.


And to the folks behind the "utility" - may you suffer a long time from all kinds of nasty things!

[Sailor Steve]

Okay, MSE says the actual name of the thing was WinNT/Alureon.s.

Quote:

Originally Posted by Castout

Need to create backup Steve. Regularly like once a week. Ideally to external HDD.

Did you miss the part where I do back up my work to two different externals? Sometimes I forget, because I'm old, but I know I need to to do that.

[Sailor Steve]

Good news! I figured out where the Favorites thing was, and now it's unhidden as well!

I have almost all my files back.

[Jan Kyster]

That's odd MSE did let it pass? Do you keep updates on auto?
http://www.microsoft.com/security/po...NT%2FAlureon.S

Safe removal of above trojan horse: http://www.removespywaresupport.com/...alureon-s.html

[Sailor Steve]

Not odd at all if I accidentally told it too. Idiot.

I've now run MSE, SpyBot and Malwarebytes, and it mostly seems to be back to normal. I have a couple of registry fixers, and will run those later tonight.

[Jan Kyster]

Sailor Steve just called me an idiot!


But still I think MSE should have prevented the thing installing itself, even if you said "yes, please"? Strange...



/edit:
Found a nice guide to remove the Alureon here (post #3 and #5): http://forums.techguy.org/virus-othe...reon-even.html