VIRUS ALERT!

A friend of mine downloaded a .wmv porn movie yesterday and when he tried to play it a window pop-uped saying "A codec is missing, visit this site to install it".
So he visited the site downloaded the .exe codec and ran it

That was it! All desktop icons gone, task manager disabled, all hard drives disappeared (!), explorer disabled (couldn't access any file), browser windows popping-up sayin download this and that, desktop hijacked with a "privacy danger" thing, security warnings all over and a VIRUS ALERT! flashing in System tray where the clock is supposed to be.

We're talking about a MESS! He had malware from KvmSecure to lots of other stuff.

So I took the time to write a small guide that helped my friend yesterday and may help others in future!

1.Dr.WEB CureIT
He downloaded Dr.WEB CureIT and ran a full scan on C drive (CureIT was able to see the contents of the C drive althought the user couldn't Lol).
It found about 40 viruses all able to delete and move and that was enough to stabilize the OS and run some additional scans.

2.SUPERAntiSpyware
He installed the free version and ran a full scan. It found about 15 registry items infected and some files/folders infected (adware mostly) which all were quarantined and removed.
He then run all the repairs under preferences->repairs which at that point brought back task manager.

3.MalwareByte's AntiMalware
He installed the free version and ran a full scan with that too. It found about 2-3 infected items all quarantined and removed successfully.

4.SpyBot S&D
He had that allready installed. It came up with a SmitFraud left-over which succesfully deleted.

5.GlarySoft RegistryRepair
Actually I told him to install and run this cause he's pc was allready in bad shape, so a registry cleaner could only make it better

6.CCleaner
The usual task, getting rid of all crap!

7.HijackThis
He ran and sent me a HijachThis log, which was clean, but took the chance to help him get rid of some unesecery start-up applications.

8.Reboot
The final step and the moment of truth! How will all the changes made by the previous software apply after a reboot?
Well it was success!
Everything came back EXCEPT the missing desktop icons (couldn't be found anywhere, the virus must have deleted them) and the background which was the default windows one and not the one he had before the infection, but he was able to set his previous background manually.

I hope that this will help others too. It was a real nasty situation!
Notice also that the pc infected, wasn't he's good pc, it was more like a porn machine Lol.
No firewall, no antivirus, no anything installed! Naked to the bone!
So if the guide worked for him a good pc will stand ever better chance

 

If it were me, I'd firstly try Rogue Remover/SmithFraudFix, if failed I'd use pretty much the same combo, maybe running AVP Tool - Dr.Web - SAS - Ewido

 

I may have just imaged the bloody thing and scanned it on another computer.

 

My question is did he learn from his experience ?

I am not referring to what he chooses to view, but being cautious in what links he chooses to follow\use to download any .exe. Safe codec packs are available every where on the Net.

 

Well actually he's cautious, he's not a n00b, but these things happen some times.

I am cautious too, but there was a time long ago I had some beers, got a photo.zip from a friend of mine through MSN (yes yes the known way of getting infected) and ran the damn thing inside it .

And I knew that these viruses through MSN existed, it'n not like it was out of the blue for me, but still..

Anyway I hope he will be even more cautious now on

 

If that is the case then lesson learned.

 

awesome guide, although i doubt the same thing would happen to me, your guide did provide me with new knowledge on many other scanners for the safety of my PC.

 

this is a serious problem, i see people everywhere complaining about rouge spyware and viruses, but today's antivirus and antispyware does not protect because the rouge spyware has so many variant,

what to do so i will be protected against latest threats everyday?

 

Use a good antivirus with a good signature and heuristic detection(look this for example, a good result indeed https://www.wilderssecurity.com/showpost.php?p=1294754&postcount=102), a good antispyware, NOT using Internet explorer and being careful.
Also using a site-advising program(like siteadvisor, wot, linkscanner etc.) to prevent from going into known rouge sites.

 

This sort of crap seem to be everywhere in the net these days, yesterday another friend contacted me through MSN and said: "You have to save me, I have 50000 viruses, how the hell did that happen?"

Of course it was a rogue, Antivirus XP 2008, which stated he had 50000 viruses on his pc, but the guy did't even think of that case, he actually believed he had that many viruses.

I can understand it though, the panic you face at that moment + the fact of not being a geek, it's easy too be fooled