Solved

Strange shortcut altering virus

Posted on 2010-09-17
5
718 Views
Last Modified: 2012-05-10
A computer that I am working on has been infected with a virus that hijacks all of my shortcuts and has redirected them to some scamware. The scamware is called Microsoft Security Essentials or something like that. Malware bytes found something, called  a display hijack. I told it to fix it, then checked in the registry where it said the offending entry was, and it was fixed. However, it does not work still. I am facing the same problem, only malware bytes doesn't detect anything anymore. Has anyone run into something similar? Any ideas on how to fix this without reformatting the drive? The infected laptop is running windows 7. I would provide more info, but it is gone for the weekend.

Thanks
0
Comment
Question by:HDM
5 Comments
 
LVL 22

Expert Comment

by:optoma
ID: 33705562
Try these
TdssKiller and Hitmanpro.
http://support.kaspersky.com/viruses/solutions?qid=208280684
http://www.surfright.nl/en/hitmanpro
 


NOTE:If 7 is 32 bit then you can run Combofix

Run Combofix and post log here
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 7

Accepted Solution

by:
Daxit earned 500 total points
ID: 33705680
Hello

Did you create an image of your system with a cloning tool?

If you did it just do not loose time, save your data if not already done (should be done already if you follow the rules) and restore the system, you will save time and you will be sure to get your genuine system back for sure, manwhile every reparation is always not 100% sure.

If you did not you have to fight it antimalwares or manual removal of the infectious file/s (many viruses open the doors for other malware to come in).

Try to use the tools that the other experts suggested, furthermore you can use virus effect remover, you can download it from::

http://www.virussecurelab.com

Actually in this istant the site is down but I guess will be online soon again, you can also look for an alternative download mirror site.
, it contains a tool that attempts to repair the tipical virus' damaged areas of the system registry, vaccinate the drives from autorun.inf files, deactivate the autorun feature on all disks and usb removable disks and have also a lot of other good tools to work with.

In the system registry remove all the suspect entries in the run sections both in localmachine and localuser.

With the avenger:

http://the-avenger.softonic.it/

 you can remove files which are blocked and not deletable if not offline. Take care using the avenger as it can delete whatever you write in its task, if you delete for example a system folder you will ruin your system.

Use an antivirus to scan the pc too, if it is not succesful in removing the found virus/es pick the virus name and search for it on goolge, many times it is possible to find specific procedures that will work with that specific virus.

Post if you suceed or not, and if not describe what happened so to get more help.

Bye
0
 

Expert Comment

by:PTulgaa
ID: 33710943
You can manually disable this malware, virus, or something like that without any antivirus.
first you must find out exactly where is this infecting malware is locating. its maybe in temp folder or system folders and so on. To acknowledge the location you can use task manager if typically not disabled by virus. Find process named strangely and working actively in task manager and right click on it and choose open file location it opens up its physical location on hdd since it revealed you must to end that process from task manager and delete that executable file.
NOW FOR MOST IMPORTANT. don't miss this step !
now create new text file with exactly same name as that malware or something even its extension
for example: "trojan.exe" is our malware so the newly created text file is name must be exactly same but not "trojan.exe.txt" or something like that.
At last be sure on your move.
if you needed some explanation about this steps let me know i will appreciated to answer again
0
 
LVL 7

Expert Comment

by:Daxit
ID: 33711236
Hi

Yes what PTulgaa writes is correct, you can also create a folder instead of a text.file, it is important to lock it too, so you should right click on it and set the attributes as read only so to lock it, optionally you can also set it as hidden.

By the way, digressing on the topic, in order to vaccinate all drives from the common autorun.inf method place in the root of each one a folder named autorun.inf, right click it and set it as read only and hidden, in this way you will avoid the most of those kind.

Also you can disable the autorun functon of windows for the removable medias, the autorun function is thing that seems to be useful, but in my opinion and experience is only an annoying potential dangerous gadget which might disturb work sessions .

Bye
0
 

Author Closing Comment

by:HDM
ID: 33739395
We wound up just formatting and restoring from a backup... oddly enough they didn't want to do that originally...
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no backā€¦
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question