Solved

Strange shortcut altering virus

Posted on 2010-09-17
5
717 Views
Last Modified: 2012-05-10
A computer that I am working on has been infected with a virus that hijacks all of my shortcuts and has redirected them to some scamware. The scamware is called Microsoft Security Essentials or something like that. Malware bytes found something, called  a display hijack. I told it to fix it, then checked in the registry where it said the offending entry was, and it was fixed. However, it does not work still. I am facing the same problem, only malware bytes doesn't detect anything anymore. Has anyone run into something similar? Any ideas on how to fix this without reformatting the drive? The infected laptop is running windows 7. I would provide more info, but it is gone for the weekend.

Thanks
0
Comment
Question by:HDM
5 Comments
 
LVL 22

Expert Comment

by:optoma
ID: 33705562
Try these
TdssKiller and Hitmanpro.
http://support.kaspersky.com/viruses/solutions?qid=208280684
http://www.surfright.nl/en/hitmanpro
 


NOTE:If 7 is 32 bit then you can run Combofix

Run Combofix and post log here
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 7

Accepted Solution

by:
Daxit earned 500 total points
ID: 33705680
Hello

Did you create an image of your system with a cloning tool?

If you did it just do not loose time, save your data if not already done (should be done already if you follow the rules) and restore the system, you will save time and you will be sure to get your genuine system back for sure, manwhile every reparation is always not 100% sure.

If you did not you have to fight it antimalwares or manual removal of the infectious file/s (many viruses open the doors for other malware to come in).

Try to use the tools that the other experts suggested, furthermore you can use virus effect remover, you can download it from::

http://www.virussecurelab.com

Actually in this istant the site is down but I guess will be online soon again, you can also look for an alternative download mirror site.
, it contains a tool that attempts to repair the tipical virus' damaged areas of the system registry, vaccinate the drives from autorun.inf files, deactivate the autorun feature on all disks and usb removable disks and have also a lot of other good tools to work with.

In the system registry remove all the suspect entries in the run sections both in localmachine and localuser.

With the avenger:

http://the-avenger.softonic.it/

 you can remove files which are blocked and not deletable if not offline. Take care using the avenger as it can delete whatever you write in its task, if you delete for example a system folder you will ruin your system.

Use an antivirus to scan the pc too, if it is not succesful in removing the found virus/es pick the virus name and search for it on goolge, many times it is possible to find specific procedures that will work with that specific virus.

Post if you suceed or not, and if not describe what happened so to get more help.

Bye
0
 

Expert Comment

by:PTulgaa
ID: 33710943
You can manually disable this malware, virus, or something like that without any antivirus.
first you must find out exactly where is this infecting malware is locating. its maybe in temp folder or system folders and so on. To acknowledge the location you can use task manager if typically not disabled by virus. Find process named strangely and working actively in task manager and right click on it and choose open file location it opens up its physical location on hdd since it revealed you must to end that process from task manager and delete that executable file.
NOW FOR MOST IMPORTANT. don't miss this step !
now create new text file with exactly same name as that malware or something even its extension
for example: "trojan.exe" is our malware so the newly created text file is name must be exactly same but not "trojan.exe.txt" or something like that.
At last be sure on your move.
if you needed some explanation about this steps let me know i will appreciated to answer again
0
 
LVL 7

Expert Comment

by:Daxit
ID: 33711236
Hi

Yes what PTulgaa writes is correct, you can also create a folder instead of a text.file, it is important to lock it too, so you should right click on it and set the attributes as read only so to lock it, optionally you can also set it as hidden.

By the way, digressing on the topic, in order to vaccinate all drives from the common autorun.inf method place in the root of each one a folder named autorun.inf, right click it and set it as read only and hidden, in this way you will avoid the most of those kind.

Also you can disable the autorun functon of windows for the removable medias, the autorun function is thing that seems to be useful, but in my opinion and experience is only an annoying potential dangerous gadget which might disturb work sessions .

Bye
0
 

Author Closing Comment

by:HDM
ID: 33739395
We wound up just formatting and restoring from a backup... oddly enough they didn't want to do that originally...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now