Cleanup after 'Win 7 Security 2012 virus'

I got the 'Win 7 Security 2012 virus' last night.  I was able to restart in Safe Mode and get Malwarebytes to scan.  It found 17 infections which it removed.  I was then able to boot up normally.  I tried to use System Restore to go to a previous Restore point but that errored. I am getting errors that IPSec Policy Agent, IKE and AuthIP Keying Modules, and other services aren't running.  When I go into Services and try to start them, I get an Error 1075: The dependency service does not exist or has been marked for deletion.  I ran a System File Check Scan and it came back saying it didn't find any integrity violations.

How can I get the missing Services back without having to reinstall the OS.  I have a fairly recent backup using Acronis, is there something I can restore from there?  Should I restore the registry from the backup also?
MRGroupAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Run5kCommented:
First of all, try all of the steps within this great article written by Younghv, one of the Experts Exchange community's most experienced people when it comes to malware removal...

http://www.experts-exchange.com/A_6550-2012-Malware-Variants.html

Additionally, try using the System Restore function within Safe Mode, also.  You could have something that is preventing it from working properly, includiing your own security software.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
joinaunionCommented:
I would try Superantispyware then post back.Go here click on free edition,install make sure its all up to date and do full scan.
http://www.superantispyware.com/
0
younghvCommented:
@Run5k - thanks for the kudos.

@MRGroup - Just posting to clarify - NOT for points.

I can almost guarantee you that the Safe Mode scan has not done a complete job of eradicating the malware.

Note that this variant will often modify your registry settings, so until you run that "FixNCR.reg" (mentioned in the Article), you are going to be very limited on what will run on your system.

Post the logs from both RogueKiller and Malwarebytes (in Normal Mode) and let us take a look at them for you.

I have had several systems in my repair shop over the past couple of weeks with these symptoms, and every one of them was accompanied by a 'Rootkit' infection.

To be safe, you should also run ComboFix and TDSSKiller(Trend)/FixTDSS(Symantec). The details are in my Articles.
0
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

younghvCommented:
@joinaunion -
Virtually every malware variant we've been hit with for the past year or so has protective 'rogue processes' that will block most tools/scanners from functioning properly.

You might want to read through some of the current EE Articles on malware fighting to get some of the details of how to fight these critters.
0
joinaunionCommented:
Thank for your feedback younghv. In almost all cases of my computer repair that involved rogue programs trojans etc..superantispyware along with spybot search and destroy have rid the computers of the problems.Malwarebytes is ok in most cases after its been run superantispyware finds more afterwards.
I think it all comes down to a personal choice on wich program to use I just find the ones I mentioned to be much more effective.
0
SuperTacoCommented:
Tha tone did the same thing to a group of open computer we used.  As clean as we got htem, we stall had to refer to this

http://www.blackviper.com/2009/05/31/black-vipers-windows-vista-service-pack-2-service-configurations/

There should be some tools out there to do this automatically.  this one was great fo rtake care of 50 machines quickly

http://techie-buzz.com/softwares/tweak-windows-7-services-smart.html
0
younghvCommented:
joinaunion -
The reason I invited you to learn something about current malware fighting techniques was to clarify the characteristics of current variants.

It doesn't matter what tool/scanner you choose - although I haven't see anyone recommend either SuperAntiSpyware or Adware in recent memory - NO tool is going to work unless you stop the rogue processes first.

As far as SuperAntiSpyware "finding" anything after an MBAM scan, perhaps you aren't familar with the "False Postive" rate that tool has.

The Malwarebytes developers include about 15 current and former MS MVP (Security) types who stack up far better than any other company in the business.

If you would like me to arrange an EE "Private Discussion" to take this off-line, let me know and I will make it happen.
0
MRGroupAuthor Commented:
I ran System Restore in Safe Mode as you suggested and it ran successfully.  I then ran FixNCR.reg, and then MBAM.  It came up clean.  I then ran TDSSKiller and it also didn't find anything.

I think I got pretty lucky this time!  Thanks to all who respnded.
0
Run5kCommented:
Glad to help!  While I am more of a Windows 7 specialist, for future reference you will find that the articles written by Younghv and Rpggamergirl contain some very valuable advice regarding the handling of malware and viruses.  When you have a few minutes to spare, read through them... they are great IT educational material and can same you a great deal of time & effort in the future.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.