HELP!! I think my PC got a massive virus!!

6644kp · 6 Jun 2011 at 15:40

Usually when my laptop catches a virus I just do a system restore and everything is fine but now i did three system restores and still the same problem.

This is how it started, i get a warning saying there are problems with my ide drives and something pops up calling itself Windows Repair something so run the scan and it says it fixes something such as RAM overheating and slow boot drives. but now when i start it up i cant see any of my pictures or videos or documents. when i click the folders they are empty but when I right click on them i can see they are still there and I can even watch some of the trough the Recent Items bar also they are there when I copy them over to another computer by copying the entire host folder. But on my own computer nothing is there :confused:

I also suddenly cant launch firefox 4 and google toolbar has dissapeard plus ATI catalyst control center keeps saying host application has stopped working and gives me this error log

Description:
Stopped working

Problem signature:
Problem Event Name: CLR20r3
Problem Signature 01: ccc.exe
Problem Signature 02: 2.0.0.0
Problem Signature 03: 469cdc9c
Problem Signature 04: mscorlib
Problem Signature 05: 2.0.0.0
Problem Signature 06: 48ead7c2
Problem Signature 07: f4f
Problem Signature 08: 7
Problem Signature 09: N3CTRYE2KN3C34SGL4ZQYRBFTE4M13NB

Please help do i have to reinstall windows??

miniyazz · 6 Jun 2011 at 15:44

Yup

Take the opportunity to get an SSD while you're at it.. also some AV software

Dano · 6 Jun 2011 at 15:44

Safe mode with networking, malwarebytes full scan, reboot.

Big Chris · 6 Jun 2011 at 16:35

This sounds like the same thing I'm currently battling here:

http://forums.overclockers.co.uk/showthread.php?t=18281936

I've gone and made it worse by fiddling with the drives in Safe Mode, but hopefully I can resolve that and will have a go at killing the virus after that. Will be interested to see if you get rid of yours successfully.

6644kp · 6 Jun 2011 at 17:17

Tried the malwarebytes program, took an hour and ten minutes and found 16 objects that I deleted but unfortunantly it did not work and the problem persists.

Does anyone have any other suggestions otherwise
I guess I got no chioce but to install a fresh copy of windows and admit defeat

Big Chris · 6 Jun 2011 at 17:23

The chaps in my thread suggested an app called Combofix which is worth a shot.

6644kp · 6 Jun 2011 at 17:50

Big Chris said:
The chaps in my thread suggested an app called Combofix which is worth a shot.

tried that too and problem still persists, guess there is nothing to it than to copy my files and install and new copy of windows

Hairybudda · 6 Jun 2011 at 17:54

rkill + combofix, rkill to kill the process that's hiding the malware then combofix to root it out.

Destination · 6 Jun 2011 at 17:57

rkill, malwarebytes
safemode repeat
back to normal mode, repeat

SparkyG · 6 Jun 2011 at 17:59

It may be better to just re-install windows (presuming you can save all your data) that way you know its definately gone

6644kp · 6 Jun 2011 at 20:50

tried the rkill+combofix in safe mode but the problems still persist, this one tough piece of **** malware.

tommorow i'll reinstall windows, got no chioce

HighlandeR · 6 Jun 2011 at 20:58

Id go one step further

Reboot PC and hit F8>Safe mode with networking
Run Rkill
Run combofix > hit yes to check for updates then full scan
Run Malwarebytes > hit yes for updates then full scan
Run Superantispyware > hit yes for updates then full scan

So important to update 1st then run the scans....otherwise u just miss out on half the newer bugs !

Failing all that kaspersky rescue cd... and update via networking and full scan.

Pretty much does the trick everytime for me

ron3003 · 6 Jun 2011 at 21:04

Turn off system restore before running the suggested fixes here as it's probably hiding in there.

iviv · 7 Jun 2011 at 01:35

SparkyG said:
It may be better to just re-install windows (presuming you can save all your data) that way you know its definately gone

This. When a virus has wormed its way so deep, you won't know if you've completely gotten rid of it or not, the only way to be sure is a format.

burtie · 7 Jun 2011 at 07:36

Big Chris said:
This sounds like the same thing I'm currently battling here:

http://forums.overclockers.co.uk/showthread.php?t=18281936

I've gone and made it worse by fiddling with the drives in Safe Mode, but hopefully I can resolve that and will have a go at killing the virus after that. Will be interested to see if you get rid of yours successfully.

I had the same virus last night I could not do anything with my pc. I formated straight away, first real virus i've ever had.

Big Chris · 7 Jun 2011 at 08:09

I managed to sort mine... when the Windows Recovery box pops up, start Task Manager and look for an .exe called random numbers and letters eg. 48RZ2F4SK1.exe and kill it. Also check in the System Tray/Notification Area for something called Windows GDI (or similar) which is reporting these apparent HDD/RAM errors and kill that too.

The nasty on the laptop I was having trouble with was actually sitting in C:\Program Data having unhidden hidden files and protected operating system files, there was also a shortcut to it on the desktop called 'Windows 7 Recovery' which was hidden too. Now I've deleted all the associated files it seems to have gone. Malwarebytes and MS Security Essentials have both completed full scans of all drives with nothing found.

ChaosdaJoker · 9 Jun 2011 at 17:56

Today a friend from work told me he was getting a pop up about catalyst control center, so i went to look at it,

On a clean boot of the system the message displays on start up, then again after a few minutes, but places the new pop up onto of the old one, so you have to click on OK for both,

I scanned the system with Malwarebytes and it found a few, and some nasties too, removed them all yadda yadda, but the problem persists, of course searching for a fix to this goes back to 2008 and apparently ATI/AMD still have no hotfix other than formatting to fix it,

Hes not sure if he downloaded any nasties of or his kids may have, he has no unusual icons on desktop or system tray, the only 2 strange things i noticed on his system where in the start menu, there was 2 Internet Explorer Icons, one that said,

Internet
Internet Explorer

and the other just said

Internet Explorer,

Now im fairly sure the 2nd one is a left over malware of some sort, the other thing i noticed was that when i went to use the RUN command, he had no accessories tab at all, i had to manually go and find the RUN exe to use it, something hiding it maybe???

Hes on Windows Vista 32bit if that helps,

He uptodate on the drivers for everything, being its ATI and ive never played about with them, im not sure if its a driver issue or something worse.

Puppetmaster · 9 Jun 2011 at 22:29

The easiest way to get rid of these fake av's is to boot into safe mode and work out where they are located. Normally in App data or program data. If you have an icon, just right click it and open target location. Turn on hidden file / folder viewing and remove "hide operating system files" or whatver its called. The files are normally just a random selection of numbers / letters. Look for exe's created / modified on the day when you got it.

I'm forever removing these. If you manage to get rid of it that way, i would suggest deleting any sytem restore points and turn it off.

Run combofix in safe mode, then malware bytes, spybot and A Squared Emergency Kit (http://www.emsisoft.com/en/software/eek/ - Run the emergency scanner).

Once thats done run your anti virus.

You can even stop it running by removing it from the registry if you wanna go real hard core about it.