Nasty unknown virus!

[satanicguardian]

This is a video of a virus that affected a user at work, I have no idea what it's called, can anyone shed any light on this? Perhaps a removal procedure as well, I'll probably end up wiping the HDD and going fresh but it's good to know.

http://www.youtube.com/watch?v=ZauoLSfxLSg

 

[satanicguardian]

also, how do I embed youtube?

 

[dacads]

My usual procedure is running scans with superantispyware and malwarebytes, usually does the trick.

 

[BuToNz]

My usual procedure is running scans with superantispyware and malwarebytes, usually does the trick.

In safe mode of course

 

[satanicguardian]

That is safe mode, everything is greyed out or invisible ;D

 

[dacads]

haha oops

Can't even run msconfig?

 

[Chris-.-]

You need to run Regedit from Run (windows key + R) then find it in the software part and end it then end the exe from task manager.

 

[Chris-.-]

gegegeeg

delete

 

[mistercrabb]

Had this or a very similar variant recently, I'll find the tools to fix it for you in a sec!

 

[mistercrabb]

Right, this thing sucks.

First off, run combofix: http://www.bleepingcomputer.com/download/combofix/
You might need to run it from safe mode but it will kill the system recovery virus.

Then this: http://www.bleepingcomputer.com/download/unhide/.
This will make your files reappear.

You aren't finished yet!
It's probably part of a rootkit, so run this: http://support.kaspersky.com/downloads/utils/tdsskiller.exe
(I couldn't get this to run, so I had to use a kernel editor to delete a load of callback functions first - ask me if you can't get it to run!).

If it found and removed a rootkit you now need to run a virus scan like Malwarebytes - it will find a ton of viruses it didn't find before.
Good luck!

Edit: Looking at your video again it looks identical to the one I had, so the steps above should work perfectly. Don't miss out the rootkit removal step, you probably have a few other amusing viruses like google redirects that won't be picked up by your antivirus until tdsskiller removes the rootkit!

 

[decto]

Surely the problem is that system repair is installed?

System repair is Malware that fakes a totally trashed system, check google for how to remove it.

AD

 

[Meekal]

Surely the problem is that system repair is installed?

System repair is Malware that fakes a totally trashed system, check google for how to remove it.

AD

Was actually just thinking the same thing. the .exe is usually found under the users profile.

 

[mistercrabb]

Was actually just thinking the same thing. the .exe is usually found under the users profile.

It's part of a rootkit, see my post further up.

 

[KIA]

Use Kaspersky rescue disk. Update definitions before scanning. https://support.kaspersky.com/viruses/rescuedisk

 

[Deleted member 77746]

This is a video of a virus that affected a user at work, I have no idea what it's called, [/url]

Wouldn't even bother investigating. Format.

 

[satanicguardian]

Yeah, I gave up - it got a total wipe

 

[darael]

Should have made a complete image before doing so, and run the image on a VM and seeing what methods of removal worked.

 

[satanicguardian]

Should have made a complete image before doing so, and run the image on a VM and seeing what methods of removal worked.

The thought did cross my mind, but as I'm delegated to a ridiculous amount of tasks in this job role, I didn't have chance I do everything from internal IT, to Office 365 consultancy, account management, tech support and handset repairs and loan tracking! :c

 

[DirtyJester]

also, how do I embed youtube?

type...

 

[satanicguardian]

thanks