Virus followed by boot error

I've run a hard disk check utility and a checkdisk from command prompt on the drive and it came back ok - so it's definitely a virus. It was reporting all sorts of RAM errors too.

Got combofix so if I can sort the boot error then hopefully I can get rid of the nasties.
 
Six6siX said:
If you can download and burn GParted to CD to check the partition layout, that'd give you a better idea of what is going on and change active partitions.
Click to expand...
Legend - next time I'm in your neck of the woods I owe you a beer.

GParted allowed me to set the correct partition back and I'm now back into Windows. Next stop, the Virus...
 
I have come across this myself and there is no problem with the disk, its a malware problem. At some point someone has accepted the download / install of a nasty little program which pretends to be the OS and says you have a problem with hardware (when you actually dont) it then says it can fix it but at a cost
 
The idiot let his McAfee subscription lapse so no wonder he got rumbled by this little sucker.

Proving a bit of a bitch to get rid of too, it slows down/stops pretty much everything on the laptop as soon as Windows loads.

I've tried to install Combofix as suggested earlier but it said it was a virus itself so aborted!
 
I think I've sorted it, once I un-hid protected operating system files there was a program sitting in C:\Program Data which matched the name of the .exe file that was running this apparent Windows 7 Recovery process.

I killed the process then deleted the .exe plus some other .dat files that were named the same and it hasn't come back.

I ran Combofix and it produced a report that didn't make any sense to me, so I tried Malwarebytes too which found nothing after a full scan. I'm currently removing McAfee and will install MS Security Essentials which I've used for a year or two myself without any problems.
 
Kewl...sounds about right. I would however google it, because some are nasty buggers and reappear after a few boots...
 
Big Chris said:
I think I've sorted it, once I un-hid protected operating system files there was a program sitting in C:\Program Data which matched the name of the .exe file that was running this apparent Windows 7 Recovery process.

I killed the process then deleted the .exe plus some other .dat files that were named the same and it hasn't come back.

I ran Combofix and it produced a report that didn't make any sense to me, so I tried Malwarebytes too which found nothing after a full scan. I'm currently removing McAfee and will install MS Security Essentials which I've used for a year or two myself without any problems.
Click to expand...
usually at the top of the report it tells you if it removed any files. do you still have the report?
i'd be suprised if combofix didnt know of the malware and how to remove it.

i tend to stick avast AV on my families computers its free and auto updates it self all the time. you get a "antivirus has been updated" voice message everytime to :D does my wifes head in lol
 
Not sure where it stored the report, it opened in a text file once the scan had finished.

By this point I'd deleted the files I mentioned previous which seemed to resolve the problem though.

Thanks for all your help on this guys, very much appreciated :)
 
Surprised no one mentioned the Windows Recovery Malware thats been going around lately:

windows_recovery.jpg


My Dad had it last week, freaked him out as it told him that his hdd had failed.

All you need to do was to end the processes (and find their location - somewhere in Roaming), run a program called rkill, then another called unhide:

http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery

In case you come across it again ;)
 
You must log in or register to reply here.
Back
Top Bottom