PC Pharked

[MikeP]

Totally, it seems.

Ever heard of win32/ramnit ?

Yesterday, a Java signature dialogue box popped-up. I didn't do anything except clicked the exit x in the corner. Next thing MS Security Essentials went mad warning of virus invasions. Up to 2,000 at one point.

Security Essentials crashed. I tried re-installing it but Firefox would never connect to any security or anti-virus websites.

So I went and bought a disk (Bullguard anti-virus), loaded it and scanned. It found 300+ virus infected files not including umpteen affiliated trojans.

Re-booted, re-connected to the web and just finished running the AV again, this time 3,300+ infected files.

I've searched the web (via my steam-powered laptop) and the advice is to run regedit and find the file in the system. It's not there.

Nor can I start in safe mode. I hit F8 and the option appears but it always ends in the blue screen of death.

So I don't know what to do now except junk the hard-drive and start again.

 

[Alpha]

you dont need to junk anything. everything still works. i would simply reinstall windows and when given the option delete the partitions, reinstall partitions and reformat then install. once you have a clean boot install a new antivirus. i recommend AVG (its free) than your good to go.

in the future dont click anything. they code the rex cross to mean something completely different to close and effectively you have clicked accept.
use Alt plus the F4 button to shut down unwanted windows and if in doubt get the task manager up and force shut the browser rather than click

Once you get one of these little barstuards a complete refreshed install is the only safe way to get rid i am afraid

Dave

 

[Micky]

Maybe you don't want to hear this Mike .... but MAC is the way

Commiserations

 

[shugie]

I'd not play with regedit to start with. Can you boot in safe mode, run a programme called "msconfig.exe". On the first page choose selective startup, on the startup tab unclick any service you are not sure about (note which ones you've unticked) on the services tab tick the box at the bottom to hide microsoft services, then go through and untick any service you are not sure about. In both startup and service you need to look for any programme whose name is a jumble of characters in a subdirectory that is a different jumble of characters - note the location of that directory.

Then restart the machine in normal mode, start firefox, go to tools -> options -> network settings and make sure the "no proxy" box is ticked. Try to access the internet, and if you can, go to malwarebytes.org and download (free version is fine). Run that and let it see what it can find, again anything with a jumble of characters is suspect and the folder needs deleting.

Takes less time to do then it took me to write, barring the malwarebytes scan.

 

[Paul12]

Hi Mike,

Try following this removal guide: http://realsecurity.web.officelive.com/removemalware.aspx

It should help solve your virus problems.

 

[Dragon Master]

Or, if your machine will do it, follow the link in my signature...

 

[jumperboy]

There's loads of these around at the minute, upgrade to IE9 its more secure than previous versions.

To kill the malware use this Norton tool, I've used it several times:

http://security.symantec.com/nbrt/npe.aspx?lcid=1033

Cheers

john