Help Incredible virus on my computer. (Read 1256 times)

  • Avatar of BloodyAsura
  • Group: Member
  • Joined: Sep 10, 2008
  • Posts: 82
Okay, I've looked on many support forums before I decided to post here.

First, let me explain (as far as I can see) how this virus affects my computer:

1) "Run" doesn't show up on my start menu. Pressing "Windows" & R (command shortcut for Run) tells me:
This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.
Well, I'm not on a networked computer, and the virus hasn't created any administrative login above my own.
2) Pressing Ctrl+Alt+Del give me the message:
Task Manager has been disabled by your Administrator.
3) Going into cmd.exe tells me something similar, basically I don't have privileges to access command prompt.
4) I am also blocked from editing my registry.

4) Certain I.E. support websites and downloads (Windows Service Pack 2/3/4) either won't load, or open briefly and close almost instantly. PCTech.com (or whatever) gives me message website cannot be loaded. In fact, any website/download that would offer me support/relief from this virus either won't work, or opens/closes quickly (no matter what I do!)

5) HiJackThis! opens briefly and closes.
6) CCleaner opens briefly and closes.

7) This is the best part. System Restore is "permanently disabled" (so tells me Windows) and loading in Safe Mode gives me a blue screen that basically says that Windows encountered an unknown error and cannot continue. Please check your computer for viruses etc.

8) Any current AV software either:
Opens and closes quickly
Tells me that the scanner is unavailable because its currently scanning
and, one AV/Malware software found the problem, and removes it when I ask, but the next time I log on it appears again, and again.

PLEASE HELP!!!
Last Edit: October 05, 2008, 07:23:06 pm by BloodyAsura
  • C-Flow FTW!
  • PipPipPipPip
  • Group: Premium Member
  • Joined: Jan 16, 2008
  • Posts: 571
I don't really know what to say besides back up important shit, media, music photos, etc. and do a clean install of your OS, if this is possible. I mean it's not the most convenient solution i know, but we've all pretty much down this road. Get an external HDD, if you havent already and back up your computer every so often, if you're not already doing so.

sorry for the shit advise but thats all i can think of atm

edit: if you have dont have your computer manufacturers driver cd, or something like this, and you decide to reformat - download your drivers first and save them on an external or flash. It'll just be easier later if you decide to do this.
Last Edit: October 05, 2008, 07:28:31 pm by Cyborgasm
Quote from: Louie82Y
LOLWTU? You teh luight sbarMAN N9WOAIWIA !I AM ONE TOTO IM A MAST OMFG LINK BREAK ONSKAE AND BUGS ANG GUTS AND ASTLOOS SOTNES STEOPSDMS PLEASD SAMAKE ME ADMIN
  • Avatar of BloodyAsura
  • Group: Member
  • Joined: Sep 10, 2008
  • Posts: 82
I don't really know what to say besides back up important shit, media, music photos, etc. and do a clean install of your OS, if this is possible. I mean it's not the most convenient solution i know, but we've all pretty much down this road. Get an external HDD, if you havent already and back up your computer every so often, if you're not already doing so.

sorry for the shit advise but thats all i can think of atm

edit: if you have dont have your computer manufacturers driver cd, or something like this, and you decide to reformat - download your drivers first and save them on an external or flash. It'll just be easier later if you decide to do this.

Thankfully, I have all of the drivers and stuff. However, this is the solution I'm trying to avoid. If I go down that road, I'll have to buy an external HDD first :p

If anyone has seen or heard of this virus before, I would apprecite any ideas or tip. Otherwise, Ill have to spring the money and format.
  • C-Flow FTW!
  • PipPipPipPip
  • Group: Premium Member
  • Joined: Jan 16, 2008
  • Posts: 571
yeah, even if you don't have to reformat, an external HDD or some sort of storage medium would be good anyways. Data loss is not a matter of IF it will happen its WHEN.
Quote from: Louie82Y
LOLWTU? You teh luight sbarMAN N9WOAIWIA !I AM ONE TOTO IM A MAST OMFG LINK BREAK ONSKAE AND BUGS ANG GUTS AND ASTLOOS SOTNES STEOPSDMS PLEASD SAMAKE ME ADMIN
  • Avatar of Barack Obama
  • PipPipPipPipPipPipPipPipPipPip
  • Group: Premium Member
  • Joined: Jun 16, 2008
  • Posts: 5244
backup reformat and reinstall windows
  • Avatar of something bizarre and impractical
  • It's The Only Thing.
  • PipPipPipPipPipPipPipPip
  • Group: Premium Member
  • Joined: May 17, 2004
  • Posts: 2104
My friend had something similar and it wouldn't let him open his C drive. I think he had to open WinRAR and go to EXPLORE or something like that. Then he saved what he could and reformatted.
  • Avatar of ATARI
  • Lichens!
  • PipPipPipPipPipPipPipPipPipPip
  • Group: Premium Member
  • Joined: Oct 26, 2002
  • Posts: 4136
heh .... looks like it worked after all :gwa:
  • Insane teacher
  • PipPipPipPipPipPipPipPipPipPip
  • Group: Premium Member
  • Joined: Oct 8, 2002
  • Posts: 10515
holy fuck a virus that detects what websites you type in. that's pretty boss, if awful.
brian chemicals
  • BAA2U
  • PipPipPipPipPipPipPip
  • Group: Premium Member
  • Joined: Aug 7, 2007
  • Posts: 1403
I highly suggest a reinstall of windows. If you are really determined to clean it out, I suggest posting your issue at some far more specific forums than this one.
  • Will you walk the realms of Chaos with me?
  • PipPipPipPipPipPipPipPipPip
  • Group: Premium Member
  • Joined: Mar 20, 2006
  • Posts: 3525
holy fuck a virus that detects what websites you type in. that's pretty boss, if awful.

it's just a type of blacklist, it's nothing special really. the hard part is locking out every single one of them!


yea, i'd just backup & reinstall.

sux
  • Avatar of The Magi
  • The Plucky Pedagogue
  • PipPipPipPipPipPip
  • Group: Member
  • Joined: Aug 24, 2002
  • Posts: 973
I actually had a virus like this once. It took me five hours to remove it but completely crippled my registry and I had to eventually reformat anyway. Does this virus by chance have anything to do with AntivirusXP 2008? That program will often install a rootkit even if you decline to actually install the rogue spyware program. Either way it sounds like a rootkit is causing all of your problems, including stuff like this:

Modifying your HOSTS file to block a very large range of tech and support related websites and also changes certain search engines to always redirect you to junk ad websites. It will also stop you from connecting to malware protection program update websites, so your software won't execute at all in circumstances. It also disables many of your windows functions such as taskbars and desktop backgrounds. You can do some things to stop it long enough to save your data, but I'm going to say there's a very high chance your only option is to reformat.

Here's what you should try to obtain so you can get enough control back to salvage your data: Try using XP Security console to get back all that stuff which the computer disabled. I'd also recommend downloading UnHackMe and Malwarebytes Anti-Malware. Unhackme will remove a host of dangerous programs and rootkits and will do it during the boot sequence so the computer can't stop you from it. Afterward, you might also want to download and run Sysinternals Process Explorer to view some hidden processes that the task manager doesn't report. Good luck......

e: to clarify i actually meant the rootkit is masking all these effects so you can't find the source
Last Edit: October 06, 2008, 09:41:24 am by The Magi
Balmung Cycle Part I: Completed Game
  • Avatar of Archtemplar
  • Nuckle Child
  • Group: Member
  • Joined: Nov 27, 2004
  • Posts: 48
Brutal virus.

Everyone, though, should have annual or biannual reformatting practices to keep their PCs running smoothly.

  • Avatar of BloodyAsura
  • Group: Member
  • Joined: Sep 10, 2008
  • Posts: 82
I actually had a virus like this once. It took me five hours to remove it but completely crippled my registry and I had to eventually reformat anyway. Does this virus by chance have anything to do with AntivirusXP 2008? That program will often install a rootkit even if you decline to actually install the rogue spyware program. Either way it sounds like a rootkit is causing all of your problems, including stuff like this:

Modifying your HOSTS file to block a very large range of tech and support related websites and also changes certain search engines to always redirect you to junk ad websites. It will also stop you from connecting to malware protection program update websites, so your software won't execute at all in circumstances. It also disables many of your windows functions such as taskbars and desktop backgrounds. You can do some things to stop it long enough to save your data, but I'm going to say there's a very high chance your only option is to reformat.

Here's what you should try to obtain so you can get enough control back to salvage your data: Try using XP Security console to get back all that stuff which the computer disabled. I'd also recommend downloading UnHackMe and Malwarebytes Anti-Malware. Unhackme will remove a host of dangerous programs and rootkits and will do it during the boot sequence so the computer can't stop you from it. Afterward, you might also want to download and run Sysinternals Process Explorer to view some hidden processes that the task manager doesn't report. Good luck......

e: to clarify i actually meant the rootkit is masking all these effects so you can't find the source

I haven't tried, or ever heard of, UnHackMe.

I have nothing to lose. I will try it once I get home. Thanks!!!

I *did* try Anti-Malware, and while it didn't open and automatically close, it found my virus but couldn't permanently delete it. It would come back almost immediately (just leaving the program open!!!) Insane.

PS - I haven't formatted yet :P I'm still waiting for my external hard drive to reach my home (online ordering, ugh. Should have just went to physical store)
Until then, I will just use my computer to the best of its ability (it isn't severly CRIPPLED, thank god--honestly, it's minor annoyances more than anything. I like having Run and Task Manager :P)
  • aye ess dee eff el cay jay ache
  • PipPipPipPipPipPipPipPipPipPip
  • Group: Premium Member
  • Joined: Jun 24, 2005
  • Posts: 5149
what's the name of the virus it's finding? maybe do a search for it along with 'removal.' if the websites it's on are blocked, use google's cached version which should still show up.
I USE Q'S INSTEQD OF Q'S
  • Avatar of BloodyAsura
  • Group: Member
  • Joined: Sep 10, 2008
  • Posts: 82
Good idea!

I will try that now. I will also try the UnHackMe program, and I will post any updates.

Hopefully, I won't have to resort to formatting. I always wanted an external HDD anyways :P.
  • Avatar of big ass skelly
  • Ò_Ó
  • PipPipPipPipPipPipPipPipPipPip
  • Group: Premium Member
  • Joined: Oct 12, 2002
  • Posts: 4313
I did it. i gave you the virus

not really lol but wouldnt that be spooky :o
  • I fear and I tremble
  • PipPipPipPipPipPipPipPipPipPip
  • Group: Premium Member
  • Joined: Aug 21, 2005
  • Posts: 6162
Man I almost thought I had this virus because my pw was wrong when I got home and I thought I took pw protection off in the first place but it worked when I restarted so...
DEUCE: MEETING THE URINE UP CLOSE AND PERSONAL AND REALIZING IT'S JUST LIKE ME AND MY PREJUDICES  THIS WHOLE TIME WERE COMPLETELY FFFFFFFFFFFFFFFFFFF PTTTTHTHTHH GOD IT'S EVERYWHERE<br />DEUCE: FUCK THIS TASTES LIKE PISS<br />PANTS: WHERE IT SHOULD TASTE LIKE COTTON CANDY OR PICKLES<br />DEUCE: OR AT LEAST LIKE URINE NOT PISS
  • *untis* *untis* ^
  • PipPip
  • Group: Member
  • Joined: Feb 11, 2008
  • Posts: 247
Got XP? Exit to login screen, press ctrl+alt+delete twice and then type administrator for username and leave password blank, press enter.
 Did this when I had a virus blocking me from using Cmd prompt and task manager at some point.

 This'll log you in as root administrator. VIRUS GOT OWNED :D
How about no!? You are an idiotic version of a baboon.