Sunday, November 27, 2011

I got infected. System Fix is a PITA

I paid my Bill Gates tax today. A virus drove right in thru Window's wide open barn door and set up shop on Blackbox, my Compaq desktop. This one turned the screen black and issued an alarming series of messages indicating hard drive failure, RAM failure, file system meltdown, and urged me to download a "fix" program. It turned off TaskMgr, and hide all my files.
I was able to use the Start menu's run option to start up Firefox and go out to www.BleepingComputer.com. Wonder of wonders, good old Bleeping Computer had a fix for this baby. I printed out seven pages of detailed instructions for killing this sucker off. Too bad the instructions only worked halfway.
Step 1 is to download and run a program (rkill.com) to kill the active virus out of memory. While running, this virus keeps throwing up whole bookcases of scary error messages that sit on top and make in difficult to run anything else, cause the damn error messages (all false) block your view of the screen. Rkill reported the filenames of the two programs it kills.
You ain't done yet, Rkill just zaps the virus out of memory. The sucker is still alive on disc and will load and execute next time you boot. What you should do as soon as rkill finishes, is use Windows Explorer to zap the two filenames rkill reports, clean off your disk.
Bleeping Computer's seven pages of kill instructions don't mention this. They direct you to download and run antivirus "Malwarebytes". This baby spends 2 hours scanning your disc for bad stuff, finds a few, but doesn't find the damn virus.
So reboot and the "System Fix" virus comes right back to life. Repeat the rkill run to zap it, and then use Windows Explorer to delete all the files and Regedit to zap all the keys the virus planted in the Registry. This works.
Total virus zap time, 6 hours.
Thanks Bill, so glad you gave us WindowsVirusMagnet XP.

3 comments:

John Hagen said...

I've several of these on my variuos computers albeit so far none on Win 7.

The first thing to do incombating this blackmail crap is to swwitch users. That way you can have access to you system without the virus blocking you.

John Hagen said...

Actually, now that I think more about it, I haven't had this problem since I switched to Mocrosoft Security Essenstials for my anti virus progam. So far it's been the best anti virus I used since I've I started using one, probably in the mid 90's.

Dstarr said...

And if Windows had any decent security we would not have to put up with this crap.