Well, my computer is infected. Great.
#1
An hour or so ago, my computer suddenly locked up while browsing the Internet and whitescreened. The screen was then replaced by something looking a lot like this:

[Image: FBI-Virus.png]

I recognized this as a virus immediately -- Alblaka, the creator of the Minecraft mod Industrial Craft 2, reported a similar one in his blog a few months ago.

I tried to reboot my computer in safe mode, but Windows crashes almost immediately while going through the list of drivers, saying there's an issue and the computer is either infected or corrupt (yes, I know that, Bill Gates).

I rebooted it normally, and right away the little Microsoft Security Essentials button in the bottom left popped up with "Your computer is at risk!" so I clicked it. A few seconds later the virus reinitiated. I tried Ctrl+Alt+Delete and also the Windows icon to try to bring up the start menu, but neither worked. Fortunately, the MSE window then appeared, and the virus page vanished, so I'm currently running a full system scan on it. I pulled up Firefox through a link to "Learn more about this online" on an old quarantined suspected program from like a year ago. The bad thing is, just about everything the Web has to say about how to get rid of this thing involves going into program files or doing a system restore, and the virus appears to have killed explorer.exe. Start menu is gone, desktop is gone.

Any ideas how to:

1) Open command prompt via hotkeys

2) Open system restore via hotkeys

3) Open a Windows folder via hotkeys, i.e. My Documents, My Computer, Control Panel, etc.

Like I said, it's able to and is currently running a full-computer scan, but this could take a few hours.

EDIT: It's found two things, double-checked with the online encyclopedia of malware, and it matches what's going on. Hopefully that means that once I reboot Windows it'll be gone.
Reply
#2
Restart your computer while holding down the F8 key. There should be an option to use safe mode, which should stop the virus from starting and let you get rid of it.

If you can't remove it yourself, MalwareBytes is pretty good: http://www.malwarebytes.org/
Reply
#3
Safe Mode was the first thing I tried, but like I said it causes a crash before it can do anything, causing the Blue Screen of Death.

I think I already have MalwareBytes on this thing, but I have no way to access it because the virus killed the Start menu and the Desktop.

Edit: GAH! I thought I had it there for a moment! I went and downloaded MB setup anyway, but because of the way Firefox handles exes, it just saved it to my downloads folder... and pulled up the downloads window. Right-click the file, "open containing folder", and bam! Windows relaunches. Start menu and desktop are back. Yay, right?

Two seconds later: FEDERAL BUREAU OF INVESTIGATION HAS QUARANTINED YOUR COMPUTER

Two seconds after that: Microsoft Security Essentials is cleaning detected threats. No action needed.

Five seconds later: Dell Quickset pops up (never seen THAT program before) and the virus page is gone again, but so are Desktop and Start menu.

-----

Two minutes later: YES! There was a button on that Dell Quickset for System Information... leading to System Restore!
Reply
#4
you need to open safe mode with command prompt and then type run explorer.exe

alternatively ctrl alt del, open task manager and from there click file > new task > explorer.exe
Reply
#5
Okay, System Restored to a week ago, combined with MSE scan, finally got rid of it, so it seems. I overcomplicated things, clicking "help" on the after-reboot System Restore page, going through the Help box to the Windows XP Help and Support center, searching through it for an Internet link, opening Firefox through that, figuring out that you need file:// prefixed in the address in Firefox to open computer folder indexes, opening a link to Internet Explorer that way, using IE to open a normal file folder window, and going from there searching for files listed in the "how to remove this virus" page I googled, but none of them existed.

But all I really had to do was click the little "OK" button on System Restore for it to reawaken explorer.exe.
Reply
#6
Stop watching POpcORN.
Reply
#7
Yes, because obviously it's a legit government notice.

There's obviously no problem that it explains it's blocked my IP address, yet my computer gets locked, which are totally not two different things.
Reply
#8
http://www.ubuntu.com/
[Image: KbMTk.png][Image: uC9A1.png]
Reply
#9
>he uses ubuntu

>since when does greentext work here
Reply
#10
greentext?
And he uses Windows XP. Basic.
[Image: 2eehsib.gif]
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)