Virus Scare . . .

Replicator

New Member
AAG got the worst virus I have ever seen on one of our computers this morning.

it was called SMSS32.EXE, only I didn't know that because it disguised itself as WORM.WIN32.SPYNET and it

disabled the TaskMgr, the Regedit and all other spyware tools to try and remove it . . . I really thought it had me beat.

I couldn't boot into SafeMode either and if I attemped to launch ComboFix the system froze . . . I was truly ready to give up.

I tried re-enabling the TaskMgr through several command line options that were unsuccessful and then I found

a great utility called : xp_emergencyutil.exe (http://www.dougknox.com/xp/utils/xp_emergencyutil.zip) which places copies of the TaskMgr, Regedit and MSConfig

in a C: directory folder. The virus doesn't know to block those copies, so I finally gained access.

I found the running app SMSS32.EXE and also found a second virus on it's coat tails called IS2010.EXE which is

a fake internet security 2010 app that is also hard to abolish, but once I had access to those exe's I was able to

shut them down and begin the removal process using MalwareBytes.

It took a long time, but there has never been a virus that I could not defeat, so I'm glad my record stands at 100%.

NOTE : Apparently AVG vanished off of the computer somehow:help
I have since put Microsoft Security Essentials on this machine which I have found to be a very dependable program.

:omg2:
 

Bradster941

New Member
Cool,

going through the same thing right now though I think the virus on the laptop is called 2008.

It did disable everything including AVG but was able to boot in safe mode, then drop to DOS.

Still though, still haven't been able to defeat it.


Good job and good record of 100%.


Brad.
 

Replicator

New Member
Here are the tools I use for XP ONLY . . .
 

Attachments

  • tools.jpg
    tools.jpg
    43.9 KB · Views: 32
S

scarface

Guest
I got a virus the other day when i entered a sign website, AVG prompted that it was unsafe but i clicked the wrong button and it went into the site. I then got internet security 2010 virus and finally kicked it's *** with avg scan, hijack this and malware bytes.
 
I save everything important to removable media. I run a barebones system software wise, with two instances of Windows installed on the same drive. If one gets messed up, boot up the other and fix it with tools saved on removable media, or just snatch them from the other windows folder on the hard drive...
 

Keith Rae

New Member
hey Rep, thanks for the warning. Do you know where they came from? Email, attachment, web sight, a disguised app. kids downloading games? so the rest of use can avoid it.
 

Replicator

New Member
I have absolutely no idea where it came from . . .

This particular computer is used for nothing but web and image maintenance for one of our business websites.

Although it does do internet searches and forums . . .

My guess is that something popped up while doing a web search and got clicked because it looked like an official alert.

You know how that goes . . .

I never click on pop ups, in fact, I try to teach everyone that if something pops up just hit Ctrl-Alt-Del and close the browser,

That is the safest course of action to take, to avoid be exposed to such threats !
 

threeputt

New Member
Yep, something got me Friday. Unable to boot up. Machine just kept running in an endless loop at startup.

Now, machine is at the computer shop. Should get it back this morning, I'm told.

Who are these people who send these things out?
 

Graphics2u

New Member
I had that Same type of virus 2 weeks ago. Appears to be a antivirus program. I spent three hours one morning trying to get my computer cleaned up. Then after a scan with Microsoft Security Essentials my computer needed to restart and it never booted up again! Couldn't use safe mode, nothing! The windows XP screen would pop up and then in 2 seconds go to Blue Screen error. Tried to fix it for a day or so before I finally had to do a Recovery from Original Discs.

I use a Windows Home Server So I had all my files, but what a pain and loss of time! And the Virus looks very much like Microsft Security Essentials is running and telling you to uprade your virus protection, the popup warnings are almost identical to MSE.
 

Gene@mpls

Member
Thanks for the info. I just cloned the HDs on all my critical computers this weekend with True
Image- have a couple of not so critical to go. Hoping that will save my bacon
someday.
 

strypguy

Member
I've had good luck removing the fake antivirus viruses. As long as you do not hit anything on the desktop related to the vurus after the virus pops up on your screen. Most people want to exit out of the pop up and that actually installs the virus on your computer.

If you simply go to start menu and get to your system restore. Do a restore point a few days back and the virus is gone. It's worked for me the last three times this problem occurred on my computers.

Depends on the virus but it works. A friend of mine told me about it and he owns a computer repair store.

Again, doesn't work in every instance, but it's woth a try if the virus has not already taken over your computer.

John
 
Top