Rc Mushroom virus
#32
Tech Regular
iTrader: (2)
Even then, those programs may not remove the remnant leftover files or Registry entries, but nobody should be poking around there if they don't know about it, anymore than a person who doesn't know about car engines shouldn't be removing their cylinder heads or replacing injectors...but at least those programs will cripple the malware enough that your computer should work normally again.
Failing that, do what people do when their car has problems: take it to an experienced service technician.
#33
If this infection is the same one I had to fix on someone else's computer. It hides your system files, so you cant get to the downloads folder to start malwarbytes. You can click "open file when downloaded" to start. But upon reboot it will be hidden again. You need another script that unhides all the system files at the same time.
#34
Tech Regular
iTrader: (2)
It actually hides all the folders inside the infected user's profile folder; in Win XP, that's all the subfolders beneath C:\Documents & Settings\<profilename>; in Win 7, it's C:\Users\<profilename>. The My Documents, Downloads, etc. folders are inside those profiles, which is why you can't find the downloads.
The "Folder Unhider" is a tiny program that's about 493 KB and automatically unhides them. I can't remember where I downloaded it from, but you can probably find it without much trouble.
Of course, it's important to first identify which running process is doin' the nasty, and Ending Task on it. If it doesn't auto-load itself right away, you can delete that executable and look for Registry RUN key references to it, and delete those too. If it auto-loads itself, things get more complicated.
The "Folder Unhider" is a tiny program that's about 493 KB and automatically unhides them. I can't remember where I downloaded it from, but you can probably find it without much trouble.
Of course, it's important to first identify which running process is doin' the nasty, and Ending Task on it. If it doesn't auto-load itself right away, you can delete that executable and look for Registry RUN key references to it, and delete those too. If it auto-loads itself, things get more complicated.
#35
Tech Apprentice
I also believe that Malwarebytes can fix it alone. Didn't remind if it unhide folders or not though.
#36
Tech Regular
iTrader: (2)
Malwarebytes won't unhide folders. It also won't repair overwritten file associations, replace deleted Start menu shortcuts, and probably won't remove a functioning rootkit. MWB is an excellent program for what it does, but it's only one of many tools a person needs to do a thorough system clean...not to mention just having knowledge of where that crap hides and what the malicious files themselves look like (as far as filenames go).
I usually find those "Warning: your computer may be infected" type of malwares begin by sticking themselves in an infected user's "Application Data" and "Local Settings\Application Data" folders. Once you've terminated the offending running process(es), you can usually quite easily just delete the malicious files & folders right in those 2 locations, which effectively cripples it enough that antivirus & anti-malware programs can scan & remove the rest.
I usually find those "Warning: your computer may be infected" type of malwares begin by sticking themselves in an infected user's "Application Data" and "Local Settings\Application Data" folders. Once you've terminated the offending running process(es), you can usually quite easily just delete the malicious files & folders right in those 2 locations, which effectively cripples it enough that antivirus & anti-malware programs can scan & remove the rest.
#38
Tech Adept
Anybody know if it is still a problem?
Jason
Jason
#39
just barely catching up with this thread. i got this thing a couple of weeks ago too. pretty crafty virus. won't let you do much. even with an open browser.
i downloaded the fake anti-virus remover: http://esupport.trendmicro.com/Pages...oval-Tool.aspx
loaded, ran it, and it was gone.
i downloaded the fake anti-virus remover: http://esupport.trendmicro.com/Pages...oval-Tool.aspx
loaded, ran it, and it was gone.
#40
Tech Master
iTrader: (19)
It actually hides all the folders inside the infected user's profile folder; in Win XP, that's all the subfolders beneath C:\Documents & Settings\<profilename>; in Win 7, it's C:\Users\<profilename>. The My Documents, Downloads, etc. folders are inside those profiles, which is why you can't find the downloads.
The "Folder Unhider" is a tiny program that's about 493 KB and automatically unhides them. I can't remember where I downloaded it from, but you can probably find it without much trouble.
Of course, it's important to first identify which running process is doin' the nasty, and Ending Task on it. If it doesn't auto-load itself right away, you can delete that executable and look for Registry RUN key references to it, and delete those too. If it auto-loads itself, things get more complicated.
The "Folder Unhider" is a tiny program that's about 493 KB and automatically unhides them. I can't remember where I downloaded it from, but you can probably find it without much trouble.
Of course, it's important to first identify which running process is doin' the nasty, and Ending Task on it. If it doesn't auto-load itself right away, you can delete that executable and look for Registry RUN key references to it, and delete those too. If it auto-loads itself, things get more complicated.