Is there any easy way of removing this please?
I have Googled it and found many tools claiming to do it but I'm not convinced.
I've also found instructions for removing it manually but it involved deleting keys from the registry which I'm not rally confident abour doing unless I have to.
I have managed to 'unhide' the hidden files and folders to restore the desktop and make it workable on for the moment but gave up in despair last night.
Incidentally, the laptop was running MSE amd even after a full scan, it found nothing which worries me as it is so obviously there.
Pat
|
We probably need more info on the actual symptoms - is this a message that appears? If Windows will let you, I would try a System Restore to a just date before the problem appeared. The process is reversible if this doesn't correct your problem.
|
I always assumed that a good antivirus programme would trap all viruses until my previous computer caught a virus that PC World couldn't remove.
|
Here are the symptoms
www.wiki-security.com/wiki/Parasite/SystemCheck
It did all of these and issued pages of warning messages. It can't be closed and it disable the task manager so it won't close that way either.
Pat
|
>> it disable the task manager >>
As recommended by Kaspersky in the link posted above, and by others, one step that you need to take is:
QUOTE
Use the real registration licence key and a fake email to register System Check malware. This will allow you to download and run any real malware removal tool you like and restore hidden files and shortcuts.
Choose to activate "System Check" manually and enter a fake email and real activation exactly code as below:
madeupfake@email.com
1203978628012489708290478989147
UNQUOTE
Last edited by: John H on Sun 5 Feb 12 at 09:42
|
>> Here are the symptoms
www.wiki-security.com/wiki/Parasite/SystemCheck >>
Note that Wiki-security has no connection with wikipedia.
"Wiki-Security is a website owned, maintained and operated by Blue Phantom Marketing, LLC. Blue Phantom Marketing, LLC. is an authorized reseller of SpyHunter."
That article directs you to use "spyhunter", but be warned:
www.wilderssecurity.com/showthread.php?t=210561
Last edited by: John H on Sun 5 Feb 12 at 09:53
|
This virus is usually installed as a result of "user action", i.e. you are tricked in to clicking an offer to do a free system check. Is that how you got it?
Solutions:
1. easiest is system restore (as Victorbox said); try if it works for you.
2. this sites is trustworthy, follow their instructions to remove "system check" :
www.bleepingcomputer.com/virus-removal/remove-system-check
3. try the free "one-off" scans by Kaspersky, McAfee, etc.
support.kaspersky.com/viruses
(system check virus: support.kaspersky.com/viruses/rogue/description?qid=208285920 )
home.mcafee.com/virusinfo/virus-removal-tools
Last edited by: John H on Sun 5 Feb 12 at 09:31
|
Thanks John, I did wonder about a system restore, so I'll give it a try now.
Ian was on the Talk Ford forums and following links to the car problems when it appeared.
Pat
|
>> Thanks John, I did wonder about a system restore, so I'll give it a try
>> now.
>>
>> Ian was on the Talk Ford forums and following links to the car problems when
>> it appeared.
Gawd Blimy, the old mans in trouble now.
|
>>Gawd Blimy, the old mans in trouble now<<
Could have been on youporn, I picked up a virus due to it once.
|
>>I have managed to 'unhide' the hidden files and folders to restore the desktop and make it workable <<
I did this last night simply by restoring the tick in the box to unhide them in advanced options, that's why I'm a bit cynical of downloading something when it's easy to do it manually.
Pat
|
One of my old favourites is Antimalwarebytes www.malwarebytes.org/
The problem with trying it manually is that you half do it and it doesn't work, but then you've removed some of the signature files which an automated product would look for to identify/cleanse the machine, then that doesn't work either.
|
System restore has done the job and the Kaspersky scan comes out clean as does another one.
Although I have ticked the box to unhide files and folders they are now displayed on the desktop but are greyed out.
If I hover over them they show as empty but if I click on them the content is there but it won't seem to let me use the content at all.
Example: Vista sidebar photo's. Although the folder I direct it to is there and has the content it is greyed out and won't display on the sidebar.
I need to do this when I'm here on my own tomorrow when I can concentrate because it's a bit out of my comfort zone and Ian keeps talking to me!
Pat
Last edited by: pda on Sun 5 Feb 12 at 16:32
|
have you got microsoft enssentials the free anti spyware , run that and run a deep scan i think it will try and infect any system restore safe boots
|
The laptop was running Microsoft Essentials when the virus struck sajid, and it had been updated automatically that morning.
I ran a full deep scan on it and it didn't detect anything at all.
I have always recommended MSE but it has me worried now that it may not be as good as we all think.
I eventually used the instructions above that pointed me to Kaspersky and after using system restore, their removal tool did the rest.
There was just a lot of settings to correct afterwards and I still can't get the favourites to show on the IE star tab.
They are there, in the favourites folder, the folder isn't hidden but when I try and import them into favourites, all I get is bookmark.rtm not found.
Pat
|
Do you know how to edit the registry Pat?
Need to check that it's pointing at the right place...could have been spoilt by the virus.
If you know how to edit it, go to HKEY CURRENT USER Software Microsoft Windows CurrentVersion Explorer UserShellFolders (I forget how to do backslashes here)
and check the data value in that key. If it isn't %USERPROFILE%Favorites (I mnea literally - don't replace %USERPROFILE% with anything) then change it to that and see what happens.
Last edited by: smokie on Thu 9 Feb 12 at 07:40
|
I've never done anything like that!
I've looked in it and was befuddled to put it mildly but it is becomming a bit of a challenge to have a go....
Never did like anything to beat me:)
Pat
|
It's really not too tricky, must be careful to not accidentally change anything.
Run REGEDIT from the box at the bottom of the start menu. The left pane has five headings which should be collapsed, with a twisty (arrow) next to them to expand them.
So expand the one called HKEY_CURRENT_USER then you will get a sub list with more twisties, keep doing that through the sequence in my post until you reach the one you want.
When you have the one you want. click on it and you will see data in the right hand pane. One of them will be Favorites. To the right it should say %USERPROFILE% Favorites (with a backslash in between which I can't show here). If it doesn't say that, double click it and you then have the opportunity to overtype whatever it does say.
EDIT: If it DOES say that, then the problem is elsewhere, just close REGEDIT! You'd need to restart IE for the change to take effect.
Last edited by: smokie on Thu 9 Feb 12 at 08:54
|
There isn't a key with that value at all.
I searched for it and all it displayed was
(default) REG_SZ (value not set)
I haven't done anything else.
I know I'm thick but I'm not clear what you mean by this
>>>until you reach the one you want.
When you have the one you want<<
What do I want?
Pat
|
Pat,
1. remind me, what OS is it? Vista or Win7?
2. system restore usually works when a simple error caused the problem or a simple infection caused a problem. However, if a complex well engineered virus or rootkit is involved, then as "sajid" says, system restore may not solve the problem.
3. This virus is now increasingly getting mentioned in net-chatter, and seems classified as a "self-inflicted infection" (i.e. installed due to user action) and may not be covered by most AV programs yet. See
forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=187182#post_187182
forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=189461
last post 189461 is by a manager at AVG
4. If you followed the bleeping computer instructions, did you run
support.kaspersky.com/downloads/utils/tdsskiller.exe
5. The reg key smokie mentioned is the one in "Sweet"'s 2nd post here for Vista:
www.vistax64.com/browsers-mail/293545-cant-see-favorites-ie9.html
6. As a last resort if you have to reset IE settings:
support.microsoft.com/kb/923737
7. Someone like Rattle, rtj or smokie (or perhaps even Zero?) might be willing/able to help if you give remote access to your laptop.
8. This should be item 1 - back up or clone your HD before playing with the registry.
Last edited by: John H on Thu 9 Feb 12 at 09:52
|
Already offered a remote session...
|
>> 7. Someone like Rattle, rtj or smokie (or perhaps even Zero?) might be willing/able to
>> help if you give remote access to your laptop.
i am staying quiet on this one, in complex issues multiple input sometimes makes it worse, smokie knows what he is doing.
|
Do I??? :-)
Just soent 20 mins or so on the phone with Pat.
The favourites folder is intact under the same username which is logged on (although they do not use the windows logon at startup). We tried copying this to the Default user and it still didn't work.
The registry entry seems to be correct as per my post above.
We tried creating a new favourite in IE, which worked correctly, but it didn't appear in Ian/favorites. A subsequent search of the disk (from the root level) showed no results for that file (shortcut) - even though it works correctly. So I have no idea where it was created.
So I am puzzled now, and left it with Pat that she would try the Windows reset John mentions above. For one reason or another she is not going to delete the data when given the choice.
The bookmark thing Pat mentioned above is a red herring, as it refers to importing a previously exported file, which by default is called bookmark.rtm.
Any other suggestions guys?
|
The OS is Vista on that one John and thanks for all the links.
I did run the Kaspersky tool at the time.
I have just reset IE without deleting all the cookies etc and it hasn't cured it but has moved it from IE8 to IE9, which I hadn't intended to do but still nothing in the favourites when I click on it other than the link Smokie asked me to download.
Pat
|
Sorry, I had originally assumed you were on your new win7 and IE9 PC.
You can always revert to IE8.
use this tool to reset your default locations (see mid-page for list Vista/W7)
support.microsoft.com/kb/886549
I presume you have already done this:
Download Unhide.exe and run it download.bleepingcomputer.com/grinler/unhide.exe
|
John you are a little gem, as is smokie:)
I thought I had managed to unhide everything manually and didn't bother with the download from bleepingcomputers.
In desperation I've just downloaded and ran it and all the favourites are back where they should be,
Thank you so much to you both.
Pat
|
>> (I forget how to do backslashes here)
Get out your flick knife, and wave it about whilst its point is in contact with the person in front of you.
;-D
|
>> I forget how to do backslashes here
IIRC, you put double the amount to compensate for the forum software hiding the first one.
eg C:\Documents and Settings\
|
>> IIRC,
I did recall correctly.
|