PC probs

[erastes]

something horrible happened to my PC last night, I went to a vureel site (NEVER GOING THERE AGAIN) from STC and got hit by a virus, a bloody Trojan Horse called Security System.  What it does is launch a fake security programme which promises to clean your pc and goes nowhere.

So I did an urgent anti-virus sweep and according to my virus and spyware – did belt and braces – the damn thing is gone, but it has fucked my computer up royally.  A lot of my shortcuts have vanished, and I can’t even access desktop help.  FUCK FUCK FUCK.

So, I know I can tell my PC to restore to yesterdays settings but I can’t access the help to tell me how to do this. the help has gone!!

PLEASE can someone access their help (I use windows XP on this PC) and copy the instructions for me?

*desperate and scared!!!!*

Comments

[angrboda]

I found this article on Google, it might be helpful
http://www.andyrathbone.com/tips/systemrestore.html

Note to self: Avoid Vreel. I tend to go for 56.com or Tudou myself. I've never had trouble with them other than them occasionally being slowpokes. I hear that's something China does through peak hours, giving chinese users access before everybody else.

[erastes.livejournal.com]

I can't do that - I can't do it the manual way either, all the files ending with .exe aren't recognised. Even when I right click on "my computer" to get properties it says it can't recognise the file because it has an .exe suffix.

Crap.

[angrboda]

Can you log on in safe mode and get it from there?

[erastes.livejournal.com]

no, it still doesn't recognise the .exe commands - for any programmes - now it won't even let me online, i've had to switch to the laptop - thank god for the laptop!

I'll have to take it to a shop....thanks for trying! Six years and never a virus, i suppose i was due for one...

[angrboda]

I'm out of ideas, then.

At least your files should be salvagable. It could have crashed harder. :(

[storm-grant.livejournal.com]

When I accidentally downloaded a trojan, I could limp along a bit. When adaware and spybot did nothing, I went to the Microsoft site and they have an unnamed exe download that roots stuff out of your system file. If you can get there.

What is vreel?

[erastes.livejournal.com]

Can't get on the internet with that pc at all now. but thanks. It will have to go in for repair, which i absolutely can't afford.

vureel is a streaming video place, like tudou and megaupload

[rwday.livejournal.com]

Can you shut it down, then bring it up in safe mode by continuously tapping F8 as it starts up? On my XP machine, that would bring me a safe mode menu which included a choice of 'restore to previous version' (or some such verbage, can't recall exactly what it said) but would allow me to roll back the PC to the last restore point.

So sorry - those types of programs are insidious and evil.

[erastes.livejournal.com]

i'll try that, thanks!

[rwday.livejournal.com]

Found some actual instructions - Good luck!

[jateshi.livejournal.com]

What does the pop-up for it say? I can hunt down specific instructions on it if I can get that info. There's a slew of them out right now that act like that but Security System isn't enough just yet for me. Got a "year" number on it or a specific way the windows look? I'll put my white hat on and see what I can come up with.

[aperfectscar.livejournal.com]

Can you run System Restore from the Start menu? ((All) Programs>Accessories>System>System Restore)

If not have you tried using Run and "rstrui.exe"?

[erastes.livejournal.com]

it won't recognise any .exe files....

[essayel.livejournal.com]

That happened to me last night too!! I suddenly had a screen that looked exactly like Windows security telling me i had 103 trojans and I needed to download a programme to get rid of them. It has messed something up very nastily because this morning my laptop wouldn't boot.

One way of getting to system restore in vista is to turn the pc off before it has booted. Then when you turn it back on again it goes through a repair system which includes a system restore. This has the advantage of you not having to fiddle around with scary instructions other than Windows own on screen repair ones.

Best of luck with it. I'm hoping that that, plus a virus scan, has sorted mine out.

[lee-rowan.livejournal.com]

OWWW. I've had viruses, but nothing that bad. If your machine is fairly new, you might try contacting Microsoft or the manufacturer and see if they have any suggestions. You CANNOT be the only person who's been hit with this.

A curse on the critters who wrote that!

[ammonite7.livejournal.com]

Oh lord, I feel for you. I have not been backing up as often as I should, and I hope you have backed up your stuff.

PC folks keep telling me - Macs are so much more expensive! Not so much when something like what has happened to you occurs. I would rather pay more for the security of so few viruses and no shut-downs or stuck programs any day. Next time you buy a computer, think about a Mac, seriously. I used to be a PC person, until I got a Mac.

[erastes.livejournal.com]

Yes, thank goodness, I back up daily now with Mozy so at least all my word documents and webpages are safe. I'm not bothered with pictures and icons and that kind of thing, that can all be got back.

It's limping along now, after I used safe mode, but there's something wrong because all my "TRAY" items have disappeared, including AVG and that's not good, and it's still not recognising .exe files, so it will have to go into the shop.

No, I couldn't get a Mac - I can't complain - I've had a PC now for about 10 years and because I've always been very careful with protection etc I've never ever even had so much as a blue-screen problem, so I have been lucky. I can't be doing with all the things that don't mesh with other people with Macs, when I get word files from people with macs, all the formatting is all over the place - I'd hate to send a manuscript to a publisher with those kind of problems.

[ammonite7.livejournal.com]

Ten years w/no problems is truly amazing.
Mac has a fairly inexpensive program (that comes with the new Macs really cheap) that lets you export a doc into a word file, text file, rtf, just about anything. I have used it with no complaints from anyone. Love it, as you can leave comments to yourself w/in the document, or others (lie critiquers) can leave comments as well, and they can all be removed later with one touch of the keyboard.

Yet, before I had a Mac, I loved my PC, as I had worked on one for years and learned to write computer programs on it, so I knew it inside and out. Computers were so much simpler in those days.

[asphodeline.livejournal.com]

I'm a bit behind on LJ reading. Did you get this sorted yet???? We might be able to do telephone help from here - John and I at home.

[erastes.livejournal.com]

No - the main virus has gone - in that the wallpaper and the pop up alerts have gone, but the PC still refuses to recognise any .exe files - e.g. when i try and open Word it says "which programme would you like to open this with?" and i have to browse, find the word icon in the program files and choose that, then it opens a page of gibberish (because it's opening the word program as a word document) - but none of the control panel functions work, as it says there's a dll file missing. also the pc randomly plays sound files without any programmes being open at all, pop ups random I.E. windows without being told (my browser is firefox) and I simply can't run things like spybot at all.

I have rung a PC shop and am waiting for them to get back to me, to book an appointment. - but that was an hour or so ago.

I am limping along... all the items in my tray have gone, help has gone, system restore won't work...

[falconer007.livejournal.com]

By the way, I've heard that changing the name of the .exe file gets around the virus-block. For example, change microsoft.exe to erastes.exe and run it.

So, you could download Malware Bytes, change the name of the .exe file and launch it. If you still can't launch it, then change the extension from .exe to something else like .era and try to do it again.

[erastes.livejournal.com]

hmmm - i got the email, but it's not helpful, as i don't have the icon any more, I deleted most of it, I think - I think the virus itself is gone, but it's caused damage to the kernel, according to a tekkie friend. I shall limp along until royalties come in to cover a shop visit. Thanks for trying though - i downloaded malware, but of course as the PC won't let me instal anything, i can't run it.

[gehayi.livejournal.com]

I contacted my computer repairman. He says that you definitely have to get it repaired in a shop--he can't talk you through it.

He also says that he wouldn't be surprised if they had to wipe the drive and reload. Fortunately you have backups. And I have the chapters of MeMo that you sent me.

[erastes.livejournal.com]

Luckily all my writing files and website pages are safe and sound,(I back up daily onto www.mozy.com) and I can probably copy all my music and pictures onto disc, if I need to go and get the PC wiped - but I'll see how it goes, it's limping along at the moment, and as I can't open any other programmes than firefox and word and livewriter, that's helping me stay focussed! If it all was wiped this moment I wouldn't lose anything drastic.

Just about everything i use is freeware, and if i were to lose Office, and can't find the disc, I can use open office, it's almost indistinguishable these days from the real thing.

Thank you for asking, though - much appreciated. Bloody viruses.

[falconer007.livejournal.com]

If you're still having trouble, it means that your anti-virus did not remove all of the virus' components. (By the way, Malware Bytes is the best program to do so. It's free, and for the two times I used it, it removed the virus completely with only the Quick Scan).

We've had it on 3 of our computers here. For 2 of the computers, we only had the messages popping up and Malware Bytes got rid of it without any repercussions.

For the 3rd computer however, it was too late. The wallpaper was changed, we couldn't access the internet, and Internet Explorer windows were being open randomly. I managed to download Malware Bytes, but it wouldn't let me run it. I'm guessing that's what happened on yours. I looked all over, but the most useful info I found were from this website: http://www.xp-vista.com/spyware-removal/system-security-removal-info where a user named Phyllon posted instructions that were really good (so just do control+f and type phyllon). Personally, I couldn't follow them to the letter and had to combine what other users said and run the computer on Safe Mode, because the virus blocked the Task Manager.

First, I disabled the internet connection. The virus is going to try to access some other websites and download even more nasty things. Cut it off. Then, I did the regedit thing to go the registry. Remember, the numbers generated will be random. So I just looked for a string of numbers. When I found it, I did a system-search with the numbers to locate it on the computer. There I checked that the file properties said System Security or had the "shield logo". After that verification, I deleted it in the registry. But in the folder, I found a second string of numbers, and when I looked around under Windows in the registry I found the same numbers, so I deleted those too. After that, I re-did a System-search with both numbers, and found them in a couple of other places, included a prefetch (which pretty much keeps the virus and re-runs the whole virus over and over again). So I deleted all that. Once done with that, I wiped off my Recycle Bin. Turned off the computer. Turn it on again, and I was good to go. Just to make sure, I run Malware Bytes for a quick scan.

It's complicated, but it might be a better option to wiping off your entire hard-drive.

Either way, good luck!

[erastes.livejournal.com]

It sound helpful, but the link you gave me doesn't work - can you copy and paste the text involved and email to erastes @ erastes dot com?