A Nasty Little Virus

[G1G4]

I'm not sure how, but yesterday I got a virus. It would give me repeated BSOD's on normal boot attempts. The only way I could access anything is to boot into Safe Mode with Networking. Anyway, after about 9 hours, I came to the conclusion that it's imbedded itself into Winlogon. Even in safe mode, explorer would repeatedly crash, so that left me to leaving explorer alone when the message came up, and surf through notepad to delete files that I needed.
It locked the registry, turned off system restore, and hijacked my DNS to the point that I couldn't go to any antivirus sites or the Windows/Microsoft website. I finally gave up and replaced my hard drive with an old HD I had lying around. Anybody else had any experience with a virus like this? It's almost like Virtumondo, but worse.

[GWguy]

Quote:

Originally Posted by G1G4

I'm not sure how, but yesterday I got a virus. It would give me repeated BSOD's on normal boot attempts. The only way I could access anything is to boot into Safe Mode with Networking. Anyway, after about 9 hours, I came to the conclusion that it's imbedded itself into Winlogon. Even in safe mode, explorer would repeatedly crash, so that left me to leaving explorer alone when the message came up, and surf through notepad to delete files that I needed.
It locked the registry, turned off system restore, and hijacked my DNS to the point that I couldn't go to any antivirus sites or the Windows/Microsoft website. I finally gave up and replaced my hard drive with an old HD I had lying around. Anybody else had any experience with a virus like this? It's almost like Virtumondo, but worse.

There's a few that have those symptoms. Once you get them, it's just easier to wipe and reinstall.

Just goes to show, even us techies get bit once in a while, no matter how good your defenses are.

[Geek]

I heard not to open anything named "postcard"

[GWguy]

Quote:

Originally Posted by Geek

I heard not to open anything named "postcard"

Half true. That's been floating around for a few years. Look it up on snopes for the details. I'd post it, but don't have access to snopes from here.

[G1G4]

Yep, completely unaware how I got it. I was going to try a system recovery, but it wouldn't even let me boot from a cd lol. I was on the verge of deleting everything and just starting over, until I remembered I had that old computer lying around. I put that in and the damn thing didn't want to recognize the mouse and keyboard.

[bobbyb]

Did you run Stinger.exe????

[PsyOps]

Quote:

Originally Posted by G1G4

Yep, completely unaware how I got it. I was going to try a system recovery, but it wouldn't even let me boot from a cd lol. I was on the verge of deleting everything and just starting over, until I remembered I had that old computer lying around. I put that in and the damn thing didn't want to recognize the mouse and keyboard.

I just spent this past Saturday working on my dad's PC that sounds like the same thing. He is doing geneology research on our family, and we have some relatives in the Ukraine and Russia. Well, he went to (what appeared to be) a Russian website, then all h3ll broke loose. I tried Symantec, AVG, Vipre, and PC-cilin to try to clean it up and all of them seemed to be blocked to gather definition updates. When I ran IE the PC would lock up.

All the symptoms you describes were the same except we were able to boot from CD and reload windows which solved the problem. He lost a lot of photos and other files, so now I've bought him an external HD for Christmas for his file storage. What a mess. I have a fingernail extraction tool that is ready when they catch these creeps that create these viruses.

[G1G4]

Quote:

Originally Posted by bobbyb

Did you run Stinger.exe????

Negative.

Quote:

Originally Posted by Psyops

I just spent this past Saturday working on my dad's PC that sounds like the same thing. He is doing geneology research on our family, and we have some relatives in the Ukraine and Russia. Well, he went to (what appeared to be) a Russian website, then all h3ll broke loose. I tried Symantec, AVG, Vipre, and PC-cilin to try to clean it up and all of them seemed to be blocked to gather definition updates. When I ran IE the PC would lock up.

All the symptoms you describes were the same except we were able to boot from CD and reload windows which solved the problem. He lost a lot of photos and other files, so now I've bought him an external HD for Christmas for his file storage. What a mess. I have a fingernail extraction tool that is ready when they catch these creeps that create these viruses.

It probably was. Sad thing is, I don't think it's a new virus. I think it's an old virus/trojan that has taken a new variation. It was NASTY.

[GWguy]

Quote:

Originally Posted by PsyOps

He lost a lot of photos and other files, so now I've bought him an external HD for Christmas for his file storage.

That didn't have to be the case. The drive could have been accessed without going thru the corrupted operating system, and everything could have been saved, scanned for viruses and restored.

I take the drive out, connect it to a USB adapter and hook it to a computer that I don't care about.

[G1G4]

Quote:

Originally Posted by GWguy

That didn't have to be the case. The drive could have been accessed without going thru the corrupted operating system, and everything could have been saved, scanned for viruses and restored.

I take the drive out, connect it to a USB adapter and hook it to a computer that I don't care about.

That's part of the reason why I didn't format. I can still access and move everything to my slave drive, THEN put it back onto my main drive. Thank god for know-how and technology.