Hard Light Productions Forums
Off-Topic Discussion => General Discussion => Topic started by: watsisname on June 27, 2008, 05:26:35 am
-
Long story short, I just spend the last 6 hours cleaning my computer of a horrific malware program called "Antivirus XP 2008". Essentially it looks like a virus scanner/cleaner, and installs several files to the registry that it detects as viruses. So it scans and tells you "omg 90-some viruses found!" and asks you to pay something like $50 bucks to register the program so you can actually do anything about it.
Well, I'm not dumb and immediately knew this was malware just from the filename. Antivirus also identified it as "troj renos.zq". What I wasn't prepared for was just how nasty this one really is. First I tried the obvious and clean it with my antivirus. I had it quarentined but nothing else was possible (no surprise there). A system restore didn't work because apparently there no prior checkpoints (what the hell?) So I had to do it the hard way and remove the program files in safe mode, identify and kill all the processes associated with it, then clean the registry (shouldn't have to tell you how risky that is. Always make a backup if you have to try it).
After I cleaned up everything I could I still had random bluescreens, freezes, and restarts. Chkdsk found some disk errors but repairing it kept freezing up at 60%. Gah. Eventually I found a great registry cleaner called RegistryBooster. You've got to pay a little for it but it works like a charm. 6 hours after I was convinced I should throw the PC out the window, now it's working fine and I'm happy. I hope none of you have to go through that sort of hell. If you do, remember Google is your friend. :)
Sleepcycle.
-
Out of curiosity. Just how did you end up with this "Antivirus XP 2008"? Surely you didn' randomly click any "zomg joo has viruzors click herez!!1" banners yourself, right?
And now that you mentioned it, I've had good results with Wise Registry Cleaner.
-
I wish I knew exactly how I got it. The first sign of it was while I was looking at showtimes for a movie on movietickets.com, but I can't believe that's the culprit. Rumor Mill has it that this malware likes to automatically download itself through infected video codecs. Hmm.
-
Go to spywarewarrior.com and post post a hijackthis log in their forums just to be safe. But then again, you seem to know what you're doing, so I think you can skip that! :)
By the way, if you know when you got it, you could do a system restore to a time before that if you wanna make absolutely sure you got everything off.
-
I assume you are the only person who uses this computer?
-
It's the family computer but I'm the most frequent user of it. I figure it's my fault the thing got on there but I've no idea how -- haven't visited any sketchy websites or run shady programs lately.
Go to spywarewarrior.com and post post a hijackthis log in their forums just to be safe. But then again, you seem to know what you're doing, so I think you can skip that! :)
By the way, if you know when you got it, you could do a system restore to a time before that if you wanna make absolutely sure you got everything off.
That's a pretty good idea. I use hijackthis pretty regularly and it did find one of the processes associated with this infection. I'll see what the tech wizards have to say about it. :)