Re: Can hardly believe how much damage this virus did

Not yet...

That could have gone in my list of stupid or retarded things malware writers have done. There was a program that created a folder called autorun.inf on every removable storage device that was currently connected to the computer. I thought that it would be easy to replace that folder with a malicious autorun.inf file.

Re: Can hardly believe how much damage this virus did

If a scan with malwarebytes antimalware doesn't fix it, then I just use a Live CD to back up the user's documents, pictures, music, desktop and email client data to an external HDD and then format the computer and copy it back. If I miss something and they don't have their own back up then it's their problem. They should keep their data in standard locations lioke my documents and they should have their own backup.

Re: Can hardly believe how much damage this virus did

I've found that combofix takes care of a lot of difficult to remove malware that malwarebytes can't remove. It sometimes requires multiple passes of combofix to get it all. With antivirus, malwarebytes and combofix I can usually fix about 85% of malware problems. The rest are either reformat or manual removal depending on how many difficult to reinstall programs (missing CDs, license keys, etc) there are and how much the owner wants to pay me for the time.

Re: Can hardly believe how much damage this virus did

i also see a lot of stuff that a reinstall is not an option.specialised stuff where the disks are long gone and mfr bankrupt.so i have to keep in practice.

Re: Can hardly believe how much damage this virus did

Exactly. Moving all the data back and forth would have been a pain in the behind, especially since i'm not doing very well in the free space department.

Re: Can hardly believe how much damage this virus did

ATTRIB does not unhide folders. Explorer can do it but it's a big hassle. Total Commander can do the whole drive at once including folders. Then I go back through and hide files that should be hidden.

Re: Can hardly believe how much damage this virus did

WTF! 2 weeks ago, I cleaned a virus from my school laptop that would spread itself on flash drives. Haven't had any problem at all in the 2 weeks that followed. Yesterday I opened my school laptop and plugged in my flash drive to get some files and that motherf***er was back again on my flash drive! I'm starting to suspect my family's computer is the culprit since I didn't have a problem for 2 weeks, but I did use my flash drive yesterday on my family's computer before I used it on my school laptop. Haven't used the flash drive anywhere else either.
Time to disable autorun, I guess. I already did that on my laptop yesterday after cleaning it up. Lets see if it comes up again.
I can see when it's back because it copies a malicious autorun.inf file on my flash drive, along with a hidden folder called "recycler" with a weird-named file in it.
I have hidden files and folders view enabled by default, so I can spot it right away.

Re: Can hardly believe how much damage this virus did

If no one has run a temp file cleaner on the computer then go to http://www.bleepingcomputer.com and get a copy of unhide.exe, It typically will unhide all the hidden files that the virus hides and copy back all of the start menu shortcuts that the virus moves to a temp folder to scare the owner that the hard drive is going bad and to pay for the program to save it.

Re: Can hardly believe how much damage this virus did

Noted... However i gave the laptop back 2 weeks ago. And it wasn't one of those scare programs - it didn't flash any ads or anything.

Re: Can hardly believe how much damage this virus did

Was the virus still active? When I first read the post, it sounded like the executable had been removed already.

Re: Can hardly believe how much damage this virus did

I've seen this 2X now, the first time on vista and I coppied the important files and format/installed 7. The second time I used combofix and it seemed to do the trick. http://www.bleepingcomputer.com/comb...o-use-combofix

Re: Can hardly believe how much damage this virus did

I wonder sometimes what the virus authors are smoking.
If viruses were better written, a lot of people would be in real trouble.
Often times users wouldn't know they were infected if the system didn't slow down/crash etc.