Can hardly believe how much damage this virus did
This here laptop belongs to my former head teacher in highschool. She also happens to live just around the corner so to this day she or her husband call me when things go really wrong with their computers.
I started this up to be greeted with a blank desktop, blank start menu, and disabled task manager. She said it happened after she brought an USB drive from school. All the computers there have always been infected with all kinds of shit, but this did have antivirus on it... It had Avira, but apparently it didn't do anything. Oh well, i'll go straight away to disabling autoplay after i fix it. Best solution there is. They'll be going on a trip in the mountains with her current class this weekend, so i got to take the laptop home (and got paid my $30 in advance because they knew i can fix it), and here i am.
Booted to safe mode with networking, task manager still disabled. Fortunately the registry editor still worked and i enabled it from there. Nothing suspicious running, but i did find the virus name in the startup reg keys, it lived in the Application Data folder. Right-clicking the Start menu and going into properties showed that all the items that could be taken away were taken away, so i enabled them back. You know, Control Panel, My Documents, Search and all that. Now, i tried to access C: but there again was nothing. Nothing in D: either. But hey, what's that status bar say? 0 objects plus 8 hidden... wait a second. They're just regular computer users so hidden files are kept on... and guess what: What the virus did was IT HID ALL THE DAMN FILES.
That's why everything appeared blank! As soon as i enabled hidden files everything came back - unhiding them as we speak.
A brief look at the contents of the C:\ drive also shows it might've dropped a keylogger too - but what's the point of a keylogger when the computer is inoperable? Whoever wrote this virus was a retard.
I'll then take my time to clean the dust off the fan too, as it does seem to be running more than it should. Anyway, it looks like it's fixable without a reinstall and that's what i was hoping for, because everything would need to be put exactly the same if i were to reinstall it.
I started this up to be greeted with a blank desktop, blank start menu, and disabled task manager. She said it happened after she brought an USB drive from school. All the computers there have always been infected with all kinds of shit, but this did have antivirus on it... It had Avira, but apparently it didn't do anything. Oh well, i'll go straight away to disabling autoplay after i fix it. Best solution there is. They'll be going on a trip in the mountains with her current class this weekend, so i got to take the laptop home (and got paid my $30 in advance because they knew i can fix it), and here i am.
Booted to safe mode with networking, task manager still disabled. Fortunately the registry editor still worked and i enabled it from there. Nothing suspicious running, but i did find the virus name in the startup reg keys, it lived in the Application Data folder. Right-clicking the Start menu and going into properties showed that all the items that could be taken away were taken away, so i enabled them back. You know, Control Panel, My Documents, Search and all that. Now, i tried to access C: but there again was nothing. Nothing in D: either. But hey, what's that status bar say? 0 objects plus 8 hidden... wait a second. They're just regular computer users so hidden files are kept on... and guess what: What the virus did was IT HID ALL THE DAMN FILES.
That's why everything appeared blank! As soon as i enabled hidden files everything came back - unhiding them as we speak.A brief look at the contents of the C:\ drive also shows it might've dropped a keylogger too - but what's the point of a keylogger when the computer is inoperable? Whoever wrote this virus was a retard.
I'll then take my time to clean the dust off the fan too, as it does seem to be running more than it should. Anyway, it looks like it's fixable without a reinstall and that's what i was hoping for, because everything would need to be put exactly the same if i were to reinstall it.
.
.
By the results of the previous tests the CPU did not need new paste, just the fan was full of dust. And indeed - while it used to run in the mid 60s doing regular stuff, and throttle under heavy load (this one only has a 85C Tjunction), right now it reaches a maximum of 65C under IntelBurnTest and runs in the mid 40s on average.
Comment