Hey all, I just had a nasty run in with this bad boy on my sister's computer, and thought I'd post a pre-emptive post on here in case anyone else runs into similar behavior and needed a fix post-haste.
Basically, the infection boils down to these problems, but I'll include a link to an external site that gives the info as well. I did search the forums first in case this info is already out there, so feel free to close/merge as necessary mods. I tried!
"Windows 7 Repair" issues, most visible:
I tried a few things - running Malware Bytes from a UFD, tried the command line version of Avira from Hirens / Computer Forums UFD utility, nothing could really knock it out.
Gave ComboFix a shot, and not only did it wipe out the infection, but brought back all of the hidden files (except the start menu, which is just flat out empty now, but that's easy to get back) and restored her desktop wallpaper rotation (it was blank prior to the run)
I know folks already swear by Combofix, but it's the first time I've given it a test run, and so far, so good.
Still going to run several full AV scans with different scanners to be sure, but thought you guys might appreciate a heads up in case you run into similar issues.
More Details: http://www.bleepingcomputer.com/virus-removal/remove-windows-7-repair
Basically, the infection boils down to these problems, but I'll include a link to an external site that gives the info as well. I did search the forums first in case this info is already out there, so feel free to close/merge as necessary mods. I tried!
"Windows 7 Repair" issues, most visible:
- Disables Task Manager
- Hides all user files, including those on the desktop, under Program Files (x86 and otherwise) and prevents you from accessing certain system folders
- Disables Windows Update
- Starts barking about impending hard drive failures or other disk access issues
- Prevents downloading of EXE files from the internet, and then if you do anyway through other means (Firefox, etc) strips the file of information and then makes Windows post that old error "not a valid win32 application" when you try to run it
I tried a few things - running Malware Bytes from a UFD, tried the command line version of Avira from Hirens / Computer Forums UFD utility, nothing could really knock it out.
Gave ComboFix a shot, and not only did it wipe out the infection, but brought back all of the hidden files (except the start menu, which is just flat out empty now, but that's easy to get back) and restored her desktop wallpaper rotation (it was blank prior to the run)
I know folks already swear by Combofix, but it's the first time I've given it a test run, and so far, so good.
Still going to run several full AV scans with different scanners to be sure, but thought you guys might appreciate a heads up in case you run into similar issues.
More Details: http://www.bleepingcomputer.com/virus-removal/remove-windows-7-repair
