| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 121352 | 2011-10-22 02:23:00 | Fake Windows Restore Recovery Virus | Winston001 (3612) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1239138 | 2011-10-23 08:12:00 | I can not understand why people do not make an Image of their systems. If I ever have a similar problem I just restore from the Image. Only takes as long as a cup of Coffee to do! | mzee (3324) | ||
| 1239139 | 2011-10-23 10:37:00 | I encountered that a couple of days ago. It uses a MBR rootkit to restore itself. Need to boot into recovery console from a windows CD & run fixMBR then clean out the virus in safe mode. I was reading an interesting article today talking about the changes Eset have discovered in what I assume is a version of the same virus. If the boot drive doesn't already have 4 primary partitions, it creates a hidden boot partition at the end of the disk & sets it as the active partition so it has the same effect as a MBR rootkit, but without modifying the MBR. |
Greven (91) | ||
| 1239140 | 2011-10-23 10:45:00 | Feeling a bit wrung out after that match. Got to admire the French for playing out of their socks. Its a relief the All Blacks won and they emotion displayed by them afterwards was heart warming. So on with the problem. I have run the two command lines and restarted but still no connection. Ping and ipconfig do not show anything being sent or received. I've tried the network diagnostics which says there is a winsock problem which will be reset. But no dice. |
Winston001 (3612) | ||
| 1239141 | 2011-10-23 11:27:00 | Did you access the recovery console through a windows install CD? If you don't boot from CD, the computer boots the virus, then the virus boots windows. The game was a lot closer than I expected. France really stepped it up a notch for the final & we were still worn down from beating Aussie. |
Greven (91) | ||
| 1239142 | 2011-10-23 13:45:00 | No, this is one of those pcs with Windows on a partition. No discs. Yes I think the ABs were stuffed after the remarkable effort against the Aussies. Still a win is a win. :D |
Winston001 (3612) | ||
| 1239143 | 2011-10-23 20:36:00 | Try WinsockFix (www.softpedia.com) | wainuitech (129) | ||
| 1239144 | 2011-10-24 09:08:00 | No further progress unfortunately. I ran Superantispyware again, then Combofix in Safe mode which did find a root kit problem (not that I understand that). I've run Combo again and then WinsockFix but still cannot connect. The taskbar icons detect a connection (wired and wireless) but cannot connect. Combofix said the Microsoft Recovery Console (or something like that) was not installed or not up to date. Odd because the pc generally updates automatically all the time. I'm running MSSE and Windows Defender, plus I use Advanced SystemCare 4 which has proven to be reliable. |
Winston001 (3612) | ||
| 1239145 | 2011-10-24 09:19:00 | Try trojan remover update it it then scan. Then select all the options under utils. So, it'll reset everything. I would also disable system restore if its still enabled | Speedy Gonzales (78) | ||
| 1239146 | 2011-10-25 07:09:00 | What version of windows are you running? | Greven (91) | ||
| 1239147 | 2011-10-26 00:50:00 | Windows XP. I'm about ready to take it to an expert. However out of curiosity, what is a Windows Repair? Is it beyond my pretty basic knowledge? I do not have an XP disc because its on a partition, and don't recall ever seeing a key. |
Winston001 (3612) | ||
| 1 2 3 4 | |||||