Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
6043 Views 4 Replies Latest reply: Dec 30, 2011 4:45 AM by kuttus RSS
brandig Newcomer 1 posts since
Dec 3, 2011
Currently Being Moderated

Dec 3, 2011 9:34 PM

System Fix Virus....help!

So our netbook was infected with this horrible "system fix"....and I knew something was up right off.....I started a scan with McAfee while I was getting all of the crazy messages.....and it came back with a clean bill.....scary right?

 

I finally tried the Stinger....and that seems to have removed the thing.....but I still cannot get back my programs.  I tried the unhide.exe...and that restored only Windows things like remote access...and IE.......my desktop is still blank only showing IE and recycle bin.....no programs whatsoever.

 

From what I've read, our information should still be on the computer somewhere........I can't get to the control panel because it doesn't show.

 

If someone could give me some direction of what to do I would be so grateful!  I've always had virus protection and have never had any infections that I have not been able to quarantine and get rid of on my own.  This is a first!

 

So frustrated and don't know what else to do.....

 

Please help! Thanks!

  • Hayton Volunteer Moderator 4,588 posts since
    Sep 27, 2010
    Currently Being Moderated
    1. Dec 4, 2011 12:09 AM (in response to brandig)
    Re: System Fix Virus....help!

    Removal instructions for this can be found at

    http://www.bleepingcomputer.com/virus-removal/remove-system-fix

     

    Please read through the accompanying information and if you have access to a printer print out a copy for reference while the removal process is under way.

     

    The steps you have taken so far should have done most of the work, but this will clean up any remaining traces.


    Volunteer Moderator  Leeds, UK
    No PM's please
  • Hayton Volunteer Moderator 4,588 posts since
    Sep 27, 2010
    Currently Being Moderated
    2. Dec 4, 2011 12:10 AM (in response to brandig)
    Re: System Fix Virus....help!

    Moved to Top Threats.


    Volunteer Moderator  Leeds, UK
    No PM's please
  • Maintenance Man Newcomer 14 posts since
    Dec 9, 2011
    Currently Being Moderated
    3. Dec 9, 2011 7:17 PM (in response to brandig)
    Re: System Fix Virus....help!

    hi brandig,

     

    from what you have described, it appears that the infection has been taken out already. The reason why all files and folders had become invisible is because the infection had changed their attributes to "Hidden" and by default settings, the hidden files won't be shown. I belive that will have been resolved by unhide.exe.

     

    From your description it seems you are using a Windows XP OS. To enable the desktop icons, open up the run window (Windows+R on the keyboard) and paste the following link for a vbscript download.

     

    http://www.kellys-korner-xp.com/regs_edits/enabledisabledesktopicons.vbs - <this is not a malicious link, but it will modify certain registry keys (necessary for fixing the problem)>

     

    When you run the script, check what the message is - if it says "Dsktop icons are now disabled", run it once again - it will enable the icons with the message "Desktop icons enabled"

     

    Now your mouse right-click will work as well.

     

    To get start menu default items back on, right click on the start button on the screen, click on properties, select the start menu tab, click on customize, click on the advanced tab and you will find options like "My computer", "Control Panel" etc. Select the radial butoon - "Display as a link" on the items that you want. Aplly changes.

     

    Now with the missing programs on the start menu. The shortcuts will most probably be stored in a different location.

     

    open up Run (Windows + R on keyboard) - Type "control folders" in it and hit return. On the Folder option window, go to the tab that says View. On the list that you have there, check for an option that says "Show Hidden Files and Folders" Select the option and hit OK.

     

    Open Run once again. Type in " %temp% " and hit OK - This will open up a temp folder. Check whether you have a folder that says "smtmp"

    if you have such a folder open it. You may find 3 subfolders named "1,2,3" etc. Open the foders and check for a sub folder with the name "Programs"

    in case you have it, open and check whether you have the start menu program shortcuts in it. If you do, you are lucky. Copy the programs folder (Ctrl+C or right click>Copy).....  Right click on All programs in the Start Menu and click on Open All Users; Paste the copied folder (Ctrl+V or Right Click>Paste)

    This will restore the lost shortcuts.

     

    If you dont have the smtmp folder or the shortcuts in there, you will have to go into c:\program files and open up each program folder and create shortcuts for all the proggrams you want and paste them in the same folder mentioned above (Start menu> Right Click on All Programs> Open All users > Open up program folder, paste shortcut that you created)

     

    The above procedure may sound confusing, but unfortunately there is no easier way of explaining it. Hope you find this useful.

     

    MM

  • kuttus Apprentice 59 posts since
    Dec 29, 2011
    Currently Being Moderated
    4. Dec 30, 2011 4:45 AM (in response to brandig)
    Re: System Fix Virus....help!

    Removal steps for System Fix / System Restore Spyware

     

    These are the shortcuts in your start Menu.

    If you delete these folders you will lose all of the shortcuts in the start menu. First take a back up of these folder

     

    %Temp%\smtmp\

     

    This infection will hide all of the files on your computer. So first we have to fix that issue. For that

    Please select the Tools menu and click Folder  Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system  folders.
    Under the Hidden files and folders section select the radio button  labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for  known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating  system files.
    After this please press the Apply button and then the OK

    Press on the key Alt+Crtl+Delete key on the  keyboard. Now you will get a new window called Task Manager.  Now hold the Ctrl key on the key board and  click on File, New Task on the Task Manager.  Now you will get a new black  window.
      Inside that black window type CD/ and hit on enter.
      Now type ATTRIB –H –R –S /S /D and hit on enter.

    It will unside all of the files on your computer. Now you have to delete all of the infected files from the follwoing location

    Associated System Restore Files:

     

     

    %LocalAppData%\<random>

    %LocalAppData%\<random>.exe

    %LocalAppData%\~<random>

    %LocalAppData%\~<random>

    %StartMenu%\Programs\System Restore\

    %StartMenu%\Programs\System Restore\System Restore.lnk

    %StartMenu%\Programs\System Restore\Uninstall System Restore.lnk

    %Temp%\smtmp\

    %Temp%\smtmp\1

    %Temp%\smtmp\1

    %Temp%\smtmp\2

    %Temp%\smtmp\3

    %Temp%\smtmp\4

    %UserProfile%\Desktop\System Restore.lnk

     

    Don't delete the folder

    %Temp%\smtmp\

    %Temp%\smtmp\1

    %Temp%\smtmp\1

    %Temp%\smtmp\2

    %Temp%\smtmp\3

    %Temp%\smtmp\4

     

    These are the shortcuts in your start Menu.

    If you delete these folders you will lose all of the shortcuts in the start menu. First take a back up of these folder

     

    %Temp%\smtmp\

     

    Reffer : http://123seminarsonly.com/Tips/007/system-restore.html

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points