Worst Virus Ever.

What an awesome bday present!

I was looking through some random rom sites, retarded mistake. I shouldn't have done that. Got a malware/backdoor virus, which AVG detected immediately, and removed it. But within the time it got to my computer, and AVG deleting it, it already infected my computer. (darn free virus scan).
I can't open any EXEs without right clicking and running as admin. I ran hijackthis and that seemed to be fine, no suspicious programs running.
I restarted my computer thinking it was nothing, which was stupid, but I got lucky. All my programs of course didn't load but it still booted, which is fine.
I'm currently doing a virus scan right now. I think the only thing I can do is just backeverything up and reformat right?

Thanks

I'm using WinVista

And here's my HJT log:

 

Dang. id have to say do a fresh install, or if you have a recovery disc. recover it.

 

Damn, that sucks. I just reformatted it a few months ago too. Oh well, not a biggie I guess, since backing up is relatively easy.

Question, what's a better virus scan or detection? AVG clearly fails on all levels (even though its free).

 

Try going to your temp folder and deleting all files possible. If there's any .exe files that give access denied it's probably the culprit. Then Hard Reboot. Temp folder is "C:\Users\*username*\AppData\Local\Temp" You might have to enable view hidden files and folders. (Organize --> Folder Options -->View) I've had a similar virus.

 

Thank god for Google. I managed to find a exefix for Vista.reg and that fixed the entire problem.

The virus might still be around so I'm gonna delete my temp folders like you say.. thanks!

 

Try running MalwareBytes AntiMalware, Superantispyware and DrWebCureIt..

 

when you clean it out...do it safe mode. many times those s will stay there if you dont. also best way to rid of these things is to do a linux live CD then delete anything you know that shouldnt be in the temp and System32 folders. I do this a lot when i clean up computers.

 

I like Avast, one reason is it's webshield. If it detects malicious code on website it won't even let your browser in.

 

+1 on MBAM.
Hitmanpro3 is also recommended, it takes only a few minutes to do a cloud scan against 5 different AM engines.

(Better would be a reinstall/restoring a backup image imho).

For safe browsing, I recommend Sandboxie (and Noscript if you use FF and go dark).

For OS/app hardening, use Microsofts EMET/Enhanced Mitigation Experience Toolkit.
It's own tool to enable DEP, SEHOP, ASLR for OS and apps. info link, user guide PDF link

 

I would do both actually. I've always been told that running virus scans in normal mode will detect the running processes of the viruses that would otherwise be dormant in Safe Mode.

First thing I do is run the TDSS Killer from Kapersky, a freeware tool that detects a few rootkits.

Then run CCleaner to delete temp files

Run Malwarebytes

CCleaner again

Super Antispyware

CCleaner

and if your system still isnt fixed, I would suggest 2 things

1. Save yourself the trouble and reinstall Windows. An extra Hard Drive is handy to Ghost to if you need to save your stuff. Just make sure you install a virus scanner when you hook it up to your system after Windows is reinstalled. AVG Free actually works well for this.

2. When you reinstall Windows, install Ubuntu in a Dual boot so you can browse safely to questionable websites next time. If you install it second,it will automatically partition your drives and enable the boot menu, its a cake walk.

 

The problem was with the way Windows deals with the registry (surprise). It only knows what to do with a file from the registry entry for that file extension. So what the virus did is somehow hijack your registry entry for exe files and set itself to run before running the program you actually wanted. So really, deleting all of your temp folders won't do much at all because it's already gone. Just do a full scan with AVG, since it detected it once it'll find all other instances of it fine (if they exist).

When the virus itself was deleted by AVG, it could no longer run the virus before the program, so things started failing like you noticed. But AVG didn't undo all the system settings the virus changed.

You could run things as admin because the admin registry hive didn't have that setting done.

Did you turn off UAC at any point?

 

Use Web of Trust dude... it'll tell you of suspicious websites.

 

Yeah... safe mode inhibits botht he virus AND the antivirus. Make sure that if you run it in safe mode you run it again in normal mode.