 |
||
 |
 |
 |
 |
 |
|
| Re: Can you list tools/methods used? I have to clean this over the holidays too by Bananadine 12/16/2010, 8:22pm PST | ||||
 |
 |
|||
| Well, this was a weird one for me: It seemed to be designed to temporarily and weakly take over Windows so as to convince the user to buy fake antivirus software, but instead it went too far and wrecked my dad's Windows installation altogether. Right after I sat down to look at it, the computer restarted on its own, and after that it refused to finish booting! So, my tools were another computer's old XP Home installation CD that was somehow still lying around, the XP Home product key that was stuck to the side of the ailing PC's case, and the luck it took to randomly have enough stuff to reinstall Windows without pirating anything. And three hours. :( Reinstalling seemed to fix everything.
The conventional way to fix this exact problem seems to be this: http://www.2-spyware.com/remove-warning-yourre-in-danger-wallpaper.html found via googling of the telltale "your're". I've also had to remove similar programs from a few of my dad's friends' computers. It's an epidemic! Common steps involved so far: Get control of Windows. Killing the bad program via Task Manager (ctrl-shift-esc) might work. Restarting in Safe Mode (hit F8 while the computer is starting) will probably work. If the Windows UI doesn't come up when it should, use the File menu in Task Manager to run explorer.exe. Delete some part of what makes the program run when Windows starts. System Tools -> System Information in the Start Menu may help reveal any registry keys the program added for this purpose (the category to check is Software Environment -> Startup Programs), as well as the name and location of the program's file (they seem to like landing in the user's /Local Settings/Application Data or something like that). One time I had to download a demo of Hitman Pro (some kind of anti-malicious-software program) to find the bad program so I could delete it. Rebuild any bridges the program burned in order to protect itself. Twice I had to go into IE's options to tell that browser to reset its settings to their defaults in order to restore access to websites. In one case the attacking program had replaced the whole Windows shell (the aforementioned explorer.exe) with itself by changing some registry value, and I had to fix that, via a registry patch I downloaded from some website. There seem to be lots of guides up for helping people out of various versions of this problem, so if you get stuck you can probably get some specific help by searching on whatever text the "antivirus" program presents to you. What I would like help understanding: why real antivirus programs only get disabled by these things instead of stopping or even detecting them, and why my computer has never run into this apparently very easily encountered problem, even though I carelessly visit many websites and know nothing about any virus until somebody asks me to help them remove it. Can it really be just because I don't use IE?? I can't think of a better reason. |
||||
 |
 |
|||
|
Now I get to clean up this by 12/15/2010, 8:16pm PST  Well here's how long that took :( NT by 12/15/2010, 11:22pm PST Can you list the tools/methods used? I have to clean this over the holidays too NT by 12/16/2010, 6:41pm PST Re: Can you list tools/methods used? I have to clean this over the holidays too by 12/16/2010, 8:22pm PST Re: Can you list tools/methods used? I have to clean this over the holidays too by 12/16/2010, 9:13pm PST Re: Can you list tools/methods used? I have to clean this over the holidays too by 12/20/2010, 11:33am PST Yes I WOULD like a new screensaver! NT by 12/20/2010, 12:43pm PST Screens ain't gonna save themselves. NT by 12/20/2010, 6:50pm PST Thanks, this will help with Max Weinberg's netbook. NT by 12/17/2010, 5:18pm PST Psh, I just used a System Restore point. NT by 12/20/2010, 10:56am PST |
