Windows Restore Virus
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
  1. #1
    Facebook Knows All
    Points: 272,658, Level: 100
    Level completed: 0%, Points required for next Level: 0
    Overall activity: 30.0%
    Achievements:
    SocialVeteran50000 Experience Points
    cycloneworld's Avatar
    Join Date
    Mar 2006
    Location
    NE Oklahoma
    Posts
    16,911
    Points
    272,658
    Level
    100
    Thumbs Up
    Received: 677
    Given: 396

    Windows Restore Virus

    It's on my laptop...I've read several articles about how to remove it but they don't seem to work. I've tried running Anti-Malware but it doesn't find anything or it freezes part way through the scan.

    Any ideas?



  2. #2
    Addict
    Points: 123,613, Level: 100
    Level completed: 0%, Points required for next Level: 0
    Overall activity: 11.0%
    Achievements:
    SocialVeteran50000 Experience Points
    ianoconnor's Avatar
    Join Date
    Nov 2007
    Location
    Des Moines
    Posts
    7,523
    Points
    123,613
    Level
    100
    Thumbs Up
    Received: 530
    Given: 1,115

    Re: Windows Restore Virus

    Boot in safe mode, install malwarebytes, run it. Also go into msconfig to the startup tab and disable the virus .exe on startup. It should be a jumble of random letters as the description.



  3. #3
    Hall-Of-Famer
    Points: 39,201, Level: 61
    Level completed: 12%, Points required for next Level: 1,149
    Overall activity: 6.0%
    Achievements:
    Veteran25000 Experience Points
    tman24's Avatar
    Join Date
    Feb 2008
    Posts
    4,065
    Points
    39,201
    Level
    61
    Thumbs Up
    Received: 21
    Given: 30

    Re: Windows Restore Virus

    Quote Originally Posted by ianoconnor View Post
    Boot in safe mode, install malwarebytes, run it. Also go into msconfig to the startup tab and disable the virus .exe on startup. It should be a jumble of random letters as the description.
    do this. also run rkill. it will stop any virus process running so malwarebytes and remove the virus.

    Bleeping Computer Downloads: RKill


    Hooray for Metaphors!

  4. #4
    Facebook Knows All
    Points: 272,658, Level: 100
    Level completed: 0%, Points required for next Level: 0
    Overall activity: 30.0%
    Achievements:
    SocialVeteran50000 Experience Points
    cycloneworld's Avatar
    Join Date
    Mar 2006
    Location
    NE Oklahoma
    Posts
    16,911
    Points
    272,658
    Level
    100
    Thumbs Up
    Received: 677
    Given: 396

    Re: Windows Restore Virus

    I tried the rkill process and then ran Malwarebytes but MB keeps freezing. Also, I can boot in safe mood...get hung up on crcdisk.sys and it won't go any farther.



  5. #5
    Legend
    Points: 387,777, Level: 100
    Level completed: 0%, Points required for next Level: 0
    Overall activity: 7.0%
    Achievements:
    SocialRecommendation Second ClassVeteran50000 Experience Points
    bos's Avatar
    Join Date
    Apr 2006
    Posts
    24,023
    Points
    387,777
    Level
    100
    Thumbs Up
    Received: 779
    Given: 626

    Re: Windows Restore Virus

    Malwarebytes wont get it. Its a hidden exe in most cases. Do you have a non infected account on the laptop that you can log in as? Which version of windows?



  6. #6
    Hall-Of-Famer
    Points: 39,201, Level: 61
    Level completed: 12%, Points required for next Level: 1,149
    Overall activity: 6.0%
    Achievements:
    Veteran25000 Experience Points
    tman24's Avatar
    Join Date
    Feb 2008
    Posts
    4,065
    Points
    39,201
    Level
    61
    Thumbs Up
    Received: 21
    Given: 30

    Re: Windows Restore Virus

    Quote Originally Posted by cycloneworld View Post
    I tried the rkill process and then ran Malwarebytes but MB keeps freezing. Also, I can boot in safe mood...get hung up on crcdisk.sys and it won't go any farther.
    how olds the computer? are you able to back up valuable informaiton? might be worth it just to wipe it and reinstall windows.

    as for the crcdisk.sys i search a bit and found

    Startup hangs at crcdisk.sys in vista - Operating Systems

    Goto a command prompt and run the following commands:
    • cd \windows
    • del *pcmcia*.* /s/p
    • del *1394*.* /s/p


    Dont know what exactly it does but might be worth it.


    Hooray for Metaphors!

  7. #7
    Hall-Of-Famer
    Points: 39,201, Level: 61
    Level completed: 12%, Points required for next Level: 1,149
    Overall activity: 6.0%
    Achievements:
    Veteran25000 Experience Points
    tman24's Avatar
    Join Date
    Feb 2008
    Posts
    4,065
    Points
    39,201
    Level
    61
    Thumbs Up
    Received: 21
    Given: 30

    Re: Windows Restore Virus

    I guess before you delete stuff run hard drive diagnostics. see if hard drive is jacked or not


    Hooray for Metaphors!

  8. #8
    Legend
    Points: 387,777, Level: 100
    Level completed: 0%, Points required for next Level: 0
    Overall activity: 7.0%
    Achievements:
    SocialRecommendation Second ClassVeteran50000 Experience Points
    bos's Avatar
    Join Date
    Apr 2006
    Posts
    24,023
    Points
    387,777
    Level
    100
    Thumbs Up
    Received: 779
    Given: 626

    Re: Windows Restore Virus

    Go into the C drive. Go up to Organize>File and Search Options. Go to the View tab and uncheck "Hide Extensions for known file types", Hide Operation System files", and check "show hidden files, folders, and drives" Once you have applied this, use this link. It has places to look for the rogue exe.

    How To Remove Windows Restore Virus / Malware | Fix My Computer With Expert Support Now

    Most cases its only under your user folder and its hidden. Sometimes it can get into other users' folder but its very rare.



  9. #9
    Facebook Knows All
    Points: 272,658, Level: 100
    Level completed: 0%, Points required for next Level: 0
    Overall activity: 30.0%
    Achievements:
    SocialVeteran50000 Experience Points
    cycloneworld's Avatar
    Join Date
    Mar 2006
    Location
    NE Oklahoma
    Posts
    16,911
    Points
    272,658
    Level
    100
    Thumbs Up
    Received: 677
    Given: 396

    Re: Windows Restore Virus

    Quote Originally Posted by bos View Post
    Malwarebytes wont get it. Its a hidden exe in most cases. Do you have a non infected account on the laptop that you can log in as? Which version of windows?
    I unhid everything per bleepingcomputer, ran rkill, ran MB. And no, I don't have another log in.

    I read somewhere that I need to change the mbam.exe (malwarebytes) file Name and run in quick scan mode. That worked, found infected files which I removed but it doesn't seem to fix the problem. Grrr.



  10. #10
    Legend
    Points: 387,777, Level: 100
    Level completed: 0%, Points required for next Level: 0
    Overall activity: 7.0%
    Achievements:
    SocialRecommendation Second ClassVeteran50000 Experience Points
    bos's Avatar
    Join Date
    Apr 2006
    Posts
    24,023
    Points
    387,777
    Level
    100
    Thumbs Up
    Received: 779
    Given: 626

    Re: Windows Restore Virus

    Quote Originally Posted by cycloneworld View Post
    I unhid everything per bleepingcomputer, ran rkill, ran MB. And no, I don't have another log in.

    I read somewhere that I need to change the mbam.exe (malwarebytes) file and run in quick scan mode. That worked, found infected files which I removed but it doesn't seem to fix the problem. Grrr.
    Yep, you have to root out the exe manually. Antispyware apps are getting more and more useless. I take it when you try to bring up task manager the app kills it?



  11. #11
    Facebook Knows All
    Points: 272,658, Level: 100
    Level completed: 0%, Points required for next Level: 0
    Overall activity: 30.0%
    Achievements:
    SocialVeteran50000 Experience Points
    cycloneworld's Avatar
    Join Date
    Mar 2006
    Location
    NE Oklahoma
    Posts
    16,911
    Points
    272,658
    Level
    100
    Thumbs Up
    Received: 677
    Given: 396

    Re: Windows Restore Virus

    I can bring up task manager. I was told to end suspicious processes (jumbled letters and numbers). Which I did. Otherwise everything freezes shortly after startup.

    Thanks for your help with this! (I'm a complete computer idiot)



  12. #12
    Legend
    Points: 387,777, Level: 100
    Level completed: 0%, Points required for next Level: 0
    Overall activity: 7.0%
    Achievements:
    SocialRecommendation Second ClassVeteran50000 Experience Points
    bos's Avatar
    Join Date
    Apr 2006
    Posts
    24,023
    Points
    387,777
    Level
    100
    Thumbs Up
    Received: 779
    Given: 626

    Re: Windows Restore Virus

    Quote Originally Posted by cycloneworld View Post
    I can bring up task manager. I was told to end suspicious processes (jumbled letters and numbers). Which I did. Otherwise everything freezes shortly after startup.

    Thanks for your help with this! (I'm a complete computer idiot)
    Write down the processes, go to the places I put in the link up there. If you see any of them listed as an exe in those locations. Kill the process, and then delete the file.



  13. #13
    Facebook Knows All
    Points: 272,658, Level: 100
    Level completed: 0%, Points required for next Level: 0
    Overall activity: 30.0%
    Achievements:
    SocialVeteran50000 Experience Points
    cycloneworld's Avatar
    Join Date
    Mar 2006
    Location
    NE Oklahoma
    Posts
    16,911
    Points
    272,658
    Level
    100
    Thumbs Up
    Received: 677
    Given: 396

    Re: Windows Restore Virus

    Quote Originally Posted by bos View Post
    Write down the processes, go to the places I put in the link up there. If you see any of them listed as an exe in those locations. Kill the process, and then delete the file.
    I didn't find anything in those places in the link. Tried a full MB scan and for the second time, it froze exactly when scanning PurblePlace.all in the games folder...



  14. #14
    Hall-Of-Famer
    Points: 110,882, Level: 100
    Level completed: 0%, Points required for next Level: 0
    Overall activity: 13.0%
    Achievements:
    Veteran50000 Experience PointsSocial
    ruxCYtable's Avatar
    Join Date
    Aug 2007
    Posts
    4,268
    Points
    110,882
    Level
    100
    Thumbs Up
    Received: 379
    Given: 402

    Re: Windows Restore Virus

    Quote Originally Posted by cycloneworld View Post
    It's on my laptop...I've read several articles about how to remove it but they don't seem to work. I've tried running Anti-Malware but it doesn't find anything or it freezes part way through the scan.

    Any ideas?
    It is nasty. I was fortunate I had a buddy in the IT dept at work who gave me a Windows XP ERD CD. I ran that and reinstalled Malwarebytes as well as MS Security Essentials and it worked.



  15. #15
    Starter
    Points: 71,335, Level: 82
    Level completed: 94%, Points required for next Level: 115
    Overall activity: 1.0%
    Achievements:
    Veteran50000 Experience Points
    Cyballz's Avatar
    Join Date
    Aug 2009
    Posts
    898
    Points
    71,335
    Level
    82
    Thumbs Up
    Received: 65
    Given: 26

    Re: Windows Restore Virus

    I had that **** last week and just ended up wiping it clean and reinstalling. I had a search engine redirect virus too, so every time I clicked on a site from a search engine it routed me somewhere else.


    read this post quickly - it might not last long

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
  • TV: Cyclones.tv
  • HOOPS: Iowa State vs. Mississippi Valley State
  • December 31, 2014
  • 06:00 PM