Windows Restore Virus

cycloneworld · Jun 9, 2011

It's on my laptop...I've read several articles about how to remove it but they don't seem to work. I've tried running Anti-Malware but it doesn't find anything or it freezes part way through the scan.

Any ideas?

ianoconnor · Jun 9, 2011

Boot in safe mode, install malwarebytes, run it. Also go into msconfig to the startup tab and disable the virus .exe on startup. It should be a jumble of random letters as the description.

tman24 · Jun 9, 2011

ianoconnor said:
Boot in safe mode, install malwarebytes, run it. Also go into msconfig to the startup tab and disable the virus .exe on startup. It should be a jumble of random letters as the description.

do this. also run rkill. it will stop any virus process running so malwarebytes and remove the virus.

Bleeping Computer Downloads: RKill

cycloneworld · Jun 9, 2011

I tried the rkill process and then ran Malwarebytes but MB keeps freezing. Also, I can boot in safe mood...get hung up on crcdisk.sys and it won't go any farther.

bos · Jun 9, 2011

Malwarebytes wont get it. Its a hidden exe in most cases. Do you have a non infected account on the laptop that you can log in as? Which version of windows?

tman24 · Jun 9, 2011

cycloneworld said:
I tried the rkill process and then ran Malwarebytes but MB keeps freezing. Also, I can boot in safe mood...get hung up on crcdisk.sys and it won't go any farther.

how olds the computer? are you able to back up valuable informaiton? might be worth it just to wipe it and reinstall windows.

as for the crcdisk.sys i search a bit and found

Startup hangs at crcdisk.sys in vista - Operating Systems

Goto a command prompt and run the following commands:

cd \windows
del *pcmcia*.* /s/p
del *1394*.* /s/p

Dont know what exactly it does but might be worth it.

tman24 · Jun 9, 2011

I guess before you delete stuff run hard drive diagnostics. see if hard drive is jacked or not

bos · Jun 9, 2011

Go into the C drive. Go up to Organize>File and Search Options. Go to the View tab and uncheck "Hide Extensions for known file types", Hide Operation System files", and check "show hidden files, folders, and drives" Once you have applied this, use this link. It has places to look for the rogue exe.

How To Remove Windows Restore Virus / Malware | Fix My Computer With Expert Support Now

Most cases its only under your user folder and its hidden. Sometimes it can get into other users' folder but its very rare.

cycloneworld · Jun 9, 2011

bos said:
Malwarebytes wont get it. Its a hidden exe in most cases. Do you have a non infected account on the laptop that you can log in as? Which version of windows?

I unhid everything per bleepingcomputer, ran rkill, ran MB. And no, I don't have another log in.

I read somewhere that I need to change the mbam.exe (malwarebytes) file Name and run in quick scan mode. That worked, found infected files which I removed but it doesn't seem to fix the problem. Grrr.

bos · Jun 9, 2011

cycloneworld said:
I unhid everything per bleepingcomputer, ran rkill, ran MB. And no, I don't have another log in.

I read somewhere that I need to change the mbam.exe (malwarebytes) file and run in quick scan mode. That worked, found infected files which I removed but it doesn't seem to fix the problem. Grrr.

Yep, you have to root out the exe manually. Antispyware apps are getting more and more useless. I take it when you try to bring up task manager the app kills it?

cycloneworld · Jun 9, 2011

I can bring up task manager. I was told to end suspicious processes (jumbled letters and numbers). Which I did. Otherwise everything freezes shortly after startup.

Thanks for your help with this! (I'm a complete computer idiot)

bos · Jun 9, 2011

cycloneworld said:
I can bring up task manager. I was told to end suspicious processes (jumbled letters and numbers). Which I did. Otherwise everything freezes shortly after startup.

Thanks for your help with this! (I'm a complete computer idiot)

Write down the processes, go to the places I put in the link up there. If you see any of them listed as an exe in those locations. Kill the process, and then delete the file.

cycloneworld · Jun 9, 2011

bos said:
Write down the processes, go to the places I put in the link up there. If you see any of them listed as an exe in those locations. Kill the process, and then delete the file.

I didn't find anything in those places in the link. Tried a full MB scan and for the second time, it froze exactly when scanning PurblePlace.all in the games folder...

ruxCYtable · Jun 9, 2011

cycloneworld said:
It's on my laptop...I've read several articles about how to remove it but they don't seem to work. I've tried running Anti-Malware but it doesn't find anything or it freezes part way through the scan.

Any ideas?

It is nasty. I was fortunate I had a buddy in the IT dept at work who gave me a Windows XP ERD CD. I ran that and reinstalled Malwarebytes as well as MS Security Essentials and it worked.

Cyballz · Jun 9, 2011

I had that **** last week and just ended up wiping it clean and reinstalling. I had a search engine redirect virus too, so every time I clicked on a site from a search engine it routed me somewhere else.

Cy4Patriots · Jun 10, 2011

This came out not long ago. Give it a try.

Microsoft Standalone System Sweeper

Microsoft Standalone System Sweeper has been designed to aid users in starting an infected PC and performing offline malware scans to remove viruses, trojans, rootkits and other forms of malware effectively. It is also used if malware is hindering the user to install or start an antivirus software on the infected system, or if the applications used to detect malware are not able to find the malware on the PC.

Put it on a USB stick.

TykeClone · Jun 10, 2011

Cy4Patriots said:
This came out not long ago. Give it a try.

Microsoft Standalone System Sweeper

Put it on a USB stick.

This does pretty good and might get it to the point where malwarebytes can run. But it still does leave some remnants that security essentials and malwarebytes will find.

Cy4Patriots · Jun 10, 2011

TykeClone said:
This does pretty good and might get it to the point where malwarebytes can run. But it still does leave some remnants that security essentials and malwarebytes will find.

you mean won't find?

CyinCo · Jun 10, 2011

I had this this week. Not sure how. But it was a mess. I got malwarebytes to run and everything seems fine. I had to use my back up drive to restore a few things. Nasty.

benjay · Jun 10, 2011

This is what I did:

Boot in safe mode with networking.
Download RKill
Download and install superantispyware SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
Boot normal
Run RKill (just wait...and wait... and wait. eventually it will kick up a log file when it has finished. Do not click on any of the prompts the virus kicks up.)
Run a scan from superantispyware and fix issues
Reboot. If the Windows Recovery app doesn't auto-launch, you've made progress.

Unfortunately the damage it did might take awhile to recover from. It decided to hide almost every file on my PC for me, and it deleted my desktop icons and programs quicklaunches. It's a nasty little bastard.

Windows Restore Virus

Facebook Knows All

Well-Known Member

Well-Known Member

Facebook Knows All

Legend

Well-Known Member

Well-Known Member

Legend

Facebook Knows All

Legend

Facebook Knows All

Legend

Facebook Knows All

Well-Known Member

Well-Known Member

Well-Known Member

Burgermeister!

Well-Known Member

Well-Known Member

Well-Known Member

Help Support Us