Very Bad Virus on XP - TTLG Forums

lost_soul on 19/11/2008 at 08:06

Recently I went on a trip and was forced to use the Windows partition on my laptop... Sure enough, I let someone who is inexperienced with computers use it for a couple of hours and I ended up with some crap called "VirusResponse Lab 2009. This thing is fake security software. I "removed" it by reverting to a system restore point from way back... but I know that is no solution! If I were the one writing these things those restore points would be the first thing I would attack... Anyway, I'm planning to wipe the drive and reinstall when I'm bored. It's the only way to be 100% sure this malware is gone gone gone! I especially enjoy the dialogue boxes that look all pretty but have spelling and grammatical mistakes in them... "you (not your) PC still infected with spyware!" hehehe

nickie on 19/11/2008 at 08:33

Personally, I'd follow (http://www.bleepingcomputer.com/malware-removal/remove-virusresponse-lab-2009) these very clear, detailed instructions for removal before I did anything else.

If you've done a system restore, you could always search for any of the associated files listed at the bottom of the page as a doublecheck.

lost_soul on 20/11/2008 at 01:03

While looking over those removal instructions, one thing puzzles me. Why is it that the bad guys use the actual name for their software in the registry? Wouldn't it make more sense to call it something completely unrelated and thus have it be much harder to find/remove? Perhaps most of those guys are not that sophisticated, or maybe they just don't have as evil of a mind as I do. :devil: I remember reading about polymorphic viruses and the like while going to college.

nickie on 20/11/2008 at 07:29

But there are 7 or 8 registry files that don't have the name in them. And if you did search just for the name then those files will remain on your pc undetected. These bad guys aren't as bad as some bad guys though!

But however many bad guys there are out there, there are many good guys doing battle to stop them. :)

rachel on 20/11/2008 at 22:06

Frankly, if what Phantom described happened on my rig I'd just do what TBE said: nuke Windows and do a clean reinstall.

Yes, it's an inconvenience. But we waste far too much time dealing with this sort of shit, in the end it's just not worth it. How many hours did he spend already trying to get rid of this, looking for fixes, etc.? Ten? More? Backing up and reinstalling takes only a half-day to get everything running as you like it. It's a no-brainer.

inselaffe on 20/11/2008 at 22:29

And I was gripped by that deadly phantom.

Infernalis on 20/11/2008 at 22:41

But it doesn't sound like a virus anymore. Explorer randomly crashing has probably been caused by a core system file being deleted when removing the virus's he found.

To fix this, you shouldn't need to re-install. Try these two things first:

First, run any updates there are for vista, there's a good chance the system file you lost is going to updated or replaced in the updates.

Second, go into the Event Viewer mmc ((http://windowshelp.microsoft.com/Windows/en-US/Help/1a8df084-bd58-4c60-8b62-c5bc3e08a09b1033.mspx) linkage) and copy and paste the critical errors you see here.

sNeaksieGarrett on 21/11/2008 at 00:14

Infernalis, for the file being deleted he can use the windows disc.

Quote Posted by sNeaksieGarrett

Once your computer is rid of the virus, run SFC (system file checker.) I've done it before in XP, but it appears vista has it too: (http://www.tech-recipes.com/rx/2231/vista_run_system_file_checker/) WARNING: As it says, you need a windows DVD, so if you don't have one for vista then forget this....

Infernalis on 21/11/2008 at 03:18

yeah, that'll do it!

*not to self: read posts: