I was unfortunate enough two days ago to have my PC infected with undoubtedly the worst bit of malicious software I have seen.
It is called "Windows XP Recovery" and completely blocks access to your own system. It tell you all folders are empty and every few seconds you get critical error messages. A dialogue box appears and pretends to run a scan of your system and reports multiple errors and then takes you to a website to buy their software.
This malware is an absolute bastard to get rid of and it took me most of yesterday to get access back to my PC. It disables safe mode startup, and when you try to run an antivirus or anti malware program, as soon as it hits one of the files connected with the malware it restarts the PC.
The worst thing is that now that I have control of my system back virtually every setting on my PC has been screwed up and changed.
It will take me days if not weeks to get back to normal.
And the worst thing is that this f.....g program also disables and screws up System Restore.
If you are unlucky enough to get this infection PLEASE get rid of it as soon as you can.
My PC is well protected with firewall and antvirus but still it got through. I have no idea how I contracted it.
Chris S.

Hi Chris

This is similar to the one Nathan got a few month back. I used Rkill on it and it worked really well. You can google Rkill and find out more info. As Nathan's laptop wasn't able to download it I downloaded it to my computer and used a usb key to download it into Nathan's computer. No problems since.

Tracy

Hi Chris, I had it a few months back and had a friend come and help me. Like yourself I have firewalls and anti-virus but this one got through. It continued to tell my that it had scanned my computer for free and found thousands of virus's, but it would cost me $xxx to remove them and install this software.

Luckily my friend took my computer back to a safe point, removed the virus, and restored the system, cleaning it up in the process.

I would love to get my hands on the little scrotes that create these things.

I had something similar a couple of weeks ago.

If you can get into task manager, look for a process called "oko.exe" and kill it (that stops the pop-ups.) You'll have to find and kill this process a lot while you're fixing the problem.

If you have Malwarebytes, you can rename the .exe file to a .com and run it without the malware knowing what you are doing. Malwarebytes generally cleans up those kinds of malware quite handily.

Hi guys
Thanks for the comments
One of the other things it did was to disable Task Manager!
It was Malwarebytes that finally got me thru - each time I ran it it dealt with one of the files of the infection but then Windows closed down
I had to run various cleaners and anti malware programs about 20 times before I got back in
Chris

Mike:

You ane I both. I could easily strangle one of those little azzholes without batting an eye.

Chris....Sorry to hear this bad news, old friend....

Little late in the game to be mentioning this...but Trend Titanium anti-virus is a very good system...and I've had a handful of different av systems. They have software for both Windows and Mac.

Looks like its been a tough years for a few of us with these computers...or websites.

Good advice is to always back up important files on a regular basis, whether to CD, DVD or pen-drive

Imagine nearing the end of your book on the PC only to lose it all to a bit of malware...

I experienced the same infection as Chris today at work. Early this morning, I suddenly got a popup message that announced the end of the world as I knew it - massive malware infections and my only hope was to buy the software there and then to save it all.

I knew it was bogus right away, since these people had misspelled 'Unregistered', and I called our IT people.

Malwarebytes did the trick, but it took them about 6 hours and numerous settings were altered. The malware had actually removed the .exe from any associations, so nothing could be launched. And it didn't get it all the first two times. I had to reboot 4 times today. What a pain.

For future reference:

http://www.geekradio.com/2006/06/26/jay-lees-patented-spyware-removal-system

http://farm4.static.flickr.com/3102/2784900372_e905fa7a7c.jpg

Tim:

You mean you got the infection without even clicking on a link...or opening an email ?

I'm having one fizzzzzzzzzzzuck of a time with this IE9. My stupid Honko-Polack ass decided to give it a go...and I was ready to pull out the 10 gauge because I had to reboot 6 fizzucking times to get PB to work. What a pain in the tentacles.

I'm done for the day...I am too pissed off. I think I'll go kick Nina.

It got infected somehow, but I am careful what sites I visit (this was at work) and all incoming email is scanned anyway. I must have picked it up from one of these sites, but these are news sites and political blogs of good repute, so I am at a loss to explain.

Dump IE9 and get Firefox or Avant. I use Firefox at home, and the wife uses avant, and I've never had any problems as overwhelm IE. That's a fool's game, and it'll break you.

Tim:

Please, whenever you get a chance to drop your knife and fork...gimme the destructions on removing this IE9 and installing Firefox.

The reason I ask is that you might know shortcuts and I'm all about shortcuts.

You can download Firefox from http://www.mozilla.com/en-US/firefox/new/

You don't have to uninstall IE9 - just select Firefox as your default browser and let IE9 rot where it sits.

You might also look at Avant, but Firefox works well for me and it is a LOT easier to use to deal with images.

Tim;

Thanks. I installed it and it works fine.

Tim:

You mean you got the infection without even clicking on a link...or opening an email ?




You know the worst sites for these particular rogue programs? Newspapers! I **** you not. Small, regional newspapers starved for advertising revenue are the worst offenders. They are far from the only ones, for sure, but it's amazing how many of them have this crap in their ad rotation.

Usually they are embedded in an iframe just like any other advertising--that's the problem with these bastards. They are walking the finest of lines between "aggresive business practices" and "illegal hacking".

Mag:

Not sure if this is true or not...but I've heard that viruses can be transmitted through emails simply by reading the email...and not opening any attachments which accompany them.

Izzit so ?

Mag:

Not sure if this is true or not...but I've heard that viruses can be transmitted through emails simply by reading the email...and not opening any attachments which accompany them.

Izzit so ?


It certainly used to be true. Dunno how common it is now--usually emails are scanned at the server level these days so infected mails don't make it to your account. I suppose it would depend on what mail client you use these days.

We got a frantic call from one of my bff's tonight.

She'd been reading a few emails, one from a mac
user, the other from a windows pc and as she left
the email program, she got a pop up telling her she
had 29 "issues" and for a mere $99 they'd fix it
for her. She hadn't even fired up IE yet. It had a
very official sounding name like "MS Windows 7
Security and Firewall Center" but it's just an
updated and more sophisticated version of
the old AV2009, which is a real hard disc killer.

She told him her Macafee had been disabled which
surprised him as he'd built this machine for her and
since AV2009 had killed the hard drive in my laptop
and disabled my Macafee two years ago, he'd stop
using it and started using MS Security Essentials.
The one feature I like about MS SE is, if you do
a google search, it will sometimes say "this site
will harm your computer" within the search results.
Pretty handy.

What version of windows were you using? In other words was it the new windows 7? Or just xp.

Hi
My OS is Windows XP SP3

The only legacy I haven't found a general fix for is that when I go to All Programs listing via the Start button, all are showing as empty. All the shortcuts have been deleted and I am having to recreate them all manually.
A pain but minor compared to the other damage inflicted.
To endorse what Tim said, I am very careful about what sites I visit and always run firewall and AV and all incoming e-mail are supposedly vetted for malicious content by BT Yahoo.

It seems to be a very recent incarnation of a previously known virus:
This summary (from howtoremoveit.com) sums up exactly what I experienced:
"
Windows XP Recovery Description

Windows XP Recovery, reported today, is the latest spreading infection out there. Popular infection gets the most popular category on Howtoremoveit, fake security program. Left alone, this infection can possibly cause even further problems to your system. Windows XP Recovery can install and infect a computer without any permission from the end user.
Windows XP Recovery Symptoms


Once the infection is installed, the application immediately starts a fake scan of the machine. A number of fabricated security alerts and error messages are also launched by Windows XP Recovery. This fake scan produces a false results screen, attempting to entice the user to buy the program. Please get in touch with your credit card company if you bought it.
Windows XP Recovery Distribution

With so many possibilities, it is tough to say how Windows XP Recovery got installed on your computer. Camouflaged as a legit window’s screen, a not real scanner webpage is commonly the way this infection gets onto machines. Sometimes the infection will look like a legit Flash update or video codec. Once run, the payload is actually Windows XP Recovery. If left on the computer, the damage caused by Windows XP Recovery can worsen and accelerate, so speedy removal is important."

Please be warned that there are versions of this infection in circulation for Windows Vista and Winsows 7
Please see:
http://www.pc1news.com/news/1932/windows7recovery.html

Dear Chris:

Thanks for sharing this latest update.

By the way, Tim's advice on using Firefox Mozilla might actually be the smartest (of the very few smart) things he's ever suggested. I can't believe how quickly Mozilla operates. Its definitely better than IE...and is really simple to install.

I picked up this infection, or a version of it (Vista Internet Security), twice recently. These infections claim to be virus detection alerts and offer to clear your computer if you purchase their software but of course there is no software and the entire thing is a malicious scam rendering your computer useless.

As to removal, the following may be of interest: Suggested removal techniques are on the Web but they are complex and involve Registry changes. I tried System Restore but got messages saying the System Restore .exe file could not be found. On the offchance I tried rebooting and logging in on my wife's profile and thankfully found it to be uninfected. I accessed System Restore from this second profile and restored to an earlier time. On reboot my own profile was back to normal.

I mention this in case anyone with an infected computer has a second profile available and wants to try. It worked for me.

It was interesting to learn where my infection came from. Of course, Howard always says that.

At my work, a large international engineering company, some doofus of a network admin used his admin status to bypass the network safety features so he could access and download files from a site that was otherwise forbidden. The infection came in with his download and infected the corporate intranet. Several dozen computers, mine included, were infected simply from being on the corporate intranet, where to/from activity is constant.

I got off light, but it took about 6 hours to clear the problem. Dunno about the network admin; I suspect he didn't fare as well.

Flash drives are so cheap these days that one should consider loading one with malwarebytes and other similar programs, to have ready in time of need.

some doofus of a network admin used his admin status to bypass the network safety features so he could access and download files from a site that was otherwise forbidden.- T.Mosley

Lucky you didn't get canned for the goof Tim. Wise up.

Perfect Virgo...thanks for sharing the advice and sorry to hear of your troubles...these recent attacks on members of the Forums make those irritating penis enlargement ads ( like I need to get bigger ! Ha ! ) and Nigerian money scams seem like a walk in the woods.

Again, for those considering swishing, er, switching...to a new anti-virus...Trend Titanium is very good.