Dope Wars virus has got rid of My Computer, My Documents, Run, System Restore..

Dope Wars virus has got rid of My Computer, My Documents, System Restore..

Hi all, I’m a complete computer n00b (the limit of my ability being able to run HJT and post a log) so with any tech advice, please go verrrryyy slowly

Many thanks in advance

Shaun

How it happened
I was running a refurbished (purchased in Dec 07) IBM X31 Thinkpad. It worked a pleasure for 8 months until I did something stupid. I’m usually pretty prudent with watching out for viruses/malware but this time, common sense eluded me.

I was admittedly looking for a free registration key for Dope Wars (a small computer game that you can play for free but requires registration for the higher levels) and came across a site which directed me to an .exe file (fyi, this was the link – if you open it, you still need to click ‘download’ to actually get the virus but I would STRONGLY ADVISE AGAINST VISITING THIS SITE http://soft-portal08s.com/software/keygen-dope%20wars%202%202%20registration%20serial%20key/422/0/)
. I usually know to be suspicious of this kind of thing, but as I said, I was being stupid and I downloaded and opened it.

What the virus is doing
It ran a virus which is the worst I’ve ever seen; it removed the My Documents and My Computer folders from my desktop, removed the Control Panel, Applications, Run and other toolbars from my start menu which means I can’t access System Restore. It also changed my desktop background to a skull and cross bones and when I turn the computer on, it comes up with multiple error messages saying that I have a virus on my computer (I don’t know if these are genuine or part of the virus).

Also, it came up with a 100 phoney messages from “Norton Antivirus 2008” saying that I had viruses that needed to be removed and that I should click a link. Even though I don’t have NAV 2008. The bottom-right hand corner for Windows Security (again, I don’t know if this is real or genuine) comes up with messages saying “565 viruses found on your computer”, “879 viruses found on your computer”, “1239…” etc.

What I tried to do
I had AdAware Home in a folder on the desktop and the virus seems to have missed that – I ran it and it showed up some viruses (which I deleted) but otherwise it has done nothing. I also downloaded the Malwarebytes Anti-Malware program as recommended but when I tried to run it, it came up with the Error Message ARM1054,2. I don’t think downloading and running this program would have been a problem before I received this infection.

Help!
So I can’t get rid of the virus, can’t System Restore it and I don’t want to connect it to the internet in case it somehow spreads or makes it worse (so I have turned my router off). Ideally, I would like to somehow revert my hard disk so I don’t lose any data (I have some stuff backed up, but not recent files which I don’t want to get rid of).

Is there some sort of virus-cleaner USB key thing that I can buy online, plug it in, and it magically deals with all my viruses?

If I reformat and reinstall windows, is there any way to get my important files back (mostly, some important documents, pictures from my trip to Poland and some mp3s)?

Please advise!!

HJT log….

I took some photos of what exactly is wrong with it...


Start-up...
http://img135.imageshack.us/img135/3026/cimg4123yb3.jpg

As you can see, I can't access "RUN" or "System Restore"...
http://img133.imageshack.us/img133/176/cimg41231ko0.jpg

http://img292.imageshack.us/img292/3671/cimg41232wb8.jpg

I didn't install Antivirus XP 2008. I assume it is part of the virus...
http://img149.imageshack.us/img149/3888/cimg41233wf0.jpg

Then windows seems to die and this message comes up...

http://img247.imageshack.us/img247/5926/cimg41234hg9.jpg

http://img247.imageshack.us/img247/8291/cimg41235hp9.jpg

This pic shows all the desktop icons NOT added by me (also, the desktop background is part of the virus)... Also note that the icons for MY DOCUMENTS and MY COMPUTER have been deleted...

http://img390.imageshack.us/img390/9782/cimg41236gn1.jpg

 

Hi thanks very much for your response, but the guys at Virus Vault also seem willing to handle this. Mods, please lock this thread or forward discussion to http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/1203/

Many thanks once again