system fix - RUN!! Or something

XP Pro, SP3, current updates, Comodo, A^2, Lenovo T60p Dual CPU - 2.1 ghz, 15.6" screen, 3 Gb computer memory, 3 cent operator memory

While minding my own business I suddenly saw 5 zillion error messages cascade their way down across my screen! When the screen was full there was a pause; then a big notice popped up in the lower right saying there was a problem with my hard drive. :cry :mad :eek :guns :crap :boxing

Before I even absorbed that, an "app" called "System Fix" appeared on my task bar and a popup scanned the system and told me that my hard drive, my memory and the system in general were all shot full of holes and offered to fix everything for me for $30 to buy their System Fix program. (Like a piece of software will repair a hard drive.) I think it actually could have actually reversed the mess perhaps, but I'm gradually getting piece after piece back in place.

Before it was done I had NO desktop (I didn't know until now that you could do a setting that turns off all icons on your desktop and makes it dead) and the task bar was empty, part of that having been the Quick Launch portion, except for a couple of icons in the system tray, but an ad popped up offering a discount on the advanced version of the System Fix software to fix everything.

(By now I'm definitely calling System Fix a virus.)

By that time I had killed my internet connection and rebooted, only to watch the exact thing over again (minus downloading more crap), but I learned that I could hit ALT-F4 and halt the process and even start reversing the cascade of 20 or so error messages on the screen one at a time - for about 30 seconds, then it all started over again.

------------------------------------

Fortunately I had an old but usable full system backup and booted that from an external USB drive. Eventually I started accessing the main drive and finding out how bad things were.

Somehow it had disabled my Comodo firewall as well as my anti-malware system watch app. It set up a temporary folder and moved everything from my desktop folder to this new one. Same for my Start Menu folder - some other vital folder I'm too numb to remember. It also went through just about everything in the system and set all files and folders to read only and hidden. And offered, again,to sell me something to fix everything.

Was I wrong calling this a virus?

 

"Fake Alert" is used these days. Glad you got control of things. Good Luck

 

You got hit by what is called "ransomware." You will likely have to do a clean format and install of windows to really clear things up.

 

Thanks. I'm not sure what you mean by Comodo what. That's the number one rated firewall nowadays.

A^2 is from Emsisoft of Europe. The actual name is Emsisoft Anti-Malware Suite. It has a growing usership for a very good reason. And an American virus research company rated it as number 1 by a hair and MB as number 2 this year.

I've had a paid full subscription version for years and this is the first time anything has gotten past the system watchdog or the website watch list. Their signature list is larger than MB's. Their web site watch list is also unsurpassed. It blocks junk that Comodo let's through probably 10 or 20 times per surfing session. I scan regularly with it and often add scans with MB and SAS.

In all those years MB has caught one trojan that A^2 missed, but in a scan from the backup drive, it did not see this one while A^2 did. Of course SAS gets cookies that no one else gets. That's why I run more than one scanner - they "cover the waterfront." But I never have more than one watch dog going at once. Except that Comodo once turned it's Defense+ on without my permission.

 

Give this page a look it should help you out.
http://www.bleepingcomputer.com/virus-removal/remove-system-fix

 

I was looking at that last night. There are some good points in there, but either system fix has evolved since then or I got a different version and some of their fixes are no longer usable.

They are going on the premise that nothing is genuinely harmed and killing the virus will eventually get you where you want to be if you make certain changes. I killed the virus by hand from the backup drive, but this version of system fix actually moved some important directories into nested temporary folders (which it took me hours and hours to find, even working from an uninfected system), making some of their fixes impossible.

They put in a lot of different kinds of problems, making it very, very complex to repair, as you can see at the site you mentioned. Then with the moved directories it's worse yet.

 

After the removal of the virus you can also checkout this page to help with the restore of the missing files:
http://www.smartestcomputing.us.com/topic/46010-how-to-restore-files-hiddendeleted-by-a-virus/