Viruswebprotect 2008

Discussion in 'Malware Help (A Specialist Will Reply)' started by FNotman, Oct 5, 2008.

  1. FNotman

    FNotman Private E-2

    Nastiest virus Ive EVER seen - snook into my daughter's comp via a Dled (from bittorent)game, which she DIDscan with AVG.
    Sh was playing the game - paused it to goto lunch, came back - all hell had broken loose

    Things Ive found-out so far about it and things its done to us.
    1/ IF we can get Windows Explorer up, we cant see the C: drive
    2/ cant get windows explorer up anyways, its taken it off the Start menu.
    3/ its also removed the "all programs" tab from start menu - so we cant directly start progs.
    4/ the execute tab is also gone - so cant get DOS mode
    5/ Config screen, network, etc section gone as well.
    6/ We've lost all administrator privilages
    7/ We cant Alt.CTRL/Del to get Task manager
    8/ Safe mode wont start - after about 10-20 seconds on black screen , system reboots.
    9/ AVG cannot find it
    10/ SuperSpyWare cannot find it
    11/ Can NOT access any web pages - wont allow us _ BUT
    12/ DAREN'T access web pages anyways as
    13/ Its inviting an external attack.
    14/ keeps trying to start IE by giving false virus messages then wants to report them. Another way of inviting an attack.
    15/ According to write-ups it also has its own SMTP system.
    16/ its remapped the keyboard (just incase we do get the web browser to work), Ive found the : -eventually- but still cant find the / )
    17/ hangs when I try system restore
    18/ When starting safe-mode I get a message at bottom of screen something like "if you dont want to run SPDT.SYS then press ESC" - pressing of which apears to have no effect. This is not surprising as the messsage is in English - my daughters comp is in Dutch.

    As I say - SuperVirusprotector DID find a lot of stuff - some of which obviously belonged to it - it APPARENTLY deleted it all, however - after a reboot it was still there.
    Fortunately - it seems I still have some of my old (VERY OLD - I was a system cracker for a NATO project 30 yrs ago) hacking skills. I managed to access the C-disc (using Mozilla) and deleted all its control files and renamed -wouldnt let me delet it- the .exe) - it doesnt appear to start-up now

    SO - now "all" ive got to do is undo all its damage - dammed if I know how to do that as the key is probably getting back into Administrator mode first - which - without an administrator could be a challenge.
     
    FNotman, Oct 5, 2008
    #1
  2. FNotman

    FNotman Private E-2

    Re: Viruswebprotect 2008 - latest status

    I realised I must still have Administrator privilages or I couldnt have installe the scan prog. Ive now managed to re-instate most of the start menu.
    my main problems now are
    1/ Still cant boot safe mode - reboots after about 25-30 seconds of blank screen
    2/ STILL cant see the C: disk on Windows explorer, and yet I CAN scan it with AVG etc.
    3/ no idea how to get Task manager screen back - cant get it by either Ctrl/alt/del or Ctrl/shift/esc
    4/ Cant get teh all progs tab on Start - though thi scould be a manifestation of making C: visable.
    5/ cant get the logoff, suspend buttons on start either
    6/ Cant get Windows explorer on start - so i have to 1st go to config
    7/ have found the ANNOYING message "VIRUS ALERT" at bottom right (beside clock) is coded into the My computer, properties screen, 2 lines under computer name. Would lik eto get that off as well.
     
    FNotman, Oct 6, 2008
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks

    Pressing the Windows key+e key will bring up Explorer if explorer will run at all.

    Where did you say this? And this is malware anyway so why are you running it? Or am I miss reading what you are trying to say here. Did you mean to say the fake program named Viruswebprotect 2008 falsely indicated a bunch of problems that it created??


    It is probably disabled in the Registry but registry editing may also be disabled.

    Do your best to complete all of the below. As stated, do not stop if something does not work. Keep going!!!


    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    chaslang, Oct 8, 2008
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds