I have been hit by an absolutely impossible new virus. Only in the past 3 months or so the internet has become covered in this aggressive new virus. My system has been hit 5 times in only one month! Its been expensive since Microsoft no longer provide original disks with laptop purchase.
For many years I have removed occasional viruses that infect my computer. But these incidents have been fairly rare. And if things get difficult you resolve the issue with a complete reinstall. But this new virus has been the most difficult I have ever come across and even reinstall has not worked [non-disk reinstall].
Scans discoevered Mazbet, APPL.nircmd - but I think these are aliases the virus uses.
None, NONE, of the virus software can detect and remove it. I have so far tried Norton, MacAfee, Kaspersky, AVG, Combofix, and more and nothing works. The virus even remain active in safe boot. And on reinstall it STILL stays on. MS doesn't provide original disks anymore. New laptops comes with partitioned drives with boot feature - but with this virus its impossible to do a complete reinstall without disks.
The virus has now become so bad it has transferred itself to my external drive and my partition drive. I can identify it by the locked System Volume Information folders it creates in every drive and the desktop.ini that starts to appear in almost all main folders. Gradually over the span of several days it starts to work by locking you out of more and more system folders, and then causing massive problems.
HOW IT INFECTS YOUR COMPUTER
The way this virus infects the computer is from images on google. I got it when I was looking at a picture in a Google search and clicked to enlarge it. Immediately I was given a message a "virus-scan" was being done on my system. The webaddresses where this virus originates from usually end with a cc or cn. However, this message is fake and there is no way for you to stop this 'scan' [download]. Its done automatically and it goes fast. It doesn't give an option for you to close out. You have to immediately shut down your computer before it manages to install itself because you can't stop it [I stopped a friends computer from the same infection by shutting it off].
After it infects your system, it either copies or hijacks a new System Volume Information folder (locked). This creates a $RECYCLE.BIN folder with desktop.ini files. Once it is well infected you get messages on shut down: it says your windows updates are being optimized. This takes forever. Its not; its the virus and you need to force a shut down even when it looks like it is already on the way of shutting down or it hijacks even more system drives.
On restart it again gives a similar message that it is initializing your windows updates. These are fake windows messages.
The desktop.ini files act like a hydra: everytime you delete any of these, they reappear. The files it creates will carry different dates and not necessary the current dates. One had a date going back to 2007. So doing a restore to another date doesn't help.
The longer the virus remain untouched the more damage it starts to do. Eventually it will cause constant problems with your system and begin to hide folders and the recycle bin for you - and eventually, crash your entire drive. But this can take days. It works gradually.
All I know is that I tried to reinstall a new system five times with the last attack I had and still had problems with this virus.
DOES ANYONE KNOW WHAT THIS VIRUS IS AND HOW TO PERMANENTLY GET RID OF IT FROM ALL DRIVES INCLUDING EXTERNAL DRIVE??
No comments:
Post a Comment