Yet another PC meltdown

[familychoice]

Disaster's struck again, my main PC has just collapsed into a heap.

First I had a message saying McAfee had blocked a trojan but there was no further action required, followed by windows popping up all over the place with error messages and my desktop theme was replaced by a black screen.

Task manager doesn't work and after rebooting was presented with a list of hardware errors:

Delayed write failed
Failed to save all the components for the file \\system32\\00004d65 (there were loads of different versions of this)
The file is corrupted or unreadable. This error may be caused by a hardware problem.

Then System Fix (McAfee again) came up with a load of other warnings:

RAM low
Hard drive critical error
Boot sector damaged
Damaged hard drive clusters
etc. most of which it was unable to 'fix'.

All this happened very suddenly while I was minding my own business drinking a cup of tea and thinking about checking my email.

Managed to back up a few recent files (most of the drive is backed up though) but my files are disappearing from view and the folders are all now showing as empty.

I might have some time left on the guarantee but I'm guessing this is a trojan related thing that's gone in and eaten my system files. Could it be hardware related? Thy did replace the motherboard as it was part of a faulty batch, and it has been doing the ultra-slow start up on occasion recently.

All good fun, and par for the course of this year. Needless to say it's the final nail in the coffin for my continued nightmare in self-employment, but it'd be good to get it fixed if possible.

[familychoice]

Hmmm..system restore didn't work. Just did a search for system fix and it isn't part of McAfee, so they had me there. Clever stuff though, as it looked like a genuine system tool. So I have this then:

http://www.bleepingcomputer.com/virus-removal/remove-system-fix

Ho hum.

[rutty]

Crikey. That's quite a clever trojan

[familychoice]

Crikey. That's quite a clever trojan

Yeah, very, very sneaky - the error messages look very genuine, and when coupled with disappearing files really do make you think your PC is borked. I only twigged and did a search when it asked me to pay for the 'full' version. Basically it's after credit card details.

I'm going through the fix so hopefully 'll be able to remove it. I don't think it deletes any files, just hides them to make you think your PC is knackered so fingers crossed I'll be able to restore things as they were.

The tossers that make these things really are complete wankers though. I'd love to spend a bit of 1 to 1 time with the guy that made this.

[Jem]

I'd get rid of McCrappy if I were you (when you've got rid of the system fix crap).

That and Norton are the worst of the bloody worst when it comes to AV software.

[Dom]

Damn, you'll be glad when this year's over won't you?

Yeah we used to use McAfee here at work, but switched to AVG (for reasons that are beyond me, but still, it seems better than McAfee).

At home, I use Microsoft Security Essentials. It's free, easy to use, doesn't hog system resources, and it actually works.

Also, I'd keep an up-to-date copy of the Microsoft Malicious Software Removal Tool on a USB stick somewhere. It's the most basic of basic AV tools, but it will remove all of the common viruses and whatnot that you're likely to get. I think they roll this into Windows updates too, but it doesn't hurt to have the standalone .exe available for when your PC dies a horrible death due to some little nasty.

In a slight thread hijack, yesterday a friend of mine told me that the PC he borrowed from me had something very similar, but with AVG. I told him not to install anything on the machine, but he didn't listen, and got some kind of malware that has since ruined the PC completely. It won't even get past the POST screens now. So that'll be my weekend spent re-installing Windows for him, and setting him up with a limited user account so he can't mess things up again.

[Dom]

Also, and I know it's a wee bit horrible to say, but when I saw the title of the thread, and the author, I did a little fist pump in the air. Plus the first paragraph set the scene beautifully.

[familychoice]

My role in life is to make everyone else's day seem just a little less crap by comparison.

I'm hoping that the anti-malware thing I'm using isn't malware, or I'll be devoured in a never ending loop of spyware.

[Dom]

Hehe. The other thought I had was that the backups of your files that you've got... if they're on an external hard drive, it might be best to disconnect it in case the trojan/virus/thingy starts eating those files too. You didn't say that that's where your backups were, but just in case...

[robwhizz]

Sorted something very similar to this a few weeks ago on my Aunties laptop.

Download Combofix from here: http://www.combofix.org/download.php
Boot into safe mode and run the program.

The download link isn't exactly clear, so: http://www.bleepingcomputer.com/download/anti-virus/combofix

[familychoice]

Cheers Rob, the anti-malware app I'm using is now not responding, 3 hours into the scan so I'll have to abort and try the tool in your link.

Ahh joy, everything's frozen up and looking at the forums this could take days to shift. Nice little early xmas present for me.

[familychoice]

The combofix seems to have cleaned out a few files, just building a log file.

Damn, you'll be glad when this year's over won't you?

Yeah we used to use McAfee here at work, but switched to AVG (for reasons that are beyond me, but still, it seems better than McAfee).

At home, I use Microsoft Security Essentials. It's free, easy to use, doesn't hog system resources, and it actually works.

Also, I'd keep an up-to-date copy of the Microsoft Malicious Software Removal Tool on a USB stick somewhere. It's the most basic of basic AV tools, but it will remove all of the common viruses and whatnot that you're likely to get. I think they roll this into Windows updates too, but it doesn't hurt to have the standalone .exe available for when your PC dies a horrible death due to some little nasty.

I think you're probably right, and I think you've mentioned this to me before. McAfee is obviously just opening the door for anything that wants to come and play on my PC so I'll have to replace it with something that actually works.

Any other recommendations for decent software? Doesn't have to be free.

[familychoice]

ComboFix *seems* to have done the job, and things are more or less normal - apart from a few missing toolbar links and the odd theme change.

Rob, you're a star. Do you recommend running anything else to ensure it's got rip of this thing? I'd like to make sure I've completely blitzed the blighter.

[rutty]

I might be tempted to check for rootkits - some of the variants of that trojan do install them. Can't really help you with how to do that though...

[spannaa]

Hopefully you've cleared this up now but I'd install and run both Malwarebytes Anti-Malware PRO & Microsoft Security Essentials too.

Oh, and uninstall McAfee first!

[Jem]

Any other recommendations for decent software? Doesn't have to be free.

Microsoft Security Essentials.

It was rated best out of a whole bunch of stuff in independent benchmarks (although that was a while ago, I've used it since without issue). Before that I used Avast.

You could always tweet @paperghost and ask for his recommendation, of course.. I'm sure he keeps up to date with these things :p

[familychoice]

Thanks, yes probably a good idea. I checked it'd removed all the associated files via the forum thread I linked to but just running the free Sophos root kit removal tool.

[Dom]

Well that's two votes for MSE. It's the way forward!

[familychoice]

Thanks for the replies.

Hopefully you've cleared this up now but I'd install and run both Malwarebytes Anti-Malware PRO & Microsoft Security Essentials too.

Oh, and uninstall McAfee first!

I tried the Malwarebytes (probably not the pro version) but that conked out halfway through.

Not sure if it's cleared up, just running the Sophos tool and McAfee is popping up with notifications that it's detected and fixed trojans that have already just been fixed.

Any other recommendations for decent software? Doesn't have to be free.

Microsoft Security Essentials.

It was rated best out of a whole bunch of stuff in independent benchmarks (although that was a while ago, I've used it since without issue). Before that I used Avast.

Avast has been a bit pants on my laptop, but with all the votes for MSE I think I'll have to give that a spin.

Thanks all.

[Steve Lampkins]

I'm hoping that the anti-malware thing I'm using isn't malware, or I'll be devoured in a never ending loop of spyware.

Maybe the malware will eat the other malware though.


I knew this would be computer related, as there's nothing politically correct about FC.


MSE gets thumbs up from me.

[familychoice]

I knew this would be computer related, as there's nothing politically correct about FC.

MSE gets thumbs up from me.

I'm going to try it on Mrs FC's laptop tonight, if it works well then I'll install it on my laptop and then this thing.

Bloody computers.

[spannaa]

Watch out for the fake "Microsoft Security Essentials Alert" trojan then - it's bound to have scanned this thread and be planning to target you ;-)

[familychoice]

Watch out for the fake "Microsoft Security Essentials Alert" trojan then - it's bound to have scanned this thread and be planning to target you ;-)

I'd never fall for that, and anyway I'm now fully protected by a genuine copy of mICROsoFT SICKUrety ESSENshulZ so nothing will get in now.

[sickpuppy]

You could always tweet @paperghost and ask for his recommendation, of course.

Batman, he'd recommend Batman.

[Jem]

You could always tweet @paperghost and ask for his recommendation, of course.

Batman, he'd recommend Batman.

And bacon, if our recent conversations are anything to go by.

[Steve Lampkins]

I thought yoghurt was the standard?

[familychoice]

He didn't follow me back so I can't ask him. I'm not on his list.

[Dom]

He didn't follow me back so I can't ask him. I'm not on his list.

Depending on which list you're talking about, that's probably a good thing.

PS. You can still @ mention him, even if he doesn't follow you/you don't follow him.

[familychoice]

He didn't follow me back so I can't ask him. I'm not on his list.

Depending on which list you're talking about, that's probably a good thing.

PS. You can still @ mention him, even if he doesn't follow you/you don't follow him.

He won't read my @'s, nobody does, not even me.

[Mr Sparkle]

At home, I use Microsoft Security Essentials. It's free, easy to use, doesn't hog system resources, and it actually works.

Microsoft's tools seem to be getting a lot better at what they're aimed do. Had a problem connecting to a network recently, so I ran some random "fix my network" wizard (on windows 7) and within about a minute I was connected and everything was running fine. That said, it could have been something stupid that I was overlooking in the first place.