Holy balls, "Windows Repair" Virus

My brother(right after I got done searching for something today, and the only 2 sites I went on were gamecopyworld and Mininova) got some virus called "Windows Repair" (It creates false system symptoms to make you try and buy the full version to fix and in turn installs more malware/trojans)Which is just the same thing as "HDD FIX" Or "HDD Repair" ETC.

And I've deleted everything on the hard drive related to it(Ran Full scan on Malwarebytes anti malware on my PC with his HDD Plugged in, that's the only way I was able to get rid of anything), all registry entries and it's still somehow hiding EVERYTHING on the C Drive, and it makes windows think that the drive has 10GB more free space then it actually has.

Can't Run Task Manager, Programs files come up as "Empty" (the start menu)



Safe mode doesn't work either. C drive and program files still come up completely EMPTY. You can't install any new programs as well.
"Windows Repair" Doesn't pop up anymore, But 90% of the symptoms remain!



HOLYWTFBBQ I haven't encountered a virus that has made me RAGE this much in a while.


I REALLY WANT TO FUCKIN FIND THE PEOPLE/PERSON WHO MADE THIS GOD DAMN THING AND SUE THE SHIT OUT OF THEM (OR JUST BEAT THEM TO HELL) FOR ILLEGALLY INSTALLING A PROGRAM ON MY BROTHER'S COMPUTER WITHOUT USER CONSENT AND AGREEMENT,FOLLOWED BY COMPLETE MALLICIOUS INTENT TO COMMIT FRAUD BY STEALING MONEY FROM THE USER IF THEY HAD PAID MONEY TO SUPPOSEDLY "FIX" THIS. ISN'T THAT A FUCKING CRIME?!




I will hope you excuse my RAGE.
This was supposed to be a great day that ended up with me wasting almost all of my time fucking with this god damn thing.

My "Worst Case Scenario" is to Backup important files and Reformat and re-install

 

Try Prevx.

It helped me once

 

Wipe, reinstall, collect hefty fee. Then when it comes back move them to Linux.

 

Use this to clean the HDD
http://www.freedrweb.com/livecd/?lng=en
To use the CD, you have to reboot and select Boot Options and select CD-ROM


Then install
1.Avast free anti-virus
2.Spybot-search and destroy
3.PeerBlock
4.CCleaner

 

I have had to format my brothers kids netbooks, and re-install win7, also done a friends desktop too, all had this windows problem fixer thing. Tried many things to purge this little bastard, but in the end i backed up what i could and format and re-install. Just a word of warning, the were all running Avast free anti virus, and it looks like it got through. I put Microsoft security essentials on all OS installs i do now.. free and pretty robust. I do use peerblock though and ccleaner, both very good free software..

 

Well years in the past i've had to do the same thing many times. I haven't had to do it in almost 2 years now.


Right now i've been running that FreeDr.web CD. It's been running for over 3 hours now.
2TB HDD FTL.

 

I usually run it overnight. Takes a long times in some cases. Was able to repair a non-booting system with 200+ virus and malware.

 

Ah damn, though it's ok because this thing is incredibly thorough. It scans everything including what is in compressed archives

Well, after scanning it for nearly 12 hours it finished. And now windows can't boot at all.
It BSOD's when at the windows loading screen during bootup. Both regularly and in safe mode

I ran the included Memtest with the CD before I scanned for a minute and it came up with tons of erros on the RAM in Channel 1. I thought to myself "That can't be right, the memtest only says Memtest and not 86+ and 86+ is the one for modern systems Post Pentium 4 isn't it?"

Could the RAM possibly have died or have been killed by the virus? One of the viruses things when we first found it said "HDD failure" and also in the taskbar "RAM FAILURE...ETC"

 

If you are getting the BSOD just try swapping the RAM first.
I use SpinRite to check for HDD errors.
I wonder, where did you get the virus.

 

Yes, like any other electronic equipment, RAM sometimes dies.

No.

Not unless it was tailored to your specific BIOS/revision to drastically overvolt it or something equally sinister, but we're well into the realms of fantasy there. The fact of the matter is that the virus didn't kill your RAM, not intentionally anyway.

 

You scanned plugged into your computer? That's no good. You won't have access to his registry.

You should have run Malwarebytes in safe mode. If that doesn't work, personally I'd turn to combofix and SmitFraudFix.

What STOP code do you get on the BSOD?

 

no I ran the scanner while it was plugged into his computer.


Malwarebytes doesn't work in safemode, did you not read the thread?

Safemode is completely disabled as much as regular windows.


Well not anymore anyway since the computer can't boot. I'll try swapping the RAM as suggested above

Well the Dr.web CD has Memtest 86 3.3 on it and both sticks of RAM on both channels instantly get thousands of errors.

On the Ultimate Boot Disc
Both memtest 86 3.5 and Memtest 86+ do not give any errors at all.

I guess the hard drive must be borked?
I'll see if I can still back up important files and reformat it.



Also The BSOD happens and restarts so quick I can't see the code

 

You should give spinrite a try. Will tell you how bad the HDD is.

 

Ok I'll look into that
Thanks.

 

Normally I'd tell you to go to "startup and recovery" section in System (Control Panel), then under system failure, uncheck “automatically restartâ€￾. Since you can't get into Windows, though, that's not possible. Might be possible to manually edit that setting in if you could get another OS up and running (live XP or a linux distro), but at that point I'd focus on stress testing first to see whether it's the OS or hardware that's at fault.

 

Well using Spinrite was not such a great idea since it apparently has issues with Samsung drives. Googled the error I got with it and lots of others have had the same issue.


Ugh, at this point. I'm just going to reformat and re-install windows. I've already got the important files off the drive. And I'll go from there.

EDIT: well installing windows 7 has been successful so far. Downloading updates as we speak.

 

Press F8 whilst booting up and select "disable automatic restart on system failure" from the advanced boot options menu.

 

Man. Sounds like a lot of work. I remember my Windows days where I made virtual machines for all the apps I installed because I never knew which ones were clean and which had viruses or spyware. So naturally a virus pen was needed for testing with.

I'm glad I made the switch to Linux. (^_^);

 

I've had to fix this on a few peoples machines.

Easiest way to do it?

Windows Restore points. Pick a time when it wasn't happening and just go back.

Works 60% of the time every time.

Sounds very n00bish but it does work.

However it sounds like this has gone a bit beyond that.

 

Astounded as no one suggested Hijack This. It has saved me (and my data) for dozens of times.