So i used a keygen with a virus in it, I know I shouldnt have but I did. Now when I log on the whole screen is taken up by this warning spyware found type screen and I cant get into windows at all. Im logged on under a different profile and things are OK but I need access to that profile! Ive run a full system scan with AVG free and cleared up any viruses found but no change. Help me please, how can I stop this virus from starting up when I log in!!!! Will it be in some kind of startup folder somewhere?? HELP! Dean.
Have a look at autoruns, it will give you a list of everything that runs on startup. Watch out what you disable though as you can kill your system by disabling some items. http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
His post count, and thus his value as a human being, is nine times larger than yours, so his decision to use an illegal keygen is perfectly valid. [/sarcasm] Do you really need access to the profile? There's not much that's saved on a profile that can't be transferred manually. All files and such could just be copied across, including the hidden folders containing your app settings and bookmarks and such. Most games' registry entries aren't user-specific, so everything oughtta still work. What's on the profile that you can't get to?
What OS you have? If you use Vista, you can go back in time at an earlier point in time and skip that fiasco. Or you can backup the profile (which contains all your files, and software configuration (you just lose your profile picture, and account windows settings like which system tray icon to show or not, taskbar location, etc..)), then create a new account and overwrite the profile. You are done!
Hi guys, Yes its running Vista64 Ultimate. Ironically the keygen was for some poxy dvd ripping app that didnt even work after all! But yer AVG warned me and I disobeys and used the fateful ignore button, spank me! Yer cant login to msconfig her so might try turning back the clock and see how that goes for me. If I loose the profile its not the end of the world, bookmarks shortcuts etc can all be access from other profiles yer? Might use it as an excuse to reformat/repartition next week, sigh! Ill kep ya posted. Dean.
Yes you can access someone else profile if you are an admin type account. BTW, for msconfig, did you try under SafeMode? Well anyway you going back in time, this should not affect your files. Remember that you keygen might still be there, so remember to remove it and not run it once your computer is restore.
Yea you won't loose any data, usually it's just registry, system files, program installations and drivers that get rolled back when doing a system restore.
yup (and startup folder in the Start menu)!, so registry change and startup folder means removal of that startup program, and all the bad affect it did on the system files.
-_- i was wondering if you had a window vista computer if so you can just make a second admin account and delete the other one that has the virus if you dont have it why not go find a place were people can repair your computer
The advice so far is pretty good. Go into Safe Mode, run msconfig from there, disable everything (Diagnostic Startup option on main page). Then boot into Vista proper, and load Malwarebyte's Anti-Malware. From what you have (or sound like you have) I believe it could help. If the 'virus' or malware is stopping you running MBAM, rename the 'mbam.exe' file to something else and then try again. Get back to us on how it goes And yes, a System Restore could help as well (will be more successful in Safe Mode too). Or, as you've mentioned, you could just wipe the HDD and start again
Oh joy, it gets worse! In safe mode its still the same. Virus is full screen and closing the process just leaves black screen and no taskbar etc In system restore the virus has wiped all restore points before it installed itself. I really dont want to re-format guys any advice? Dean.
That is why it is important to do backup. In fact, my system does a daily backup on my external eSATA HDD. It's fast and does the trick. I also have an emergency unplugged HDD (it's an old HDD) with Windows Vista deactivated, with just the essential installed to backup my other HDD or other stuff.
Fact of the matter is that your OS can never be trusted again once its been compromised, no matter how good you think your cleanup was. The malware's authors almost certainly have anticipated many if not all of your actions for cleaning. If you use this PC for anything important like banking, email, gaming online etc I'd just format. And use this as a learning experience. On your fresh install, get a decent AV like NOD32 or Kaspersky and consider running as a non-admin user. And if you really must run untrusted apps on your machine, do it in a virtual machine or a sandbox like sandboxie.
+1 for archie. To add, it's not only for malware. See, if you have a virus, let's say, that brakes system files, then the damage is done. The Anti-virus program is only here to prevent not heal. It can TRY to heal, but usually the file is dead either way. Vista UAC warned you that something is fishy when it asked you for admin privileges. I mean really, do you think a program that generate a number need admin? It makes no sense at all. You accepted and you got infected. Under XP and older Windows, you don't have that... so you never know what you'll get. Sure you can use limited account under older system... but not using a domain system, the OS simply sucked (even softwares has issues) and caused more problems than it helps (that is why everyone runs under Admin for pre-Vista OS). In Vista it is not the situation. Another note, no one is true admin under Vista/Windows 7, that is why you have UAC. If you are under limited account, then the only different is that it will ask for the not-true admin password on the UAC message box.
Looks like the consensus is to wipe it and start over. Next time you're after a keygen, look harder. You can still back up your data to another drive (external preferably), the other drive 99% likely won't get infected, it's very rare.
Sigh re-format it is then! Most stuff now temp stored on itb HTPC any ideas where mozilla firefox keeps its favourites? Ive copied iexplorer ones but cant find the dir that holds mozillas. To be fair what did I expect from a crack that was surrounded by flashing hardcore pr0n! Much love. Dean.
I don't think that you have a virus --I think that you have a very crude trojan. I think that it is unlikely that it would be so sophisticated as to anticipate your every attempt to remove it, or that it would copy itself across to a backup drive. Basically, just create another profile and copy your documents and bookmarks etc. across. Then delete the screwed profile. Next time, do NOT ignore your Anti-Virus if it complains about software that you know has a high risk of being dodgy. Also use Foxmarks to store your Firefox favorites on-line.
