Malware...

[Darth Urious]

So, I got a doozy of a malicious program last night... called CleanThis...

Basically, it force-closed Firefox and popped up a Windows alert (not the fake looking crap these things normally use, but a real one) stating that Windows had detected a malicious file associated with Firefox...

I closed the popup window, just in case it was just a good fake... only to notice that all my desktop icons were gone...

Ctrl-alt-del didn't open task manager, rather popped up the same official looking popup warning...

With no other choice, I clicked a button that indicated it would "remove the problem"...

Something starts running that still looks like official Windows software... Concerned, I try ctrl-alt-del again... same thing happens as it won't let me open the task manager...

I do a hard reboot by turning off the power... Upon reboot, before my desktop loads, up pops a window with the Windows logo and the words Clean This... wanting me to click on a button that said "safe scan" or something like that...

Ctrl-alt-del still won't work... I hard boot again, enter safe mode with no networking, boom... same "safe scan" poo pops up...

Longer story short, I end up having to allow it to start running whatever BS it wants to run, ctrl-alt-del, and then login to my mom's user account (I set her one up to use while she babysits for us during the day)... On her side, I go in and end all the crap running on my side, switch back over to my account and go into the registry to delete the winlongin shell file, restart, and have to download some fixes/malwareblaster stuff to get it all cleaned off...

Apparently if I had let it go all the way through, it would continue to hijack my entire computer until I purchased some sort of software from them...

What a pain in the ass... That was one of the worst I have ever dealt with, and I don't wish it upon any of you...

[TarPanther9180]

Boot into safemode (hit F8 key right before Windows screen starts), get rid of CleanThis start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck hotfix.exe....reboot. Run Malware Bytes or Spybot Search & Destroy to clean.

[mmmbeans]

*yawn*

[Darth Urious]

Boot into safemode (hit F8 key right before Windows screen starts), get rid of CleanThis start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck hotfix.exe....reboot. Run Malware Bytes or Spybot Search & Destroy to clean.

lol read above... it hijacked into safe mode too...

believe me, I know how to get rid of stuff like this normally... but this one was a doozy...

[mmmbeans]

you need to find some better pr0n sites.

[TarPanther9180]

Yeah I haven't ran across it yet, but I've heard of people saying it's a bitch to remove. I have ran across some at work that I ended up having to reimage the machine because I couldn't get rid of them.

[Darth Urious]

you need to find some better pr0n sites.

guilty as charged... lol...nah...

I was looking for some warez, actually...

[mmmbeans]

guilty as charged... lol...nah...

I was looking for some warez, actually...

oooh, even worse. you run Noscript on your firefox?

[Darth Urious]

oooh, even worse. you run Noscript on your firefox?

nope, but I will after last night... that was the first time in nearly a decade that I had to remove something like that...

[mmmbeans]

yea, it's a little bit of a pain in the ass, but not nearly as bad as dealing with removal.

[DC Amp]

I like Malwarebytes it works great for most things but sometimes you just have to go into the registry to the root.

[Darth Urious]

I like Malwarebytes it works great for most things but sometimes you just have to go into the registry to the root.

yeah I had to use that last night

[Future of the Funchise]

I just went through the same poo. I took the lazy approach tho. Since my computer was apparently crawling with malware that I didn't know about I just said fug it. Backed up all my poo and formatted my C: drive. Had a couple of beers while I waited for windows to reload and all in all it was a pretty good night.

[Panthers128]

You can get the GeekSquad MRI disc from most bittorrent sites. It's what GeekSquad uses to automatically remove viruses from computers. You need to have an ethernet cord running to the computer so it can download updates from the virus software creators (kaspersky,webroot,panda,etc).

It's a boot disc so you might need to change your bios boot order or tap F11 (i think) to force it to boot the disk. It's fairly simple to use and works well.

Also I recommend using Firefox with the addon NoScript. Most viruses you get while browsing the web. NoScript prevents sites from running these scripts that installs viruses. The only negative to that is it'll block normal sites sometimes but it's quite easy to tell when it does and you have a bar where you can allow scripts for that page and it remembers.