Malinor
2009-09-23, 01:53
Last night around midnight I was playing a game when lo and behold a spam message obviously viral in nature popped up. Bear with me as I try to recount the last 20 some hours of battling against this, as I want to include as accurate a representation as possible.
This "Windows Police Pro" proceeded to tell me that my system is infected and that I should download their program to fix it, yadda, yadda.
I happened to bebetween antivirus programs at the time which is probably the cause of all this, I just recently removed Avira and was debating about whether or not to get Avast when this happened. I was on AIM and I had a friend send me the Avast installer, which wouldn't run initially but I managed to get it to run by creating a generic shortcut file and using that as a sort of proxy, I guess.
Avast installed and though it wouldn't start normally I was able to use the right click "scan XXXX" function to find a "desot.exe" in my system32 folder, which caused Avast to go off, it couldn't do anything with the file however, but I scheduled it to do a pre-launch scan of my whole system which after two or so hours turned up that, and the Windows Police Pro.exe itself which was installed in the Program Files folder. It couldn't repair either file and so it did nothing, but knowing where they were I went and was able to manually delete all the associated files except the WPP.exe itself, which I moved to the desktop.
I next searched online (getting online was a strange adventure in itself) and found on the MS help site a section about this virus with a method to restore running exes to normal, using that method (command.com --> copy regedit to regedit.com and replace the offending section) I managed to seemingly return my computer to normal.
However Avast still wouldn't run; on startup it would do its initial memory scan and freeze there, chugging one of my cores and taking up 25% of my CPU. Even though there were no other symptoms I decided to go ahead and redownload Avira, as well as Spybot and Adaware. I picked these simply because they're the ones that popped into my head first.
They all installed fine so I had Avira update and begin a scan. I watched it for a short while to make sure it was running fine and passed the next hour or so sitting by my computer checking it periodically as I played my PS3. I went downstairs to get a drink and returned to find my whole PC had BSoDd. I shut it off and turned it back on and nothing immediately popped up, so I didn't worry too much. It was about 9 AM at this point so I decided to call it a night.
After waking up the next afternoon (several hours ago) my background had changed to a message basically saying my system was infected again and so on, and there was now a different program in the system tray that was doing more or less the same thing, the name escapes me as I had just woken up at the time but it was "Total" something or other. This time however I couldn't run command.com, nor much of anything else as the windows just closed immediately after opening.
After turning my computer on and off several times it appeared that as it loaded into my username all my usual programs began to launch, but as soon as the virus popped up they would all shutdown and vanish. I managed to (luckily) circumvent this by logging off and logging back on which apparently allowed Avira to open faster than the virus or something. Frankly I'm not sure, but Avira's protection appeared and the virus became unresponsive, I took this time to run Spybot and Adaware which picked up several dozen smaller spyware type things as well as a handful of win32 something or others that neither could remove.
Avast was still out of commission, still freezing during launch, so I had Avira run a scan and figured things were relatively okay (woe is me) ran up to the store during the downtime and returned to find my computer restarting on its own.
On THIS restart it spammed cmd windows over and over with a constant popup that said something about how config.nt wasn't configured to run cmd windows or something along those lines, I restarted manually by hitting the power button and when I came back it proceeded to do the same thing. I let it run its course and then Spybot appeared (it had been scheduled to do a boot time run after it couldn't remove the aforementioned items) it loaded...and then vanished before doing anything.
Windows Police Pro proceed to rear its ugly face again, only this time I'm incapable of opening the task manager, incapable of editing the registry, my internet is running slower than usual, and I keep getting false links, or rather links lead me to places they should not be.
I was only even capable of getting here by using the search engine Dogpile as it seems to be unaffected, whereas Google and Yahoo are almost entirely out of commission. The only reason I was even able to open Mozilla is due to Avast which has a link to their homepage in the start menu which for some reason the virus is unable to stop.
I apologize for the extremely long post, but as you can see if I'm fighting with this (these?) thing for a while now and I thought it best to explain everything that's been going on.
If I missed anything vital please tell me, it is my first time posting here and am unaware of the requirements for a necessary post.
Many thanks to you all.
Sorry to post again so soon but the story keeps developing. At exactly 8PM my time (just a few minutes after the initial post) my computer restarted on its own for unknown reasons.
Upon restarting I can now run EXE files...or so it seems? Windows Police Pro no longer spams my system tray nor are there any popup messages, however I still can't use the task manager nor can I edit the registry.
I took this chance to install Malwarebytes which installed and updated without a hitch, however it still doesn't run, upon clicking the exe it acts as though it is loading and proceeds to do nothing.
This whole situation is very confusing.
======================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
This "Windows Police Pro" proceeded to tell me that my system is infected and that I should download their program to fix it, yadda, yadda.
I happened to bebetween antivirus programs at the time which is probably the cause of all this, I just recently removed Avira and was debating about whether or not to get Avast when this happened. I was on AIM and I had a friend send me the Avast installer, which wouldn't run initially but I managed to get it to run by creating a generic shortcut file and using that as a sort of proxy, I guess.
Avast installed and though it wouldn't start normally I was able to use the right click "scan XXXX" function to find a "desot.exe" in my system32 folder, which caused Avast to go off, it couldn't do anything with the file however, but I scheduled it to do a pre-launch scan of my whole system which after two or so hours turned up that, and the Windows Police Pro.exe itself which was installed in the Program Files folder. It couldn't repair either file and so it did nothing, but knowing where they were I went and was able to manually delete all the associated files except the WPP.exe itself, which I moved to the desktop.
I next searched online (getting online was a strange adventure in itself) and found on the MS help site a section about this virus with a method to restore running exes to normal, using that method (command.com --> copy regedit to regedit.com and replace the offending section) I managed to seemingly return my computer to normal.
However Avast still wouldn't run; on startup it would do its initial memory scan and freeze there, chugging one of my cores and taking up 25% of my CPU. Even though there were no other symptoms I decided to go ahead and redownload Avira, as well as Spybot and Adaware. I picked these simply because they're the ones that popped into my head first.
They all installed fine so I had Avira update and begin a scan. I watched it for a short while to make sure it was running fine and passed the next hour or so sitting by my computer checking it periodically as I played my PS3. I went downstairs to get a drink and returned to find my whole PC had BSoDd. I shut it off and turned it back on and nothing immediately popped up, so I didn't worry too much. It was about 9 AM at this point so I decided to call it a night.
After waking up the next afternoon (several hours ago) my background had changed to a message basically saying my system was infected again and so on, and there was now a different program in the system tray that was doing more or less the same thing, the name escapes me as I had just woken up at the time but it was "Total" something or other. This time however I couldn't run command.com, nor much of anything else as the windows just closed immediately after opening.
After turning my computer on and off several times it appeared that as it loaded into my username all my usual programs began to launch, but as soon as the virus popped up they would all shutdown and vanish. I managed to (luckily) circumvent this by logging off and logging back on which apparently allowed Avira to open faster than the virus or something. Frankly I'm not sure, but Avira's protection appeared and the virus became unresponsive, I took this time to run Spybot and Adaware which picked up several dozen smaller spyware type things as well as a handful of win32 something or others that neither could remove.
Avast was still out of commission, still freezing during launch, so I had Avira run a scan and figured things were relatively okay (woe is me) ran up to the store during the downtime and returned to find my computer restarting on its own.
On THIS restart it spammed cmd windows over and over with a constant popup that said something about how config.nt wasn't configured to run cmd windows or something along those lines, I restarted manually by hitting the power button and when I came back it proceeded to do the same thing. I let it run its course and then Spybot appeared (it had been scheduled to do a boot time run after it couldn't remove the aforementioned items) it loaded...and then vanished before doing anything.
Windows Police Pro proceed to rear its ugly face again, only this time I'm incapable of opening the task manager, incapable of editing the registry, my internet is running slower than usual, and I keep getting false links, or rather links lead me to places they should not be.
I was only even capable of getting here by using the search engine Dogpile as it seems to be unaffected, whereas Google and Yahoo are almost entirely out of commission. The only reason I was even able to open Mozilla is due to Avast which has a link to their homepage in the start menu which for some reason the virus is unable to stop.
I apologize for the extremely long post, but as you can see if I'm fighting with this (these?) thing for a while now and I thought it best to explain everything that's been going on.
If I missed anything vital please tell me, it is my first time posting here and am unaware of the requirements for a necessary post.
Many thanks to you all.
Sorry to post again so soon but the story keeps developing. At exactly 8PM my time (just a few minutes after the initial post) my computer restarted on its own for unknown reasons.
Upon restarting I can now run EXE files...or so it seems? Windows Police Pro no longer spams my system tray nor are there any popup messages, however I still can't use the task manager nor can I edit the registry.
I took this chance to install Malwarebytes which installed and updated without a hitch, however it still doesn't run, upon clicking the exe it acts as though it is loading and proceeds to do nothing.
This whole situation is very confusing.
======================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)