Seriously Impressive Virus

Closed
Baffled in Buffalo - Feb 24, 2010 at 01:10 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Feb 24, 2010 at 05:16 PM
Hello,

I have an older computer, a stock unmodified HP Pavilion a405n, that runs XP Professional. Last night my computer was completely crippled by a virus. I very rarely get viruses, as I do not download any shady files or open emails from unrecognized addresses. I am unable even now to explain where the virus could have come from, as it seems to have struck right in the middle of some normal everyday browsing on sites that I routinely and regularly access.Specifically, I started to notice that things were going haywire while I was reading a news article on washingtonpost.com. Regardless of where it came from, the virus wasted no time erasing all system restore checkpoints, and also erased any new checkpoints and set a new checkpoint again after each boot. The virus also circumvented my Administrator privilege to prevent me editing startup programs via msconfig. In addition, it expanded my System Restore folder to 50 GB, presumably to store malicious or illicit files on my hard drive, which I was unable to access or delete.

I was unable to find any unusual processes running in the background with Task Manager, although dumprep.exe was sucking up 70% of my system resources and one of the svchost.exe tasks was sucking up the rest. It crippled my McAfee virus scan capabilities and blocked any attempts to download other virus scan or trojan removal software from the internet. Booting in Safe Mode and in Selective and Diagnostic Startup modes illicited no changes or improvements.

After a couple of cold boots, the virus completely shut down my network connections and seems to have corrupted the networking drivers making it impossible to download any patches or fixes or diagnostic scan programs. Because of this, I am not able to provide any useful logs or diagnostic reports. In addition, after a few cold boots I began to receive Windows validity error messages at startup telling me that due to recent changes to my HARDWARE configuration, Windows was unable to determine if I was running a genuine version of Windows and would I like to activate online. This message told me I had three days left to activate. Let me specify that I am running a legitimate version of Windows XP which has been activated and approved and has been running fine for years.

I did a little googling on my cell phone to see if anybody else had experienced this virus, which I found to be incredibly sophisticated and destructive, but was unable to find anything that seemed to match the description of what I was experiencing.

I then decided to bite the bullet and do a repair install of Windows since I have my important files backed up on external drives. However, when I attempted to run System Recovery via my Windows XP disc and F10 at boot, I found that this option was corrupted as well! After some investigation, i discovered that the virus had scrambled my computer's ability to recognize my CD-ROM drive, and seems to have tricked it into thinking that all I have is a single floppy drive. I was unable to locate or access my CD-ROM drive through My Computer, or any other means I could think of.

I ended up having to completely physically remove my hard drive and jerryrig it with SATA cables in order to reformat it as a slave drive to another computer. I have NEVER experienced a virus with this level of tenacity and sophistication, and while I've now managed to get my system rebuilt, I am curious if anyone else has experienced this monster, where it could possibly have come from, and what if any solutions they were able to find.

Please let me know if any of this sounds familiar to you. I'm very curious about what kind of animal I was really up against!

1 response

Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Feb 24, 2010 at 05:16 PM
Hello in Buffalo,

I am also impressed by the beast as well as by the animal who concocted it; he or she should either shot or hired by the FBI, CIA or RCMP. I have never encountered such a ferocious, devastating and tenacious virus.

I would much appreciate, if in your research, you find the name of this monster, to tell me its name.

Best regards

Shocked in Shawinigan (Canada)
0