Spyware Warrior

[classypunkchick]

Please help. Something nasty has taken over my computer. EVERY SINGLE file has been converted to a .lnk file. Obviously I am not using that computer to post this. The computer was running slow, which was odd, because I just cleaned and updated everything yesterday and it was working great, but alas... other people have used the computer for various things and confess to no suspicious activity in the last 24hours. The computer began acting strangely and I tried to hurry up and run spybot S&D.... but as it was checking the last file the computer froze. When I restarted it all the files were .lnk (LNK, I think) I could connect to messengers, but not to web pages and couldn't get into any files. I can't run anti-virus, spybot, or hijackthis! Control panel is inaccessible. EVERYTHING is inaccessible. There were suspicious files in task manager that I tried to save in notepad, but I can barely get to the desktop now. I tried going into safe mode but all files were already inaccessible. Trying normal mode again I found the monitor settings messed up and inaccessible and everything in the program menu was labelled as a .lnk file. Even the help menu is now a .lnk file (haha, that's kind of funny).

What I DO know is this... there were suddenly several unusual and unexplained items in task menu and several programs in msconfig were replicating themselves, not just in the normal way, but after unchecking them and restarting the computer I found them on the task menu unchecked once and running TWICE. I'm sure I will have to reformat at this point, but please keep an eye out for anything that might be multi-replicating on startup and changing files to .LNK I worked in tech support, helped detect a virus or two, but NEVER saw anything quite like this. I suspect this actually came from some ill-though-out, ill-repute advertising scheme. There was some Web Ehnhacer thing that I had never seen before, the files started with wh(something).exe. On the 3rd start-up while I was trying to run spybot S&D ms messenger kept popping up with all kinds of rediculous advertising crap.

If anybody has any info or knows what this is I would appreciate a post. -totally baffled

[Mosaic1]

That's ugly. I feel for you but have nothing to offer without more information. What Windows Version and if XP or ME have you tried to run System Restore to see if you can get to a working System of any kind?

With no logs or anything, I am thinking format and reinstall or try a repair install if that's possible.


Without knowing which operating system I cannot even advise on how to access, and run a chkdsk or possibly a scandisk if Win9x.

All lnk files? Everything? Because a lot of files on the desktop and in the programs menu are lnk files. But the lnk file extension is not shown by default.

[classypunkchick]

I was using Win98 and all .exe files were changed to .lnk with extension showing. Other files were changed to .lnk as well and I couldn't get into anything. Like the stubborn Taurus I am I kept trying to get into the computer to see if I could change something, but only succeeded in causing the registry to crash from more replicating tsrs. I doubt anybody had anything really important on that computer. Whatever it is that did this is pretty nasty and out there somewhere.

[Mosaic1]

This looks like it is the same or very similar.

When I used 98, I often recommended rmbox's exefix. Also fprot is an AV which can be run from floppy from the prompt. Details are contained in this post. Have a look.

http://www.cybertechhelp.com/forums/archive/index.php/t-11147.html

[Mosaic1]

AS i recall, if IE has been upgraded from its original version and you decide to do an overinstall using a regular install CD, then you need to first rename this file from the command prompt:

C:\windows\system\IEMIGRAT.DLL


Rename it as IEMIGRAT.old


This will prevent mix and match IE file versions which often leads to an unbootable Windows.

The idea here is to at least try to get back in long enough to burn the personal files to CD. If you end up with a viable OS then that's a bonus.




I have no idea if you have a real install CD or the system uses a restore disk. In that case, the rules are different and a real overinstall doesn't happen. Again, that also depends on the computer manufcturer and how they have it set up.

[classypunkchick]

Wow, thanks guys! I was able to restore some files from the restore cd (hp) and view some of them. It turns out there are some things people want to save and I might be able to retrieve them. Trying some of these suggestions first thing tomorrow. I'll let you know what happens.

[Mosaic1]

HP win98? If you just want to save files, you can do a restore from the disk without format. It will give you new files and a new registry, but all the personal things wil be there. All other programs etc may still appear there but they will not be properly installed. And of course all the original software, old outdated AV etc and old drivers etc will be there too. Back to day one, but with the personal files added.


For file copies, you cannot get them from the restore disk.

Look in C:\windows\options\cabs for anything else.

Good luck.

[classypunkchick]

Yeah, I tried the restore without formatting. The computer still isn't quite right. It started up ok but immediately started acting funny like it was before. I'm able to view the files, now I'm just trying to copy the needed files before the computer crashes again. So far the computer isn't cooperating with that. Then I'll reformat and probably upgrade to XP.

[Mosaic1]

If it is an HP, you are going to have a problem there. For example, the Drivers for the Combo Modem / sound card have no availalbe upgrades. You'll be using the default drivers which XP provides. They don't always do the job.


Before you do anything else, I am thinking if you do a format, that you should also fdisk and then divide the Drive into partitions. My recommendation is to leave FAT32 in place. In fact, I would install 98 on C:\ and then XP on one of the other partitions. If FAT32 is kept , you get the added abiblity to access the files from another OS in the event of a problem


But too, I would wonder about the condition of the hardware on an older machine. I would do some diagnostics first. Like getting the Hard Drive Manufacturer's disk tools and running them. And DocMemory to see if you can spot a a problem with the RAM. Check the case for dust and to see that the fan is working properly etc.

[classypunkchick]

I may be holding off on the upgrade. There's so much to consider. I may have to upgrade other things ion order to use XP on this computer. Apparently my bro has been wirting a book and just wants his files back. He's also been keeping music transcriptions for his pupils on the computer. Running the restore let me view the files but I couldn't copy them. On boot this morning I got an unrecoverable boot error saying windows had stopped, press enter to reboot, which didn't do anything. Now I'm using the windows 98 CD and scan registry to try to fix the problem. If it doesn't work a friend of his who does data recovery will be over to visit later. It's nice to have friends who know stuff.