Really weird computer virus

[Johnny Blockhead]

Hey guys, I've been struggling with a weird virus I got today. It was some sort of virus that installed other viruses. I went through my program file folders and deleted/uninstalled anything that didn't fit. But the main concern is this one that creates a fake BIOS on startup, and locks my mouse in. The only way I'm able to post this right now is by quickly opening and clicking on the task manager. I've run AdwCleaner and Malwarebytes, nothing. HitmanPro did catch a few things, but theres still a couple of rouge viruses on my system. Any ideas?


Full size

If I close windows.exe the bluescreen goes away.

[Ad Bot]

[Nal]

go to the detailed processes, find the process, right click find location, end process and delete the file maybe?

[rggbnnnnn]

I would recommend running Windows Restore to the last date before the problem.

[Trogtor]

>BSOD
>Serif font

try harder, virus

[rggbnnnnn]

If you have Windows 8 you can also wipe your drive of programs and only keep files. It works great without fully formatting, and it only takes like 10 mins.

[·:Taboo:·]

With several viruses, you're pretty much doomed. Reinstall Windows.

[Nonnel]

>BSOD
>Serif font

try harder, virus

What were they thinking

[Headcrab Zombie]

Call up the phone number and see what happens

[Johnny Blockhead]

go to the detailed processes, find the process, right click find location, end process and delete the file maybe?

Okay, I did this for windows.exe and it ended up Local Disk > Users > Public > Public Documents. I deleted it, but in the same directory was a txt file with the date. Weird. British style. Looks like theres a stuffload of other empty 'Public' folders. I'll try deleting them.

If you have Windows 8 you can also wipe your drive of programs and only keep files. It works great without fully formatting, and it only takes like 10 mins.

I would recommend running Windows Restore to the last date before the problem.

I have Windows 10 but I'll do these if I have to.

Looks like some of the public folders are in use in another program.

[DrHitius]

Call up the phone number and see what happens

was gonna do but i was like nvm

[Johnny Blockhead]

I guess this is what I'd be looking for? I might do this if it allows me to keep my files. I'm going to start hunting down the other stuff.

I'm going to restart and see if I get the BSOD.

Edit: No BSOD! Yippe. Looks like a lot of it is gone. I'm not experiencing any virus-y things, no strange processes, and no ads anywhere.
What'd you guys recommend to be sure? I tried Hitman and it didn't detect anything, even when my computer was getting the BSODs.

[KoopaScooper]

Manual removal seems to be the only option. Find where the applications are located through the Task Manager, RegEdit, or just strange applications located in AppData. Boot into Safe Mode with Command Prompt, run "explorer," and delete the files where specified and any registry keys related to the viruses.
A list of software that starts with your computer can be found by using msconfig, or by looking in the following registry keys:

Code: [Select]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Or Microsoft could just include a feature that reinstalls Windows. Whatever.

[Johnny Blockhead]

The startup tab on task manager has programs called Cpx, Msrtn32, and SpaceSoundPro. They look pretty suspicious. I disabled them, can't seem to do anything else. The only suspicious thing in Roaming is an empty folder named c, modified today. In AppData, there's a file named Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦. Should I delete it? Last modified yesterday though.

[KristoB]

what did you install thats where we should start

[spideykong]

what did you install thats where we should start

No we shouldn't, we don't need the source of where the virus came from, we need to get rid of it lol

OP you should go into your regedit and navigate to your Windows's scheduled task. Perhaps there is a task scheduled every few seconds or so, which would most likely be this virus, then cancel that task. You can then try and find the virus's location from there. If you can't find it, then I don't know what the problem is.