A few days ago I contracted the Fake MS Security Essentials virus that is going round. I believe that it installed itself through a java backdoor - as the java splash logo came up, then firefox froze and crashed, and then the virus began spamming me with dialogs trying to warn me about viruses (oh, the irony!) and trying to sell me their anti virus software.
I am on a very tight schedule this week and so I thought I would start work on it immediately. I did the following:
- I downloaded Rkill.exe to a USB and renamed it to trav7.exe. I then ran it on the infected PC - the virus processes were killed. Hurrah!
- In order to remove them for good, I did an MBAM scan. I hibernated my PC overnight, resumed it in the morning, and went to school. When I came back, it had found about 24 infected files. I presuemd some of these were from previous events. I instructed MBAM to quarantine the files.
- MBAM told me it had to restart in order to finish this process. I chose yes. I can't wait to see how much faster my computer is without all that nasty malware, I thought.
- My computer rebooted. Or at least it tried to. It began to load Vista, then showed me a balck screen with a movable cursor on. About 2 seconds later, my mobo made a small noise, and my computer restarted. This cycle repeated each time I tried to restart the computer.
- My computer prompted me to open the Recovery Console (this has OEM branding). The Vista Repair Environment told me that I needed to do a System Restore. I did this.
- Some slight progress. Windows now boots to the same black screen with movable cursor, but this is stable, and I'm able to bring up task manager. Explorer.exe is not running. I try to open it using task manager - I get a command line window which flashes for a second but no more. I use task manager to try a further system recovery. I do this.
- Still the same state of affairs. Black screen, movable cursor, can open task manager but can't launch explorer.
I'd be very grateful for any assistance in this matter. My current plan of action is:
- Purchase xHDD
- Create an Ubuntu Live CD
- Use Ubuntu to back up my personal files
- Reinstall Vista
- Move my personal files back to my original HDD.
This obviously carries a LOT of associated hassle as I will effectively have to reinstall every piece of software I own. It also runs the risk of transferring the infection via my xHDD. This infection could not have come at a worse time for me (my university application form is due this week, as is a major assignment), so the quickest and most painless way is really what I am after. My dad has suggested that I simply take it to a local PC Engineer because he is worried that if I try meddling the virus coudl start deleting our personal files - is this something I should be worried about?
Thanks VERY much in advance,
Edited by mattjones17, 14 December 2010 - 12:43 PM.