Malware...?

Taters · 12-09-2008 7:43pm #1

Somebody using the shared family computer somehow got a case of (what I am pretty sure is) Malware. I first became aware of this when I noticed a small icon on the desktop called "Casino". About half an hour after I had removed this programme, I got the Blue Screen of Death. When I restarted the computer, the background of the desktop automatically changed itself to a fake pop-up advertising some programme called Win32/adware/.virtumonde or something along those lines. The computer was running very slowly, and then I got the Blue Screen again. So now, whenever the computer is turned on, off safe mode, the BSOD pops up after about a minute.
I have been told by some people at Yahoo that the Blue Screen is actually a screen saver set up by whatever is on my computer. Anyway, I have been told to try downloading Malwarebytes, apparently this is a pretty common virus. I tried downloading this software, but whenever I download anything on Safe Mode, it ends up on my desktop as "Casino". Obviously, I can't download anything.

Any recommendations on what I should do?

Fuzzy Clam · 12-09-2008 11:37pm

Try downloading malwarebytes onto another pc/laptop and transfer it by a usb stick or disc onto the infected pc.

Biggins · 13-09-2008 8:41pm

Either use Ad-aware (free from Lavasoft) to remove it or download Pc Tools Spyware Doctor (demo time limited) or the full version.

If the first don't get rid of it, the second definately will.
...and run either one with your operating system being in safe mode by the way.

Also enter "msconfig" in Run or Start Search when you click on your Start button.
Untick anything that look suspicious in the startup section, reboot and go into safe mode and run whatever virus removal tool you have then.

The virus has placed an exe file probably in the c:\windows\system32 directory. Thats where the bugger is starting up from.
Do a Regedit search for "Casino" and remove any references to it, folder and all. Note any mention in text of any "virusname?.exe" and any mentioned location. Sometimes in the regedit entry you will see mentioned location of the actual real file you need to delete, again, probably in the c:\windows\system32 or indeed in the c:\windows directory.

Forgot to mention but reminded by the below poster: Always back up your registry.

Jeff Rudd

Good luck.

ActorSeeksJob · 14-09-2008 1:14am

If you are going to tell somebody to mess with the registry, make sure you tell them to back it up first. Otherwise your post is too dangerous

Biggins · 14-09-2008 9:11am

ActorSeeksJob wrote: »

If you are going to tell somebody to mess with the registry, make sure you tell them to back it up first. Otherwise your post is too dangerous

Very true. My bad.

ALWAYS BACK YOUR REGISTRY UP.
There are free apps out there that can do this (as well for paying ones).

F1reddog · 31-10-2008 12:20pm

I had to remove this virus before for a client;

I used Spybot Search and Destroy 1st, then Malware bytes 2nd, and between these two programs, this got rid of that wreched virus. Just not that when trying to run Spybot, the virus disables the spybotsd.exe. so what you need to do is, rename spybotsd.exe to anything else like pencil.exe or car.exe ie.

J

Malware...?

Comments