How can I rid myself of this virus?

Greg December 11, 2011
Pinterest Stumbleupon Whatsapp

OK, so I was looking for free domain names and got a virus downloaded to my PC. It popped up a whole bunch of windows saying “delayed write failed”. Then it opened up a phony scanning window named “System Fix”, and now it is opening up a bunch of balloon popups in my taskbar. It disabled the Registry editor and will not let me close it.

I found where the virus resides (C:\ProgramData), but it won’t let me close it so I can delete it. Microsoft Security Essentials did not detect this threat. It got rid of all the “Computer, Documents, Music etc. in the side of my start menu and got rid of all the programs except OpenOffice in the all programs section of the start menu.

How can I get rid of this?

OS-Windows 7 Pro x64
Antivirus – MSE

Ads by Google

  1. Denis Paley
    December 11, 2011 at 9:39 pm

    As standard operating procedure when I have to clear virus's or malware from computers I always turn off System Restore which removes all Restore Points. After cleaning the computer you can reactivate System Restore again. This ensures you don't reinfect your computer with an old Restore Point.

  2. FIDELIS
    December 11, 2011 at 12:26 pm

    Hello, it is never a good idea to use system restore when trying to clean a virus.  On the contrary, the reason this virus reappeared after you cleaned it with file assassin is because your system restore contained this virus on it.  If you delete a virus/malware file and then you restart your computer, system restore will install it back.  Best thing for you to do, is to download rkill and run it to set the virus file dormant.  Once file is blocked with rkill, then you can clean it manually without it interfering.

    • Jay
      December 11, 2011 at 2:52 pm

      I did not know that virus can infect the clean restore points created before the virus got into computer and make them infected.

  3. Jeff Fabish
    December 11, 2011 at 8:53 am

    Hi Greg,

    Bleeping computer published an article on how to remove System Fix, you can read that here: Remove System Fix (Uninstall Guide). Please also see MakeUseOf's guide to removing malware, "Operation Cleanup: Complete Malware Removal Guide which is a free download. MajorGeeks also has a good malware removal guide.

    Let me know if any of these articles helped!
    - Jeff

  4. Greglf
    December 11, 2011 at 7:36 am

    I was able to use File Assassin, but the file downloaded itself again under a random name again. I used System Restore in Safe Mode and I got it to work - it screwed up the permissions, but I got those back too.

    • Jay
      December 11, 2011 at 2:48 pm

      System restore point is an image of your pc settings stored at a particular time.
      I hope you restored to an old restore point and not to one that was created after the virus affeced your pc, because it can be infected,

      you will have to find out the exact time when this virus entered in your system, and choose a restore point created before the choose one that was created before that particular time.
      But it may not solve the problem because of the virus.
      I use system restore in normal mode mostly.
      What exactly happened to permissions ?

      Do you have a licensed/updated antivirus ?

      http://support.microsoft.com/kb/831829

      • FIDELIS
        December 12, 2011 at 6:24 am

        Hello, he is using Microsoft security essentials.  There has to be a validated installation to instal it.

  5. Anonymous
    December 11, 2011 at 6:00 am

    Do a scan with clamwin
    http://www.clamwin.com/

    file assassin to delete files
    http://www.malwarebytes.org/products/fileassassin

    follow this guide:Remove System Fix (Uninstall Guide)
    http://www.bleepingcomputer.com/virus-removal/remove-system-fix

  6. Jay
    December 11, 2011 at 5:09 am

    Try system restore.
    Restore your computer to a system point created before this problem occurred.
    I hope system restore is not disabled.

Ads by Google