Readers like you help support MUO. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.

OK, so I was looking for free domain names and got a virus downloaded to my PC. It popped up a whole bunch of windows saying "delayed write failed". Then it opened up a phony scanning window named "System Fix", and now it is opening up a bunch of balloon popups in my taskbar. It disabled the Registry editor and will not let me close it.

I found where the virus resides (C:\ProgramData), but it won't let me close it so I can delete it. Microsoft Security Essentials did not detect this threat. It got rid of all the "Computer, Documents, Music etc. in the side of my start menu and got rid of all the programs except OpenOffice in the all programs section of the start menu.

MAKEUSEOF VIDEO OF THE DAY
SCROLL TO CONTINUE WITH CONTENT

How can I get rid of this?

OS-Windows 7 Pro x64

Antivirus - MSE

Denis Paley
2011-12-11 21:39:00
As standard operating procedure when I have to clear virus's or malware from computers I always turn off System Restore which removes all Restore Points. After cleaning the computer you can reactivate System Restore again. This ensures you don't reinfect your computer with an old Restore Point.
FIDELIS
2011-12-11 12:26:00
Hello, it is never a good idea to use system restore when trying to clean a virus.  On the contrary, the reason this virus reappeared after you cleaned it with file assassin is because your system restore contained this virus on it.  If you delete a virus/malware file and then you restart your computer, system restore will install it back.  Best thing for you to do, is to download rkill and run it to set the virus file dormant.  Once file is blocked with rkill, then you can clean it manually without it interfering.
Jay
2011-12-11 14:52:00
I did not know that virus can infect the clean restore points created before the virus got into computer and make them infected.
Jeff Fabish
2011-12-11 08:53:00
Hi Greg,Bleeping computer published an article on how to remove System Fix, you can read that here: Remove System Fix  (Uninstall Guide). Please also see MakeUseOf's guide to removing malware, " Operation Cleanup: Complete Malware Removal Guide which is a free download. MajorGeeks also has a good malware removal guide .Let me know if any of these articles helped!- Jeff
Greglf
2011-12-11 07:36:00
I was able to use File Assassin, but the file downloaded itself again under a random name again. I used System Restore in Safe Mode and I got it to work - it screwed up the permissions, but I got those back too.
Jay
2011-12-11 14:48:00
System restore point is an image of your pc settings stored at a particular time. I hope you restored to an old restore point and not to one that was created after the virus affeced your pc, because it can be infected,you will have to find out the exact time when this virus entered in your system, and choose a restore point created before the choose one that was created before that particular time.But it may not solve the problem because of the virus.I use system restore in normal mode mostly.What exactly happened to permissions ?Do you have a licensed/updated antivirus ?http://support.microsoft.com/kb/831829
FIDELIS
2011-12-12 06:24:00
Hello, he is using Microsoft security essentials.  There has to be a validated installation to instal it.
Jay
2011-12-11 06:08:00
Check this forum :http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/7ad3a4a5-0a0f-4e7e-85d0-ca306f873c4e
2011-12-11 06:00:00
Do a scan with clamwinhttp://www.clamwin.com/file assassin to delete fileshttp://www.malwarebytes.org/products/fileassassinfollow this guide:Remove System Fix (Uninstall Guide)http://www.bleepingcomputer.com/virus-removal/remove-system-fix
Jay
2011-12-11 05:09:00
Try system restore.Restore your computer to a system point created before this problem occurred.I hope system restore is not disabled.