One of our computers at work got infected. An Avast boot scan did not detect the virus. The steps from the Bleeping Computer link worked using a flash drive. Hopefully Avast will update their virus definitions soon as it took a couple of hours to remove the virus between the initial boot scan and the Malwarebyte scan. Glad these forums exist to fix stuff like this.
Unfortunately these malwares are tested against all AV’s before they are released - so Avast et al are playing catchup all the time
I also had this virus 3days ago on my PC and renders my IE and firefox useless for browsing
My upto date zonealarm extreme security with malware/virus detection did not find or save me
I cannot run any application coz it make entry in windows registry to disable running of EXE files ARH!!
from my second PC i searched the internet and found how to release running exe files again
make the code below into fixme.reg or whatever name you want in notepad, just make sure it .reg extension
click it and you will be able to run exe files aagain like normal
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=“"%1" %*”
[HKEY_CLASSES_ROOT.exe]
@=“exefile”
“Content Type”=“application/x-msdownload”
Also this virus corrupted my restore point so Can’t use XP restore point to go back to earlier XP config. Great!!
what it did to your IE and firefox? it made changies to IE and firefox to use proxy 127.0.0.1 (localhost) and port like 2347 to access the internet that’s why you think your internet is broken. but this program can access the internet by backdoor no problem while at same time denying you access to internet to try and find cure for it.
If you have safari or google chrome you can access internet with this as this virus only make changes to most popular browsers IE/firefox
everytime you start IE or firefox it make changes back to your registry and ur back to square one with no longer able to run exe files again so becareful
in the registry it prepends the command open entry with location where it start copy of the virus from. can’t remember exact location now but you need to remove it’s footprints from there in the registry and it won’t trouble you again better still run the fixme.reg file and immediately run IE and firefox uninstall then re-install again, this will remove the virus footprint from your registry
It adds an entry to this key to ensure that the malware runs with your browser…
Firefox, IE and Chrome. Not seen it on Safari yet
hklm\software\clients\startmenuinternet|command