Help! I think the Trojans are on the verge of destroying my laptop!

  Tibolticus 14:01 04 Feb 2012


I have been told with good authority that this is the best place to come when your computer has suffered a major Trojan attack, this has most definately happened and I need help (thats if its not already too late!).

For about the past week it has been clear that my laptop is having serious issues. I was advised last week to get Malware Bytes after it became clear that I was under attack! I did this, ran it in safe mode (after having started to run it on the normal settings - in case thats relevant), and it seemed to clear it up.

However, in the past couple of days a bigger attack has happened which seems to have done some real damage. I'll list what has happened and then give the messages etc that have been popping up...

A number of functions, system areas seem to have been wiped, these include: ALL of the control panel items Personal folders in C drive any in built firewall and system check functions most desktop items

... very bad!

And the new weird things that the system is doing: An array of warning boxes have started appearing with messages reading, 'RAM memory reliability extremely low, this problem may cause system failure', 'hard drive clusters are partly damaged, segment load failure', 'critical error: Windows OS cant detect a free hard drive space, hard drive error'... There are some that seem even more weird/horrible... A box appears multiple times saying 'failed to save all the components for the file \System32\ ...(a figure follows here which is different for each box)... This file is corrupted or unreadable. This error may be caused by a PC hardware problem'... Another box with the title 'file indexation process failed' appears with some info and the option to 'resolve this issue' at the bottom... A new (and to my tech-dunce mind, suspicious), 'system check' function has appeared which starts up automatically whenever I turn the PC on and doesnt seem to allow me to shut it down...

I tried running Malware Bytes in SafeMode again but it only found two items and when I return to the normal mode the problem persists...

So I'm sure we can all agree my system is absolutely critically injured and quite possibly on the verge of death...

But, if whomever of you good people responding to this would agree that it has also destroyed all personal data then perhaps there is an opportunity to gut the system and start again? Of course, I have no idea how to do this...

I think I can get a copy of windows vista and can definately get the Office packages downloaded again if need be?

If its possible I would like help in wiping all threats from the system entirely, doing whatever I can to bring it back to life in one piece and then get whatever best options for protecting the thing installed so that I dont fall victim to this again! I would like to do all this without having to pay someone to come out and actually look at the laptop but I would be willing to pay for the best malware/spyware/antivirus packages you can recommend. But if you think I should get a pro to inspect it or just bin the thing then do tell me honestly - I can take it!!!

I am 1/2 way through a masters degree - I need a computer - but one that wont wipe my whole history again (I will really need that soon, thankfully I dont have any assignments right now and I havent started my dissertation, but if this had happened a few months from now it would have been a disaster!)

Sorry to have spoken at such length but I was told I should list all problems and clearly there are lots of them!

Thanks in advance for any assistance you can offer.


  Secret-Squirrel 14:36 04 Feb 2012


You've clearly got multiple problems including a "scareware" infection that keeps alerting you to (non-existent) hardware "problems". We can start with a Vista System Restore that runs outside of Windows and that should help with most, or if we're really lucky, all of these issues:

1) Turn off the laptop, turn it back on and immediately start tapping the F8 key quickly until the "Advanced Boot Choices" menu appears.

2) Using the arrow keys on the keyboard, select "Repair your computer" then hit the enter key.

3) At this point the mouse will work so follow the on-screen instructions till you get to the "System Recovery Options" screen.

4) Select "System Restore" which is usually the second option down.

5) Choose a System Restore point that immediately pre-dates the start of all these problems - you'll probably need to tick the box that says "Show restore points older than five days".

When the PC reboots, let us know what issues remain and we can take it from there.

PS: If you don't get a "Repair your computer" option then post back for Plan B.

  lotvic 14:48 04 Feb 2012

What is the make and model number of your laptop? (look underneath for the label)

What is your operating system?

What are your present antivirus and protection programs called?

When you get the popups warning you of all the 'problems' do you get asked for payment to 'fix' them? or are you urged to click on a link to 'fix' (don't click on any links like that - it will be the rogue/malware program scam)

Is any name of a program on the popup warnings? (something pretending to be Windows Security perhaps?)

Advice: If you are 1/2 way through a masters degree and have lots of important personal document files - buy yourself an External Harddrive that plugs into the USB port and put all your document folders on there. That way you can disconnect it and keep them safe should you need to return the laptops harddrive back to 'factory fresh' (which wipes all data off and reinstalls op sys back to how it was when it left the factory) this is extremely useful when you get into the situation you seem to be in at present as it saves a lot of time and messing about.

Most useful backup is to make an image of your C drive once you have (re-)installed your other Programs, Office etc. as that saves even more time. You can then wipe the drive if it becomes infected and install the image that you saved to an external harddrive. Result is you are back up and running in less than an hour. (I use Acronis True Image but there are other progs equally as good for this task)

  lotvic 14:55 04 Feb 2012

"A number of functions, system areas seem to have been wiped, these include: ALL of the control panel items Personal folders in C drive any in built firewall and system check functions most desktop items"

Don't think they are wiped, the malware has probably changed their properties to 'Hidden'

If possible look in Tools, Folder Options, View, and put a green dot in 'Show Hidden Files and Folders'

  Fruit Bat /\0/\ 15:50 04 Feb 2012

What Antivirus program are you using? and is it up to date?

trya Vista repair Search - type

sfc /scannow

press OK, let windows scan for and reinstall missing or corrupt files.

  T0SH 21:58 04 Feb 2012

With malware infections when things start disappearing from view it is worth checking the folder options to see if they have been set to hidden probably the easiest way to check this is to open your C drive in an explorer window if the many folders appear as very faint washed out yellow color then try a right click properties and clear the hidden tick box choose to apply to all files and sub folders when prompted,unfortunately it gets to be a rather long winded task but it beats doing a reinstall

There is I believe a fix out there called "Clear hidden folder attributes fix" or something close to that out there somewhere ? to fix permission problems "Dial a Fix" is the best I have found to date

Cheers HC

  robin_x 22:13 04 Feb 2012

Also unhide,exe

  Tibolticus 22:55 06 Feb 2012

Thanks to you all for all your ideas,

I have tried having a look at all your ideas with little success thus far but I am encouraged by Secret-Squirrels Plan B mention!

I will go through what I have attempted in reverse order. I'd guess for those of you who want to continue to try to help it could be useful to see what i have to say to each of the other respondants - but hey, what the heck do I know?!...

Robinofloxley - I tried to find the %Temp%\smtmp files but there didnt seem to be any - was I looking in the wrong place/way perhaps, I just tried a search for the above and nothing came up?...

TOSH - what you said about the washed out look doesnt appear to be the case. It appears on further inspection to be the case that more stuff than I previously thought is still on the computer

Fruitbat - I tried to use that sfc thing but a window (MS-DOS style, if that is correct/makes sense) popped up and quickly disappeared without doing anything else?... All I have at the moment is Malware Bytes and McAfee (the latter seems totally impotent and Malware Bytes only worked well for a while before it seemed to be overwhelmed)

Lotvic - Tools doesnt seem to be accessible? Its a a VAIO and I think the model is VGN-NR31J. See above for antivirus. Many of the boxes are not ones with a 'fix' option and seem more to be error type info. However, there is one, 'System Check', which has a 'fix' option (which I havent selected). Its also quite suspect as it starts up whenever I turn the computer and the window for it cannot be closed. Thanks for the hard disk advise - I'll take that seriously.

Secret Squirrel - your advise looks the most thorough so particularly keen to see your response. I'm afraid that we will have to go plan B though as there doesnt appear to be a repair your computer option in the advnaced boot choices menu?...

Thanks again to all, Tibolticus

  Nontek 23:09 06 Feb 2012

I believe you are infected by what is known as System Tool and SystemTool - you need to go to where you should find a full uninstall guide to clear your computer of this nasty.

It is a very comprehensive guide which does need a bit of PC savvy, so if you do not feel confident after reading the guide you should seek a more knowledgeable friend to help, or take your PC to your local PC Repair shop and quote this guide.

Never fear, bleepingcomputer is well known by many members of this forum.

  Secret-Squirrel 08:35 07 Feb 2012

Here's Plan B for you:

Do the F8 thingy again at startup and this time choose "Safe Mode". Once you're in, click the Start button and go to All Programs -> Accessories -> System Tools and click on "System Restore". Follow the instructions (step #5) that I gave you on Saturday.

Please act on this advice ASAP, as the more you use the computer, the less likely it is that you'll find a restore point that pre-dates your problem - that's because older ones are overwritten over time.

  onthelimit1 09:02 07 Feb 2012

I've had a number of computers with this bug (it is probably only the one despite the variety of pop-ups). Your files will still be there, just hidden. If all else fails (after following that Bleeping computer guide exactly) try running combofix.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

iMac Pro review

Visual Trends 2018: This year’s must-know colour, design, branding & photography trends

iMac Pro review

Apple Music : comment obtenir 3 mois gratuits ?