3

Last night I went to go play one of my favorite games, Minecraft, when I got an error that just read jibberish. I clicked "OK" and the same box came up, again, and again, and if I tried to close it, it kept coming up. Then all the boxes disappeared, and my computer froze up. All but a few of my icons disappeared, and all my task bar shortcuts disappeared. None of the Windows UI was responding. A really strange system restore came up, telling me my the indexes and clusters on my hard disk were broken. It started this fixing process I couldn't control. Then it said I had to buy the full program to fix it. I knew this was wrong, so I closed it. Then a message came up that said my hard drive was spinning to fast, so, I turned off my computer. When I turned it back on the OS wouldn't boot. I assumed the worst and went to bed.

Well I tried again in the morning, and although very slow it started up. It seemed fine, but I went on the offensive looking for a virus. I found that a lot of my settings had been cleared, Visual Studio said it had to configure its environment for first time use, weird stuff... But the biggest red flag for a virus was that whenever I browsed to a webpage via Google, it redirected me to a bunch of advertisements. I looking through the processes running, and I found MyWebSearch junk which I swiftly deleted. That seemed to fix my webpage redirection problem, but my computer is very slow. Now comes the hard disk problem:

The computer says my D drive (for extra storage) is empty... But, all the programs installed on it run fine. I tried to see if it would work using DIR in the command prompt, and when I did it, I heard this high pitched sound like those mosquito ringtones coming from my computer, and it said no files were found. I think this is because of that indexing problem, where the files are there, but the computer can't browse them? (Update: Searching the drive turns up results, and I can now only view those results, like its indexing them as I find them?) I have no idea, not sure how this hardware really works.

I was going to run chkdsk before I went to bed, because I know it is usually a long process, but is there something special I should do to fix this problem?

Never mind, the redirection problems are back. When I tried to navigate to this question, I was taken to 63.209.69.106, which was some sort of extremely crude search provider.

Ok, so the solution to the hard drive problem was using this:

attrib *. -h -s /s /d
smoth190
  • 191

2 Answers2

3

Back up your hard drive before attempting anything else! A good tool for this is:

  Drive Snapshot - Disk Imaging (free backup for 30 days, free restore forever)
  http://www.drivesnapshot.de/

You've got SpyWare on your computer -- a few of my clients have encountered stuff like this where the computer makes a bogus scare-tactic claim very similar to yours (e.g., the hard drive is spinning too fast, some of the sectors are overheating, the processors need some exercise, the hard drive has failed completely, the video card's GPU is on the verge of exploding or melting down, etc.).

  • Another reason I recognize this SpyWare is that you've noticed that your drive D: appears empty but that the programs installed on it still work -- this SpyWare has flagged all your files and directories with the "Hidden" and/or "System" attributes, and it has probably done the same for your entire C:/WINDOWS/ directory. After you get this SpyWare removed, you'll still be left with this horrible side-effect, and re-installing Windows will probably be needed if you can't determine which files and directories should and shouldn't be flagged as a Hidden and/or System. But, of course, the highest priority is to get all your data.

Removal of this particular SpyWare never worked on a live system that is infected -- the scan will need to be performed from a clean system that has your infected hard drive mounted as a secondary (or by using a SATA/IDE-to-USB device), or by using a bootable CD that has the tools to remove this SpyWare.

The two tools I recommend for this (the first one should suffice) that I've found to be trustworthy are:

  Malware Bytes (free software with subscription options)
  http://www.malwarebytes.org/

  SpyBot - Search & Destroy (free software)
  http://security.kolla.de/

Once you've completed the removal using the clean system, install Malware Bytes on the computer that was infected and run it once more to make sure any other remnants are cleaned up from the file system and Windows Registry as well.

Then, also make sure your anti-virus software is up-to-date and that the updater is actually working -- you may need to re-install it as this particular SpyWare [, as I recall,] permanently sabotages many anti-virus programs.

Randolf Richardson
  • 14,794
0

To unhide easily:

Start the command prompt, elevated if on vista or 7. Click start, type CMD then press Ctrl Shift Entrr. Click yes. On XP, press Windows R, type CMD and press enter

Type cd \ and press enter

Type 'ATTRIB -h . /d /s' and press enter

Ignore files it doesn't change as they're system files as well

Sorry for the poor formatting but I'm on a phone typing this

Canadian Luke
  • 24,640