Need to remove virus files

Clementine · 23 Sep 2012

Hi Folks I was dearly hoping for some clever advice please. Someone has hacked (?) my system. This has effectively locked me out of my PC with a dummy screen demanding £££ to open. The offending files are in c:\windows\system32\config. I can open the directory from the dos prompt. I cant use cmd line or access any other windows tools. I have tried deleting the files using dos commands (erase), thatnk heavens for old DOS experience, but I get an error message that says cannot access the file because it is being used by another process. Clearly I can trace the guilt files using dates but is there any way I can fix this?

bobafetthotmail · 23 Sep 2012

The recommended option is an antivirus rescue CD.
Most antivirus sites offer a ISO file you can burn to a CD and then boot your computer from. (avira and bit defender for example are good ones I used, but there are many many others)

It will run regardless of your system current status and remove malware. Don't use the one from your own antivirus as if it didn't stop this attack, it's likely crap.

The brave-and-foolish men option is using a linux distro (another operating system that runs from the CD), like an ubuntu live cd download, burn the ISO to a CD and then when booting from it select the "Try Ubuntu" option (their booting wizard is pretty informative).

Then you can navigate to the folders and whatever, and nuke manually the offending files. This is dangerous as you can do mistakes and screw up your system. An antivirus rescue CD should really get rid of your issues in a safe way.

bassfisher6522 · 23 Sep 2012

You can reboot into safemode and run any and all spyware/adware and your antivirus software you have and it should clean it and remove it from your system that way. If it were my system and I suspected that my PC was hacked by an intruder, I would just flat out format HDD and re-install the OS.

bobafetthotmail · 23 Sep 2012

nah, those things are usually fully automated and are hidden in stuff you download from less-than-trusty sources, or by clicking on the banners that state "free PC scan to fix errors" or somesuch.

I repeat what I said, if the antivirus didn't catch them before, won't catch them now. So running it from safe mode is pointless. A rescue CD is the safest bet.

And then changing antivirus is the next thing to do. This kinds of malware are relatively common, and if they get through the antivirus, it sucks.