Symptom: Fake warnings from process naming itself "System Fix".
Clicking on it's FiX NOW button requires input of credit card information.
(Guess what that will get you? Nothing but fraudulent charges, that's all)

No access to files or programs. No control panel, or library shortcuts.

All icons removed from Desktop. Desktop background is blank.
Web browser redirected. Totally useless.

-----------------------------------------------------------------------------------

Running possible viral Processes terminated

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\ProgramData\dSPEfJqNGav.exe

C:\Windows\SysWOW64\attrib.exe

C:\ProgramData\tmAZAECgV4W6i0.exe

C:\Windows\SysWOW64\attrib.exe

manual removal required of the files located in ProgramData folder.

---------------------------------------------------------------------

Rootkit removed

21:52:47.0161 1460 Detected object count: 1

21:52:47.0161 1460 Actual detected object count: 1

21:53:11.0529 1460 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot

21:53:11.0544 1460 \Device\Harddisk0\DR0 - ok

21:53:11.0544 1460 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure 

21:53:16.0708 1352 Deinitialize success

----------------------------------------------------------------------------------------

infected files, folders, and registry entries removed:

Memory Processes Infected:

c:\programdata\qpaxucczd2prul.exe (Rogue.FakeAlert

Memory Modules Infected:

c:\program files (x86)\Object\bho_project.dll (Trojan.BHO)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO)

HKEY_CLASSES_ROOT\bho_project.bho_object.1 (Trojan.BHO)

HKEY_CLASSES_ROOT\bho_project.bho_object (Trojan.BHO)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO)

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO)

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO)

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme (Rootkit.Agent)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin)

Folders Infected:

c:\program files (x86)\Object (PUP.FCTPlugin) 

c:\program files (x86)\Object\chromeaddon (PUP.FCTPlugin) 

Files Infected:

c:\programdata\muwlabahsookix.exe (Rogue.FakeAlert) 

c:\programdata\tmazaecgv4w6i0.exe (Rogue.FakeAlert) 

c:\program files (x86)\Object\status.txt (PUP.FCTPlugin) 

c:\program files (x86)\Object\chromeaddon.pem (PUP.FCTPlugin) 

c:\program files (x86)\Object\config.ini (PUP.FCTPlugin) 

c:\program files (x86)\Object\status2.txt (PUP.FCTPlugin) 

c:\program files (x86)\Object\chromeaddon\._included.js (PUP.FCTPlugin) 

c:\program files (x86)\Object\chromeaddon\background.html

c:\program files (x86)\Object\chromeaddon\included.js (PUP.FCTPlugin) 

c:\program files (x86)\Object\chromeaddon\manifest.json (PUP.FCTPlugin) 

---------------------------------------------------------------------------------------

After cleaning out the Crap, rebooted and:

 

Installed Microsoft Essentials Anti Virus

Scan report is clean

Installed CCleaner & removed 2Gb of unnecessary old files.

Run once a month; and defrag every other month, at least.

--------------------------------------------------------------------------------

 

RETURN