HELP ME!!! MY COMPUTER HAS BEEN HACKED AND WON'T RESPOND!



Show first post

36 replies

Userlevel 7
The 52 infected files are actually good files, these werent removed as they were mostly system files. If you want my advise I would re-enable whatever was disabled, uninstall all security products and reinstall WSA. We would be happy to connect to your PC to have a look. My shift has finished but one of my US based colleagues would be happy to help out.
I cannot even do a system restore. 
windows live was installed on my computer. probably when I installed microsoft office. that does not mean I have an account or ever used it. I appreciate the help guys, but obviously I messed things up here and you guys seem to think I am crazy. I will take it from here and try and fix it myself. Thank you anyway.
that would be great. if someone could connect to my computer and help, I would be elated. 
Userlevel 7
Jason, I updated your support case to note that you'd like a remote session.  One of the threat researchers should see that, or worst case, Rakanisheu will be back tomorrow.
 
On the MS Live thing, I'm not alone in my understanding of that credential:
http://www.sevenforums.com/software/197862-what-virtualapp-didlogical-credential.html
http://social.technet.microsoft.com/Forums/windows/en-US/6c6923c1-7852-48ed-b491-fd83c6e5d721/generic-credentials-virtualappdidlogical
http://answers.microsoft.com/en-us/windows/forum/windows_7-security/unknown-credential-virtualappdidlogical/40467173-a75a-44b2-8617-5aa7a0479925
http://techrena.net/remove-virtualapp-didlogical-credentials-windows-7/
http://www.howtogeek.com/forum/topic/generic-credentials
I restored those system files and ad-aware caught the threat: Optimum Installer (fs) as soon as I did. file name:setup.exe.
Userlevel 7
Badge
Just FYI, Optimum Installer is low-grade general adware, it doesn't mess with core functionality. It will perform stuff that is extremely annoying, but will generally not limit any legitimate function. Still made by terrible people, though.
Webroot's core protection is for files attempting to execute, so if it's just sitting on your disk then it's normal it would not be detected.
 
Cool. 
So one of the other ways that I know that I have a virus, it has reinstalled 4 additional usb "virtual" drives on my computer. Whenever I go into my device manager I am able to disable these or uninstall them, but they eventually come back if I have not gotten them with a malware program. I am telling you and everyone who has helped me today, whatever is on my computer is not gone. Webroot is not finding it. Internet explorer 10 won't reinstall. I cannot uninstall Webroot to reinstall it. Etc.
Userlevel 7
Could you post a screenshot? I'm not sure what you're referring to as a "virtual drive," but things like the USB controllers are going to reinstall themselves to keep your USB ports functional. You might have a lot of entries for "USB Root Hub" or "USB Composite Device." Knowing the name of what you're referencing would be helpful in explaining what it is and what it does.
Userlevel 7
Badge
These virutal drives you speak of - those are empty USB-based media card readers. One of your anti-virus tools probably edited the "Folder Options" in Windows, which unchecked "Hide empty drives in the Computer folder."
 
"Uninstalling" the drives from Device Manager just removes them until PnP picks them up again and reinstall them for you.
 
This is native Windows functionality on all computers, though most users are never aware of this option. Windows XP had a problem where media card readers would introduce 5 or more "Drives" in My Computer that were always empty when not in use. Microsoft developed the option to hide them to clean up the Computer view.
 
These days malware has financial motivations rather than the academic/childish viruses in the past. They are either extremely quiet, in order to steal your data, or attempt to lock you out of everything in order to extort money out of you. There are exceptions, but if something was messing with you, there would be an address to wire money to in order to "Fix" it.
 
Extremely aggressive actions against infections on computers can often cause more damage than the infection themselves unless you are working with experts like those at BleepingComputers. Removing a virus manually is always surgery - you're always operating a few pixels away from damaging core functionality. This is why I encourage people to wait for Webroot personnel to attend to their problem. Removing things manually also means that Webroot's journaling feature and rollback won't be activated, which would probably leave users with a cleaner machine than purely manual interventions. And I'm saying this as someone who was, for reasons I won't get into, forced to fight and remove these kinds of infections daily for an hour or more. But even so, I now rely on Webroot's rollback functionality before I ever do anything else to a machine. Luckily it's extremely rare I have to do so now.
Userlevel 7
I am in the office now and will be for the next 5-6 hours or so if you need a connection.

Reply