Question

Locked

Machine taken over by Malware-Virus Buster!

By randerson7 ·
The purported viral killer, Virus Buster, has placed itself on this machine and have unsuccessfully tried to remove it. An error balloon comes up at startup and occasionally that says that " A critical system error has occured, click here to repair." It then proceeds to send you to their website where you can purchase Virus Buster. Have removed all registry entries (?) and checked msconfig. Not sure what to look for besides product name. Insufficient antivirus was found on machine. Several viri found during subsequent scan with good virus detection. Can anyone help?

This conversation is currently closed to new comments.

24 total posts (Page 1 of 3)   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

I hope you have a back-up.

by mjd420nova In reply to Machine taken over by Mal ...

This particular virus is of the root kit type and can only be gotten rid of by reformatting the drive. The virus inserts itself into the boot root and will only reappear again after a restore or reload of the OS. A reformat will rewrite the root and clear it out. Sorry to bear bad news, but I feel these people should be charged with a crime for what they are doing. They insert the virus and hijack the home page to their own. You can change the home page, but it will come right back after a reboot. I've not tried any of the root kit removal tools, but they might work. I've had to clean many machines after this happened, and it isn't fun. I've also found that porn sites are the biggest perpertrators of this kind of attack. Good luck

Collapse -

I've had a nasty case of Spy Sherrif myself..what a ***** to remove

by Why Me Worry? In reply to Machine taken over by Mal ...

There are a few google forums which discuss how to remove this, but be prepared to reformat your HD if all else fails and cleaning the registry causes more harm than good. Most good A/V applications, like Symantec, can now detect and stop this stuff from happening, so invest in a good A/V product if you can.

Collapse -

I've had a nasty case of Spy Sheriff myself..what a ***** to remove

by Why Me Worry? In reply to Machine taken over by Mal ...

There are a few google forums which discuss how to remove this, but be prepared to reformat your HD if all else fails and cleaning the registry causes more harm than good. Most good A/V applications, like Symantec, can now detect and stop this stuff from happening, so invest in a good A/V product if you can.

Collapse -

I wouldn't even attempt to save this install

by HAL 9000 Moderator In reply to Machine taken over by Mal ...

As this is quite rightly been described as a Root infection I wouldn't even expect a Low Level Format to completely remove it but you'll need a utility that writes zero's to every sector of the HDD.

Remove the drive from this machine place it in a USB Caddy and save all your data if you haven't already then use something like Boot & Nuke to erase everything on the HDD and start from scratch.

http://tinyurl.com/4rfur

Just make sure that you have a very good AV product on the computer that you use to create the backup or you may infect that as well. I know that it shouldn't happen but sometimes it does and you don't need the extra work involved.

I agree with the above poster that these places should held responsible for doing things like this but I would hazard a guess that they will argue that the user accepted their terms and brought it on themselves by clicking on the Accept Button.

If you have one of those machines with a hidden partition to restore from you'll need to get a copy of the restore program on CD to reload.

Col

Collapse -

Solution

by danburton1 In reply to Machine taken over by Mal ...

I had the exact same problem when I woke up this morning to check my email. I downloaded HighJack This and did a scan. I found something at the bottom that looked out of place ( SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - C:\WINDOWS\system32\rrtcany.dll ).. Basically, to solve your problem... Go to C:\Windows\System32 then rename the "rrtcany.dll" file because you cant delete it. Make sure to change the name and extension (i.e. "screw.you"). Reboot the computer and your problem is gone. Go back into the system32 folder and delete the file you renamed... presto, problem solved.

Hope this helps.

Collapse -

Tried Solution Above

by jrhenry In reply to Solution

It worked like a charm--no issues yet.
Thanks for the post.

Collapse -

RE:

by danburton1 In reply to Tried Solution Above

Phew, by the sound of the reply I thought you had issues with it. I have had no problems with it coming back after figuring out which .dll file it was.

We need to spread the word somehow, because I see many people either reformatting their HD's or suggesting very drastic measures when its such a simple fix.

Collapse -

Had a guy recently

by Tig2 In reply to RE:

Post an exhaustive discussion regarding this particular beastie. This is unfortunately becoming more prevalent.

In the case of the poster I am thinking of, he ended up reformatting. Many folks end up doing exactly that. Here's a link to the last discussion I caught on this subject: http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=203072&start=0

Because it is not classified as a virus, this silly thing gets everywhere.

Google is your friend- I have found a number of entries that suggest fixes.

Collapse -

Can't find rrtcany.dll

by timpdo In reply to Solution

I looked in the system32 folder but can not find this file??

Collapse -

possible different name

by passatg60101 In reply to Can't find rrtcany.dll

Name may have been changed to this:

sacskza.dll

Back to Software Forum
24 total posts (Page 1 of 3)   01 | 02 | 03   Next

Related Discussions

Related Forums