Expert: Brian Benosky - 3/3/2008

Question
I am having serious problems with my computer (vista) after accidently downloading the above virus, I have no internet connection.  My computer kept looping in startup and i had to do the system restore from start up screen. What do i do now.  Please help.

Answer
Hi Rebecca

Have you tried to boot into Safe Mode with Networking?  Keep pressing the F8 key on boot until a menu appears.  Choose Safe Mode with Networking.  Once in Safe Mode, see if you can open a browser and use the internet.  If so, download Dr.Web Cureit from here:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found:
* If so, click it and then click the next icon right below and select Move incurable.

 This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Hopefully, you will have your internet back.  Download HijackThis from here:
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
* Save HJTInstall.exe to your desktop.
* Doubleclick on the HJTInstall.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\HijackThis.
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log (no attachments) into a follow up here, along with the results of the Dr.Web scan.

If you cannot access the internet, but can get to the desktop, I suggest downloading the two files to disc from another computer and running them on the infected machine.

Brian