Aargh - BEWARE WINDOWS DIAGNOSTIC TOOL VIRUS!!

[Gavac220]

I have spent the last 3 days trying to get control back of my PC. This virus is excellent, and prevents virus killers operating properly, and hides files that contain anything that may kill it.

I have used:
AVG
CCleaner
RKILL
Kaperski
SpyWare Doctor
Malwarebytes
and many other fixes to no avail.

Finally a mix of some re-learning some old DOS commands (attrib c:\*.* /d /s -h etc) and a wonderful AntiVirus from Indonesia called SmadAV (Copy chunks of text into Google translator to work your way through it) and the RKILL DOS process killer, got me to within striking distance. Not clear, but definitely winning the war. It has changed security permissions to 100's of files and folders, which I'm slowly rebuilding manually, and crippled many device drivers, which I'm in the process of reinstating.

The Virus starts by sending you fake warnings, through what looks like a legitimate windows interface, and your hard drive goes crazy, running at full speed.
As below:-



I spotted it had created a shortcut on my desktop (Which no Windows 7 based internal program would do), and that raised my suspicions enough to start shutting done processes etc, as I guessed it was an attack of some kind. Even though I did this, the attack had started in earnest. If you had clicked on it in trust, you would find yourself in another world of pain - Financial - as this tells:-

"Windows Diagnostic can infiltrate into your computer via Trojans that exploit software loopholes and system vulnerabilities on your system. After the infiltration, Windows Diagnostic quickly configures itself to run automatically with your system. When running, this malware will become very aggressive. It frequently triggers loads of irritating system tray notifications telling you about a variety of hard drive and memory problems on your PC. Of course, this malware will also launch its fabricated scanner whose job is to list many urgent system errors that are not really on your system and make you further brainwashed. In case you attempt to fix all detected errors, you will be taken to a webpage and requested to pay for its authorized version to activate its functions. Remember not to provide your credit card information on such webpage as Windows Diagnostic is a phishing scam. When you try to run an application, Windows Diagnostic will block it and reports that the application or your hard drive is damaged."

Trust me guys, this one is a ticket to many lost hours in research and desperate attempts to stop the rot!

[MegaYoda]

Good luck mate, think my old mans PC has the same thing

[bambam]

unlucky Gav - thanks for the head's up.

Bambam

[Pingu]

If this happens to me i'll be giving you a call, i wouldn't know where to start!

good luck getting it sorted and thx for the heads up.

[MudShark]

That's easy to fix - you type this:

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Format c:

[Gavac220]

Still deleting feking files and viral made accounts. The system is stable now, and I'm only missing a few minor things in my start menu. I can get to these through other means anyway, but still annoying. My wife threatened to solve the problem of it taking up pretty much ALL of my spare time. The cure was much like Muddy's, except it involved a long drop onto a solid object for the whole PC. Being a determined geek ain't easy these days

IOBit Toolbox is handy for a few things in the aftermath too.

Oh yeh, this beauty even got rid of Windows Task Manager in it's attempts of self preservation!

[AN7HR4X]

this fecker killed joannes laptop my work desk top and jos mums laptop when it did the rounds i also spent days deleting reg files, right awkward bastard this one