I was also playing the game called FIFA 2008. When I executed that file OODefrag, it took longer than usual for the setup screen to appear. I saw the task manager and found that there was some process by numbers ex 21.2312.exe (I don’t know the actual file name). I killed it. After a few minutes, few dialog boxes started to pop-up. As I was in the middle of the game, I thought I’ll take care of it later. But that app was insisting that I have to take action on it soon. It displayed that my system is infected with virus. It closed my game and my screen went black. Knowing much I didn’t try anything else. Directly I pressed the reset button. I went into windows as usual. (Not in safe mode). Now it was causing some trouble by opening unwanted dialog boxes saying that I have to download software. For fear of misusing any of my privacy I disconnected my system from internet. So here is what the malware or Trojan did!
First it installed itself as Microsoft Antivirus i.e. MSA in "Program Files". It also created a few files in the windows folder and in windows\system32 folder. Some of the file names are YUR1.exe, yuvxx.exe where xx stands for different numbers. It had a few dll files in both the folders and also some files like ini or INF ext. It appeared to be some configuration file. As usual, I couldn’t access the task manager. Thank god I had HijackThis. I did a system scan with that and saw a few unwanted apps.
Apart from the files, this is what the malware did. I restarted again. Now I couldn’t access my desktop. I could see the files but I cannot click on them. Looked like some kind of HTML file. There was a good picture at the background. Off course something new. I used windows key to open start menu and couldn’t find run. I typed explorer and it opened the explorer window because Windows + E didn’t work. Soon windows +r also didn’t work. When I opened my computer by typing explorer in run, I couldn’t find my two drives C: and D: Wow! In my system tray there was a text displayed namely virus alert (or something) next to the clock. I couldn’t find my control panel. The malware also disabled opening regedit and also disabled modifying the registry. And one more important issue is that there was a new Username by name Bill Gates.
So I went to vista and deleted all the malware files from windows folder, from system32 folder and from program files. But the next task was I couldn’t still access anything because I had an html on my desktop. Thankfully I had quick launch. I accessed display properties by typing desk.cpl. I connected to internet and found a way to enable control panel, display properties, printers and faxes, enable the drives C: and D: in my computer, disabled the security issues and finally now my system has only one problem. I couldn’t access RUN in my start menu. I am using cmd as RUN temporarily. I tried different methods but no hope. But it really did make me spend some time!
To tell it briefly, here is what the malware did
- Created few files in windows folder, system32 folder and also created two folders in program files namely MSA and PCHealth… I don’t remember the name properly.
- It disabled Run, Control Panel, Regedit, Task Manager, Display Properties and also two drives C: and D: from My computer
- It also disabled the shortcut key Windows + E
- It installed a new HTML background so that I could not open My Computer or any other file or Folder.
- It installed itself in system tray. It had a good icon in system tray and was displaying a lot of Warning messages such as virus detected and take action. It prompted every 30 seconds or so.
- It displayed a text like VIRUS FOUND in the system tray next to the clock. It also disabled modifying the registry.
- It had created another user Bill Gates for my system which I couldn’t delete normally the way we do.