I often think about what makes someone code a virus like this… Then I realize that if 0.01% of the people that get infected with a virus, turn around and stick their credit card number into the computer to “fix problem now!”… someone obviously makes out pretty well.
The majority of the viruses infected machines I see coming into the shop are fake anti-virus infections… That includes a XP Security Tool, Vista Security 2011, Windows 7 Security Center, and so on… Popups and stuff saying “you’re infected”, “drive failure”, and “out of memory” pop up on startup, while running IE, etc… Annoying mostly, but not super malicious. Clean up is pretty easy with the right tools.
The one that has pushed my buttons the most though is one that I’ve only seen hit XP machines, called “Windows XP Restore”. This not only includes popups, but it also HIDES all of your files on the system drive… Clean up is pretty easy, until you realize that one the virus is gone and you’ve unhid your files… everything in the Start menu is missing! What?!
If you’ve been in this situation… You realize what a pain in the butt this is going to turn out to be… The 1,687 applications that you had installed are all now missing from the Start menu and you’ve got to recreate shortcuts.
But…… This may save you some time! The virus moves your Start menu and Quick Launch icons into 2 hidden folder locations. You may want to save/recover these files BEFORE virus cleanup, as I’ve had 2 cleanups in which the files were removed during cleanup.
Start Menu – C:\Documents and Settings\user\Local Settings\temp\smtmp\1
Quick Launch – C:\Documents and Settings\user\Local Settings\temp\smtmp\2
Anyways… Hope that helps, and good luck cleaning up!