Thank goodness I bought in iMac last week.
I'm working on a my most difficult system yet right now. It was given to me after a rash of spyware and fixes have been run through it, so I've basically got a half-functioning machine. I'm not a huge fan of blowing up and starting over, although this one got pretty close.
Basically, the thing is slow as molasses. Every windows takes two minutes to open, a minute to drag, etc. etc. I think the root of this slowness is some sort of virus relic that is totally bizarre. I wish I had gragged a screen cap of it.
Basically, the wallpaper of the system was this completely random placement of colorful rectangles. At first I thought it was the (poorly) chosen wallpaper of the owner. However, when I went into the display properties - two things caught my eye. #1 - the preview of the wallpaper was nothing more than what appears like thousand of lines of code - so tiny, but it appears to be in Chinese or another Asian Language. #2 - this wallpaper could not be changed. I was able to revert this through regedit, and the moment I changed it the system seemed to improve drastically.
Anyone know what spyware/malware/virus this is a relic of? I have searched google pretty heavy, and can't seem to find any similar stories out there. The system also had a laundy list of no longer active start-up programs in MSCONFIG under the guise of Microsoft Securty Advisor, which I knew were trouble immediately.
EDIT - oh yeah - another interesting side effect - the PC will start-up (slowly, but eventually) in Normal boot mode, but any type of safemode boot instantly brings up a BSD.
Sounds like you've got a nasty one there!
A few years back I gave up on these. It takes me less time to put someones documents on a USB drive and format the hard drive and reinstall an entire system - drivers and all - than it does to try to make a machine work right again after an attack. Even WITH Microsoft's 105 updates after an fresh install.
In fact I just did that to a friends computer today. I 'removed' the virus and tried to restore the OS with no luck, so I said "sorry, its getting wiped". Copied his documents over and cleaned it off. Took a few hours because it was an old slow machine, but it sure beat trying to find registry entries, hidden files, corrupted files, etc. Its just not worth it anymore.
Unless of course somebody wants to pay me by the hour to do it :)
The Trojan calls itself Microsoft Security Advisor to get people to accept it. Microsoft Security Advisory (904420): Win32/Mywife.E@mm
Originally Posted by dgrycan