[Closed] IT help please... Virus attack

Did you update your malwarebytes before you ran the scan?

Sounds like a variation on something I've been seeing a lot of lately.
If you have Malwarebytes installed, boot to Safe Mode with Network, run Malwarebytes, update it's database and do a full scan.
Hopefully that'll catch it, however, I have seen these things do some real damage that resulted in having to format and reinstall Windows.

Ive managed to stop it up every 5 seconds through the task manager but its still there lurking around but wont pop back up now until I re-start. Ok will try updating Malware bytes. thanks

Sounds like you know the problem. See if there is a later version of Malware bytes and any updates from Macafee. Download Spybot and run that. It might be a new variant so they may have not got to it yet. you may have to boot off your install disks to properly clean the machine.

In the mean time start backing up all your personal files. no installed programs. Source you install disks to make sure you can rebuild if you have to.
Common problems this malware causes are updating your registry and hiding program files etc.

Dont pay any cash as it wont fix it.

oh and be careful what you click on in future....

updating Malware bytes now so hopefully that will sort it when I re-scan. I've got my install disks with me somewhere, but need to back up stuff. Would there be a chance i'd copy the virus onto external harddrives?
I only use my laptop in work so have nly been on STW, facebook, hotmail and orange website, which is why i was suprised it was there this morning.

In order to properly stop the virus prior to running Malware Bytes download Rkill/iExplore from this link : -

http://www.bleepingcomputer.com/download/anti-virus/rkill

Run this and then download latest MBAM from Cnet: -

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Should be fine after this!

just done a quick scan after updating and nothing detected. will run full scan now, which will take 3+hours. Will have a look at those links first tho. What difference does it make if I run Malwarebytes in Safe Mode or normal? (as I dont want to restart computer if I can help it)

Typical... McAfee is picking up downloading those links and removes them but cant pick up a genuine virus! Is it safe to disable McAfee to run RKill / iexplore?

Creamegg.

I have the same problem at home and have had a few goes at cleaning it up with similar levels of success. Can you keep this updated if you get anywhere and i will do the same.

uwe-r,

yeah will keep you posted. running malwarebytes full scan now, nothing detected so far (23 mins in).

What Shakey said, run rkill first.

Running in safe mode means there's less chance of the nasty being loaded.

Galileo seems pretty new and I've not seen it first hand. Try this,

taskkill \f \im systemcleaner.exe

... from a command prompt before running MBAM maybe?

Ok is 'appers' to have gone but I'm not fully convinced yet. This is what I did:

Virus appeared with usual pop-ups etc
Did a scan through McAfee. Nothing detected.
Did a quick scan with Malwarebytes. Something called SkypeSetup was detected and quarantined.
Re-booted, virus was still there.
Did as described above, nothing else detected.
Then realised I had not deleted the 'Skypesetup' from Malwarebytes quarantine so I did that and re-booted.
Has not appeared since.
(Yet)

I thought that if Malwarebytes would have detected it and quarantined it that would have been it? Or would it still be active until I hit the delete button?

Hopefully it has gone. Cheers for everyone who helped.

I have just tried rkill and got this

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/18/2011 at 19:09:14.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 06/18/2011 at 19:09:28.

I assume that means it didnt work. 🙁