Cheat Engine

Notepad

I've got a virus which has disabled regedit and taskmanager (Yes I've tried re-enabling but it just gets disabled in 10 seconds).

I've scanned with Eset NOD32, SuperAntiSpyware and Malwarebytes but nothing has worked!

I've found a application called Sergiwa Antiviral Toolkit that finds the virus' but won't allow me to delete them because I don't have the full version (If anyone can get my a full version somehow it'd be greatly appreciated).

If anyone knows of a solution please share it as I have no clue what I should try.

Jani · Posted: Wed Nov 18, 2009 5:54 am Post subject:

Boot into safe mode and manually remove the virus.

Notepad · Posted: Wed Nov 18, 2009 6:22 am Post subject:

I'm pretty sure that the virus is in C:\WINDOWS\system32\dllcache but I'm not sure which file is the actual virus..

Benji · Posted: Wed Nov 18, 2009 7:36 am Post subject:

Antivirus programs that find viruses but you have to pay to remove them are always fake. I had one once and it even said Firefox was a virus.

Strider96 · Posted: Wed Nov 18, 2009 12:56 pm Post subject:

http://www.raymond.cc/blog/archives/2007/06/28/restore-task-manager-regedit-and-folder-options-disabled-by-virus/

Notepad · Posted: Wed Nov 18, 2009 2:25 pm Post subject:

RealMayar · Newbie cheater Reputation: 0 Joined: 12 Nov 2009 Posts: 24

Remove that fake anti-virus software (Sergiwa Antiviral Toolkit) - which is actually working as a trojan horse for the real virus - by using a real anti-virus program. You can try F-Secure Online Scanner (Google it, it will be easy to find) with IE.

Notepad · Posted: Wed Nov 18, 2009 5:19 pm Post subject:

I've already Installed Eset NOD32.
The taskmanager and registry being disabled problem has been resolved (Scanned with SpyBot Search & Destroy in safe mode to find location of the virus and manually deleted it).
However, Spybot still detects that the virus is still there even though what was happening before has stopped, Could there be traces of the virus remaining?
I also don't think that Sergiwa is fake, It actually allows you to remove the restrictions (They did however get disabled 3 seconds later) but almost every fix I've looked for has told me to use Sergiwa.

So I'm not sure if I'm safe or not because Spybot still detects that the virus/spyware is still there even though I've deleted it manually.

RealMayar · Newbie cheater Reputation: 0 Joined: 12 Nov 2009 Posts: 24

Maybe it is just a registry entry (startup or a service) that wasn't removed. Give the F-Secure Online Scanner a shot, perform a full scan, it won't hurt.

And that Sergiwa s**t IS a fake anti-virus software. These type of viruses have two components. The first one is not really a virus, it just makes you belive that your computer is infected and it may disable some functions (like the ones you mentioned) and keeps sending ballon messages saying that your computer infected (someteimes the message says Microsoft detected the infection to make it seem more authentic) and a cheap, but brand new super-professional anti-virus software can remove the infection. Then if you fall for it you'll download the second component. Because you believe that it is an anti-virus software the programmer of this virus don't have to care about the size of the software, so it can be a highly sophisticated and advanced virus. When you install it (usually these viruses have installers like an ordinary program) the outcome is worse then the begginning. Much worse.

Download things only from trustable sources or install a sandbox (which let's you run a program without letting it to access to anything on your computer) or a virtual pc (M$ Virtual PC or VMWare Workstation) to be able to test the downloaded materials in a safe enviroment.

Notepad · Posted: Wed Nov 18, 2009 6:55 pm Post subject:

Here's the thing..
I had the virus before I even downloaded Segiwa, I got it because my brother plugged in his Flash Drive which had a virus in it, The computer was brand new and I was just about to install Eset NOD32 when it attacked.

I've also deleted Sergiwa because the disabling stopped and there was no need to keep it.
However SpyBot Search & Destroy, SuperAntiSpyware, Malwarebytes all detect a virus, I try deleting the virus through the AV but it won't work, I've tried manually removing it and they still detect it even though the .dat file which contained the virus is full removed.

I've run a full system scan with Eset NOD32 and it picks up nothing even though the other AntiSpyware/AntiMalware scanners have detected problems.

PUSHEAX_PUSHEAX · Posted: Wed Nov 18, 2009 7:12 pm Post subject:

Notepad · Posted: Wed Nov 18, 2009 7:31 pm Post subject:

Because I've already installed all my applications such as Photoshop CS4, Adobe After Effects, Sony Vegas Pro and so on..
If I restored it to factory settings then I'd lose all of them and the Flash Drive they were on has a virus on it so I'm not going to be plugging that thing back in my computer.