Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: New virus

New virus 10 years 10 months ago #22412

  • Alans
  • Alans's Avatar
  • Offline
  • Senior Member
  • Posts: 230
  • Thank you received: 1
  • Karma: 0
hi, my pc is infected with a virus that adds some extra items in the right click menu
on the harddisk drives like "If freedom is outlawed, only outlaws will have freedom"
and under it there is "J U S T A G A M E", if i click the first one (i.e, if freedom..." it tries to open
drive letter:\RECYCLER\ like D:\RECYCLER\

if the file is run then it appeares a lot of fake popup message that says something like this "my picture
is corupted please run chkdsk", also it adds a mypicture.exe file to some folders,
disables taskmanager in the CTRL,ALT+DEL menu and
you can't open regedit in the run window.

any way, i restored my pc to a specifid date with acronis true image and the virus is
gone (only for the restored drives) but now i can open taskmanager and regedit.

in regedit i searched for and here is what i found:
HKEY_USERS\S-1-5-21-4217527386-1433810888-3187400971-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{746afdd6-1c53-11db-b5b5-806d6172696f}\Shell\start\command >>the command value is D:\RECYCLER\

i deleted this and every thing was normal for a few days but it comed again with out using any using
for external medias.

I have NOD32 AV updated but it didn't catch it, i googled it and i found that sophos is the only AV(as i know)
that can catch this virus

so what shouls i do? waiting till nod32 update their db?or..

always Face your Fears...
The administrator has disabled public write access.

hiiiiiii 10 years 10 months ago #22416

  • yadav
  • yadav's Avatar
  • Offline
  • Frequent Member
  • Posts: 25
  • Karma: 0
u cant get the run window and taskmanger if ur pc is infected with this kind of viruse evne i also faced same problem.......try to clean the virus using "stinger" its freely availabel in net. Download and scan ur pc in safe can cure up to some instinct...... :)
The administrator has disabled public write access.

Re: New virus 10 years 10 months ago #22419

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
As yadav suggested, i would reboot in Safe Mode and clean it out of the registry. Also, look to move to Sophos, lol :)

Also, most AV vendors will have an e-mail address that you can send Viruses to them for Analysis. I would also do that because they may already have a signature that hasn't quite been released yet or even send instructions on its removal.

Wayne Murphy Team Member

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit or PM me for details.
The administrator has disabled public write access.
Time to create page: 0.103 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup