Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: New virus

New virus 11 years 6 months ago #22412

  • Alans
  • Alans's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
  • Posts: 230
  • Thank you received: 1
hi, my pc is infected with a virus that adds some extra items in the right click menu
on the harddisk drives like "If freedom is outlawed, only outlaws will have freedom"
and under it there is "J U S T A G A M E", if i click the first one (i.e, if freedom..." it tries to open
drive letter:\RECYCLER\ like D:\RECYCLER\

if the file is run then it appeares a lot of fake popup message that says something like this "my picture
is corupted please run chkdsk", also it adds a mypicture.exe file to some folders,
disables taskmanager in the CTRL,ALT+DEL menu and
you can't open regedit in the run window.

any way, i restored my pc to a specifid date with acronis true image and the virus is
gone (only for the restored drives) but now i can open taskmanager and regedit.

in regedit i searched for and here is what i found:
HKEY_USERS\S-1-5-21-4217527386-1433810888-3187400971-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{746afdd6-1c53-11db-b5b5-806d6172696f}\Shell\start\command >>the command value is D:\RECYCLER\

i deleted this and every thing was normal for a few days but it comed again with out using any using
for external medias.

I have NOD32 AV updated but it didn't catch it, i googled it and i found that sophos is the only AV(as i know)
that can catch this virus

so what shouls i do? waiting till nod32 update their db?or..

always Face your Fears...

hiiiiiii 11 years 6 months ago #22416

u cant get the run window and taskmanger if ur pc is infected with this kind of viruse evne i also faced same problem.......try to clean the virus using "stinger" its freely availabel in net. Download and scan ur pc in safe can cure up to some instinct...... :)

Re: New virus 11 years 6 months ago #22419

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0
As yadav suggested, i would reboot in Safe Mode and clean it out of the registry. Also, look to move to Sophos, lol :)

Also, most AV vendors will have an e-mail address that you can send Viruses to them for Analysis. I would also do that because they may already have a signature that hasn't quite been released yet or even send instructions on its removal.

Wayne Murphy Team Member

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit or PM me for details.
  • Page:
  • 1
Time to create page: 0.157 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup