A Virus On Windows You Can't Get Rid Of? (Solution)

This is an archive of a topic from NESdev BBS, taken in mid-October 2019 before a server upgrade.
View original topic
A Virus On Windows You Can't Get Rid Of? (Solution)
by on (#33702)
Look at the CPU usage when popping in "Link to the Past" after pissing off the bees outside the Forgotten Woods.

You should see that the CPU uses 80% or more.

If it doesn't, you prolly have a damn serious issue you need to take care of. (ie: maybe even a "MacroVision" (legit disability support utility in Windows 3.X through 5.X) Task Manager exploit due to a Trojan Horse.)

For example MacroVision is a 16bit disability application that runs in the background in order to legitimately hijack "winapi32.dll" that other programs use, in order to perform such effects such as zoom etc. Trojan Horses (malicious programs that hide within other installers, or hoax installs) which can in-turn hijack MacroVision in order to hijack Task Manager in order to fool Windows 3.X through 5.X that a program is exhibiting behavior it is in fact not exhibiting. (such as recording a success in a force quit when none occurred, and inaccurate CPU/RAM levels.)

Solution:

Step 1-1. Archive Macrovision and its support module from system32 into a maximum-compression-ratio "LZMA" method "7z" &-Zip archive using a new copy of "7-Zip" from http://www.7-zip.org/ as a file called "Macrovision.LZMA.7z" within the original Windows System32 (?) folder you found it in.
Step 1-2. Delete the original copies of Macrovision that you archived into the Recycle Bin.

Step 2. Reboot

Step 3-1. You should now be able to see all the viruses in Task Manager that were cloaking themselves before using the Macrovision Task Manager exploit.
Step 3-2. Carefully use this time to note, on *real* paper, from within Task Manager the names of all processes.
Step 3-3. Gather information on all processes and force quit and the applications you are unsure of or that are malicious.
Step 3-4. Try, Try Again from step 2 if you accidentally caused your computer to shut down automatically due to a security measure in place within your system. (ie: accidentally killing a Norton 2008 required process)

Step 4-1. Use Explorer to find all copies of the listed programs.
Step 4-2. Manually remove them.

Step 5-1. Read up on how to edit your System Registry, burn a back up to cd-rom or dvd-rom, then *manually * edit it.
Step 5-2. Repeat starting at step 2 until no more viruses appear.

Step 6-1. Clone to a USB Mass Storage Backup Device
Step 6-2. Create a new Windows System Backup Image.
Step 6-3.. Re-Burn your Windows System Restore Discs.

Step 7-1. Uninstall all copies of Java and redownload most-recent *legit* version of Java from http://www.sun.com/java/

Step 7-2. Download and reinstall the most-recent *legit* version of FireFox from: http://www.mozilla.com/firefox/


Step 8-1. Get rid of the fucking Norton 360 / McAfee / Komodo and download reinstall the most-recent *legit* version of Norton Internet Security from http://symantec.com/ (2008 or most-recent year released)
Step 8-2. Download and reinstall the most-recent *legit* version of AVG Technologies' "AVG Anti-Virus" from: http://avg.com/
Step 8-3. Download and reinstall the most-recent *legit* version of Lavasoft's "Ad-Aware" from: http://lavasoft.com/ then scan entire computer.

Step 9. Ensure your firewall settings are acceptable and proper.

Step 10-1. Rescan your entire computer using Trend-Micro's HouseCall at: http://housecall.trendmicro.com/
Step 10-2. Rescan your entire computer using Norton Internet Security.
Step 10-3. Rescan your entire computer using AVG.
Step 10-4. Rescan your entire computer using Ad-Aware.

Step 11-1. In order: automatically sync online updates for Norton Internet Security, AVG, Ad-Aware.
Step 11-2. Repeat from step 9 until nor more updates are complete and system is flagged clean by all software.

Step 12-1. Repeat steps 6-1 though 6-3.
Step 12-2. Congrats, your system should be much healthier! If you need the disability support that MacroVision offered, get an alternative program that is an official Microsoft up-to-date product from: http://microsoft.com/

by on (#33704)
I mean, WTF? :!:

Wtf is this guy on? He's just spewing absolute s***e from his computer. Wtf has this got to do with anything. It's not like any of us actually have this problem anyway, so it's useless. One minute his emulator is using 80% of his CPU time, the next minute it's a virus? :?:

by on (#33708)
"Macrovision" is a copy protection company, and a lot of software that implements copy protection looks and acts like a trojan.

But until someone with board admin rights becomes active again, no user will be blocked.

by on (#33713)
tepples wrote:
"Macrovision" is a copy protection company, and a lot of software that implements copy protection looks and acts like a trojan.

But until someone with board admin rights becomes active again, no user will be blocked.


"MacroVision" is also a disabilities driver from the 16bit Win3.11 era.

You don't have it installed unless you enable certain disability features.

I also said clearly the MacroVision i am referring to is a legit program, and non-malicious.

by on (#33717)
Image

by on (#33735)
Right on, B00daW.

by on (#33752)
Shit like this always happens at GSCentral.

by on (#33758)
NotTheCommonDose wrote:
Shit like this always happens at GSCentral.

Hmm, you and jargon actually speak on the same level...

by on (#33760)
How so?

by on (#33765)
Incomprehensibly.

by on (#33921)
WTF?

That's way too much work.

I just use HiJackThis (search for it) for all my anti-spyware needs.

Just don't go browsing porn or warez sites or opening spam attachments and you'll be fine. Or run BSD/Linux or buy a Mac. Or get off the Internet. Or stop using a computer.

Virus's are outdated, its all about spyware now.

by on (#33926)
Quote:
Virus's are outdated, its all about spyware now.

Ain't capitalism great?