Main Area and Open Discussion > Living Room
New Virus or ??
questorfla:
I thought I would post this to see if anyone has run across anything similar. One of the people here started getting odd emails a few days ago that were of a type she would never expect. The wording was pretty "graphic" and appeared to be requesting a reply. All of our systems have up to date AVAST as well as Malwarebytes. These emails had no attachments and my advice was to "delete with SHIFT+" for a Permanent removal.
This began 2 or 3 days ago. Today, her system restarted itself and came up with a new "Theme" called Creepy Cobwebs with a Spider in the middle of the page, Odd to say the least and not what she had by any means. Worst of all though was that as soon as that happened a "Progression Bar" appeared on the screen saying the % of files deleted and it was steadily moving across the screen. By the time she got it to me (only a few minutes) the bar was moving at a very fast pace and all of her desktop icons had already been deleted. I immediately pressed the power and rebooted.
The bar came back up pretty quick and continued to delete files (or so it said). Whatever it is, it apparently did delete quite a lot. It also deleted "Some" but not ALL of her software. I am not sure why some were spared and others were not. AVAST still scans but says the system is clean.
Malwarebytes is complete Gone from the system now. No folder or any trace it has ever been there.
I have seen many Viruses in my day, some worse than others. But this was pretty absolute in its destruction as everything is gone. Not encrypted and locked up but completely gone. The system is almost down to "Bare Bones Start". Several other programs which were installed and in use are also completely gone with no trace. This happened with no warning and the display of the progress bar as files and folders are being deleted certainly enhanced the Fear Factor.
If this sounds even a little familiar it would be nice to know where to start looking before it hits someone else here. There are a few others who have gotten similar emails but who have not yet been affected to this extent.
I figured someone here may have seen or heard of something like it. I was only able to find references to a virus called "Goner" and "Goner-A" but some of this was years old. Some was from news articles published today. At this point, I do not even have a clue if this is the same or similar.
x16wda:
Well, Creepy Cobwebs is a Halloween theme for Win 7 and up. Sounds like the theme picture in the middle of the list.
Do you know for sure if the files are deleted as opposed to hidden?
SeraphimLabs:
Quarantine the offending system- disconnect it from any and all networks. Do not put any writeable media in it, any incoming tools must be brought in using finalized CDRs so that whatever it is cannot spread.
Is there anything worth noting in the Windows event logs?
Does it still run the malware when started in safe mode?
Also have you tried booting from a Linux LiveCD and looking at the filesystem to verify it the data is actually gone. At this point I would be hesitant to copy data off of the machine until you know what you are dealing with, but important info can at least be retyped into another system.
It does sound like some type of virus, quite possibly a ransomware that then retaliates like this if not paid off.
questorfla:
SSince it is not my system, i cannot say. I CAN say that I saw it happening as I watched. The progress bar was displaying percentage of files deleted and it was moving pretty fast before I Force-shut down the laptop. Waited a while and restarted. That was when she told me that was NOT her normal desktop. There is no new user created. I gave it back to her and told her to let me know when she found out if anything was really gone. Before she could turn away, the "Deleting Files" bare came back up and quickly reached 100% before we could do much.
Her desktop has nothing now but the System Icons on it. However a LOT of her files are still in various folders. Some programs are completely gone with no trace. One of these was Office 2013/365. Not a trace left. But not the only one and the others are not MS related.
She was about to leave for Home (5pm) I got left with the mess. So far, not a trace of any virus, Malware or anything else I can find using multiple scanners.
Just a Mystery.
Oh, and the Creepy Cobwebs desktop. It ALSO deleted itself. I was able to catch one last glimpse in a screen capture before all traces were gone. The words in the capture say "Unable to find "creepy co " that was it. The rest of the name “Creepy Cobwebs” was gone along with the error and it ended reading just like that: wo letters " Creepy co " the rest of the name wasn’t even there.
No mention of it in the registry or anywhere else.
The only reason I knew the name was because i looked for it while it was there and it showed as a "Theme" which has since complete removed itself. Because of all that I am a little but leery of even reloading the drive and it is one of the new laptops with the drives sealed in anyway so my only option is "System Restore". Like it or not/
Shades:
Are you certain the virus/malware/whatever didn't affect the restore point you want to revert to?
A botched install from a piece of software, an update that proves to be incompatible with your system...that are reasons to use system restore. Infection is not. At least in my book.
Creepy cobweb is the name showing in the screen. Are you sure that the application responsible for the mayhem uses the same name? A simple tool, such as Process Explorer gives much more insight into that which helps with a more fruitful combing through the registry. A lot of malware disables software such as Process Explorer from running after the malware infects a system. Because it is of such a help to the admin/end-user in charge of fixing the system.
What SeraphimLabs said is very solid advice. Use tools like JRT, ADWCleaner etc. to check for malware that MalwareBytes Anti-malware might have missed. Check if the system has a rootkit.If it has one of those, then system restore won't be of any help at all. Then you better start making backup of her data, thoroughly check if those files aren't infected, thoroughly wipe her hard disk and start re-installing (preferably from non-writable media, such as a DVD).
Navigation
[0] Message Index
[#] Next page
Go to full version