ALERT – System Check! I don’t want it!

…this post was published on 2012 February 2.

Yeastarday, one collegue of mine, called me for help:

– Please help, a lot of windows and messages appeared on my desktop!

First think to do in such case is to stop the user to action. Just stop it.

Don’t touch and permit me to control your desktop.

After I was connected on her PC, I saw the disaster. WOW a real mess was there, as you can see.

As you can see a new program exist on Desktop.”SystemCheck“. Also QuickLaunch was empty, all programs under her user was gone! I checked in TaskManager and i saw 2 processes running under currentUser credentials.

What is important to know, the user isn’t member of Local Administrators, is an AD standard user. Opening FileExplorer under admin rigths, all programs and files was there, but hidden for currentUser
After Stopping these processes, i restored an old version of OS, using
    \winnt\\system32\restore\rstrui.exe
, and after re-start everything seams to be OK.
Thanks Lord that was so easy to ‘re-born’ the system.
This entry was posted in Virus. Bookmark the permalink.