virus updates my computer
by KenMcd4 - 5/13/13 7:56 AM
Sorry for the big messy post. I have a virus(I think), it happens at random
What it does is upon shutdown it starts what looks like a windows update then shutdowns. On restart it continues the update. The update then fails then reverts. This all takes around an hour. Once the netbook has booted there appears a hiden desktop.ini file and 2 shortcuts saying korean messenger and media player, like link to crappy looking websites.
first thing when I googled is 2 forums saying to have these shortcuts is normal and is a requirement of the korean goverment with microsoft when the korean language pack is installed. For one i dont believe that, why install shortcuts that link to crappy looking websites, when i dont have the korean language pack installed. Maybe I got a dodgy windows update involving all the language packs.
I've ran several scans(in safe without networking mode) from different virus software and mostly nothing. One scan found some stuff in some installation files
Win32/toolbar.babylon.c application and something to do with ask.com. Further research into this has found nothing.
Spybot rootkit scan finds 10,000 + things then adds this may not be malware. Plus the stupid cant mass delete them and it links to this recursive application data where it goes 15 folders deep repeating itself. I found one website saying this is normal behaviour due to the way windows was programmed.
looking around my C:\ I've not sure exactly if what i'm looking at are infected files or whats supposed to be there. Many folders have access denied, or protected by trusted installer(legit), or difficult to remove. Many folders have exe.mui files and many folders like ko-kr and en-us. Language pack stuff i find, but it seems strange they seem to be in so many folders for so many programs. Also many folders, .ini files also have the same creation date and time 14/7/09 or another date. Also seems strange
Sometime i look at files that are prefetch(.pf) or in windows\winsxs folders and wonder if they are part of it also
I've had a boot scan to run when it does it again, but that turned up nothing, the last time it did i decided to run safe mode, but i think it got ignored, but the usual windows update screen didnt appear and instead just a black screen with single line text showing all the files getting updated approx 60,000 files.it stopped at 10,000 and returned to the windows update screen, but this time it finished its update very fast and didnt install the shortcuts
I got a couple of file1 error 42125 zip archive corrupted in some scans from stuff in my d drive, but i've figured they arnt anything to worry about
I scan my eyes over my c:\ files think, google them, delete a couple now and then
I have a search program to search for any strange files that I come across
I have been able to apply normal windows updates. Btw i turned the update service off, I scan the task manager processes to see if anything strange turns up then wonder if stuff like winlogon.exe should be in those locations on my computer
my files are all ok for now
I'm basically working on reinstalling as it looks like I my c drive is messed up,but i really want to get this thing
i am running windows 7 starter
one time after reboot and the desktop loaded there was a box in the centre of the screen saying main_wnd or main-wnd. A google gave me the impression this might have something to do the the C++ coding language. You see there just to much to google to try and work out. I feel like I'm research how to make an anti-virus program itself.
one thing is there a program I can get that runs at shutdown and monitors which files get changed or what is running when this update is happening
Am i remotely hijacked, spyware,virus, it prob came off some program i downloaded
Can anyone recommend other forums for this sort of thing
is it worth to try and decipher the scheduled tasks in the system tools or monitor monitor bandwidth as well
tried, avira, avast, malwarebytes, spybot, avg, oh yeah, avast would not install it was blocked, so downloaded this thing called chameleon which installed it,but strangely the chameleon folder seemed to fill up with strange files as well.
it seems to do it at random, but usually every 3-4 days, but the pattern does change. it used to do the whole update thing in one go, no reboot, its seems to do it 2 shutdowns in a row also at the moment
Anyone want to help me with this mystery, has the korean goverment cornered microsoft into making shortcuts appear on my computer? Do I have a virus playing a continous update on me that going to make my computer explode. Whats the point. Is there a virus at all. Can i get rid of it and return my file system to normal?