Oh, crap, "Win 7 Security 2011" Has Completely Hijacked My System

I can’t do anything. (On a work computer now.) Browser’s hijacked. Trying to run any executable simply brings up this damned trojan. Even regedit. What the hell do I do?

Recent Pit thread with advice.

In some fun twists,

  1. My OTHER computer insists every rkill link is itself a known virus and my work computer’s so secure I can’t get around that.

  2. The instructions to remove the registry key don’t help because there is no registry key called “Win 7” anything. It’s called something else.

However, by following some of this advice I have Malwarebytes running. Fingers crossed.

Fucking virus fucks. How do the cops not catch these people?

The registry keys are listed on the bleepingcomputer page.

Some suggestions - worst case, unplug the hard disk, plug it into another PC as a second drive, and see if you can run the antivirus on it that way. You might also try loading the registry remotely on your home network from another PC, if the remote procedure calls are not disabled. Commercially, the simplest thing is to hook up the drive on another PC, recover all data (My Documents, email folders, etc.) and then reformat the drive and reinstall the OS. Faster and quicker than fighting with it.

This happened to me twice, once at work and once at home even though at home I didn’t even have IE up - it hijacked me anyway.

Get malwarebytes onto a USB drive from an uninfected computer, disconnect completely from internet, run malwarebytes from the drive. Worked both times.

Malwarebytes fixed it. I had to change its name to iexplore, but it ran then, and killed the infection. Very strange; I had AVG running and haven’t been doing anything risky.

However, none of the bleepingcomputer advice was correct. None of the processes they said would be in the Task Manager were there; the registry entries they said to look for did not exist. I guess the author of the virus changed it up.

Try booting into Safe mode and running System Restore. It does a decent job much of the time.

To boot into Safe Mode, press the F8 key multiple times before you see the “Starting Windows” screen. You will go to a black screen. Use the down arrow to highlight “Safe Mode with Networking” and press Enter. When you log in, you’ll see an option to go to System Restore. Use it, and choose a restore date that’s before you had the problem.

This doesn’t always work, but lately malware hasn’t bothered to screw with Safe Mode or System Restore. It was not very useful five years ago, but I’ve had good success with it lately.

Once you get your computer back, run Malwarebytes.

Because they are in the Ukraine, or some other non-US jurisdiction. And the internet cops are in on it.

Not only that, but they are designed so that they won’t install on any computer whose language is set to “Russian” (or “Ukranian,” if there is such a setting). Thus, it doesn’t install on any computers in the country where they base their operations, and local officials have no reason to be involved.