If you haven’t been asleep for the past couple of weeks, you might have heard of another vicious virus going around in the country – I assume.

Just like a while ago, when we were slammed with nasty spyware pretending to be antivirus and inviting you to pay-to-purchase without getting anything in return. This new “hidden files” virus – also called “xp diagnostic” , hdd diagnostic, windows diagnostic  and has other names – as well offers you to purchase a solution, which of course never comes.

I have had a customer who got it and did purchase the software, but did not get anything in return. He paid 85 dollars. and it went to Kiev, Ukraine. or at least that’s what the paypal transaction receipt said.

So long story short, we have cleaned quite a few of these already and I got to tell you they are nasty.

and the nasty part comes not when you clean the virus, but actually when you need to restore the hidden files and other damage it creates.

Here is a quick  image of how it might look:

Hidden files virus

Now a lot of people write this is spyware, however I had couple where it wasn’t spyware it was trojans only. and it won’t get cleaned with anti spyware/malware software for sure.

Cleaning Procedure:

Since the virus locks up the system pretty well there is not much you can really do. for instance I couldn’t login in the safe mode and use anti spyware/virus software.

My solution is simple:

Step 1:Extract infected hard drive from desktop or laptop computer

Step 2: use usb-to-ide tool to connect to it from another pc

Step 3: use Malware bytes or Kaspersky antivirus to clean viruses.

After virus is cleaned here is where it gets tricky. Because files will still be hidden. Start menu items gone and Registry values changed.

Best thing to do now is to go to system restore and restore your computer to the previous date (date before you got diagnostic virus). This is truly your best shot and you will restore everything nicely to the way it was before. However that is not always possible, because some system restore just won’t restore it for mysterious reasons or some people don’t even have it turned on.

If your system restore doesnt work, then you will have to do a lot of work manually to uncover “hidden files” and clean up your registry.

first download the program which will uncover all the hidden files for you: get it here: http://overnightpcrepair.com/files/unhide.exe

Second:

here is the registry information that gets changed by the virus

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “<random>.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “<random>”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0′

you must change all that back to normal – change entries to opposite values.

——————————–

for now this is it. if you live in los angeles or chicago areas give us a call and we will clean it for you. call us at 877-938-8777 any time. Overnight pc repair is fastest computer repair in USA