Spyware, Viruses, & Security forum


virus updates my computer

by KenMcd4 / May 13, 2013 12:56 AM PDT

Sorry for the big messy post. I have a virus(I think), it happens at random

What it does is upon shutdown it starts what looks like a windows update then shutdowns. On restart it continues the update. The update then fails then reverts. This all takes around an hour. Once the netbook has booted there appears a hiden desktop.ini file and 2 shortcuts saying korean messenger and media player, like link to crappy looking websites.

first thing when I googled is 2 forums saying to have these shortcuts is normal and is a requirement of the korean goverment with microsoft when the korean language pack is installed. For one i dont believe that, why install shortcuts that link to crappy looking websites, when i dont have the korean language pack installed. Maybe I got a dodgy windows update involving all the language packs.

I've ran several scans(in safe without networking mode) from different virus software and mostly nothing. One scan found some stuff in some installation files
Win32/toolbar.babylon.c application and something to do with ask.com. Further research into this has found nothing.
Spybot rootkit scan finds 10,000 + things then adds this may not be malware. Plus the stupid cant mass delete them and it links to this recursive application data where it goes 15 folders deep repeating itself. I found one website saying this is normal behaviour due to the way windows was programmed.

looking around my C:\ I've not sure exactly if what i'm looking at are infected files or whats supposed to be there. Many folders have access denied, or protected by trusted installer(legit), or difficult to remove. Many folders have exe.mui files and many folders like ko-kr and en-us. Language pack stuff i find, but it seems strange they seem to be in so many folders for so many programs. Also many folders, .ini files also have the same creation date and time 14/7/09 or another date. Also seems strange

Sometime i look at files that are prefetch(.pf) or in windows\winsxs folders and wonder if they are part of it also

I've had a boot scan to run when it does it again, but that turned up nothing, the last time it did i decided to run safe mode, but i think it got ignored, but the usual windows update screen didnt appear and instead just a black screen with single line text showing all the files getting updated approx 60,000 files.it stopped at 10,000 and returned to the windows update screen, but this time it finished its update very fast and didnt install the shortcuts

I got a couple of file1 error 42125 zip archive corrupted in some scans from stuff in my d drive, but i've figured they arnt anything to worry about

I scan my eyes over my c:\ files think, google them, delete a couple now and then
I have a search program to search for any strange files that I come across

I have been able to apply normal windows updates. Btw i turned the update service off, I scan the task manager processes to see if anything strange turns up then wonder if stuff like winlogon.exe should be in those locations on my computer

my files are all ok for now

I'm basically working on reinstalling as it looks like I my c drive is messed up,but i really want to get this thing
i am running windows 7 starter

one time after reboot and the desktop loaded there was a box in the centre of the screen saying main_wnd or main-wnd. A google gave me the impression this might have something to do the the C++ coding language. You see there just to much to google to try and work out. I feel like I'm research how to make an anti-virus program itself.

one thing is there a program I can get that runs at shutdown and monitors which files get changed or what is running when this update is happening

Am i remotely hijacked, spyware,virus, it prob came off some program i downloaded

Can anyone recommend other forums for this sort of thing

is it worth to try and decipher the scheduled tasks in the system tools or monitor monitor bandwidth as well

tried, avira, avast, malwarebytes, spybot, avg, oh yeah, avast would not install it was blocked, so downloaded this thing called chameleon which installed it,but strangely the chameleon folder seemed to fill up with strange files as well.

it seems to do it at random, but usually every 3-4 days, but the pattern does change. it used to do the whole update thing in one go, no reboot, its seems to do it 2 shutdowns in a row also at the moment

Anyone want to help me with this mystery, has the korean goverment cornered microsoft into making shortcuts appear on my computer? Do I have a virus playing a continous update on me that going to make my computer explode. Whats the point. Is there a virus at all. Can i get rid of it and return my file system to normal?

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: virus updates my computer
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: virus updates my computer
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
by Blue_Zee / May 13, 2013 2:21 AM PDT

After all you have done, I feel it will be difficult for anyone to suggest anything but format and reinstall Windows.

From the initial symptoms it sounds like a broken Windows Update that would probably be solved with this Fix it:

You may try the above but I fear in the end you will have to back up what you need and go for it: format and reinstall.

Good luck!

Collapse -
by KenMcd4 / May 13, 2013 3:01 AM PDT
In reply to: Well...

This problems a mouthfull isnt it. I was hoping people could tell me bits and pieces about things like is it normal to have the Kr-ko folder everywhere.

Ran the link you suggested. No problems detected.

I havent had the virus do the update since I interupted it with safe mode. Thats a while now, but who knows what is going on.

I am thinking of reinstalling and i did a bit o research and raised my fist at how difficult things can get. I run windows 7 starter on a netbook and therefore have no copy of the operating system...and.....also.......then theres........wait this is a post for another time, maybe i should try linux. I also hope the virus isnt in one of the files i back up

Collapse -
Troubleshooting : System Recovery on Eee PC products
by Blue_Zee / May 13, 2013 3:16 AM PDT
In reply to: Reply
Collapse -
by KenMcd4 / May 13, 2013 5:05 AM PDT

Just one question not to sound stupid or anything, but could a virus infect the system recovery as well. Also the computer came with a C and D drive, any chance the D drive would be untouched

Collapse -
In the extreme...
by Blue_Zee / May 13, 2013 7:48 AM PDT
In reply to: djdjdj

Yes, it is possible.
Probable? No.

I don't believe such malware even exists today.

Collapse -
Varied issues. Varied threads. Varied time frames.
by Carol~ Forum moderator / May 13, 2013 3:09 AM PDT

Hi Ken..

I see you also posted at our Windows 7 and Computer Help forums. And did so over a span of two months time. I recently removed the one at Computer Help, as there were no responses.

Considering all the different issues you're experiencing, coupled with the amount of time they've existed, I feel you would best be served by posting at a malware removal forum. You will receive personalized help. Add to that, they make use of certain tools we don't utilize here. Tools which will better able them to SEE what's going on.

Below are just a few of the more popular sites. Only post at ONE. Have patience. They are extremely busy, but they will get to you.





While you're waiting, you might want to make sure all vestiges of the A/V scanners you downloaded are gone. Most provide a utility to remove the software in its entirety.

I just now see one of our members suggested a format and reinstall. Yet another option. The choice is yours to make.

Best of luck..

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

CNET Holiday Gift Guide

Looking for great gifts under $100?

Trendy tech gifts don't require a hefty price tag. Choose from these CNET-recommended useful and high-quality gadgets.