OT- Windows Restore Virus

Submitted by swdude12 on June 7th, 2011 at 4:50 PM

I believe I got this virus from mgoblog.  I got it on my home cpu and I also got it on my work cpu, which i dont have admin rights too, so now I am kinda screwed. FYI be careful! It hides all your files and pretends to run a restore program, says your harddrives have crashed etc.




June 7th, 2011 at 11:51 PM ^

I've gotten popped twice this evening by the same Blackhole Exploit Kit virus that others have referenced above.  Presently using IE9, and have Norton Security Suite (the free version you get from Comcast). Norton blocked it both times, thankfully.


June 8th, 2011 at 12:06 AM ^

slightly different graphics, last night, on my wife's laptop. I didn't get the whole shebang, though. Just a portion. Running system restore from safe mode and then malewarebytes (it was preventing malewarebytes before that) cleaned it off quite nicely. She refuses to run chrome.

Chrome with Notscript is the best thing ever to happen.


June 8th, 2011 at 12:34 AM ^

I had to update a program so I shut down my browser. After the update was done, I restarted the browser and came to mgoblog. As soon as the page opened I got hit with a bad script... JS Downloader-ARA.

I have been coming and going to mgoblog all day, and this is the first time anything has come up. Avast stopped it. I also got a message telling me that I need Java to view mgoblog. Fortunately I don't have java installed.


June 8th, 2011 at 10:32 AM ^


You don't have to pay for it, the free version works very well.

- Turn off system restore

- Download, install, and run a full scan with malwarebytes

- Once scan and cleaning are done... reboot and run the scan a 2nd time.

- Turn system restore back on.

You should be free of the infection.


June 8th, 2011 at 8:14 AM ^

I got two warnings when I opened up TomVH diaries that my AV (Avast) had blocked a file from downloading. Definitely something on mgoblog, probly an ad.


June 8th, 2011 at 8:17 AM ^

If the virus hides all your files, there's a utility called unhide.exe that you can get from bleepingcomputer.com that will un hide them.  First you'll need to download and run malwarebytes, possibly in safe mode, to get rid of the thing.


June 9th, 2011 at 11:54 AM ^

I run ABP on all computers I use, and have not had any issues arise. Leads me to believe the underlying problem doesn't lie in mgoblog's code, but in the advertisements - which are brought in from external sites.

edit: Also, anybody running a non-windows OS that claims superiority over others because they think they're immune to viruses, malware, etc is a) ignorant and b) kidding themselves.


June 10th, 2011 at 9:52 AM ^

My home pc is now completely unusable, this is really a nasty one. I can't even get to malwarebytes, gotta take it to the shop. Can't complain, I love the way mgoblog burns me.