Earlier this morning, I was tinkering around with Jim Jacobson's Martin Mariner PBM-3 and decided to go on the hunt for other models of the Mariner. Did a Google search for "Martin Mariner" and got several returns. Went to the first site on the list and they had the FS2002/2004 PBM-5 by Paul Clawson. It wasn't one of the usual sites, so I checked Simviation for the PBM-5 and did not find it there...so I went back to this site and downloaded it. Like I do with all files I download, I ran a virus/spyware/malware scan on it...three times...All three scans came back clean. So, I explored the zip file, and saw nothing out of the ordinary for a Paul Clawson aircraft. So, I unzipped it, realiased the sound, installed it to my Prop Test install, fired up MDLC to convert the MDL file to CFS2...and that was the last thing I was able to do on my new system. Somehow they had taken Paul's MDL file and basically turned it into a booby trap. My desk top short cuts and folders blink in and out, I can not get a single program to start.....although I was able to get my anti-virus fired up, to get Remove It Pro and Adaware fired up. Ran a full anti-virus sweep and it found nothing. Ran Adaware and it found nothing. Ran Remove It Pro and it found faceback.exe, and two DLL files associated with it, both in the Windows/System32 directory....but Remove IT Pro was unable to quarantine the files and suggested booting in Safe Mode and removing them manually.

I can not get the system to go into Safe Mode, can not get it to go into the System Recovery mode, can not get it to do a System Restore. All I get is my nice pretty wallpaper and blinking shortcuts.

Does anyone have any ideas on how to get into this system to clean it out.....because if I have to reformat and rebuild I will loose a great amount of work that has not been backed up anywhere (including nearly a dozen skins for the updated OH P-39 series), several conversions in progress, several planes being updated, several sound packs that I have been tweaking and modifying to reflect new uses, a few dozen repaint templates that I have been working on, and the list goes on and on.

And I have lost so much work already...that I may just throw in the towel and go back to playing Rune Scape where there is no risk of losing hours and hours of work.

OBIO

PS: I am back on my old Win 98 system at the moment.

Crap: just had a thought. Could I take the HD out of the new system, put it into the old system a slave drive and go into the Windows/System32 directory and remove those files? Or would Win 98 be able to read the files at all..the whole Fat16 and Fat32 stuff confuses me. The new system is running XP SP3.

Jesus (that's pronounced He-soose') OBIO, ...what the hell did ya step in!?!, ...and which site was it on?

Do ya have norton "go-back", ...or any pre-boot system restore progs?

Wish I could help more, ...maybe find the SOB and drag'em *ss-first thru a key-hole, ...and then learn'im somethin'.

Sorry man.

Oh man, I'm sorry. You stepped in the Kimosabe alright. How about naming the site so we can be a little more careful if we end up there. Hope you can recover everything. :kilroy:

Before reformatting, what you need is some type of top level AV program that allows you to create a cloned AV boot disk or CD that executes at boot sequence before the OS loads. This allows you to do a full and deep scan and fix intrusions outside of Safe mode and Windows too.

Short of this, i'm afraid you're screwed, because even if you can find and remove these identified harmful files, there may be some leftovers in other critical places not yet known; or you may have some serious registry alterations as a residual effect that will persist well after the viral removals.

I think your idea about running that hd as a slave and deleting the files is worth a try. But the real trouble maker might be buried somewhere else.

Could you get the "task manager" up and running?

Also, I'm pretty sure if you reinstall Windows from a cd without reformatting it will copy over all the system files and you will be running again. You will lose personal things like your shortcut icons and personal stuff but when I've done this (more times than I care to admit) all other files on the drive were not affected. No need to reformat yet.

Jimski

Hi Obio,
Ok here's what you do.Reboot your machine and go into safemode.Most virus's do not boot up in this mode.then run a full spyware/antivirus scan.Kill everything you find.
Then go online to here and use their online scanner to clean up any leftovers.
http://housecall.trendmicro.com/uk/
Then go here,
http://uk.trendmicro.com/uk/downloads/home-and-homeoffice/index.html
Download and install,Then fully update which ever package you use.You get a full 30 days trial with any of these package.
Make sure you uninstall which ever antivirus software you already have.
reboot into safemode again and do a full scan.
If all is reported as safe and clean you are ok.
I would also delete all restore points as well.Clean out all tempory files.cookies etc.
You can use this for that job,
http://www.iobit.com/advancedwindowscareper.html?Str=download
If you find any suspicious files that will not delete you can use this to get rid of them,
http://ccollomb.free.fr/unlocker/

I hope this is of some help.If you are still in some doubt once you ahve rescued your files then do a full format and reinstall.

Buddha13

Obio,

I know how you feel. A few years ago, I put hundreds of hours into learning GMAX and building a Bloch152. I lost it all when my hard drive went kaput. I was so upset I couldn't bring myself to revisit CFS2 until recently. I was able eventually to save some of my files off of the hard drive. Although I may not try building a plane again, I am enjoying working on repaints. I hope that you are able to restore your system and continue to enjoy CFS2. The things you are doing are great and help this wonderful sim continue to grow.

Good Luck!

d67

I finally got into safe mode...and the same thing happens there....the icons blink a couple times then disappear completely. I can not get to my anti-virus in safe mode. Will continue trying to get this system saved.

Faceback.exe is not a virus. It is what is known as a generic trojan downloader. This is meaningful to your situation in that this file is not a self-replicator like many viruses. So once you delete the faceback.exe file, or just rename it, you will be OK. If you cannot get to the file to delete it, check the virus b-boards for a manual fix. The McAfee Forum is a good place to start.

There is also an entry in your registry that callsup faceback.exe during the boot process and let's it hijack your system. But if the .exe is not there, then it will not have any affect, nor will the associated DLLs that faceback.exe downloaded from the net. Though you should run REGEDIT from the Start menu and search for 'faceback' in order to remove it to be thorough. And delete the DLLs on the hard-drive for good measure.

If you aren't familiar with using REGEDIT, don't worry. Any good registry cleaner will kill the entry once the .exe is removed.

If none of this works for you, get a reputable AV program like McAfee, which will catch/kill this variety of downloader.

Hope you get 'er done soon. :wavey:

It looks like I am just going to have to bite the bullet and do a system recovery...overwriting the installed XP with a fresh install of XP...loosing a few pieces of very nice software that were left on this system by the fella who gived it to me in the process. It has been nice having Photoshop 7.0, Air Wrench and the newer panel software (Panel Designer or what ever it is called). Faceback.exe is off the system, but it still does the blinky blinky bye bye in regard to my icons.

Not sure when I will get around to it....not really in the mood for much of anything at the moment.

OBIO

I've done that several times with win2000 with good results - sometimes it will clear up other nagging issues. Biggest problem for me has always been reinstalling drivers for add on hardware like video cards, modems, etc. I try to have driver discs handy. I suppose a real "recovery disk" might solve that but I never had one. There was one time when I tried to install XP on the old box due to viruses in win2000. XP wouldn't let me do that saying my hd was contaminated. Luckily win2000 didn't care about that.

Good luck!

Jimski

Tim,

If you can get into safe mode, can you not run the system restore from there and restore to an earlier day?


Geary

Even in Safe Mode, I can not use System Restore to roll the system back. It seems like all the Restore Points have been deleted or froze out. The only day I can select is Sept 28, 2008 12:11 AM...which is the precise time of the attack.

This weekend, I am going to pull the HD from the new system and put it into the old system as a slave drive and then burn all my sound packs, paint templates, and sim files to DVD so I have them safely archived (I have most of it already on DVD/CD but have a good amount of new work that is not archived).

Once I have that done, then I will try a System Recovery.

OBIO