Published by Azzkiker 13 years ago
It has recently come to my attention that there's been a large influx of CS 'Cheats' and 'Hacks' circulating on many torrent sites, warez sites and small forums boards. These so-called undetectable cheats are fake and once executed, will install a virus on your system, causing many annoyances, instead of the godly gameplay aid you were expecting. A lot of people are falling for this virus and many are unsure on how to remove it. Although, I tend to think that these people deserve what they got for trying to cheat and ruin other people's game, I'm hoping that by helping them get back on their feet, they will abandon these dark and sinister ways... What the virus / fake CS Cheat file will do when the downladed file is executed: 1. Install itself as Microsoft Shell Extension Service.This will enable it to autostart every time you load Windows. 2. Copy itself to C: -> Windows -> System32 -> shellext32.exe. This file is an exact copy of the virus executable and will be used to run fake Microsoft Shell Extension Service process. 3. Force screen resolution changes to 640x480. 4. Force mouse buttons to be reversed. Left click will become Right click and vice versa. 4. Force mouse pointer moves at a very slow speed. The cursor scroll speed across the screen will be slowed down by a factor of around 10. 5. Changes the Windows Desktop layout. It will move the 'Start' button to the right hand side. It will also change all the titles of windows and various buttons to " sp0rkeh 0wnz y0u ". 6. Windows will no longer be able to execute any files that end with *.exe. The virus takes over that extension and therefore, the infected Windows cannot open almost all programs. For some strange reason, this doesn't apply to Internet Explorer which can be run normally. Changing your Desktop resolution is impossible. Attempting to do so will only give you a ShellExt32.exe error repeatedly. How to remove the virus and return your system to previous state: 1. Download fixswen.inf to your desktop. Right click on it and choose "Install". [This file is completely safe, it is directly from McAfee's servers.] 2. Search your computer for "shellext32" and delete everything you find. Make sure you empty the Recycle Bin as well afterwards. There should be an .exe file as well as a prefetch file to delete. If not, ensure that Hidden Files & Folders are set to shown and re-search. [Note: Research shows that this virus is also bundled into 'pornographic images' and 'nude celebrity' photos also distributed via the same methods as the CS cheat. The file appears to be a normal .JPG file however once opened, will install the virus silently and stealthily. However, this variant of the virus will not have these files so don't worry if you can't find them. Continue with the steps below.] 3. Reboot your PC. 4. Reset your original resolution. 5. You will now need to remove the fake Microsoft Shell Extension Service: - Browse to C: -> Windows and double click on regedit.exe. - Press the F3 key on your keyboard and put shellext32.exe in the "Find what" field then hit "Find Next". - When you find a match, delete the whole MS ShellExt Services by right clicking on the "MS ShellExt Services" folder and selecting "Delete". Confirm the selection. 6. Press F3 again to search for other matches. Remove all traces the same way you did as in the last step. [Note: Registry editing is crucial and it is highly advised that you perform this under Safe Mode. When booting your computer, constantly tap F8 after the 'beep' and you will be prompted for some booting options.] The virus should now be disabled. However, this does not mean that your system is completely clean or that it can not return. It is highly recommended that you update windows, install decent anti-virus software and make sure it is fully updated. Run a full system scan periodically to ensure your system is thoroughly clean, once a week is ideal. Finally, I do have to warn you all of the dangers of downloading and running unknown files. It does seem very obvious and a boring reminder, but it's constantly suprising how many people fall for it and get affected as a result. Just don't do it! Don't cheat, or try to, on any online games, it ruins it for everyone and most of all, yourself. Don't accept any files from someone you don't know. Don't download and run any files from unknown sources such as torrents, they're more often than not, rigged with trojans, viruses and lots of keyloggers. I do hope this guide will have benefitted some of you out there who are infected, especially those who mailed in for help. I guess you've now learnt your lesson well. If anyone has any further problems or have any comments/suggestions or updated info to help this guide, feel free to mail in. Thanks, -Azzkiker azzkiker@hl2files.com Disclaimer: The above method has been tried and tested, personally by myself, on an old isolated computer and does work. If you decide to attempt this removal method, you do so at your own risk and I can not be held accountable for any damages resulting from this. Even though there shouldn't be any at all, if all done correctly. This guide is for the removal of the CS cheat / fake virus only and does not apply to other viruses/trojans/spyware/malware/keyloggers nor does it guarentee that your system is clear of all of these.
