Woah, I have not had any virus problems for years, until tonite... during my vacation :/
I was away from computer for 5 mins and when I came back it had 7-8 windows security dialogs requesting some kind of permission. I did not like so I restarted the computer. After restart Norton found this "Suspicious.Mystic" and removed it. After that I just get a black screen in windows. No startmenu, no background, nothing.. It is possible to CTRL/ALT/Delete and start task manager etc.
Bedtime for me now... I hope this just is a night mare :/
You are still infected. I would recommend a visit to one of the free malware removal forums for assistance.Bleeping, as you probably noticed is very backed up. One of the other's will likely be faster.
suspicious.mystic is a rootkit that lodges in your C:\WINDOWS directory. Norton finds some infected pieces, but doesnt remove the cause. I was able to remove it from a couple PC's successfully
Woah, I have not had any virus problems for years, until tonite... during my vacation :/
I was away from computer for 5 mins and when I came back it had 7-8 windows security dialogs requesting some kind of permission. I did not like so I restarted the computer. After restart Norton found this "Suspicious.Mystic" and removed it. After that I just get a black screen in windows. No startmenu, no background, nothing.. It is possible to CTRL/ALT/Delete and start task manager etc.
Bedtime for me now... I hope this just is a night mare :/
From what I could see in those instructions, it would work for those with enough experience to recognize the problem .dlls. For an inexperienced user, it could be quite dangerous.
Symantec is working very hard on a fix for this, but it could delete winlogon. Disconnecting from the internet and avoiding a reboot would be wise until it gets sorted out. One user on NIS/NAV has a TDL3 involved as well which is trickier to fix.
I would still recommend one of the forums for help with it, rather than do it yourself unless you are very computer savvy.
suspicious.mystic is a rootkit that lodges in your C:\WINDOWS directory. Norton finds some infected pieces, but doesnt remove the cause. I was able to remove it from a couple PC's successfully
(The current version going around is a variant of sorts, that spams email, removes your taskbar and icons from your desktop among other goodies. )
Drew
Suspicious.Mystic is a Heuristic detection for anything Norton detects as matching something possibly bad. It is not a solid detection name like "Trojan.Bamital!inf " which the suspicious.mystic detection for "explorer.exe" and possibly "winlogon.exe" has been changed to after Symantec received the installers from me and they took a look at it.
"Trojan.Bamital!inf" does not include the TDL3 (+) (Tidserv) that PC's at the moment are infected with also, as the other part.
This TDL3(+) variant appears to be downloading .tmp file(s) that then install Trojan.Bamital!inf
For SONAR or Heuristic detections like suspicious...................., Trojan.Gen etc can't have removal instructions like is done for hard detection names as the SONAR or Heuristic detection name is usually too broad, Trojan.Gen for what??
The Suspicious.Mystic I got to infect "explorer.exe" had no .dll files involved, so I had no .dll's to remove, let alone 4 of them, so you instructions don't match, let alone installing programs like Ad-Aware with Norton which I have tested.
I found you on Bleeping Computer, and the Suspicious.Mystic with the injected patched "explorer.exe" and possibly "winlogon.exe" looks the same BUT the user had or has a Rogue (Animalware Doctor) installed and by the ark log unless it's hidden further behind what is shown, It's not a TDL3 (+) infection.
It's instead TDL2, or More like Conficker (Downanup) variant which is different
Log from there attached
Whereas now it looks like TDL3 (+) can install on x64 systems which is interesting,