Forum Settings
       
Reply To Thread

Annoying VirusFollow

#1 Aug 19 2010 at 5:37 PM Rating: Decent
***
3,175 posts
Hi. I have a virus that is really annoying. It tells me to download an obviously fake virus protection program and will not let me open anything else on my computer. Any ideas, or should I just take my computer in?
____________________________
I'm kind of a big deal. My apartment has many leatherbound books and smells of rich mahogany.




#2 Aug 19 2010 at 10:09 PM Rating: Excellent
Avatar
******
29,905 posts
There are several possible variants of that particular spyware, ranging from mildly annoyng to remove, to near impossible. It is possible to remove them and keep you system intact, but it does take some skill. The most common and most irritating variant of that particular scam is the Vundo worm, which is also the most difficult to remove. But hopefully you got lucky here. If your computer skills are less than one might hope, you will probably be better off finding a knowledgable friend to remove the virus for you. Taking it to a computer shop will set you back on average of $100-200, with varying degrees of

If you decide to make the attempt yourself, here are a few things you can do:

1. Buy a 4GB+ flash drive and back up any important documents, pictures, audio, movies, etc to that drive. Chances are they are infected, we will clean them later.

2. Purchase a good Antivirus program. Whatever you currently have is either out of date, infected, or just plain not working. I'd recommend Norton internet Security 2010 ($70). Don't install it yet, chances are the virus will block it.

3. Download and install the following free software: Malwarebytes anti malware, Trendmicro hijackthis, microsoft security center, Spybot search and destory, and Javacool spyware blaster

4. Reboot your computer in safe mode with networking. Run malwarebytes first to see if it can kill anything. Now, run hijackthis and if you like, Send the log file to me Via PM (it may contain information you would not want to post publically). I'll send you a list of anythign suspect to remove with hijackthis. in the mean time, run secuity center, spybot, and run javacool spywareblaster, which doesn't really cure any spyware, it just hard blocks known bad sites. also go to housecall.trendmicro.com and run the online virus scanner

5. At this point, load internet explorer, go into tools, options and reset all settings to factory default if it will let you. Then try to go to update.microsoft.com and download any patches available for your OS.

6. next, go download the Secunia PSI program, let it scan, and patch any security vulnerabilities it finds.

7. By that time, hopefully I have sent you back your hijackthis log. remove any entries listed, then try re-booting back into safemode. Then install the antivirus program you purchased, and patch that.

8. At this point, if you know someone with a known good antivirus program who is computer knoledgable, pull your hard drive out of your computer case, and have them run a scan on it with your drive plugged in as a secondary drive. If you don't have access to that, your chances of success are reduced somewhat.

9. If the scans come up clean after the second reboot into safe mode, and all patches are applied, and all antivirus programs are up to date and showing no infections, reboot into regular mode and see if the issue has resolved itself. Now run all the scans again in normal mode, just in case.

If you are clean there, you can now format or destroy that flash drive you made earlier. If you are having issues at this point, you have a nasty infection and may want to consider formatting and reloading as an alternative to paying someone else to remove it.

____________________________
Arch Duke Kaolian Drachensborn, lvl 95 Ranger, Unrest Server
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
#3 Aug 20 2010 at 2:37 AM Rating: Good
Sage
Avatar
**
325 posts
If you google the name of the fake anti virus, most of the time you will find other people who's had the same issue along with a solution.
____________________________
FFXIV
Name: Z'veagan Brolz
Server: Ultros
Linkshell/FC: Lootwhorindramafest
#4 Aug 20 2010 at 8:09 AM Rating: Good
Terrorfiend
*****
12,905 posts
For the love of all that is holy, don't get Norton.

There are numerous free antivirus programs that dont turn your computer into a sloth for the sake of security.
#6 Aug 20 2010 at 8:00 PM Rating: Good
Silent But Deadly
*****
19,999 posts
For the easier-to-remove ones, the process is quite a bit simpler:

1) Reboot into Safe Mode. No networking needed.
2) Run regedit.
3) Look in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. Anything with a ridiculously alphabet-soup name that you find here: note down the path, then delete the value.
4) For every file that you noted down, find and delete that file.
5) Reboot.

If this doesn't work, Kao's longer process is a good second phase to go through.
____________________________
SUPER BANNED FOR FAILING TO POST 20K IN A TIMELY MANNER
#7 Aug 20 2010 at 8:32 PM Rating: Excellent
Avatar
******
29,905 posts
KTurner wrote:
For the love of all that is holy, don't get Norton.

There are numerous free antivirus programs that dont turn your computer into a sloth for the sake of security.


2010 is really quite compact. It takes 31MB of ram at full scan, and 15mb at idle, with next to no CPU resources. Older versions Pre 2008, sure. i'd agree. But now its a drop in the bucket. They really concentrated on optimization this time, and its the only program I have never had miss something. Mcafee is far more of a resource hog and has let me down in the past. AVG is free, but it misses things.

You get what you pay for.
____________________________
Arch Duke Kaolian Drachensborn, lvl 95 Ranger, Unrest Server
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
#8 Aug 21 2010 at 1:03 AM Rating: Good
Silent But Deadly
*****
19,999 posts
Dread Lörd Kaolian wrote:
KTurner wrote:
For the love of all that is holy, don't get Norton.

There are numerous free antivirus programs that dont turn your computer into a sloth for the sake of security.


2010 is really quite compact. It takes 31MB of ram at full scan, and 15mb at idle, with next to no CPU resources. Older versions Pre 2008, sure. i'd agree. But now its a drop in the bucket. They really concentrated on optimization this time, and its the only program I have never had miss something. Mcafee is far more of a resource hog and has let me down in the past. AVG is free, but it misses things.

You get what you pay for.
Therefore: Norton for normal usage, AVG for your emergency boot disk (because when Norton does miss something, it's usually something that every other AV catches, based on past versions).
____________________________
SUPER BANNED FOR FAILING TO POST 20K IN A TIMELY MANNER
#9 Aug 22 2010 at 5:55 AM Rating: Decent
Scholar
**
377 posts
The latest versions of Norton have been a big improvement of the hog of before. I have about 200 Norton 360 keys to use whenever I fix someone's computer. It's very good at handling naughty files automatically.
#10 Aug 22 2010 at 11:34 PM Rating: Decent
***
3,175 posts
The problem is I cannot open absolutely ANYTHING at all. Or run any programs.
____________________________
I'm kind of a big deal. My apartment has many leatherbound books and smells of rich mahogany.




#11 Aug 23 2010 at 12:07 AM Rating: Decent
Scholar
**
377 posts
Either get a bootable cd that can scan and fix it, find a friend that can do that, or remove the hard drive and put it in a computer with good anti virus software, and scan it that way.
#12 Sep 01 2010 at 3:14 AM Rating: Default
3 posts
You can download and use Avast Free Home Edition and scan your system from Boot up mode. It will definetely remove viruses from your system. Remember to update it before scanning. Moreover, viruses tends to go in initilayy system 32 folder and system volume information. try to find in there and delete it permanently.
#13 Sep 01 2010 at 12:56 PM Rating: Good
****
5,488 posts
1. Boot into safe mode with networking

2. Download, install, and run windows cleanup found here

3. Download, install, and update Malwarebytes from either www.cnet.com or www.malwarebytes.org

4. Run Malwarebytes in a full scan. This will take roughly 45 minutes or more depending on how much you have on your Hard Drive. Once the scan is done, remove selected red objects and reboot PC.

This should take care of malware on your PC.
____________________________
KTurner Buggers Animals


Bushmills Dwarf Death Knight
Kil'jaeden Server

#14 Sep 04 2010 at 12:20 AM Rating: Good
Scholar
**
801 posts
sounds like you've got one of the worst versions of this virus hoax.

It has hijacked the shell, preventing you from killing it via any of the OS's tools, opening any websites, or running any anti-malware/virus scan. It will only allow you to run executables not on it's blocked list (basically everything you would use to kill it, including regedit, task manager, and a host of other stuff).

From another system, you will need to download another program called Process Explorer. Rename the executable and copy it to a flash drive, CD, Floppy...some type of portable media that you can browse to on your system. Microsoft has a guide detailing removing it, but I forget what it was under in the knowledge base--may have been "Antivirus 2008 Hoax", or maybe even 2009. Probly get a link to it if you goole one of those names. While you're at it, download malwarebytes Anti-Malware. This has had a pretty good track record of trapping these buggers well enough to the point that you can install AV software to clean further.

Basically, you run this renamed version of process explorer and use it to kill the process that has hijacked the shell. It will be a bizarre name in the list, and stick out like a sore thumb. In many cases, it will be a name with a number in it--sometimes just a 4-digit number even. You will know you have the right one because you will have control of your system again. Now install Anti-Malware and scan the system. It will likely tell you it found stuff and needs to reboot to remove it. It may run another scan during startup. Just let it do it's thing and it should help you get control again. It might take a couple passes of killing processes with the renamed process explorer. It will hide it's startup call in several calls throughout the registry. It actually calls one process that regenerates the script to kick off the hoax again on next reboot. You think you are clean, then on the next reboot--bam, you have it again. So you are going to need to keep scanning your system after EVERY reboot for a while--even if it ran a startup scan and rebooted to clean what it found on that pass. Keep scanning until you get several consecutive start ups as being clean. Then run a FULL antivirus scan as well. With any luck, an updated anitvirus scanner will catch the dormant executables on the drive and get rid of it for good.

Also, double check your installed programs. Get rid of extra search toolbars for your browser. This is a common entry vector for these things. The add banners and pop up ads open a port to a server that gets exploited--essentially, they piggy back on legit software. A common culprit is MyWebSearch and several variants of it. There's also a smiley tool for webchat too, but I forget the name of it.

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

http://www.malwarebytes.org/

Good luck.

Raist
#15 Sep 18 2010 at 7:47 AM Rating: Decent
Scholar
38 posts
On a side note you haven't told us the name of this fake program, simply knowing this can let people know what virus it is, sense no one is 100% sure at this point. Google is your friend =)
#16 Sep 20 2010 at 11:54 AM Rating: Decent
Scholar
18 posts
Big fan of ComboFix myself, make sure you backup important files though as it tends to delete without warning.
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 27 All times are in CDT
Anonymous Guests (27)