I don’t know how…I just cleared my history, turned off the computer and when I turned it back on
I had this stupid virus plastering pop ups all over my screen. I can’t get to any programs, so I disconnected the modem and shut down again.
Windows 7, use Firefox and the av program I have been running for years is the paid AVG version.
searching and browsing is a pain on my Blackberry; how screwed am I? I don’t imagine there’s a chance I can get rid of this myself so plan on taking it in somewhere tomorrow.
And how on earth did I get this thing? My computer usage is quite mundane and I think I’m careful. Pisses me off.
Try using system restore from booting in safe mode. F9 at boot if I remember correctly. It has worked for me on several occasions. I would suggest going back a few restore points. When is our government going to have enough and start putting the people who do this in jail for some real time?
OK, I got online in safe mode but there is such a plethora of differing sites and instructions on removing this thing that I’m getting really confused. Plus I am not sure which sites or sets of instructions to trust. For all I know have the sites with removal instructions are themselves malicious sites.
Ugh.
I don’t think going back a few versions removes a virus, does it?
I would have said no, except that I have done it before. Like yourself I ended up with a really nasty one. My AV did nothing to remove it so in frustration I restored. Haven’t had a problem since, however YMMV. It should undo any installations and changes to the registry etc… so it should take care of the problem. Of course, I am no expert, but it did work for me.
I just removed this from my son’s computer. Here’s what I did (Windows 7):
Booted up in Safe Mode
Went to the folder C:\Users(user name)\AppData\Roaming\ In order to get to “AppData” you will need to choose the option “Show hidden files”. In Windows 7, you can get to that by clicking “Organize”, choose “Folder and Search Options”, click on the “View” tab, and find “Show hidden files” in the “Advanced Options” list.
Deleted any folder or file that was a nonsensical string of letters and numbers rather than a recognizable application name. On my son’s computer, there were several and they were all created at the exact same time.
Ran Regedit.exe, and went to the Registry folder “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run”. Deleted any registry value that was a nonsensical string of letters and numbers rather than a recognizable application name. Then did the same thing in Registry folder “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run”.
cmkeller - I tried that, but couldn’t find any files or folders that were recently dated with nonsensical character strings, so I was sort of stymied. Unless the date stamps were inaccurate?
What I did was do a system restore as obbn suggested - everything worked fine except Firefox was crashing right after I started it. But I had AVG back, so I ran a scan and it found and “healed” 14 Trojan horses. All but one of them had “java” in the name, so I assume that when I restarted Firefox and allowed it to make its normal updates, I screwed it up somehow. Because even after the scan and “healing” Firefox still won’t open. IE works fine.
So I guess I’ve fixed much of the problem but there’s still something lurking around, or Firefox is the only thing corrupted. I can’t find the Cloud AV thing or anything suspicious in my programs or files. Now that I’m back online, I find that AVG has both online and telephone customer support, so hopefully I can get this fixed all the way.
Thanks to both of you! It’s been so long since I’ve had any computer issues I’d forgotten what things to try.
You proabaly have the Zero Access rootkit installed, so any manual file deletion or registry editing is probably not going to get rid of it. Follow those instructions to the letter and you will have a good chance of getting rid of it.
Sometimes it does, especially if you know when you were infected. It doesn’t actually remove it as a file, but it deactivates it so Malwarebytes can clean it.
Used to br, it didn’t help, but it’s easier to pinpoint the time of infection, and viruses don’t deactiveate system restore, like they used to do.
I followed those instructions last night from my Blackberry, but when I got to the step about unchecking the proxy server, it was already unchecked. I followed through anyway, but still couldn’t open anything, including IE.
I didn’t follow through with the next step though. It was only after doing registry restore that I could get anything to work.
(It’s probably obvious by now that I am not the most technically proficient person around!)
Congrats on your success. I was really hoping that I wasn’t out of my mind when I suggested a system restore. It worked for me in the past, but as always I don’t want to give bad information. Like RealityChuck said I think that the trick is to choose a restore point prior to the time the virus started doing it’s thing. That is why I suggested going back a few in your restore points. I know the current internet trend is to bash Microsoft, but I will give them credit for creating system restore, it has saved my butt more than once. (And I predict a slew of responses from Apple SD’s telling me Apple had it first and Microsoft copied it. Whatever, I am just thanking them for including it in Windows. It does what it is supposed to do.)
