I can’t even boot antivirus, or any program, because fake antivirus says the file is corrupted. I’m having to post this from the laptop.
Does anyone recognize this or have good ideas on how to get this cleaned up?
I can’t even boot antivirus, or any program, because fake antivirus says the file is corrupted. I’m having to post this from the laptop.
Does anyone recognize this or have good ideas on how to get this cleaned up?
Download the install CD from Ubuntu.com. Boot your computer using this CD. Do not install Ubuntu (Linux), but instead choose the “Try Ubuntu” option. Hook up a USB stick or external drive and transfer your important files off your computer.
Then, reinstall Windows using the CD that came with your computer.
Don’t like wasting your time on this shit? Go buy a Mac.
Or run Linux all the time after you get your files off.
I’ve heard that if you rename your antivirus .exe file to iexplore.exe you will be able to run it. Just make sure you rename the real iexplore.exe to something else so you don’t run it by mistake.
Here’s an actually helpful answer. Can we leave the platform bashing for at least a little later?
These are the basic steps I start off when I’m cleaning someone’s computer:
Restart the computer in safe mode with networking. Open up msconfig and uncheck the startup item(s) that’s for the malware. It will probably have a random name and a file location in Application Data/ProgramData, temp folder, or downloads folder. Uncheck them all if you aren’t sure. Check your browser settings to make sure there is no proxy server configured and DNS settings and hosts file to ensure no malicious hosts are specified. Go download a cleanup tool like Malware Bytes. That should get you operational enough to reboot in normal mode to install the tool. Update it and boot back into safe mode and do a full scan. Let us know if you need any clarification on the steps.
If you’re still having issues there’s other things to do based on what you’re having a problem with.
Download Avira premium security suite here -> http://www.avira.com/en/downloads/
There are several products, here is the direct download link to the one I’ve suggested - http://dlpe.antivir.com/package/wks_avira/win32/en/isec/avira_premium_security_suite_en.exe
Avira will let you run it for 60 days for free.
Most anti-virus software will only find known threats. Avira also has a sort of artificial intelligence (heuristics) which can flag any virus-like activity (for what are called 0-day, or zero-day threats).
What AV software do I see in the pictures? I looked for a name but couldn’t find one. If it is a no-name product, it could be a scam and it was the AV software which actually infected your computer. Evil and devious, but an effective strategy.
If you have no success, that I would second the idea about running some sort of stand-alone operating system like Ubuntu that can run off a CD without requiring a full install. At least you will be able to get most of your files back.
Please forgive me for pointing this out, especially now, but for the future, it would be worth having some sort of backup and recovery strategy.
Good luck. Let us know how it goes.
Booted to safe mode, found about 6 weird things in msconfig, unchecked them. Found a randomly named folder in Application Data, I think it was: deleted it. Malwarebytes now has found 4 problems in 45 minutes. Thanks for the notes so far.
Oh: yes, my point in the notes on the pictures was that only AVG was a legit service. I’d never seen the other things before this evening. I’m sure clicking yes to anything on there (and maybe even clicking no) would be allowing something bad to happen, again.
That’s the SDMB special going around. It apparently comes from the ads on SDMB.
This worked for me: Boot in safe mode & run Malware Bytes.
Beyond that, you can run Firefox & Adblock Plus to block the ads… or you can pay SDMB to block the ads (and accompanying malware risk) for you by buying an SDMB membership.
Ok, I’m going to ask this crowd a different question: Why does my non-boot internal drive have seemingly hundreds of files in System Volume Information/_restore? Also, why can’t I see this folder? Can this folder just be deleted? These seem to be .dat, .exe, and .dll files. Many times a folder of “snapshot” is included. Malwarebytes has been scanning this folder for about 5 minutes solid.
I’d personally just boot from my PE Windows CD… and clean the computer from there.
Or boot to command prompt after downloading a dos-mode AV… I think fprot still offers a download for one of those.
Or you could just do a straight home network between your computers… and see if you can kill it that way.
Or do what the other people said, get a Linux bootable CD…
Or if I was really bored, I’d repartition the HD and install a new OS in a new partition and boot from there.
shrug
…also I hear fire is good for killing that particular pest.
You mean the system restore points? Yea… there’s going to be a lot of stuff there… so you can do a rollback???
It’s where System Restore keeps its backup files. Windows sets permissions on the folder that lock down non-system access to the folder. After you get cleaned up it’s a good idea to disable System Restore to remove the old restore points just in case something malicious was backed up into it.
Oh… you could also try stopping the nasty process with APT… unless you’re running 7… are you?
Just FYI, Microsoft has a free AV program that has gotten good reviews from the people on my computer boards. It’s called Microsoft Security Essentials or just MSE for short.
Never rely on just one AV program. No matter how good a program is, there will still be things that it misses - at least until the next update.
So if you’re happy with Malwarebytes, toss them a few bucks and get a license for the version that continuously scans in real time.
If you add to that MSE, you should be pretty well protected.
In order to turn off automatic restore points go Start –> Control Panel –> System. You will get a new window. On the left side, click on ‘System Protection’.
Next you’ll see this window
Near the bottom, click on the button labeled ‘Configure . . .’
Next you get this window
Make a note of the settings you intend to change. Select the ‘Turn off system protection’ option. After a reboot, the old restore points should be gone. Remember to go back in and set the options to the way they were.
… or alternatively you could run the cleanup program and let it do the system restore wiping thingy.
XP
Start/All Programs/Accessories/System Tools/Disk Cleanup/more options/remove all but latest restore points (or something like that)
Vista
Start/All Programs/Accessories/System Tools/Disk Cleanup/Options select “Files from all users on this computer”/More Options/System Restore and Shadow Copies/Clean up/Delete
7
Start/Disk Cleanup (use the search box)/select drive/Clean up system files/More Options/System Restore and Shadow Copies/Clean up/Delete/Delete Files.
AVG won’t stop complaining, still. See photo and notes: Photo and Video Storage | Photobucket
Firefox help doesn’t seem to know of hosts file. Help?
I think the hosts file tells a browser the address of the DNS for your current ISP. Infections will often hijack this file. From there, you get sent god knows where.
No point in fixing that right now though since it will probably just get corrupted again. but if you really want to fix it, even if temporarily, just google ‘hosts file’ and you should find what you need.
AVG used to be very good from what I’ve heard, but in the malware business, this years star can be next year’s has been. I’ve been hearing some negative things about AVG lately.
I get the feeling that you would prefer to find software that is free and there are good free AV’s out there ( just don’t ask me what they are). Even so, until you get this figured out, try a commercial program that will give you a free trial. Norton/Symantec is supposed to be very good this year although it wouldn’t be my first choice. As I said, I think Avira is very good and it has the ability to spot malware that isn’t in it’s database yet.
You only have to use it until you this fixed. Afterwards, just uninstall it and use whatever the best free products happen to be.
Other suites that I can think of off hand are Panda and Kaspersky. Haven’t heard anything bad. I would skip EST though for the time being.
Another vote for Microsoft Security Essentials as a primary anti-malware system- it is free, it really does work well and it is unobtrusive. It also knows better than anyone else how your system should be set up.
And the safest bet to clean the OPs PC is to use an external boot disk - the current install is compromised. Something like the Kapersky Rescue Disk 2010 will do. Alvira does a similar thing, and you can use a BartPE bootable windows OS to run Antivirus, too.
Si
Get Spybot Search & Destroy and in the advanced mode install their hosts file. As a belt and braces approach also run the Immunize function.
It all helps.
See if the instructions here help.