I’m having some serious problems getting rid of a virus and i could use some help. It’s installed a fake anti virus called “defense center” on my computer and it keeps asking me to pay for it so it can remove the trojans. Avast! and Ad-aware have not worked so far in removing it, AVG refuses to install while Defense Center is on my computer. Normally i would use google and look up a fix but it hijacks every result i click on and it just goes to spam pages, i also cannot access my gmail account. Normally i depend on google to fix things so i am at the end of my rope here, any Dopers have any experience getting rid of this virus or any suggestions on where to find help?
You have a working copy of Avast installed and you can’t remove even some of its components? Or does the virus scan not run at all? If you can’t use what you have to get you to be able to temporarily fend off a browser hijack, you may be headed to clean install city.
This thread may help: *sigh* how can I remove av.exe ransomware? - Factual Questions - Straight Dope Message Board
Yes i have a working copy of avast! installed. It removes stuff everytime it runs but it comes right back, i left it on over night doing a boot scan and it has stopped defence center from continuously starting and putting up fake windows security warnings but the program is still there and google is still hijacked and i still cant access gmail.
I assume that you’ve already tried to restore your computer to an earlier date (these things often wipe out all your system restore points), or have you tried to run your anti-malware programs in safe mode?
This. Run your antivirus and antimalware programs in safe mode before you do anything else.
If you have a spare computer and the know-how, I would suggest pulling the hard drive and installing it as a 2nd HD on the other computer (which is preloaded with the best anti-virus software you can get, I use Malwarebytes). Then let the software scan the PC. Getting rid of the files should be doable, but there may be residual registry entries. Once cleaned and reinstalled, do not connect to the Net for a while. Install a fresh copy of the AV from a flash drive (or from a copy put on while it was on the other PC). Scan to finish cleaning.
Once you do find bad files, do a search on the HD for other files with the same date.
I have a lot of experience in getting rid of malware not using the above strategy, but I find it’s about 100 times simpler for the kind of infection you have.
If I can’t take out the HD, I use one of those multi-tool boot CDs to rummage around the HD and block the suspect files. (I like to zip them, in case they are actually good files, and replace them with directories with the same name.)
We’ve had this kind of thing show up on workstations where the users do not have administrative rights. I couldn’t figure out how this could be, because the user (1) couldn’t install programs, and (2) couldn’t write to most of the hard drive.
A little research showed that the thing had written itself to the Local Settings folder of the user’s profile. Unlike the rest of the profile, this folder does not get copied up to the network when the user logs out. This makes it easy to fix - log in as an administrator, and delete Local Settings. The file gets recreated, without the virus, the next time the user logs on.
Well running malwarebytes and avast! from safe mode got rid of defense center but google results are still being hijacked.
Are you having a problem running .exe files at all in regular mode?
Ok, looks like combofix finally fixed everything. No that didn’t seem to be part of the problem Shark.
Keep any eye on how your system runs/operates. Combofix can make some things run screwy afterwards.
Yeah, I find that combofix “overfixes” things. Never again.
If you are still having problems connecting to certain sites, check your hosts file (under windows\system32\drivers\etc). Some malware stuffs cruft in there. Unless you have put in one of those megablocking hosts file from off the net, it should be virtually empty.
I’d suggest running a system file check, just to make sure all the important files are okay. Apparently it will even check the registry on Windows Vista or later.
I came across this one on Wednesday and was unable to fix it. Apparently there’s a new incarnation of Defence Center. The very latest version of Malware bytes should remove it.