smiling bandit:
Now that I’ve reread your OP, I see you had the Vista Internet Security ransomware. The computer I cleaned the other day had the XP Internet Security ransomware. Just follow my post above to get rid if it (Download, change file extension, run Malwarebytes).
After I got rid of the crap, this computer kept getting BSODs if you tried booting into regular Windows. I couldn’t get it to boot to DOS using the setup disk, HOWEVER, if you are getting BSODs, then boot into safe mode, hit “Start”, “Run”, “CMD” then in the box type: CHKDSK /R.
Then reboot.
Your computer will run CHKDSK at startup and get rid of the final remains of the crap that was installed.
Hope this helps.
I’m getting really tired of people telling me about malwarebytes I am not a computer novice. When I said that malwarebytes doesn’t work, by God I mean that I moved heaven and earth and it does not work.
That’s OK for now. I’ve managed to stop the problem and after moving a different heaven and earth, avast in on my system and policing things now. I found the naughty dll file and after moving (yet a third) heaven and earth it is happily gone. My problem right now is that the program seems to have somehow screwed with my permissions or at least the default program associated with things.
Presumably, this is an aspect of the trick it used to insert itself in front of any and all .exe files I ran, letting it permit or deny them to protect itself (and that this is possible is a huge gaping damn security hole alone). Thus, while the virus isn’t active, I can’t open regedit at all and I can’t open any .exe files normally. Some of them open when triggered by a non-manual program of its own. Exe files all ask what they want me to use to open them instead.
You need rkill. It’ll stop the executable problem. Check out this thread starting with Super Dave’s post (5th post in thread). I had a friend who had the Netsky virus and asked me to clean his machine for him. Hijacked the browser, couldn’t run executables. This thread helped immensely.
Good luck. If you have an extra computer with internet access and a thumb drive, it may make it a bit easier, but it’s not required.
ETA: Rkill comes with many different file extensions, in case the malware is preventing certain extensions from running. You can just keep clicking on one programs after you download them. It’ll look like they’re not working, but eventually a notepad window will open telling you the program was successful. This will allow you to run executables, get AV updates, etc.
Hope it helps…
Then reformat the disk and reinstall windows and quit being snarky with people who are only trying to help you.
I am not being snarky. I am being rude: there is a difference.
Had to chime in that I managed to get XP Internet Security 2010 on my PC last night. Thing is I have Kaspersky Internet Security which is pretty good stuff. It saw it come in, warned me and I hit “Deny” on every prompt. Fucking thing still somehow installed and not sure how.
Anyway, plenty of good advice already given. For my part I manually stopped the Process, deleted the program and removed the Registry entries by hand. Unfortunately doing the Registry thing then made my computer not know what to do with files with .EXE extensions (basically could not start any programs). Luckily some kind soul on the interwebs and a FixEXE thing to download that replaced the entries and all fixed.
Ran a scan while sleeping and all is clean.
I really, really hate the guys who make this stuff.
I tried all the regular stuff… rebooted into safe mode, ran stinger, malwarebytes, SuperAntiSpyware… to no avail. I even tried manually editing the registry entries.
This is a particularly insidious virus.
ETA: After about 30 hours, I gave up and reinstalled the OS.
I feel your frustration. When I had the bug, I found numerous recommendations for malwarebytes. To be fair, malwarebytes would identify & remove the suspect files, but it always manged to reinstall itself. I could not do a system restore because it was blocked by the virus. I used ComboFix as a last resort. Even then, I had to rename the .exe file to get it to run. I wish I could give you a more detailed response, but it was two years ago. Good luck.
When I got this a few weeks ago I just did a system restore to a point prior to the infection; the bug wasn’t sophisticated enough to get around that.