Announcement

Collapse
No announcement yet.

Nasty Virus ?? Win 7 Antivirus 2012

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Nasty Virus ?? Win 7 Antivirus 2012

    I was just doing bill on my laptop and I noticed that I was getting warnings on everything I tried to do. It looks like some kind of windows product but it's not. When I try to launch MWB or CCleaner it wont let me. Does anyone know how to get rid of this thing?
    [img]https://farm5.staticflickr.com/4373/35734799443_53cb20ef13_z.jpg[/img]


    Killed by CLRs since 2004. WOOT!
    Support Cainslair. Donate here! [url]http://www.cainslair.org/billspaypal.php?[/url]

    #2
    Originally posted by Duke{CLR} View Post
    I was just doing bill on my laptop and I noticed that I was getting warnings on everything I tried to do. It looks like some kind of windows product but it's not. When I try to launch MWB or CCleaner it wont let me. Does anyone know how to get rid of this thing?
    Start up windows into Safe Mode w/Networking so you can download Malwarebytes and possibly other scanners like Spybot Search & Destroy. When in Safe Mode, it's less likely the virus/malware will be running to block your actions. Also try to create a new user account if the one account is too infected (as it could be, even in safe mode).
    [SIGPIC][/SIGPIC]

    Comment


      #3
      Sounds like somebody downloaded a fake antivirus/anti spyware app. Had to remove one of these from my GF's dads PC a month or so ago.

      His prevented all application execution and copied his start menu to a hidden location.

      As Quamin said, safe mode and malwarebytes should take care of most of it.

      Comment


        #4
        I ran MWB in the Safe mode and it removed a bunch of infected items. Now I cant launch any programs. I click on certain shortcuts and it asks me what program I want to use to launch it. I think the ones that were taken over are now unusable.
        [img]https://farm5.staticflickr.com/4373/35734799443_53cb20ef13_z.jpg[/img]


        Killed by CLRs since 2004. WOOT!
        Support Cainslair. Donate here! [url]http://www.cainslair.org/billspaypal.php?[/url]

        Comment


          #5
          Damn I cant launch anything and I'm in a big rush to get out the door.
          [img]https://farm5.staticflickr.com/4373/35734799443_53cb20ef13_z.jpg[/img]


          Killed by CLRs since 2004. WOOT!
          Support Cainslair. Donate here! [url]http://www.cainslair.org/billspaypal.php?[/url]

          Comment


            #6
            Originally posted by juneau View Post
            Sounds like somebody downloaded a fake antivirus/anti spyware app. Had to remove one of these from my GF's dads PC a month or so ago.

            His prevented all application execution and copied his start menu to a hidden location.

            As Quamin said, safe mode and malwarebytes should take care of most of it.
            I had to do the same on my parents PC.
            Delivering bacon goodness one round at a time.

            Comment


              #7
              It all started just after an Adobe flash update so I wonder if that was it. I found a restore point from just before an Windows update at 0930 this AM so I went there remove and re installed MWB and ran it again along with a WSE scan. So far it seems to be normal. What a giant waste of my time.
              [img]https://farm5.staticflickr.com/4373/35734799443_53cb20ef13_z.jpg[/img]


              Killed by CLRs since 2004. WOOT!
              Support Cainslair. Donate here! [url]http://www.cainslair.org/billspaypal.php?[/url]

              Comment


                #8
                I think all the files are intact, it just messed with the path's to the executables maybe. Try manually making a shortcut icon to one of the programs you want to launch. If the new icon works, you can manually put in all the new shortcut Icons by hand.

                I know it's a long way to do it, but the only other thing I know to do with missing paths is to do a system restore to a previous state. If you know whereabouts you picked up the virus you can go back before that.


                ---------------------------------------------------------------------------------------------------------------------------------------------------------------

                Disregard the previous post. :-)
                [COLOR="#008080"][/COLOR][SIZE="5"][COLOR="LightBlue"][B]Not everything that counts on the battlefield is countable.[/B][/COLOR][/SIZE]

                Comment


                  #9
                  I have had to do a couple of system restores. Last week BF3 was kicking me every 2 mins from PB. Did a restore and all is fixed.

                  Comment


                    #10
                    Go into safe mode with networking. Download rkill, combofix and malwarebytes. Run them in that order. see bleepingcomputer.com for specifics but it will get rid of it.

                    Comment


                      #11
                      Originally posted by Duke{CLR} View Post
                      I ran MWB in the Safe mode and it removed a bunch of infected items. Now I cant launch any programs. I click on certain shortcuts and it asks me what program I want to use to launch it. I think the ones that were taken over are now unusable.
                      I've run into that situation on some machines in my workplace where it did exactly what you are stating. Essentially it added some values (or altered them) under the windows registry for Executable Files, thus making it so they don't launch with explorer, but rather were pointing to the malware. Once you removed the malware, they didn't know how to launch. The restore point may have restored your registry, so you may be okay now, however I can look up the values if you want to manually check them over.
                      [SIGPIC][/SIGPIC]

                      Comment


                        #12
                        Originally posted by The_Needle View Post
                        Go into safe mode with networking. Download rkill, combofix and malwarebytes. Run them in that order. see bleepingcomputer.com for specifics but it will get rid of it.
                        I went to bleepingcomputer for the fix about MWB. I have not run the combofix yet but I seem to have found it. After restoring to this morning I ran a full scan with MSE and there were three hits. A trojan downloader and two Java exploits. They have been removed and everthing seems to be back to normal so I'm good for now.

                        Thanks for the help, I'm pissed that let my guard down and clicked on that thing I though was a java update.
                        [img]https://farm5.staticflickr.com/4373/35734799443_53cb20ef13_z.jpg[/img]


                        Killed by CLRs since 2004. WOOT!
                        Support Cainslair. Donate here! [url]http://www.cainslair.org/billspaypal.php?[/url]

                        Comment


                          #13
                          Death penalty for internet scammers!

                          Comment


                            #14
                            Originally posted by Skud View Post
                            Death penalty for internet scammers!
                            Absolutely!
                            [IMG]http://thepebkac.net/images/sigs/Outdoors_sig.jpg[/IMG]
                            Like the community? Donate here:
                            [URL="http://www.cainslair.com/misc.php?do=donate"]http://www.cainslair.com/misc.php?do=donate[/URL]

                            Comment


                              #15
                              They certainly have some crafty programmers building these damned things.

                              A tool that I use at home is SuperAntiSpyware (http://www.superantispyware.com). I use the paid version which has real-time protection. But the free version has helped me fix infections where I worked many times. When it didn't work completely I would then use MWB. It was rare when it didn't get everything fixed.

                              Plus, there is a 'portable' version that is a COM file that you can run from a USB stick. That has been really helpful.
                              --Slaughter

                              Comment

                              Cain's Lair Forums Statistics

                              Collapse

                              Topics: 26,182   Posts: 269,814   Members: 6,176   Active Members: 2
                              Welcome to our newest member, 28Farrell8.

                              Today's Birthdays

                              Collapse

                              There are no members with birthdays today.

                              Top Active Users

                              Collapse

                              There are no top active users.

                              More Posts

                              Collapse

                              • Reply to 6 years
                                by Apache Warrior
                                6 Mar 2024, 08:29 AM
                              • Reply to 6 years
                                by Sirex
                                I think there is like a magical time span when bikes become worth a fortune.

                                Yeah thought its now or never haha
                                Just hit 2.5K miles...
                                5 Mar 2024, 04:37 PM
                              • Reply to Hey Guys...It's BrundleFly
                                by Sirex
                                Hey Brundle nice to see your post I remember you very well hows thing with you.

                                Not a busy place here these days but its still up and occasionally...
                                5 Mar 2024, 04:34 PM
                              • Reply to Hell Let Loose
                                by Sirex
                                Hey nice to see you

                                Its not a busy place, least not as busy as it once was but you still get the odd message posted every few weeks...
                                5 Mar 2024, 04:31 PM
                              • Reply to I had Open Heart Surgery!!
                                by Sirex
                                Wow its amazing how well the body can cope with things it deams normal.

                                Hope your recovering well and back to full steam.

                                OH...
                                5 Mar 2024, 04:28 PM
                              Working...
                              X