Announcement

**Quamin** · 27 Dec 2011, 11:39 AM

Originally posted by Duke{CLR} View Post

I was just doing bill on my laptop and I noticed that I was getting warnings on everything I tried to do. It looks like some kind of windows product but it's not. When I try to launch MWB or CCleaner it wont let me. Does anyone know how to get rid of this thing?

Start up windows into Safe Mode w/Networking so you can download Malwarebytes and possibly other scanners like Spybot Search & Destroy. When in Safe Mode, it's less likely the virus/malware will be running to block your actions. Also try to create a new user account if the one account is too infected (as it could be, even in safe mode).

**juneau** · 27 Dec 2011, 11:47 AM

Sounds like somebody downloaded a fake antivirus/anti spyware app. Had to remove one of these from my GF's dads PC a month or so ago.

His prevented all application execution and copied his start menu to a hidden location.

As Quamin said, safe mode and malwarebytes should take care of most of it.

**Duke{CLR}** · 27 Dec 2011, 12:03 PM

I ran MWB in the Safe mode and it removed a bunch of infected items. Now I cant launch any programs.

I click on certain shortcuts and it asks me what program I want to use to launch it. I think the ones that were taken over are now unusable.

**Duke{CLR}** · 27 Dec 2011, 12:08 PM

Damn I cant launch anything and I'm in a big rush to get out the door.

**baconoclock** · 27 Dec 2011, 12:25 PM

Originally posted by juneau View Post

Sounds like somebody downloaded a fake antivirus/anti spyware app. Had to remove one of these from my GF's dads PC a month or so ago.

His prevented all application execution and copied his start menu to a hidden location.

As Quamin said, safe mode and malwarebytes should take care of most of it.

I had to do the same on my parents PC.

**Duke{CLR}** · 27 Dec 2011, 12:37 PM

It all started just after an Adobe flash update so I wonder if that was it. I found a restore point from just before an Windows update at 0930 this AM so I went there remove and re installed MWB and ran it again along with a WSE scan. So far it seems to be normal. What a giant waste of my time

.

**{CLR} Cobalt** · 27 Dec 2011, 12:37 PM

I think all the files are intact, it just messed with the path's to the executables maybe. Try manually making a shortcut icon to one of the programs you want to launch. If the new icon works, you can manually put in all the new shortcut Icons by hand.

I know it's a long way to do it, but the only other thing I know to do with missing paths is to do a system restore to a previous state. If you know whereabouts you picked up the virus you can go back before that.

---------------------------------------------------------------------------------------------------------------------------------------------------------------

Disregard the previous post. :-)

**goldenfooler** · 27 Dec 2011, 12:39 PM

I have had to do a couple of system restores. Last week BF3 was kicking me every 2 mins from PB. Did a restore and all is fixed.

**The_Needle** · 27 Dec 2011, 01:37 PM

Go into safe mode with networking. Download rkill, combofix and malwarebytes. Run them in that order. see bleepingcomputer.com for specifics but it will get rid of it.

**Quamin** · 27 Dec 2011, 01:49 PM

Originally posted by Duke{CLR} View Post

I ran MWB in the Safe mode and it removed a bunch of infected items. Now I cant launch any programs.

I click on certain shortcuts and it asks me what program I want to use to launch it. I think the ones that were taken over are now unusable.

I've run into that situation on some machines in my workplace where it did exactly what you are stating. Essentially it added some values (or altered them) under the windows registry for Executable Files, thus making it so they don't launch with explorer, but rather were pointing to the malware. Once you removed the malware, they didn't know how to launch. The restore point may have restored your registry, so you may be okay now, however I can look up the values if you want to manually check them over.

**Duke{CLR}** · 27 Dec 2011, 01:53 PM

Originally posted by The_Needle View Post

Go into safe mode with networking. Download rkill, combofix and malwarebytes. Run them in that order. see bleepingcomputer.com for specifics but it will get rid of it.

I went to bleepingcomputer for the fix about MWB. I have not run the combofix yet but I seem to have found it. After restoring to this morning I ran a full scan with MSE and there were three hits. A trojan downloader and two Java exploits. They have been removed and everthing seems to be back to normal so I'm good for now.

Thanks for the help, I'm pissed that let my guard down and clicked on that thing I though was a java update.

**Skud** · 27 Dec 2011, 02:06 PM

Death penalty for internet scammers!

**DougBob** · 2 Jan 2012, 01:34 AM

Originally posted by Skud View Post

Death penalty for internet scammers!

Absolutely!

**Slaughter** · 2 Jan 2012, 10:08 AM

They certainly have some crafty programmers building these damned things.

A tool that I use at home is SuperAntiSpyware (http://www.superantispyware.com). I use the paid version which has real-time protection. But the free version has helped me fix infections where I worked many times. When it didn't work completely I would then use MWB. It was rare when it didn't get everything fixed.

Plus, there is a 'portable' version that is a COM file that you can run from a USB stick. That has been really helpful.

Announcement

Nasty Virus ?? Win 7 Antivirus 2012

Nasty Virus ?? Win 7 Antivirus 2012

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Cain's Lair Forums Statistics

Today's Birthdays

Top Active Users

More Posts