Skip to comments.Computer Help Needed
Posted on 04/22/2012 7:00:47 AM PDT by Former Fetus
First of all, since I am asking for help with viruses, let me say that I am posting this from my husband's computer!
My IP uses McAfee, I have Microsoft Security Essentials and Malwarebytes Anti-Malware in my PC. So I felt pretty safe.
Fri morning, I was reading Jewish World Review when a pop-up claiming to be MSE claimed my PC was infected. It was not one of those pop-ups you can X out from. In my panic, I could not remember what someone here, at FR, had told me in the past that I could do. So I turned off my PC. When I rebooted, I ran MSE and it showed 9 trojans. After removing them, I ran MAM and it still showed 2 or 3. I kept this game going on all of Friday morning and most of the afternoon. I would "scan and remove" with one program, then the other one would find something. By midafternoon both programs claimed my PC was cleaned and finally I could breathe. It is hard to hold your breath for 8 or 9 hours, LOL!
I was gone all day Saturday, when my son was running at a track meet. This morning I got on-line to see the results of all events and, you guessed it, the pop-up was there again. Only this time neither MSE or MAM found anything.
Ok, so these are my questions:
1)do y'all think that this pop up is a phishing attempt?
2)How do I get out of it without turning the PC off?
3)If it is a case of phishing, why did both av programs show any problems last Friday?
4)Besides running both MSE and MAM, do you have any other suggestions?
Thank you very much.
I see many good solutions already posted. With over 3 decades in the IT business I have settled on a few utilities to use to combat attacks like this. We use Symantec Endpoint Protection at work along with Malwarebyte and Hijackthis. I use Avast at home as well as the other 2 programs.
This may sound simple by when one of my users encounters one of these fake programs I tell them to reach around to the back of the computer and unplug it and then call me. What you are seeing is basically the scout who will call his friends after it secures itself within your system. It is the friends that cause the most damage. It doesn’t matter if you click no or the red X all of them are set to let the thing into your computer. The damage done by pulling the plug is most times nothing. This approach has served me well and saved me countless hours rebuild workstations.
What good does running your anti-virus scans in safe mode do? Doesn't it just do the same function in regular mode? And is that something one should do on a regular basis even tho you don't have any identifiable problem? Thanks
When you boot into safe mode you aren't loading everything and therefore the programs you use to find the nastie's can do their job. Most times once that bad boys load themselves they also protect themselves.
Someone told me to run disc cleanup twice monthly, to keep things running smoothly. I tried to set it up as a scheduled task, but it asks for my password. I don’t remember ever having a password, except for when I bought the computer 6 years ago. And I’m afraid to run it if it won’t let me back on my computer without the password after running cleanup.
Several of you suggested to restart in safe mode. I've done it, run MAM and am about to finish running MSE. So far, so good. Thank you, every body. And this time I've taken notes, so next time I'll have plenty of ideas. THANK YOU from the bottom of my hard drive.
I got introduced to bleepingcomputer by a FReeper some time ago, but do not recall who it was. I have not had to pay anyone to work on my stuff since then.
see posts #34 and #50
I’ve had good results fixing this for friends by using the “system restore” utility if they had that enabled. Otherwise I have used “Malwarebytes” or have reinstalled the operating system along with formatting the hard drive.
you might be interested in posts #34 an #50 regarding root kit viruses
.....wow, (LOL). Our entire I.T. department swears by AVG. It wasn't AVG that crashed your computer, my friend.
Well, I’ve been in I.T. depts for many years. We only use AVG because it is by far the best product. I haven’t heard of “avast” because I haven’t needed to look any further.
Second on Spybot. I remember the wife getting a virus like this on the home machine. I was also able to download a removal tool specific to the virus from Norton.
Can't say enough about them. Same here multiple times on my daughter's computer and they walked me right through the repair.
“We only use AVG because it is by far the best product”
Might want to rethink that. Most reviews I read rate them as about equal or give the nod to Avast!
I gave up on the free stuff years ago and run Kaspersky on all the computers I’m responsible for.
lots of good advice on here for keeping.
Yes, it was AVG that crashed my computer. Others had the same problem and were posting these problems with AVG for two weeks. AVG admitted it was their fault but their half arsed solution didn’t solve anything. So much for you IT dept.
“It was not one of those pop-ups you can X out from.”
When I see that, I immediately reboot.
It’s not really a virus, just nasty malware. Sometimes they even make it through the best pop-up blockers. If you are using any version of Windows, the easiest way to get rid of the malware is just running âRestoreâ and choosing a time before you got hit with the malware.
likely your infected with a root kit. your going to need to do an offline AV scan and cleaning. Don’t know if MacAfee has one, norton does and microsoft has one (free) If your system can run vista or 7 then your all good. Google microsoft system sweeper beta. download and build the correct version for your system, 32 or 64bit, on a non infected system. If you have a usb stick over 1gb you can use that, its faster otherwise you build it on a dvd. you’ll need to go into your bios to boot from the device.
Because your not using your OS the infection can’t hide. Any time I find any type of infection this is what I do just to be totally safe.
Thanks for the tip.
For the record I still have my PC.
But I use it only occasionally.
It’s been replaced for the most part by my iPad.
“Do NOT use AVG. It totally crashed my computer. Had to buy another computer.”
That’s absurd. There is no software issue that can force you to buy a new computer UNLESS you didn’t use the included utility to make restore media. Even then most computers have a restore partition accessible from the boot menu. Stupid not only hurts but can be expensive.
Downloads do? Do what? Destroy your computer? If that’s what you’re getting at you’re still wrong. Downloads can only damage the OS installation. You should be able to wipe the HDD completely and start over with a new install of the OS.
By the way, I have had computers for 30 years. My first experience with computers was in college in the mid-1970s. We were programming in BASIC and Fortran and writing to punch cards which we then ran from a terminal in the computer lab connected to the University of Georgia mainframe. I have built dozens of computers and had my own computer repair business. I know what I’m talking about. It’s almost impossible for software to damage the hardware.
Safe mode prohibits the operating system from loading device drivers, where some of those little buggers hide, so they can be seen by the AV and cleaned. No, not a necessary thing to to otherwise.
I use MSE, Avast, Malwarebytes, and will occasionally run “spybot search and destroy”. When things get real nasty, I use “Hijack This!” (NOT safe unless you know what you are doing).
These rootkit attacks will disable your antivirus software, and will interfere with a clean re-install. They randomize their filename everytime you re-boot, so it makes it hard as hell to isolate them.
The Microsoft Techs said to scrub the drive and re-install everything. Uh uh. I took it real personal and spent those hours to beat that little sh*t.
And, to all you bozo’s who write that malware code - I’m gonna get ya. In time.
This prevents the trojan from accessing the internet to update itself.
Secondly, reboot into Safe Mode...
I'm with you up to here, when you are in safe mode w/the net blocked why not just do a "system Restore" to a checkpoint dated before the trojan first showed up. It's simple and very quick compared to a full scan which doesn't seem to be working anyway. I say that 'cuz I got hit w/ the same "malware" BS, except I kept getting screens saying I needed to buy their program to debug my system ($50)... Method as described worked just fine.
My IP uses McAfee,
What does this mean?
4)Besides running both MSE and MAM, do you have any other suggestions?
Download the AVG Rescue CD iso, burn it to a CD. Boot of that, let it scan. Have it remove whatever it might find.
More good stuff to keep in your toolbox: Combofix, Malwarebytes, and TDSSkiller. Combofix has the potential to do damage.
That, and make frequent backups.
Yup. it sounds like a variant of the FakeAV family... That family of bugs can be further divided between 'easy fix' which any AV should handle, and 'with rootkit', in which most AVs can kill the imported bugs, but cannot see the rootkit itself, which just keeps surreptitiously downloading and re-installing the bugs in the background. This sounds like the rootkit variety, and with the exception of combofix, most of the suggestions here won't fix the problem.
However, before applying combofix, read on:
I see nobody has mention Kaspersky tdsskiller, can be downloaded from the Kaspersky site, easy to use and quick. It has helped me fix several friends computers that were infected with similar malware.
EXCELLENT suggestion! Depending upon the variant, Kaspersky's AVPTool will usually kill it, and will remove any other bugs as well - The only instance I am aware of where KAV's AVPTool won't fix is if it encounters the TDSS rootkit - It will know it is there, and inform you of it, and recommend running TDSSKiller and then AVPTool again. FakeAV sometimes employs TDSS, so it is a possibility here.
Probably the best method would be to DL TDSSKiller first and run it (takes minutes), and then DL and run AVPTool once the kit is removed (if found). !!!Warning!!! these tools are meant for service techs and may behave unexpectedly for home users!!! READ THE MANUALS!!!
After the bugs are dead, I would recommend installing and using (on a regular basis) CCleaner, Spybot Search & Destroy, Malwarebytes (free ver), and Microsoft Security Essentials - feel free to FreepMail me for use and instruction if needed.
If you become infected often hereafter, I would suggest uninstalling MSE and buy Kaspersky Anti-Virus (not Security Suite) or Esset's Nod32 instead... and figger out why you tend to get infected (usually high school aged children) and changing those habits...
Bg, AVD did not crash your computer. Sounds like the issue is a ‘picnic’ to me. (Person in chair, not in computer). Download the latest AVG it’s awesome. Better yet, get a new computer with AVG. Thanks man.
Restoring your system to an earlier point works well most of the time.
But, sometimes these trojans are just relentless and will hide themselves and reappear even after a ‘restore’.
And restoring doesn’t erase the program from your computer.
I’ve had some really nasty ones reappear on me, even after a ‘System Restore’ so I scan anyway.
It’s best to scan in ‘Safe Mode’, just to be sure and then if you want to ‘restore’ that would be fine too.
You really don’t need to do a ‘full scan’.
A quick scan will find them just as well.
Thank you for the info.......and I've got your back. LOL
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.