Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

Computer Help Needed

Posted on 03/09/2010 8:25:00 AM PST by Williams

A friend has an ACER Laptop running Windows Vista. It came up with a screen saying "the computer is infected witha virus, and is sending out spam emails, if you don't want to be a spammer click here", which opens a window to register foir something.

Even in safe mode the computer opens to this screen only. There is no ability to close the window or to use ctrl alt delete.

In regular startup it didnt fill the screen, but now the computer is staying black in regular start up after it says welcome, and then eventually shuts down on its own.

I thought safe prompt mode might help but I don't know prompts.

Any ideas? Anyone have this before? It sounds worse than the usual anti virus scam.


TOPICS: Computers/Internet
KEYWORDS: getamac; rootkit

1 posted on 03/09/2010 8:25:01 AM PST by Williams
[ Post Reply | Private Reply | View Replies]

To: Williams; rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

2 posted on 03/09/2010 8:25:18 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Williams

I hope they have Carbonite.


3 posted on 03/09/2010 8:27:26 AM PST by Cyber Ninja (His legacy is a stain OnTheDress)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Williams

You have a bad virus. Worst than most it sounds like. Worst case scenario u have to restore the OS.


4 posted on 03/09/2010 8:27:49 AM PST by Orblivion
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

I would recommend downloading anti-malwarebytes from
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

It is free and usually can clean up this type of stuff. Had this issue with a co-workers computer and this cleaned it up. Took awhile to launch it after downloading as the virus did not want to allow it, but when we launched right after startup it worked fine and cleaned out the malware


5 posted on 03/09/2010 8:28:05 AM PST by milwguy
[ Post Reply | Private Reply | To 2 | View Replies]

To: Williams
You have what is known as an F.A.V. (fake anti virus)

You will need to run MalwareBytes or ComboFix to get rid of it. Booting up in safe mode if possible.

If that doesn't work you will need to boot with a CD that you can go into your registry to find the offending startup item and delete it.

I run across it on an almost daily basis. Good news is, I'm not charging you for help!

6 posted on 03/09/2010 8:30:04 AM PST by unixfox (The 13th Amendment Abolished Slavery, The 16th Amendment Reinstated It !)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Williams

I would hope that all important files have been backed up somewhere, then reformat the hard drive and reinstall the OS, (or better yet upgrade to Windows 7).


7 posted on 03/09/2010 8:30:29 AM PST by VRWCmember
[ Post Reply | Private Reply | To 1 | View Replies]

To: Williams
It has what we call Scare-ware ....you (him) was duped into clicking on a sucker message ....
OK do this ..
Reboot the laptop to Safe mode, go to Start >Programs>System Tools, chose system Restore.
Restore the system to a Date in the past in which the computer was working properly (Vista may have a slightly different way to get to the Restore Application )
8 posted on 03/09/2010 8:31:39 AM PST by Robe (Rome did not create a great empire by talking, they did it by killing all those who opposed them)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

My wife had the same thing happened to her lap top. I took it in to the computer guy to fix it. I tried downloading everything to fix none will work. Cost about $110 to fix and came with virus protection.


9 posted on 03/09/2010 8:34:58 AM PST by Tamatoa (Fight for our America, Fight for our Country I fought to defend!!!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Williams

Put the CD/DVD in that has the operating system. Go into the BIOS before the system boots and change the startup option so that it boots from the CD/DVD. That will allow you go boot in safe mode and run an anti-virus program or restore your system.


10 posted on 03/09/2010 8:35:32 AM PST by mbynack (Retired USAF SMSgt)
[ Post Reply | Private Reply | To 1 | View Replies]

To: mbynack
Put the CD/DVD in that has the operating system. Go into the BIOS before the system boots and change the startup option so that it boots from the CD/DVD. That will allow you go boot in safe mode and run an anti-virus program or restore your system.

Or....

You can just tap F8 during the BIOS boot up to take you to the option to boot Windows in Safe Mode.

11 posted on 03/09/2010 8:44:02 AM PST by Anitius Severinus Boethius
[ Post Reply | Private Reply | To 10 | View Replies]

To: Williams
A friend has an ACER Laptop running Windows Vista.

All I can offer is condolences.

12 posted on 03/09/2010 8:45:16 AM PST by martin_fierro (< |:)~)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Williams

OMFG ROTFLMFAO LOLs.
The only solution is to get a Mac. Seriesly. :)
It sounds like he may have some antivirus softwre installed that is generating the message, or it’s just a stupid trojan that wants to infect his address book and is trying to goad him into doing what it says.
Since Windows is so full of holes the best thing to do is just backup his important files and re-format and re-install the OS.


13 posted on 03/09/2010 8:48:30 AM PST by lefty-lie-spy (Stay metal. For the Horde \m/("_")\m/ - via iPhone from Tokyo.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

have you tried googling the exact message you are getting? chances are if it really is a virus, someone else has gotten it. Chances are also that someone has posted a fix for that virus. Follow the instructions for the fix only after you have seen that someone else has followed them with a similar set up and they have worked (for a similar setup).

Also, never wipe your drive because someone on the internet tells you to :)


14 posted on 03/09/2010 8:51:11 AM PST by willyd (Reducing Taxes Reduces our Carbon Footprint)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Williams

If the problem is such that you cannot fix the OS (i.e. the malware is extremely “mal”), what you can do is take the hard disk out of the laptop, copy the files to a PC (you may need some kind of adaptor for this ... if it is SATA, it might be plug-and-pray with a modern PC), reinstall the hard disk, then low level format/reinstall the OS.

I might suggest, if the user is only using basic tasks/applications (browing the web, word processing, etc.) that you might want to install Ubuntu as it is simple to use, has everything one would need for “basic tasks”, and looks sharp :-) . I did this for an ex girlfriend that always managed to get viruses (not the AIDS kind, but the computer kind :-) ) and she’s been pretty happy ever since.


15 posted on 03/09/2010 8:51:31 AM PST by edh (I need a better tagline)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Williams
I have to fight these things all the time. My best advice is go to www.bleepingcomputer.com, register, go to am I infected and post your problem. Then a tech will respond and help you.

They are very good but they are also VERY busy.

The virus you have is a nasty one and I recommend formatting your drive and reloading if that is an option.

16 posted on 03/09/2010 8:59:22 AM PST by jdietz ("There's small Revenge in Words, but Words may be greatly revenged" Ben Franklin)
[ Post Reply | Private Reply | To 1 | View Replies]

To: martin_fierro
It came up with a screen saying "the computer is infected witha virus, and is sending out spam emails, if you don't want to be a spammer click here", which opens a window to register foi something.

Yes that is a a nasty one....If you get a message like that....NEVER CLICK ON THE LINK.... go with anti-malwarebytes to try and clean but you may need to go with with an OS... it a nasty little bugger that hangs on reinstall

=============================

Ash: You still don't understand what you're dealing with, do you? Perfect organism. Its structural perfection is matched only by its hostility.

Lambert: You admire it.

Ash: I admire its purity. A survivor... unclouded by conscience, remorse, or delusions of morality.

Parker: Look, I am - I've heard enough of this, and I'm asking you to pull the plug.

Ash: Last word.

Ripley: What?

Ash: I can't lie to you about your chances, but... you have my sympathies.

17 posted on 03/09/2010 9:03:00 AM PST by tophat9000 (Obama has "Jumped The Shark" ...and fell in the shark tank)
[ Post Reply | Private Reply | To 12 | View Replies]

To: milwguy

Ditto on malwarebytes. Also, create a new user which is an administrater and log in under that name, then download and run malwarebytes.


18 posted on 03/09/2010 9:04:43 AM PST by stinkerpot65 (Global warming is a Marxist lie.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: stinkerpot65
Ditto on malwarebytes.

Mega-ditto!

19 posted on 03/09/2010 9:05:56 AM PST by Niteranger68 (Barack Obama is Osama bin Laden's relief pitcher.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: All

Once you get the computer cleaned up, I highly recommend Avast Free Antivirus. It has, so far for me, proven to be much more effective than AVG Free Antivirus and it is much less intrusive than Norton or McAfee. It also offers the option to do a boot scan for viruses and malware and this has been vital in removing tough viruses and malware from several systems I have had to do work on.

Good Luck!


20 posted on 03/09/2010 9:10:20 AM PST by worrywart
[ Post Reply | Private Reply | To 18 | View Replies]

To: ShadowAce

Some of these malware and hijack programs leave things behind when they are “removed”. Nasty things, like programs that harvest accounts info and passwords for online banking. I would always reformat and reinstall.


21 posted on 03/09/2010 9:15:00 AM PST by Roses0508
[ Post Reply | Private Reply | To 2 | View Replies]

To: tophat9000; martin_fierro

I was going to suggest nuking the laptop from orbit (it’s the only way to be sure), but then I saw your post.


22 posted on 03/09/2010 9:19:56 AM PST by Disambiguator
[ Post Reply | Private Reply | To 17 | View Replies]

To: Williams

I would disable the NIC card before running any of the fixes, just for the heck of it.


23 posted on 03/09/2010 9:28:55 AM PST by stuartcr (Everything happens as God wants it to...otherwise, things would be different)
[ Post Reply | Private Reply | To 1 | View Replies]

To: tophat9000
Ash: I can't lie to you about your chances, but... you have my sympathies ... AND DON'T FLAME ME, BRO!!1!


24 posted on 03/09/2010 9:31:19 AM PST by martin_fierro (< |:)~)
[ Post Reply | Private Reply | To 17 | View Replies]

To: Anitius Severinus Boethius
You can just tap F8 during the BIOS boot up to take you to the option to boot Windows in Safe Mode.

"Even in safe mode the computer opens to this screen only. There is no ability to close the window or to use ctrl alt delete."

That's why I recommended using the boot disk to go to safe mode.

25 posted on 03/09/2010 9:37:20 AM PST by mbynack (Retired USAF SMSgt)
[ Post Reply | Private Reply | To 11 | View Replies]

To: mbynack

As stated earlier, you cannot get to windows apps so don’t bother trying. You need an emergency boot disk such as Kaspersky. I believe you can make a boot disk from the Kaspersky trial version (using a friend’s machine). Set your machine to boot off the cd and run the antivirus app.


26 posted on 03/09/2010 10:59:35 AM PST by joedel
[ Post Reply | Private Reply | To 25 | View Replies]

To: joedel
As stated earlier, you cannot get to windows apps so don’t bother trying.

That's why I said to put the OS Disk in the drive and have it boot off of that. It boots from a clean OS and bypasses the registry on the computer.

27 posted on 03/09/2010 11:23:15 AM PST by mbynack (Retired USAF SMSgt)
[ Post Reply | Private Reply | To 26 | View Replies]

To: martin_fierro
A friend has an ACER Laptop running Windows Vista.

Throw it in the


28 posted on 03/09/2010 11:39:16 AM PST by USS Alaska (Nuke the terrorist savages - In Honor of Standing Wolf)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Orblivion

You do indeed have a bad virus and it’s one that probably came through an email. It is almost impossible to get rid of once it is in place. Last year my office computer became infected with this pest because the tech group temporarily shut down some AV and firewall protections for testing and forgot to turn it back on. I am on the information technology faculty side of our university and our security experts and I could not come up with a fix so the machine had to be reimaged. It affected any machine, Windows, Linux or Apple that received an email during that time from whatever the source and a few became infected when an infected machine sent an email to an uninfected machine. Good luck and I hope you have a recent backup.


29 posted on 03/09/2010 11:51:07 AM PST by RJS1950 (The democrats are the "enemies foreign and domestic" cited in the federal oath)
[ Post Reply | Private Reply | To 4 | View Replies]

To: martin_fierro
Sorry no flame interned
30 posted on 03/09/2010 12:51:03 PM PST by tophat9000 (Obama has "Jumped The Shark" ...and fell in the shark tank)
[ Post Reply | Private Reply | To 24 | View Replies]

To: Williams

For less than $30, you can get a kit that allows you to connect a disk to another computer via USB (inc. SATA, 3.5” IDE, and 2.5” IDE). My advice: get a kit (readily available on ebay), remove the disk from the laptop, and plug it into another computer using the kit. Once the file system is recognized, run a full deep scan on it using a product like Avast! (free). Let us know how it works out...


31 posted on 03/09/2010 12:59:40 PM PST by bt_dooftlook (ACORN = Another Communist-Overrun Rats-Nest)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Williams

My daughter got that on her laptop from Facebook. As somebody mentioned earlier, google it and there are instructions on Youtube that shows exactly what to do.


32 posted on 03/09/2010 1:03:07 PM PST by Annie5622 (Democrats DO have a plan! They apparently plan to stay stupid.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: unixfox
It's part of my job to outsmart malware that our clients get in to. It is getting trickier and tricker.

Step 1 (this freaks many people out.....) Disable System Restore. If you clean a virus without taking this step, often times it comes right back. I have yet to have to reinstall an OS due to malware, but if that were the next step, System Restore won't) do you any good anyway.

2) Disable any running antivirus program.

3) Hit Start. In the "start search" line (vista, right?) paste the following: (excluding the "'s)

"iexplore.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe"

This takes you directly to the combofix executable. Save it to your desktop and run it. Answer Yes to the "combofix is not affiliated...." statement, NO to the Recovery console, and let it do its thing.....should progress through over 50 stages and then produce a text file. I typically download and run Superantispyware free or malwarebytes after combofix, but combofix will at least get you functional.

If your malware infection stops the combofix download, it will need the work of a professional to remove the infection. There's more that can be done, but it's too complicated to describe here.

Good Luck

33 posted on 03/09/2010 5:09:36 PM PST by Mygirlsmom (Episode 2010: A NEW HOPE)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Mygirlsmom
Also good to remember to close any popup, especially the scareware "your system is infected" ones.....

Use ALT + F4 to close. Not the X, not right click. Even if it closes out something you're working on, it's better to do that than to enable spyware. I have seen that move prevent the spyware from executing in some cases.

34 posted on 03/09/2010 5:13:13 PM PST by Mygirlsmom (Episode 2010: A NEW HOPE)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Mygirlsmom

If they cannot get to the windows app in any mode, how can they run those steps?


35 posted on 03/10/2010 1:38:34 PM PST by joedel
[ Post Reply | Private Reply | To 33 | View Replies]

To: Williams
In all likelihood you have a rootkit trojan that is reinstalling itself automatically after you remove it with the software tools you have been using.

I have had this problem before and solved it every time with the help of the people at majorgeeks.com. Just go to their forum and follow the instructions for malware removal and you will be rid of your problem. It might take all day or a couple of days but you are guaranteed success based on my experience. They are very, very knowledgeable and have all the tools you need to fix your computer.

Here is the link: MajorGeeks Forum

36 posted on 04/22/2012 8:18:23 AM PDT by InterceptPoint (TIN)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson