Posted on 04/22/2012 7:00:47 AM PDT by Former Fetus
First of all, since I am asking for help with viruses, let me say that I am posting this from my husband's computer!
My IP uses McAfee, I have Microsoft Security Essentials and Malwarebytes Anti-Malware in my PC. So I felt pretty safe.
Fri morning, I was reading Jewish World Review when a pop-up claiming to be MSE claimed my PC was infected. It was not one of those pop-ups you can X out from. In my panic, I could not remember what someone here, at FR, had told me in the past that I could do. So I turned off my PC. When I rebooted, I ran MSE and it showed 9 trojans. After removing them, I ran MAM and it still showed 2 or 3. I kept this game going on all of Friday morning and most of the afternoon. I would "scan and remove" with one program, then the other one would find something. By midafternoon both programs claimed my PC was cleaned and finally I could breathe. It is hard to hold your breath for 8 or 9 hours, LOL!
I was gone all day Saturday, when my son was running at a track meet. This morning I got on-line to see the results of all events and, you guessed it, the pop-up was there again. Only this time neither MSE or MAM found anything.
Ok, so these are my questions:
1)do y'all think that this pop up is a phishing attempt?
2)How do I get out of it without turning the PC off?
3)If it is a case of phishing, why did both av programs show any problems last Friday?
4)Besides running both MSE and MAM, do you have any other suggestions?
Thank you very much.
For later
Have you run them in safe-mode?
When it comes up, Control alt delete and shut it down from your task manager.
Google MSE and you will find posts from other people and their method of removing the app. Its probably more of an annoyance than a true virus, but you do have to dig deep to remove the tentacles of the app. This type is fairly common and removable with the right app.
I'll be monitoring this thread for solutions.
Run a program called ‘Combo Fix’ from a disc after you start your computer in safe mode.
I had such a nasty virus from Drudge I had to restart my computer from day one. It would not allow me to restart it from previous days, weeks or even months.
I saved my pics on an external hard drive quite some time ago, so I lost everything but those.
I am not computer literate, so that was the only way I could remedy the situation.
First thing you need to do is right click the network ‘icon’ in the task bar and click ‘disable’.
This prevents the trojan from accessing the internet to ‘update’ itself.
Secondly, reboot into ‘Safe Mode’ and then re-run Malwarebytes and your antivirus program.
Thirdly, reboot normally and re-run ‘Malwarebytes’ again to be sure the trojan is gone.
If everything checks out ok, then ‘right click’ the network ‘icon’ on the task bar and click ‘enable’.
Get AVG for your anti-virus software (it's free here)
Then.........download and install 'SpyBot Search and Destroy'
http://www.safer-networking.org/en/home/index.html
Then, remove McAfee - and don't use it again. Install AVG. It is the best anti-virus on the market (has been for 10 years, or so).
You can keep malwarebytes, just run it separately from 'SpyBot'. (always search for updates).
Couple things.
First, go to www.download.com and get AVG (Free Edition) 2012; a fantastic antivirus package.
Install it, UPDATE it, then update your Malwarebytes....then run both.
That said, two things: I suggest you run both, after you update, etc., from Safe Mode (reboot your computer, and before you see the Windows logo appear, just keep tapping the F8 button; have it come up in Safe Mode with Networking). Safe Mode loads just enough of the operating system for the computer to function.
Once in Safe Mode, THEN run Malwarebytes and AVG (full scan for each, and yes, you can run both simultaneously). Whatever they find, let the package*=(s) get rid of it/them.
Then....reboot again (”Start Windows Normally”). I suspect you’ll then be fine.
Here’s the thing: Packages like antivirus software and anti-malware software (e.g. your Malwarebytes....which is VERY good, by the way) are only as good as the currency of their definition files. IOW, they can only protect you from stuff they actually KNOW about. KEEP THEM CURRENT.....BARE MINIMUM, UPDATE ONCE A WEEK (I tend to do that more often, myself).
Malwarebytes is not an antivirus package. Between AVG and Malwarebytes, your system should get a very thorough cleaning.
Ping if you have any problems.
The problem with Combo Fix is if you don’t ‘uninstall’ your antivirus program, it can,possibly, delete files that you don’t want to get rid of.
I would suggest going to the ‘Combo Fix’ website and following the instructions before just running it.
Even in ‘Safe Mode’.
I'm not sure what you mean when you say your "IP" uses McAfee. "IP" is usually an abbreviation for "Internet Protocol".
Reboot into safemode, and run your scans from there.
Also, you might want to try Spybot - Search & Destroy
I stopped going to Drudge over ten years ago, due to the cooties.
I replaced it with Avast, and all seems good.
I had the same issue as well. I was looking at funny videos when i got whats called Malware. The virus essentially puts up false alarms that makes you go to there website to buy the software that is bogus. The thing is real deceptive and real difficult to get to the root of the virus.
The easiest way to remove this virus is to reinstall the Operating system, whether its XP or Windows 7.
That particular piece of scareware can be a very tenacious little piece of garbage. Read all the above posts. Disabling the network adapter, booting in safe-mode and scanning are your best first efforts. Failing that, it will require more effort. Do you have your anti-malware, anti-virus set to auto-update? Are they set to “real time” scan of all traffic? Last time I had this on a machine, it took several hours and three attempts to eradicate it. Then, I locked the machine down and dumded-down my kids’ user privileges.
Note: the above is the most extreme solution. But it will in fact resolve the problem. It is probably not your first resort, but it may be your last. And in the interest of full disclosure I once had to resort to this last resort.
Sorry, my mistake. I meant to type ISP.
The new AVG is so streamlined and smart. I’ve used AVG for 8+years and I’ve worked for many many years in the ‘computer’ industry. I’ve never heard of Avast, but, hey...if it works for you, then great. Speaking of “bloated”, Norton and McAfee bloated-away years ago, in my opinion.
bttt
I had a similar virus. It looked like MSE, but had a slightly different name. It wouldn’t let me surf to any sites, like Microsoft or Bing, kept saying they were infected, and I couldn’t override the popup. I tried everything I could think of, I couldn’t even launch the real MSE. Finally, I went to program manager, saw the program name in the list, and deleted it. I couldn’t believe that worked. Haven’t had a problem since.
I have gotten the same thing a couple of times on my computer and my wife’s. I went to Bleepingcomputer.com, to their virus page and selected the one with the same name as the one hitting on your computer. Then, to shorten the process go straight down the page to where you can load Rkill onto a thumbdrive. Stick the thumbdrive into the affected computer and run rkill and it’s cleaned. Then run Malwarebytes and go back to your normal life. It is so easy, only a few clicks, and you’re done in just a few minutes.
This has worked for me three times. Good luck.
A few months ago, my husband’s laptop, running AVG paid with all the extras, was infected with one of those ransomware viruses. Nothing at all worked, as the thing had immediately inserted itself into AVG.
After a few days of frustration, he went to Geek Squad. They fixed it and the $200 charge includes a package for all our machines whenever they are in need. They see it all the time and it is evidently a PITA to remove/repair. Not sure, but I think they finally just gave him a new hard drive, but they were able to transfer everything, so nothing except bookmarks were lost.
We also back up to external drives often, separate drives for things like Quick Books, so we lost nothing.
BYW, the site where he was infected was the forum for Ferfal’s Living in Argentina. I’ve been afraid to access it on my computer since.
Sorry for my ignorance, is that the icon that looks like a monitor and a plug/trident (Windows 7)?
We had to dump AVG after they released a patch that was not compatible with Windows 7. Switched to Avast. Really like it, after turning off the update notice sound, that is! Son runs it on his Droid, too, haven’t heard any complaints from him.
Me too.
*
—bflr-
I'm assuming they were in conflict.
Since I actively check the AVG at least once a week, I make sure it stays disabled.
“worked for many many years in the ‘computer’ industry. I’ve never heard of Avast”
These statements are incompatible unless you worked for a computer company in a position that never brought you in contact with computers. Any IT guy has at least heard of Avast!
Download SPYBOT, install and update it, and run a scan. Download SPYWARE BLASTER, install it and make sure it is updated weekly. AVAST is the best virus software I’ve tried and I only have the free version.
There is a virus that masquerades AS AN ANTI-VIRUS program
You have to boot in safe mode and run malwarebytes AND a good anti-vurus (I use AVAST and it is free for home use and I love it)
I also discovered that if you have multiple usrs set up you can log in as GUEST and download and run those two (run tham as administrator)
Search ONLINE for the text you see on-screen and you can find detailed instructions on deleting it
I got ahold of it two days ago when I copied a picture. It was a a national news site and I was following a link from a FR thread.
For those of us(me) not tech orriented, a tech website bleepingcomputer.com offers all kinds of help without even a sign up, of course if you cant find what you need and have to ask someone, then you have to register.
The vid is pretty good but I wonder if that's where the bug is.
The quickest way to get rid of a virus is to restore to a date prior to the infection. Go to computer/properties/advanced and select Restore. You will then be able to select a date for the restore point.
You will not lose files but if you installed any new software after that date you will need to reinstall it.
This works 99% of the time.
I have just loaded Startup Monitor and will have to see if it works with Win7. The Startup Control Panel would not install, but CCleaner and other apps allow you to look at and/or disable Startup entries. If it works with Win7, the Startup Monitor will still be useful as it gives you a chance toi nix new Startup entries. They are available at an old Mike Lin site and the url is: http://www.mlin.net/StartupCPL.shtml
Didn't want to include an active link, so you can copy/paste it into the address bar.
Lots of good advice here to get rid of a Windows virus. I keep an old PC running Ubuntu Linux (actually I dual boot on my quad core machine now). When I’m going to spend time surfing sites I don’t know or when I’m going to click on anything my uncle Bob sends me, I do it with Linux running. No problem. I can click on anything.
After a while you may discover that you have no need for Windows at all. For me, I have to keep Windows because I teach advanced Access and Excel to my business students. They do some things a bit differently in Microsoft Office than in Open Office.
It is surprisingly simple to download Linux to a thumb drive and install it to allow your computer to boot in either operating system, independent of the other and safe from malware.
Yes
I’m not sure what you mean when you say your “IP” uses McAfee
Sorry, my mistake. I meant to type ISP.
but is it installed on your computer ? My friend never had anti virus installed ,he said because his provider had McAfee ,a virus wiped his hard drive, all I did was go to safe mode and use a restore point then installed Avast anti virus
All this, just to read Jewish World Review (or any other Web site)? What a waste.
Get a Mac and lower your blood pressure.
That said there is NO substitute for backing up your important files like digital photos. External hard drives and flash drives are inexpensive and can save a lot of grief if for some reason you lose your hard drive. Cloud storage is also available and as much as 5GB can often be obtained for free. I like to have my back up files stored off premises in case of fire or in this area tornadoes. I have some of my most important files backed up on flash drives and stored in my safety deposit box at the bank. I also store my old photo negatives and irreplaceable family photos in my safety deposit box.
You can turn off cookies for Drudge and it will still work.
Do NOT use AVG. It totally crashed my computer. Their support tech was no help. Had to buy another computer.
“If you really want to be free of this you may have to format the disk and reinstall windows from disk.”
There is absolutely no reason to do this.
There are many programs out there that will get rid of trojans and viruses.
There are other things, such as editing the registry in Safe Mode as well as restoring the registry from a backup, that will get rid of the entries.
As stated before, if nothing else works then try Combo Fix or another one called ‘Smitfraudfix’ which works well.
I have never had to re-format and re-install Windows because of a virus or trojan.
And I’ve worked on a lot of systems as a tech for years.
Anytime something like that pops up, you control + alt + delete and then shut the process down under the applications tab in your process viewer.
Get root !
ping for advice later
Re””I have gotten the same thing a couple of times on my computer and my wife’s. I went to Bleepingcomputer.com, to their virus page and selected the one with the same name as the one hitting on your computer. Then, to shorten the process go straight down the page to where you can load Rkill onto a thumbdrive. Stick the thumbdrive into the affected computer and run rkill and it’s cleaned. Then run Malwarebytes and go back to your normal life. It is so easy, only a few clicks, and you’re done in just a few minutes.
This has worked for me three times. Good luck.”
I second this approach. The one and only infection I got since the early 1990’s was cured in this manner.
http://www.bleepingcomputer.com/virus-removal/
I got infected with antivir solution pro:
http://www.bleepingcomputer.com/virus-removal/remove-antivir-solution-pro
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.