It just didn't look right so I clicked on nothing. I went to task manager and closed the application but every time I tried to open something, this would pop-up again. went to another computer and googled "Win 7 Home Security Alert. Sure enough, it's a fake anti-spyware program that is pretty nasty.
Ran Avira anti-virus and it found it - TR/Crypt.XPACK.Gen2 - and said it quarantined it. But it was still there. Ran Malwarebytes and it found it and said it removed it and this seemed to have worked.
My concern is this, however. Normally, if you look at processes in the Task Manager, certain processes read avgnt.exe for Avira, firefox.exe for Firefox, soffice.bin for Open Office Operations, etc. Now, however, these all read avgnt.exe *32, firefox.exe *32, soffice.bin *32.
I cannot find any reference to this *32 business anywhere. Anyone know if that's an indication that the Trojan is still there? What is the *32?
My plan is to uninstall all such programs in Safe Mode and see if it makes a difference. Or is *32 something in newer computers that's not in older ones? Also ran system restore to a point before this showed up.
Is it possible this virus/Trojan could still be in there somewhere and now not showing?
In before the “are you logged in” posts.
I had this problem with my kids' computer and that's what fixed it for me.
Run a boot time scan
I used to have these issues until about 5 or six years ago I got a Mac. Have several now and have never encountered these incredibly annoying experiences. I don’t have an anti-virus program, which those supposedly in the know say is because there aren’t enough Macs to interest the evil virus writing industry. I don’t think so, since evil virus writers like a challenge, and MAC OS and IOS devices are growing into the hundreds of millions.
So, why do you Windows users insist on continuing the personal suffering? Are you masochists?
It’s not a malfunction. The *32 means it’s a 32-bit program. If it says *64 or doesn’t have *32 at all, it’s a 64-bit program. This is perfectly normal for a Windows 64-bit OS.
I used to have these issues until about 5 or six years ago when I got a Mac. I have several now and have never encountered these incredibly annoying experiences on any Mac. I don’t have an anti-virus program, which those supposedly in the know say is because there aren’t enough Macs to interest the evil virus writing industry. I don’t think so, since evil virus writers like a challenge, and MAC OS and IOS devices are growing into the hundreds of millions.
So, why do you Windows users insist on continuing the personal suffering? Are you masochists?
I had that about a month ago. First you need to use Windows Restore.
Then turn on your windows security esentials (make sure it’s updated) that comes free with Windows and do a FULL scan (takes awhile) then set it to rescan each night while you are sleeping.
I also completely deleted the Adobe directory with flash ect where the virus is usually located and downloaded a fresh updated version of what I use regularly (flash, reader, ect) directly from Adobe.
That did the trick for me.
restoring would work for a day or two ... but then I’d just get it again. Restore + full scan + deleting the entire Adobe directory, finally fixed it for good.
yes! Run both of the programs; Malwarebytes and superantispywarefree once you see if they virus is still there go to this forum; http://www.bleepingcomputer.com/forums/forum103.html
You may have to run your PC is safemode to install the software, what you have is a very tricky bastard to get rid of.
I’ve had a few “dates” with this crap and have found the easiest way to dump it is go into System Restore (restore to an earlier date), pick a date before you got the virus and “backdate” the computer to that time, then run the malware and anti-virus programs.
Here’s the official instruction:
You need to have an administrator account to perform these steps.
Start your computer in Safe Mode with Command Prompt. To learn how to do this, see Start your computer in safe mode.
Log on to the computer.
At the command prompt, type rstrui.exe, and then press Enter.
Note
If you use System Restore when the computer is in safe mode, you cannot undo the restore operation. However, you can run System Restore again and choose a different restore point, if one exists.
that windows 7 security IS A VIRUS
it bugs you until you pay for it and then watch as your bank account gets emptied
you have to go into your registry and look for the default .EXE extension, and you will find it runs some program called “rhs.exe” (or somethign similar) and passes in any program as a parameter
That executes the trojan, which then displays that warning and then executes your software so that every program you run first runs that progam
ignore it and go into the registry editor and search for ALL occurances of rhs.exe (or whatever it calls iteself on your install)
you can also try to run the task manager and remove rhs.exe (terminate it)
There are sites where you can download a fix program that does this for you (google search on the name Win 7 security trojan)
THEN!!!!
NEVER NEVER NEVER run your computer without 2 things:
anti-virus (www.avast.com is free and GREAT)
and malwarebytes.com
(and stay off those websites you been to LOL....)
Also thanks to people in previous threads who recommended Malwarebytes. I've lost a bit of confidence in Avira from this. I started to load AVG first and changed my mind. Not sure why at this point. Thanks again.
The *32 means that the program is a 32 bit program. Your Windows 7 is probably the 64 bit version.
And if you search Google for “task manager windows 7 *32”
You’ll find lots of hits.
Make sure to set up an account for yourself that does NOT have administrator privileges. Use that for all of your random web browsing and general computing. Whenever you go to a site that wants to install crapware, it cannot do it automagically, because you won’t have administrator privileges.
This won’t fix your previous problem, but should help keep you from getting re-infected, or infected with something else.
Doesn't matter. Back in the days of DOS, there once was a PC maker called Leading Edge (iirc).
They somehow managed to get a virus on the production hard drive that they used for cloning systems onto brand new drives that were installed in new machines...
Microsoft now has a startup system virus sweeper for download. Info here
http://connect.microsoft.com/systemsweeper
Just in case virus...ping
There's left-click, right-click, and zen-click.
Image Back up!
After you get your system cleansed, and BEFORE the next infection or problem, create a back-up system image.
On my XP laptop and desktop, I frequently made a system image backup [standalone program called CloneGenius] when things were running nicely. Later, when I had problems, I just restored the last best image.
NOTE: I keep most of my data on a separate partion/drive, so the data is not usually impacted when I have to do an image restoration. I also partition my OS to a smaller size, so the backup image will be comparatively small.
On my new Samsung laptop and Acer/Gateway desktop both came with their own imaging backup software. I have periodically made new image backups as I install software, etc. Already, on the laptop, I had to use the image to restore to an earlier state.
Image Back ups save hours of aggravation — they retain your software installations and configurations.