Skip to comments.Computer Virus Info
Posted on 01/15/2012 9:27:55 AM PST by jim macomber
Brand new computer.
It just didn't look right so I clicked on nothing. I went to task manager and closed the application but every time I tried to open something, this would pop-up again. went to another computer and googled "Win 7 Home Security Alert. Sure enough, it's a fake anti-spyware program that is pretty nasty.
Ran Avira anti-virus and it found it - TR/Crypt.XPACK.Gen2 - and said it quarantined it. But it was still there. Ran Malwarebytes and it found it and said it removed it and this seemed to have worked.
My concern is this, however. Normally, if you look at processes in the Task Manager, certain processes read avgnt.exe for Avira, firefox.exe for Firefox, soffice.bin for Open Office Operations, etc. Now, however, these all read avgnt.exe *32, firefox.exe *32, soffice.bin *32.
I cannot find any reference to this *32 business anywhere. Anyone know if that's an indication that the Trojan is still there? What is the *32?
My plan is to uninstall all such programs in Safe Mode and see if it makes a difference. Or is *32 something in newer computers that's not in older ones? Also ran system restore to a point before this showed up.
Is it possible this virus/Trojan could still be in there somewhere and now not showing?
In before the “are you logged in” posts.
I had this problem with my kids' computer and that's what fixed it for me.
Run a boot time scan
I used to have these issues until about 5 or six years ago I got a Mac. Have several now and have never encountered these incredibly annoying experiences. I don’t have an anti-virus program, which those supposedly in the know say is because there aren’t enough Macs to interest the evil virus writing industry. I don’t think so, since evil virus writers like a challenge, and MAC OS and IOS devices are growing into the hundreds of millions.
So, why do you Windows users insist on continuing the personal suffering? Are you masochists?
It’s not a malfunction. The *32 means it’s a 32-bit program. If it says *64 or doesn’t have *32 at all, it’s a 64-bit program. This is perfectly normal for a Windows 64-bit OS.
I used to have these issues until about 5 or six years ago when I got a Mac. I have several now and have never encountered these incredibly annoying experiences on any Mac. I don’t have an anti-virus program, which those supposedly in the know say is because there aren’t enough Macs to interest the evil virus writing industry. I don’t think so, since evil virus writers like a challenge, and MAC OS and IOS devices are growing into the hundreds of millions.
So, why do you Windows users insist on continuing the personal suffering? Are you masochists?
I had that about a month ago. First you need to use Windows Restore.
Then turn on your windows security esentials (make sure it’s updated) that comes free with Windows and do a FULL scan (takes awhile) then set it to rescan each night while you are sleeping.
I also completely deleted the Adobe directory with flash ect where the virus is usually located and downloaded a fresh updated version of what I use regularly (flash, reader, ect) directly from Adobe.
That did the trick for me.
restoring would work for a day or two ... but then I’d just get it again. Restore + full scan + deleting the entire Adobe directory, finally fixed it for good.
Yes. That is the only possible explanation isn't it?
yes! Run both of the programs; Malwarebytes and superantispywarefree once you see if they virus is still there go to this forum; http://www.bleepingcomputer.com/forums/forum103.html
You may have to run your PC is safemode to install the software, what you have is a very tricky bastard to get rid of.
I’ve had a few “dates” with this crap and have found the easiest way to dump it is go into System Restore (restore to an earlier date), pick a date before you got the virus and “backdate” the computer to that time, then run the malware and anti-virus programs.
Here’s the official instruction:
You need to have an administrator account to perform these steps.
Start your computer in Safe Mode with Command Prompt. To learn how to do this, see Start your computer in safe mode.
Log on to the computer.
At the command prompt, type rstrui.exe, and then press Enter.
If you use System Restore when the computer is in safe mode, you cannot undo the restore operation. However, you can run System Restore again and choose a different restore point, if one exists.
Because I like to play games.
Why do you think there are so few MACS?
that windows 7 security IS A VIRUS
it bugs you until you pay for it and then watch as your bank account gets emptied
you have to go into your registry and look for the default .EXE extension, and you will find it runs some program called “rhs.exe” (or somethign similar) and passes in any program as a parameter
That executes the trojan, which then displays that warning and then executes your software so that every program you run first runs that progam
ignore it and go into the registry editor and search for ALL occurances of rhs.exe (or whatever it calls iteself on your install)
you can also try to run the task manager and remove rhs.exe (terminate it)
There are sites where you can download a fix program that does this for you (google search on the name Win 7 security trojan)
NEVER NEVER NEVER run your computer without 2 things:
anti-virus (www.avast.com is free and GREAT)
(and stay off those websites you been to LOL....)
Also thanks to people in previous threads who recommended Malwarebytes. I've lost a bit of confidence in Avira from this. I started to load AVG first and changed my mind. Not sure why at this point. Thanks again.
The *32 means that the program is a 32 bit program. Your Windows 7 is probably the 64 bit version.
And if you search Google for “task manager windows 7 *32”
You’ll find lots of hits.
This is the correct answer.
The most likely explanation:
You are unfamiliar with the OSX experience, so you resist change, even if for the better.
If you have some essential piece of software which runs only on Windows, you can run Windows inside a VM in OSX. This used to be a valid argument against adoption of Mac OSX, but is no longer valid.
FYI, I am a software developer, and there is simply no comparison between Windows and Mac OSX. I have not used Windows 8 yet, but I rather doubt that Microsoft have their act together, even after all these years.
Thanks, TexasFreeper. Just prior to this I was getting unusually (to me) frequent Adobe updates. I will check that - and hope it doesn’t come back.
Thanks. Is the rstrui.exe the command for system restore? I did do it in Safe Mode and knew it couldn’t be undone. But the computer is only a week old and I didn’t have much on it so...Thanks again.
Make sure to set up an account for yourself that does NOT have administrator privileges. Use that for all of your random web browsing and general computing. Whenever you go to a site that wants to install crapware, it cannot do it automagically, because you won’t have administrator privileges.
This won’t fix your previous problem, but should help keep you from getting re-infected, or infected with something else.
Why do you Macbots insist on posting the same annoying unhelpful remarks multiple times?
Or did your perfect computer screw up?
Doesn't matter. Back in the days of DOS, there once was a PC maker called Leading Edge (iirc).
They somehow managed to get a virus on the production hard drive that they used for cloning systems onto brand new drives that were installed in new machines...
I was running Avira Anti-Virus, Malwarebytes and Super Anti-Spyware and still got it!
Other sites mentioned that it is a three-letter.exe program. In my computer it showed up as qbs.exe or something like that and I'd hit "end process" in Task Manager and it would go away but then come back as soon as I clicked anything else. Is it possible to actually remove a program in Task Manager?
I've always been leery of messing around in the registry editor but if this does come back - or is in there now, I'll delete any three-letter.exe file. Are there no legitimate three-letter.exe files?
Because we like learning how to fix our computers?
It’s like asking a gearhead why he doesn’t just ‘buy out of the box’.
Everytime something goes wrong, I learn something new about computers.
Excellent point. Will do.
yep, I was getting the same thing for quite awhile before the virus actually started doing major harm.
never mind that Macs have numerous viruses now. Even the vaunted ipad has been compromised.
but your ‘get a mac’ comments are still useful
Avast or AVG are better than Avira, IMO
There is an exe in user/AppData/Local that is the malware. It is most likely in your startup too. The name of the exe is typically 2 characters, it is randomly generated. Find and delete the exe and remove it from startup. Hope that helps. If it reappears bring up task manager click on the process and then ask for proteries that should give you the location of the exe.
My son had a nasty virus on his computer that deleted his data and program. Restore points (which typically work) didn’t work with this one. Had to boot from the recovery partition. These things are definitely getting more virulent and destructive.
there are many problems with mac, first and foremost the users who come into threads like this with comments like yours.
if macs were so good then Microsoft wouldn’t still own the desktop environment even after all their mis-steps.
You’re so helpful. Why are you so good to us?
What’s up with that little icon in the corner? It looks like two guys kissing.
“You need to have an administrator account to perform these steps.”
What do you do if your pass word to the Admin. Acc. keeps being denied even though you know it to be correct?
Microsoft now has a startup system virus sweeper for download. Info here
I started on a trs 80 then mac then pc Wife and santa got me a 27 inch i mac Love it but hate the keyboard and the sharp edges Happy sunday
Just in case virus...ping
There's left-click, right-click, and zen-click.
Not true.You can download microsoft’s anti-virus software free of charge for the new windows 7 .I know I have done it for my wife,I installed it her her new notebook PC and she has had no problems so far.
Image Back up!
After you get your system cleansed, and BEFORE the next infection or problem, create a back-up system image.
On my XP laptop and desktop, I frequently made a system image backup [standalone program called CloneGenius] when things were running nicely. Later, when I had problems, I just restored the last best image.
NOTE: I keep most of my data on a separate partion/drive, so the data is not usually impacted when I have to do an image restoration. I also partition my OS to a smaller size, so the backup image will be comparatively small.
On my new Samsung laptop and Acer/Gateway desktop both came with their own imaging backup software. I have periodically made new image backups as I install software, etc. Already, on the laptop, I had to use the image to restore to an earlier state.
Image Back ups save hours of aggravation — they retain your software installations and configurations.
I had the same kind of virus a few weeks ago on my computer that runs Windows Vista. My brother removed it with a virus removal tool that he downloaded from his computer onto a flash drive, and then ran it on my computer. The virus basically just froze everything up. For some reason, I was still able to do a Google search, but it wouldn’t let me click on to any of the links. My brother has all Macs in his house now. Everyone says that Macs don’t get viruses.
One of the ways to get rid of it is to boot your system in safe mode with networking and then find (online) one of a number of phony registration keys to trick the program into "registering" itself (after which it will "pretend" to scan your computer for viruses). At that point, it will stop hijacking your browser and you can load normally and get rid of the SOB; first by running a registry patch (available in several places) and then by downloading and running the MBAW program.
I'd like to take people who create **** like this and force them to listen to Meghan McCain's voice at full volume while tied up, covered with honey and set upon by fire ants.
because mac’s are evil, and so are some of their users.
The rstrui.exe command allows you to select a date to use. It should not affect any docs you have. It’s not a wipe the drive kind of situation. If you have a restore date on it that is before the virus infection, it should work fine. Just be sure to run Malwarebytes or other good tool after rebooting to rid the machine of whatever you downloaded to get the infection.
If it's Meghan who is tied up, I believe I can tolerate her voice for a while.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.