Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Computer Virus Info

Posted on 01/15/2012 9:27:55 AM PST by jim macomber

Brand new computer.


TOPICS: Your Opinion/Questions
KEYWORDS: computer; trojan; virus; win7homesecurity
Navigation: use the links below to view more comments.
first 1-5051-95 next last
Yesterday I had a run in with the Win 7 Home Security Alert virus/Trojan. It pops up and tells you you have an infection and must start the Win 7 Home Security program immediately. Whatever prgram you're in or trying to open it say, e.g., "Firefox is infected" or "Avira is infected", etc.

It just didn't look right so I clicked on nothing. I went to task manager and closed the application but every time I tried to open something, this would pop-up again. went to another computer and googled "Win 7 Home Security Alert. Sure enough, it's a fake anti-spyware program that is pretty nasty.

Ran Avira anti-virus and it found it - TR/Crypt.XPACK.Gen2 - and said it quarantined it. But it was still there. Ran Malwarebytes and it found it and said it removed it and this seemed to have worked.

My concern is this, however. Normally, if you look at processes in the Task Manager, certain processes read avgnt.exe for Avira, firefox.exe for Firefox, soffice.bin for Open Office Operations, etc. Now, however, these all read avgnt.exe *32, firefox.exe *32, soffice.bin *32.

I cannot find any reference to this *32 business anywhere. Anyone know if that's an indication that the Trojan is still there? What is the *32?

My plan is to uninstall all such programs in Safe Mode and see if it makes a difference. Or is *32 something in newer computers that's not in older ones? Also ran system restore to a point before this showed up.

Is it possible this virus/Trojan could still be in there somewhere and now not showing?

1 posted on 01/15/2012 9:28:00 AM PST by jim macomber
[ Post Reply | Private Reply | View Replies]

To: jim macomber

In before the “are you logged in” posts.


2 posted on 01/15/2012 9:30:13 AM PST by edpc (Wilby 2012)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jim macomber
Also ran system restore to a point before this showed up.

I had this problem with my kids' computer and that's what fixed it for me.

3 posted on 01/15/2012 9:32:36 AM PST by ElkGroveDan (My tagline is in the shop.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jim macomber

Run a boot time scan


4 posted on 01/15/2012 9:33:14 AM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jim macomber
Yes. Burn this to a CD and boot from it and let it scan:

http://www.avg.com/us-en/avg-rescue-cd

5 posted on 01/15/2012 9:33:14 AM PST by gura (If Allah is so great, why does he need fat sexually confused fanboys to do his dirty work? -iowahawk)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jim macomber

I used to have these issues until about 5 or six years ago I got a Mac. Have several now and have never encountered these incredibly annoying experiences. I don’t have an anti-virus program, which those supposedly in the know say is because there aren’t enough Macs to interest the evil virus writing industry. I don’t think so, since evil virus writers like a challenge, and MAC OS and IOS devices are growing into the hundreds of millions.

So, why do you Windows users insist on continuing the personal suffering? Are you masochists?


6 posted on 01/15/2012 9:33:32 AM PST by kentramsay
[ Post Reply | Private Reply | To 1 | View Replies]

To: jim macomber

It’s not a malfunction. The *32 means it’s a 32-bit program. If it says *64 or doesn’t have *32 at all, it’s a 64-bit program. This is perfectly normal for a Windows 64-bit OS.


7 posted on 01/15/2012 9:34:13 AM PST by Bloody Sam Roberts ("The price of freedom is willingness to do sudden battle anywhere, anytime..." - Robert A. Heinlein)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jim macomber

I used to have these issues until about 5 or six years ago when I got a Mac. I have several now and have never encountered these incredibly annoying experiences on any Mac. I don’t have an anti-virus program, which those supposedly in the know say is because there aren’t enough Macs to interest the evil virus writing industry. I don’t think so, since evil virus writers like a challenge, and MAC OS and IOS devices are growing into the hundreds of millions.

So, why do you Windows users insist on continuing the personal suffering? Are you masochists?


8 posted on 01/15/2012 9:34:19 AM PST by kentramsay
[ Post Reply | Private Reply | To 1 | View Replies]

To: jim macomber

I had that about a month ago. First you need to use Windows Restore.

Then turn on your windows security esentials (make sure it’s updated) that comes free with Windows and do a FULL scan (takes awhile) then set it to rescan each night while you are sleeping.

I also completely deleted the Adobe directory with flash ect where the virus is usually located and downloaded a fresh updated version of what I use regularly (flash, reader, ect) directly from Adobe.

That did the trick for me.

restoring would work for a day or two ... but then I’d just get it again. Restore + full scan + deleting the entire Adobe directory, finally fixed it for good.


9 posted on 01/15/2012 9:34:49 AM PST by TexasFreeper2009 (Go Newt!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: kentramsay
Are you masochists?

Yes. That is the only possible explanation isn't it?

10 posted on 01/15/2012 9:35:49 AM PST by Bloody Sam Roberts ("The price of freedom is willingness to do sudden battle anywhere, anytime..." - Robert A. Heinlein)
[ Post Reply | Private Reply | To 8 | View Replies]

To: jim macomber

yes! Run both of the programs; Malwarebytes and superantispywarefree once you see if they virus is still there go to this forum; http://www.bleepingcomputer.com/forums/forum103.html

You may have to run your PC is safemode to install the software, what you have is a very tricky bastard to get rid of.


11 posted on 01/15/2012 9:36:59 AM PST by big bad easter bunny (Cain 2012)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jim macomber

I’ve had a few “dates” with this crap and have found the easiest way to dump it is go into System Restore (restore to an earlier date), pick a date before you got the virus and “backdate” the computer to that time, then run the malware and anti-virus programs.

Here’s the official instruction:

You need to have an administrator account to perform these steps.

Start your computer in Safe Mode with Command Prompt. To learn how to do this, see Start your computer in safe mode.

Log on to the computer.

At the command prompt, type rstrui.exe, and then press Enter.

Note
If you use System Restore when the computer is in safe mode, you cannot undo the restore operation. However, you can run System Restore again and choose a different restore point, if one exists.


12 posted on 01/15/2012 9:39:08 AM PST by DeFault User
[ Post Reply | Private Reply | To 1 | View Replies]

To: kentramsay

Because I like to play games.

Why do you think there are so few MACS?

Hmmmm.


13 posted on 01/15/2012 9:41:48 AM PST by chris37 (Heartless.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: jim macomber

that windows 7 security IS A VIRUS

it bugs you until you pay for it and then watch as your bank account gets emptied

you have to go into your registry and look for the default .EXE extension, and you will find it runs some program called “rhs.exe” (or somethign similar) and passes in any program as a parameter

That executes the trojan, which then displays that warning and then executes your software so that every program you run first runs that progam

ignore it and go into the registry editor and search for ALL occurances of rhs.exe (or whatever it calls iteself on your install)

you can also try to run the task manager and remove rhs.exe (terminate it)

There are sites where you can download a fix program that does this for you (google search on the name Win 7 security trojan)

THEN!!!!

NEVER NEVER NEVER run your computer without 2 things:

anti-virus (www.avast.com is free and GREAT)

and malwarebytes.com

(and stay off those websites you been to LOL....)


14 posted on 01/15/2012 9:41:48 AM PST by Mr. K (Physically unable to profreed <--- oops, see?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jim macomber
Thanks all. I am horpeful the system restore did the trick. Thanks Bloody Sam for that info. I hadn't noticed it before and it doesn't have the *32 on my older computers (Vista and XP). This one has Windows 7.

Also thanks to people in previous threads who recommended Malwarebytes. I've lost a bit of confidence in Avira from this. I started to load AVG first and changed my mind. Not sure why at this point. Thanks again.

15 posted on 01/15/2012 9:41:59 AM PST by jim macomber (Author: "Bargained for Exchange", "Art & Part", "A Grave Breach" http://www.jamesmacomber.com)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jim macomber

The *32 means that the program is a 32 bit program. Your Windows 7 is probably the 64 bit version.

And if you search Google for “task manager windows 7 *32”

You’ll find lots of hits.


16 posted on 01/15/2012 9:42:20 AM PST by DB
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bloody Sam Roberts
It’s not a malfunction. The *32 means it’s a 32-bit program. If it says *64 or doesn’t have *32 at all, it’s a 64-bit program. This is perfectly normal for a Windows 64-bit OS.

This is the correct answer.

17 posted on 01/15/2012 9:47:04 AM PST by Tigermoth ("...in order to form a more perfect union.....and secure the blessings of liberty..")
[ Post Reply | Private Reply | To 7 | View Replies]

To: Bloody Sam Roberts

The most likely explanation:

You are unfamiliar with the OSX experience, so you resist change, even if for the better.

If you have some essential piece of software which runs only on Windows, you can run Windows inside a VM in OSX. This used to be a valid argument against adoption of Mac OSX, but is no longer valid.

FYI, I am a software developer, and there is simply no comparison between Windows and Mac OSX. I have not used Windows 8 yet, but I rather doubt that Microsoft have their act together, even after all these years.


18 posted on 01/15/2012 9:48:09 AM PST by dinodino
[ Post Reply | Private Reply | To 10 | View Replies]

To: TexasFreeper2009

Thanks, TexasFreeper. Just prior to this I was getting unusually (to me) frequent Adobe updates. I will check that - and hope it doesn’t come back.


19 posted on 01/15/2012 9:48:40 AM PST by jim macomber (Author: "Bargained for Exchange", "Art & Part", "A Grave Breach" http://www.jamesmacomber.com)
[ Post Reply | Private Reply | To 9 | View Replies]

To: kentramsay
why do you Windows users insist
So we can post images like ...


20 posted on 01/15/2012 9:49:33 AM PST by oh8eleven (RVN '67-'68)
[ Post Reply | Private Reply | To 8 | View Replies]

To: DeFault User

Thanks. Is the rstrui.exe the command for system restore? I did do it in Safe Mode and knew it couldn’t be undone. But the computer is only a week old and I didn’t have much on it so...Thanks again.


21 posted on 01/15/2012 9:52:11 AM PST by jim macomber (Author: "Bargained for Exchange", "Art & Part", "A Grave Breach" http://www.jamesmacomber.com)
[ Post Reply | Private Reply | To 12 | View Replies]

To: jim macomber

Make sure to set up an account for yourself that does NOT have administrator privileges. Use that for all of your random web browsing and general computing. Whenever you go to a site that wants to install crapware, it cannot do it automagically, because you won’t have administrator privileges.

This won’t fix your previous problem, but should help keep you from getting re-infected, or infected with something else.


22 posted on 01/15/2012 9:54:17 AM PST by Explorer89 (And now, let the wild rumpus start!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: kentramsay

Why do you Macbots insist on posting the same annoying unhelpful remarks multiple times?

Or did your perfect computer screw up?


23 posted on 01/15/2012 9:54:56 AM PST by Fresh Wind ('People have got to know whether or not their President is a crook.' Richard M. Nixon)
[ Post Reply | Private Reply | To 8 | View Replies]

To: jim macomber
I've lost a bit of confidence in Avira from this. I started to load AVG first and changed my mind.
If you're still using free AV software, I suggest it's time to step up and buy something more substantial.
They're not that expensive ... "2012 Compare The Best Antivirus Software Products"
24 posted on 01/15/2012 9:55:18 AM PST by oh8eleven (RVN '67-'68)
[ Post Reply | Private Reply | To 15 | View Replies]

To: jim macomber
Brand new computer.

Doesn't matter. Back in the days of DOS, there once was a PC maker called Leading Edge (iirc).

They somehow managed to get a virus on the production hard drive that they used for cloning systems onto brand new drives that were installed in new machines...

25 posted on 01/15/2012 9:57:33 AM PST by Calvin Locke
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mr. K
Thanks Mr. K.

I was running Avira Anti-Virus, Malwarebytes and Super Anti-Spyware and still got it!

Other sites mentioned that it is a three-letter.exe program. In my computer it showed up as qbs.exe or something like that and I'd hit "end process" in Task Manager and it would go away but then come back as soon as I clicked anything else. Is it possible to actually remove a program in Task Manager?

I've always been leery of messing around in the registry editor but if this does come back - or is in there now, I'll delete any three-letter.exe file. Are there no legitimate three-letter.exe files?

Thanks again.

26 posted on 01/15/2012 10:01:33 AM PST by jim macomber (Author: "Bargained for Exchange", "Art & Part", "A Grave Breach" http://www.jamesmacomber.com)
[ Post Reply | Private Reply | To 14 | View Replies]

To: kentramsay

Because we like learning how to fix our computers?

It’s like asking a gearhead why he doesn’t just ‘buy out of the box’.

Everytime something goes wrong, I learn something new about computers.


27 posted on 01/15/2012 10:02:11 AM PST by BenKenobi (Rick Santorum - "The Force is strong with this one")
[ Post Reply | Private Reply | To 8 | View Replies]

To: oh8eleven

Excellent point. Will do.


28 posted on 01/15/2012 10:04:26 AM PST by jim macomber (Author: "Bargained for Exchange", "Art & Part", "A Grave Breach" http://www.jamesmacomber.com)
[ Post Reply | Private Reply | To 24 | View Replies]

To: jim macomber
I'm pretty sure you have got an Amish virus issue.
29 posted on 01/15/2012 10:04:28 AM PST by peyton randolph (B. Hussein Obama solved Bush's "problem" of a AAA credit rating)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jim macomber

yep, I was getting the same thing for quite awhile before the virus actually started doing major harm.


30 posted on 01/15/2012 10:07:17 AM PST by TexasFreeper2009 (Go Newt!)
[ Post Reply | Private Reply | To 19 | View Replies]

To: kentramsay

never mind that Macs have numerous viruses now. Even the vaunted ipad has been compromised.

but your ‘get a mac’ comments are still useful


31 posted on 01/15/2012 10:08:32 AM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: jim macomber

Avast or AVG are better than Avira, IMO


32 posted on 01/15/2012 10:09:52 AM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 26 | View Replies]

To: jim macomber

There is an exe in user/AppData/Local that is the malware. It is most likely in your startup too. The name of the exe is typically 2 characters, it is randomly generated. Find and delete the exe and remove it from startup. Hope that helps. If it reappears bring up task manager click on the process and then ask for proteries that should give you the location of the exe.


33 posted on 01/15/2012 10:10:21 AM PST by jpsb
[ Post Reply | Private Reply | To 26 | View Replies]

To: DeFault User

My son had a nasty virus on his computer that deleted his data and program. Restore points (which typically work) didn’t work with this one. Had to boot from the recovery partition. These things are definitely getting more virulent and destructive.


34 posted on 01/15/2012 10:11:43 AM PST by rbg81
[ Post Reply | Private Reply | To 12 | View Replies]

To: dinodino

there are many problems with mac, first and foremost the users who come into threads like this with comments like yours.

if macs were so good then Microsoft wouldn’t still own the desktop environment even after all their mis-steps.


35 posted on 01/15/2012 10:12:10 AM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: kentramsay

You’re so helpful. Why are you so good to us?


36 posted on 01/15/2012 10:14:33 AM PST by BipolarBob (I don't mind you shooting at me, Frank, but take it easy on the Bacardi!)
[ Post Reply | Private Reply | To 8 | View Replies]

To: oh8eleven

What’s up with that little icon in the corner? It looks like two guys kissing.


37 posted on 01/15/2012 10:17:45 AM PST by Fresh Wind ('People have got to know whether or not their President is a crook.' Richard M. Nixon)
[ Post Reply | Private Reply | To 20 | View Replies]

To: DeFault User

“You need to have an administrator account to perform these steps.”

What do you do if your pass word to the Admin. Acc. keeps being denied even though you know it to be correct?


38 posted on 01/15/2012 10:29:09 AM PST by count-your-change (You don't have to be brilliant, not being stupid is enough.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: jim macomber

Microsoft now has a startup system virus sweeper for download. Info here

http://connect.microsoft.com/systemsweeper


39 posted on 01/15/2012 10:45:30 AM PST by UB355 (Slower traffic keep right)
[ Post Reply | Private Reply | To 1 | View Replies]

To: kentramsay

I started on a trs 80 then mac then pc Wife and santa got me a 27 inch i mac Love it but hate the keyboard and the sharp edges Happy sunday


40 posted on 01/15/2012 10:45:37 AM PST by al baby (Hi Mom)
[ Post Reply | Private Reply | To 6 | View Replies]

To: jim macomber

Just in case virus...ping


41 posted on 01/15/2012 10:48:14 AM PST by PoloSec ( Believe the Gospel: how that Christ died for our sins, was buried and rose again)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jim macomber
It just didn't look right so I clicked on nothing.

There's left-click, right-click, and zen-click.

42 posted on 01/15/2012 10:59:40 AM PST by 6SJ7 (Meh.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mr. K

Not true.You can download microsoft’s anti-virus software free of charge for the new windows 7 .I know I have done it for my wife,I installed it her her new notebook PC and she has had no problems so far.


43 posted on 01/15/2012 11:00:30 AM PST by puppypusher (The World is going to the dogs.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: jim macomber

Image Back up!

After you get your system cleansed, and BEFORE the next infection or problem, create a back-up system image.

On my XP laptop and desktop, I frequently made a system image backup [standalone program called CloneGenius] when things were running nicely. Later, when I had problems, I just restored the last best image.

NOTE: I keep most of my data on a separate partion/drive, so the data is not usually impacted when I have to do an image restoration. I also partition my OS to a smaller size, so the backup image will be comparatively small.

On my new Samsung laptop and Acer/Gateway desktop both came with their own imaging backup software. I have periodically made new image backups as I install software, etc. Already, on the laptop, I had to use the image to restore to an earlier state.

Image Back ups save hours of aggravation — they retain your software installations and configurations.


44 posted on 01/15/2012 11:03:48 AM PST by TomGuy
[ Post Reply | Private Reply | To 1 | View Replies]

To: jim macomber

I had the same kind of virus a few weeks ago on my computer that runs Windows Vista. My brother removed it with a virus removal tool that he downloaded from his computer onto a flash drive, and then ran it on my computer. The virus basically just froze everything up. For some reason, I was still able to do a Google search, but it wouldn’t let me click on to any of the links. My brother has all Macs in his house now. Everyone says that Macs don’t get viruses.


45 posted on 01/15/2012 11:09:26 AM PST by toothfairy86
[ Post Reply | Private Reply | To 1 | View Replies]

To: jim macomber
My wife had her computer infected by that nasty piece of crap - it is malware, and will scan your computer for personal information while making multiple changes to your system registry. As others have suggested, get MalwareBytes Anti-Malware - even the trial version will work.

One of the ways to get rid of it is to boot your system in safe mode with networking and then find (online) one of a number of phony registration keys to trick the program into "registering" itself (after which it will "pretend" to scan your computer for viruses). At that point, it will stop hijacking your browser and you can load normally and get rid of the SOB; first by running a registry patch (available in several places) and then by downloading and running the MBAW program.

I'd like to take people who create **** like this and force them to listen to Meghan McCain's voice at full volume while tied up, covered with honey and set upon by fire ants.

46 posted on 01/15/2012 11:11:55 AM PST by andy58-in-nh (America does not need to be organized: it needs to be liberated.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: kentramsay

because mac’s are evil, and so are some of their users.


47 posted on 01/15/2012 11:17:14 AM PST by brivette
[ Post Reply | Private Reply | To 8 | View Replies]

To: jim macomber

The rstrui.exe command allows you to select a date to use. It should not affect any docs you have. It’s not a wipe the drive kind of situation. If you have a restore date on it that is before the virus infection, it should work fine. Just be sure to run Malwarebytes or other good tool after rebooting to rid the machine of whatever you downloaded to get the infection.


48 posted on 01/15/2012 11:19:43 AM PST by DeFault User
[ Post Reply | Private Reply | To 21 | View Replies]

To: andy58-in-nh
... and force them to listen to Meghan McCain's voice at full volume while tied up, covered with honey and set upon by fire ants.

If it's Meghan who is tied up, I believe I can tolerate her voice for a while.

49 posted on 01/15/2012 11:23:39 AM PST by willieroe
[ Post Reply | Private Reply | To 46 | View Replies]

To: brivette
because mac’s are evil, and so are some of their users.

LOL. I won't say "evil", but more than one person I know adopted the "reformed smoker" attitude towards PCs after switching to a mac. They constantly lecture and criticize like a demonic parrot when computer topics come up: "getamac! getamac! getamac!"
50 posted on 01/15/2012 11:30:45 AM PST by LostInBayport (When there are more people riding in the cart than there are pulling it, the cart stops moving...)
[ Post Reply | Private Reply | To 47 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-95 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson