Antispyware soft virus/whatever it is.
0
So, a friend of mine called me up saying that something was wrong with her computer. She didn't know what it was only that it wouldn't go away and her internet was no longer working despite comcast saying that everything was fine on their end. When I got to her house I saw that it was a hijacker of sorts or whatever you want to call it. A virus masquerading as a anti virus wanting you to do a scan where about it would find numerous viruses on the computer and preform a complete scan in 30 seconds, then would prompt you that the only way to remove said viruses would be to enter your credit card to unlock the full version.
I tried using the anti virus that was already on her computer but all she had was trail versions of random crap like Norton (Keep the name calling to a minimum. She isn't the brightest computer user). Anyways, I had no clue how to get it off so I just tried an assortment of things to no avail.
I tried running the computer in safe mode with networking, but it still wouldn't connect to the internet. I'm assuming it's still the virus preventing that because according to her before the virus was there her internet was working just fine. In safe mode I attempted to install SUPERantispyware from a USB drive which failed because it apparently couldn't be installed in safe mode or so it said. After that I tried AVG, but that prompted with saying that it needs to be hooked up to the internet to install.
After that method failed I attempted to to do the same in normal windows mode but the virus kept saying that the anti virus stuff I was attempting to install was a virus itself and canceled all the actions even with UAC turned off. It also registers task manager as a virus and most of the time won't let me bring that up. I also can't end any processes as it says access is denied despite being on the administrator account. After that I gave up and said I'd ask around. So, what can I do to help her?
Bit more info:
OS: Vista Service pack 2.
Computer maker: HP
Ram: 512Mb
CPU: Something really shitty.
Computer age: 5 years old.
Don't know if any of that helps, but it's there.
I tried using the anti virus that was already on her computer but all she had was trail versions of random crap like Norton (Keep the name calling to a minimum. She isn't the brightest computer user). Anyways, I had no clue how to get it off so I just tried an assortment of things to no avail.
I tried running the computer in safe mode with networking, but it still wouldn't connect to the internet. I'm assuming it's still the virus preventing that because according to her before the virus was there her internet was working just fine. In safe mode I attempted to install SUPERantispyware from a USB drive which failed because it apparently couldn't be installed in safe mode or so it said. After that I tried AVG, but that prompted with saying that it needs to be hooked up to the internet to install.
After that method failed I attempted to to do the same in normal windows mode but the virus kept saying that the anti virus stuff I was attempting to install was a virus itself and canceled all the actions even with UAC turned off. It also registers task manager as a virus and most of the time won't let me bring that up. I also can't end any processes as it says access is denied despite being on the administrator account. After that I gave up and said I'd ask around. So, what can I do to help her?
Bit more info:
OS: Vista Service pack 2.
Computer maker: HP
Ram: 512Mb
CPU: Something really shitty.
Computer age: 5 years old.
Don't know if any of that helps, but it's there.
0
You should download and install Malwarebytes it's a very good and free spyware and malware scanner.
http://filehippo.com/download_malwarebytes_anti_malware/
Also you should get hijack this and post the log here or on their forums where we can see what's installed and running.
http://filehippo.com/download_hijackthis/
If you know what the programs that are starting automatically you can see if you can disable that phony antivirus by making it not run at start up by typing msconfig in Run when you click on the start button.
Worst case you can just format the whole computer. Considering that it's using Vista you should really have it run XP since it will be less of drain and was probably built to run that.
http://filehippo.com/download_malwarebytes_anti_malware/
Also you should get hijack this and post the log here or on their forums where we can see what's installed and running.
http://filehippo.com/download_hijackthis/
If you know what the programs that are starting automatically you can see if you can disable that phony antivirus by making it not run at start up by typing msconfig in Run when you click on the start button.
Worst case you can just format the whole computer. Considering that it's using Vista you should really have it run XP since it will be less of drain and was probably built to run that.
0
I echo slayer. Running Hijack this and posting the log is the best route that way we can hopefully identify the offending program. Make sure you run hijack in normal mode not safe mode.
0
Its unlikely that you can even download any of the programs. Considering the amount of time and energy required to remove them if you can't download any removal software, Formatting would be best.
However if you really don't have the Restore disk or don;t wanna lose your files. I suggest finding the virus files and changing its name to have access to delete it
However if you really don't have the Restore disk or don;t wanna lose your files. I suggest finding the virus files and changing its name to have access to delete it
0
If it isn't letting you open or install programs, what you need to do is download this to a flash drive and open on the infected computer. It is a registry edit that will allow .exe to run again. After that, it should be a simple matter of installing and running Malwarebytes Anti-Malware. That should fix the problem.
0
Use msconfig to disable non-microsoft services and all startup items and then restart. (Start -> Run -> type msconfig, hit enter - you may need to go into start menu properties and enable run)
After that you should be able to run any anti-spyware/malware program of your choice to remove the problem.
If that doesn't work then I suggest burning a copy of the Ultimate Boot CD to a CD and running the Avira Antivir Rescue System off of it to scan the hard drive and clean the system.
After that you should be able to run any anti-spyware/malware program of your choice to remove the problem.
If that doesn't work then I suggest burning a copy of the Ultimate Boot CD to a CD and running the Avira Antivir Rescue System off of it to scan the hard drive and clean the system.
0
Okay, update. I used the msconfig method and was able to install SUPERantispyware on her computer, where about it did a complete scan in diagnostic mode for msconfig and found 403 threats. Most of the threats were just the usual you would see on a neglected computer such as a bunch of tracking cookies and a bunch of adware stuff. It did find the main problem too which it registered as rouge antivirus. After the scan completed I had it remove everything found and did a restart back into normal windows mode.
After it restarted into normal windows the rogue virus was still there despite SUPERantispyware saying that it was successfully removed. So, I restarted into safe made where I did a scan again. It once again found the rouge antivirus, but everything else it had removed previously was still gone I had it remove the rouge again, restarted and instead of going back to normal mode I went back into safe mode and scanned again. This time nothing at all came up. So, I restarted into normal windows and to my surprise the virus was still there.
I'm guessing that either the virus is reinstalling itself somehow or the antivirus I am using isn't completely getting rid of it. The computer did run better at first, but when the rogue would start up it slowed to a crawl and I even attempted to scan in normal mode but it was moving far too slow. In the end I ran out of time and told her I would be back later. If you guys don't have anymore ideas I guess I will try the ultimate boot method that Nachbar suggested or perhaps I should try one of the other assortment of antivruses out there.
After it restarted into normal windows the rogue virus was still there despite SUPERantispyware saying that it was successfully removed. So, I restarted into safe made where I did a scan again. It once again found the rouge antivirus, but everything else it had removed previously was still gone I had it remove the rouge again, restarted and instead of going back to normal mode I went back into safe mode and scanned again. This time nothing at all came up. So, I restarted into normal windows and to my surprise the virus was still there.
I'm guessing that either the virus is reinstalling itself somehow or the antivirus I am using isn't completely getting rid of it. The computer did run better at first, but when the rogue would start up it slowed to a crawl and I even attempted to scan in normal mode but it was moving far too slow. In the end I ran out of time and told her I would be back later. If you guys don't have anymore ideas I guess I will try the ultimate boot method that Nachbar suggested or perhaps I should try one of the other assortment of antivruses out there.
0
Try Spybot Search and Destroy to remove it.
http://www.safer-networking.org/index2.html
The Malwarebytes that was listed earlier is good too.
http://www.safer-networking.org/index2.html
The Malwarebytes that was listed earlier is good too.
0
Some rogue spywares and such won't get removed on Safe mode, that's what happened to me with one rogue spyware which was blocking every single .exe from starting when you got into normal windows.
Vista with 512MB, that's crazy T___T
I used to scan registry stuff as well on the computer if it had some difficult spyware or a lot of threats, just to make sure there weren't any leftovers.
I suggest you try Nach's hint.
Malwarebytes does not work on safe mode either that well, meaning it might not remove even thou it would find the threat.
Vista with 512MB, that's crazy T___T
I used to scan registry stuff as well on the computer if it had some difficult spyware or a lot of threats, just to make sure there weren't any leftovers.
I suggest you try Nach's hint.
Malwarebytes does not work on safe mode either that well, meaning it might not remove even thou it would find the threat.
0
Hah I got one exactly like that. It cut off my internet access, modified some internal info so that .exes wouldn't work, and reinstalled itself whenever I tried to remove it. There was only this ONE anti malware that got rid of it. Malware doctor or whatever it was called. If I remember correctly, malwarebytes was the one that didn't work.
I'll note that even after successfully removing the virus whatever thing and making the .exes go back to normal, there were still some minor errors that remained. So I reinstalled my OS.
I'll note that even after successfully removing the virus whatever thing and making the .exes go back to normal, there were still some minor errors that remained. So I reinstalled my OS.
0
Doesn't matter anymore. I told her that honestly even if I get it fixed, it's still a really shitty computer. So, she went out and bought a new HP. It's much, much better and she is happy, so in end it's all good.
0
OMFG I got the same Prob on my laptop running Vista
I Used, Malwarebytes, Spybot, Hijackthis and Avira...it blocks everything from startup...Well it takes awhile until it blocks everything...Since i dont have any clue on what happened or whatever it was...I back up files then reformat...XD
I Used, Malwarebytes, Spybot, Hijackthis and Avira...it blocks everything from startup...Well it takes awhile until it blocks everything...Since i dont have any clue on what happened or whatever it was...I back up files then reformat...XD
0
xKei...x wrote...
OMFG I got the same Prob on my laptop running VistaI Used, Malwarebytes, Spybot, Hijackthis and Avira...it blocks everything from startup...Well it takes awhile until it blocks everything...Since i dont have any clue on what happened or whatever it was...I back up files then reformat...XD
I agree. Not much you can do if it has already infiltrated the system.