Help- Spyware/Virus attack.

Discussion in 'Hardware & Software' started by ZT, Aug 4, 2010.

  1. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    So I was uploading some crap to photobucket and suddenly I got the dreaded faux virus program "Antivir Solution Pro". I must have clicked on something.

    A bunch of other programs popped up asking if I wanted it to be fixed, but in their properties I could find nothing so I assume they too were part of the spyware program
    I could not access my webbrowser (telling me the exe was "infected") and I also could not access Avira (my anti-virus program).

    I shut the computer down. Should I start it in Safe Mode? I've never had something like this happen to me, and I hear this program is quite common.
  2. No Limit Party Escort Bot

    Member Since:
    Sep 14, 2003
    Message Count:
    9,114
    Trophy Points:
    80
    Yup go in to safemode with networking and download malware bytes. Update it then run it. Malware bytes is pretty good at removing this type of malware.

    Make sure you don't have any USB drives plugged in to this computer, if you they are also infected with a autorun virus so make sure you don't plug them in to any other comptuers.
  3. kdub70 Hunter

    Member Since:
    Jan 15, 2010
    Message Count:
    89
    Trophy Points:
    20
    Location:
    Kentucky
    yeah that about all you can do good luck
  4. No Limit Party Escort Bot

    Member Since:
    Sep 14, 2003
    Message Count:
    9,114
    Trophy Points:
    80
    You can actually do alot more, but this is a good start.
  5. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    Okay, well I got windows into safe mode or "windows restoration mode" that was the only other option aside from regular start up...

    Anyways, while in restoration mode it told me it may remove recently installed programs. Once it booted up the Spyware did not startup (Antivir Solution Pro is supposed to start up right with windows) So I am thinking maybe it's gone... Either way, I am running Malware Bytes on it now. Does Malware Bytes actually remove malware or simply detect it?
  6. No Limit Party Escort Bot

    Member Since:
    Sep 14, 2003
    Message Count:
    9,114
    Trophy Points:
    80
    Malware bytes will remove it.

    If it finds and removes something you will want to disable system restore, reboot, run the scan again, then if everything is clean turn system restore back on.
  7. Stormy Companion Cube

    Member Since:
    Aug 7, 2003
    Message Count:
    3,905
    Trophy Points:
    92
    also try hijackthis
  8. Laivasse Companion Cube

    Member Since:
    Feb 3, 2005
    Message Count:
    4,851
    Trophy Points:
    94
    Sounds like you're on the right track. Avira has a high detection rate and Malwarebytes has an excellent track record in busting these rogue AV infections like smitfraud etc. In my experience, another great antispy prog is Superantispyware - it was great when I needed it 2 years ago anyhow, so try it if you suspect Malwarebytes missed anything.

    The important thing is that you scan in safe mode where some of the virus' defences are down, so to speak. Follow No Limit's advice regarding System Restore or you might find that the shitware will survive, inert, in a restore point.

    Hijackthis is a very handy utility if you need to go further, but all it really does is show you all the registry entries which are active on boot-up or general usage. It can erase any malicious entries for you, but you would need to identify them yourself or post a log. Don't just go taking potshots at your registry.
  9. No Limit Party Escort Bot

    Member Since:
    Sep 14, 2003
    Message Count:
    9,114
    Trophy Points:
    80
    One thing I would just like to note on Hijack this is with many of the newer viruses out there you won't see any entry for it in hijackthis. Atleast that's been my experiance.

    I haven't used Superantispyware in a while since if malware bytes doesn't work I go the manual removal route but I would give a big thumbs up to that as well, even if the name does sound dumb.
  10. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    Is it normal for internet browsers not to work in Safe mode? Just wondering if that's normal or a sign of the virus, because I got back from work and Malwarebytes was still at work and I couldn't use chrome or IE.
  11. No Limit Party Escort Bot

    Member Since:
    Sep 14, 2003
    Message Count:
    9,114
    Trophy Points:
    80
    When you say you can't use it do you mean it won't start up or that it won't load websites? If you don't select "Safe mode with networking" Windows will not load any of the networking services and drivers. So no websites will load but IE or Chrome should still open.

    Malwarebytes will take at most around 2-4 hours to finish when doing a full scan. If it's taking longer than that and you don't have an insane amount of files on your hard drive then that sounds like an issue.
  12. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    It won't load websites is all.

    Yeah, it's definitely taking longer than 4 hours (over 5 now). However I am doing a full scan on both C and D.... is it even necessary to do it on D?
  13. No Limit Party Escort Bot

    Member Since:
    Sep 14, 2003
    Message Count:
    9,114
    Trophy Points:
    80
    It's a good idea to scan D as a lot of times these viruses will place a autorun.ini file pointing to a virus on the drive.
  14. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    Alright, last night while it was scanning at some point it restarted my computer. Is this normal for Malwarebytes to do that after scanning? I believe somewhere I read that it is.

    Anyways, I check the Malwarebytes and it had no record or findings of any Malware in it's history. I started it up in regular windows mode and I have not seen signs of the Spyware. Still doing another scan.
  15. No Limit Party Escort Bot

    Member Since:
    Sep 14, 2003
    Message Count:
    9,114
    Trophy Points:
    80
    It should not restart it automatically, it will prompt you for a reboot. Maybe windows update might have kicked in?

    If you don't see any weird ads and malwarebytes doesn't show anything you're probably good. Normally this virus will change google results to point to their sites, make sure that's not happening.
  16. Rizzo Tank

    Member Since:
    Jan 2, 2006
    Message Count:
    5,397
    Trophy Points:
    50
    Location:
    Meh
    Yeah I got alot of shit yesterday too. Strange. Norton started to whack out and suddenly I had antimalware doctor or something telling me to scan shit and that my firewall was down. So I got Malwarebytes and I think that took care of it.
  17. No Limit Party Escort Bot

    Member Since:
    Sep 14, 2003
    Message Count:
    9,114
    Trophy Points:
    80
    Be sure you guys update adobe reader and adobe flash, I would say well over 90% of these types of infections get in using one of those 2 programs.
  18. Rizzo Tank

    Member Since:
    Jan 2, 2006
    Message Count:
    5,397
    Trophy Points:
    50
    Location:
    Meh
    I should mention that Antimalware doctor was the malware. Apperantly it scans your computer and gives alot of fake warnings, and you have to "purchase" it for it to remove them.
  19. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    Hm, it appears only one bad result showed up in Malwarebytes. It's vendor is "Stolen.data" and it's \Windows\hook & Weight Fishing Setup Log. txt


    I should probably do one more scan.
  20. kineaesth Moderate

    Member Since:
    Dec 14, 2006
    Message Count:
    306
    Trophy Points:
    15
    Location:
    central
    Foxit Foxit Foxit
  21. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    So I got another one of these malware bugs, that starts up when I go into my account.

    I ran MalwareBytes twice in safemode, it found some stuff, I removed it, but the Malware is still there when I start up my account.

    Will Superantispyware do anything more? Any suggestions?
  22. VirusType2 Newbie

    Member Since:
    Feb 3, 2005
    Message Count:
    18,519
    Trophy Points:
    0
    Location:
    USA
    MalwareBytes is totally worthless in my opinion. (EDIT: not worthnothing, but worthless.)

    Just use Spybot S&D

    THIS TOO. In fact, that's what I use for other's computers.

    I've told time and again how to set up browsers to make you god damn invincible. You guys disappoint.
  23. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    Well, I ran Spybot and Superantispyware. Got rid of the Malware that popped up on my screen every time, but I still have a weird ****ing problem-

    Every time I search google, and click on a link, it takes me to a random, unrelated website (different website every time). Should I reinstall my browsers? Run more scans?
  24. VirusType2 Newbie

    Member Since:
    Feb 3, 2005
    Message Count:
    18,519
    Trophy Points:
    0
    Location:
    USA
    What I do when fixing computers, is use taskmanager and google anything that doesn't seem right. It sounds like something my mother's computer was infected with. It's like searchhelper.exe or couponfinder or something.

    Once you google the thing, lots of results should show on how to get rid of it. This one wasn't too hard to get rid of, if I remember correctly. Expect to spend an hour at least.

    Also, check to see what you have installed in your browser. (toolbars/plugins). But definitely do check the taskmanager.

    Its funny because she also had the other malware you had - the one with the fake virus scan.


    I can tell you how to keep from getting these damn problems, but you won't probably like it.
  25. Leviathan Newbie

    Member Since:
    Sep 2, 2010
    Message Count:
    15
    Trophy Points:
    0
    Reformat!
  26. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
  27. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    Well I followed most of those steps in the above link and it removed the weird google redirecting virus.

    Some other issues though, since I had to quarantine so much crap. Starting up my main account I get about a dozen errors for certain programs not working like my tablet drivers, java, windows live etc.
    Should I simply write all these programs down and then update them with the latest drivers?

    Also is there anything else I should check out in terms of my internet connection, just to be safe?

    Edit: Goddamit, its back
  28. Vegeta897 The Freeman

    Member Since:
    Jan 12, 2004
    Message Count:
    26,519
    Trophy Points:
    194
    Location:
    These Open Fields
  29. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    That program didn't find anything, already tried it.

    I may have to do this step.

    [IMG]
  30. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    well that was completely useless, the google redirect virus is still there, all it did was leave me without a wireless connection (Connected to the house modem right now)

    Is there anything else I can do at this point or am I ****ed?
  31. VirusType2 Newbie

    Member Since:
    Feb 3, 2005
    Message Count:
    18,519
    Trophy Points:
    0
    Location:
    USA
    Yeah, they almost always hide in your recycler (which is hidden and protected), so they just come back.

    You can show hidden system files, and go in there in safe mode and delete it. I guess. Been a while.


    Some people disable volume recovery, so malware can't resurrect itself. I've only actually needed to recover once, and it didn't really produce great results. But if you can't reinstall for some reason, then you better leave it.

    - But you can delete any recovery volumes for now, and then create new ones after you squash this.
  32. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    I am sorry but I dont understand what any of this means D:
  33. VirusType2 Newbie

    Member Since:
    Feb 3, 2005
    Message Count:
    18,519
    Trophy Points:
    0
    Location:
    USA
    control panel>system>advanced system settings>[SYSTEM PROTECTION TAB]>


    Turn protection off

    (EDIT: Oh, by the way, those steps I listed are for Windows 7 Ultimate 64, your OS may vary)

    Not sure exactly what other steps you would take, so please do some research.

    When you delete the malware, apparently, it's got something in your hidden recovery volume that resurrects it. You said its back, right? I mean, it could hide anywhere really, but I'm guessing that's how it came back after you removed it.
  34. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    I cant find any such thing under advanced system settings.

    Ugh, can't I just save some of my important files, and wipe my computer clean and start over? That almost seems like the best option at this point because nothing appears to working.
  35. VirusType2 Newbie

    Member Since:
    Feb 3, 2005
    Message Count:
    18,519
    Trophy Points:
    0
    Location:
    USA
  36. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    Reading a lot on how to go about this, one of the final instructions for doing a clean install is-

    "On the Where do you want to install Windows? page, select the partition where you want to install Windows."

    How will I know which Partition to install it on?
  37. VirusType2 Newbie

    Member Since:
    Feb 3, 2005
    Message Count:
    18,519
    Trophy Points:
    0
    Location:
    USA
    Have you installed Windows before?

    Do you have the install disc or just a recovery disc?

    - You would install Windows on the current Windows partition. (C drive) If you didn't create any extra partitions, then just install it on the hard disk that Windows is currently installed on.

    - Make sure to export your bookmarks, and such shit. The entire partition (or Hard disk, if you don't have any extra partitions) will be overwritten.
  38. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    I never have installed windows. I have a "reinstallation" vista disc.

    I don't understand what you mean by this.
  39. VirusType2 Newbie

    Member Since:
    Feb 3, 2005
    Message Count:
    18,519
    Trophy Points:
    0
    Location:
    USA
    Are you for real? I'm not totally sure I understand your question.

    Windows gets written (installed) to a hard drive. To install it, you must choose where to put it (where to write it). You already have Windows installed somewhere, and you want to replace the old Windows installation. This is called overwriting. This is what you want to do.

    'Re-install Windows' means: replacing the old Windows installation with a new one by overwriting. (NOTE all data on the partition or hard drive will be erased).

    Are we on the same page?

    It seems to me you are going to need some help in person. I can't teach you Computers 101. That's a 6 month class.

    EDIT:

    *There is a repair option, but I'm not really familiar with it. It's been about 5 years since I've used an OEM copy of Windows - and each manufacturer uses a slightly different interface for Windows repair.

    I think you just insert the 'Windows Vista reinstallation' disc (as you called it), and follow the onscreen prompts. Repair means: it will preserve all of your documents. However, you will need to reinstall any software.


    *There is also a backup option. This means that the malware (or any of your data) won't be erased, it will be moved to a backup folder. However, the malware needs registry entries in order to do its thing, so it will effectively be deactivated.

    So, if you choose to do a backup and new copy of Windows, then you should be safe - just scan your computer for malware and it should find anything and destroy it.


    Bottom line: I recommend you do the backup option. Insert the Windows Vista disc you have and reboot your computer. On reboot it should boot from the Vista DVD ROM. Select "backup Windows and install a new copy of Windows".
  40. ZT The Freeman

    Member Since:
    Mar 15, 2007
    Message Count:
    17,487
    Trophy Points:
    124
    Alright, well I understand that. I overwrote the C drive only and it sent everything to a folder called "Windows old", assuming that is the backup folder you are talking about. However a few random things are still on my C Drive, like my System Shock 2 files.. I'm a bit concerned that it didn't put it with Windows old.

    Anyways, thanks and sorry for the trouble.