So I was uploading some crap to photobucket and suddenly I got the dreaded faux virus program "Antivir Solution Pro". I must have clicked on something. A bunch of other programs popped up asking if I wanted it to be fixed, but in their properties I could find nothing so I assume they too were part of the spyware program I could not access my webbrowser (telling me the exe was "infected") and I also could not access Avira (my anti-virus program). I shut the computer down. Should I start it in Safe Mode? I've never had something like this happen to me, and I hear this program is quite common.
Yup go in to safemode with networking and download malware bytes. Update it then run it. Malware bytes is pretty good at removing this type of malware. Make sure you don't have any USB drives plugged in to this computer, if you they are also infected with a autorun virus so make sure you don't plug them in to any other comptuers.
Okay, well I got windows into safe mode or "windows restoration mode" that was the only other option aside from regular start up... Anyways, while in restoration mode it told me it may remove recently installed programs. Once it booted up the Spyware did not startup (Antivir Solution Pro is supposed to start up right with windows) So I am thinking maybe it's gone... Either way, I am running Malware Bytes on it now. Does Malware Bytes actually remove malware or simply detect it?
Malware bytes will remove it. If it finds and removes something you will want to disable system restore, reboot, run the scan again, then if everything is clean turn system restore back on.
Sounds like you're on the right track. Avira has a high detection rate and Malwarebytes has an excellent track record in busting these rogue AV infections like smitfraud etc. In my experience, another great antispy prog is Superantispyware - it was great when I needed it 2 years ago anyhow, so try it if you suspect Malwarebytes missed anything. The important thing is that you scan in safe mode where some of the virus' defences are down, so to speak. Follow No Limit's advice regarding System Restore or you might find that the shitware will survive, inert, in a restore point. Hijackthis is a very handy utility if you need to go further, but all it really does is show you all the registry entries which are active on boot-up or general usage. It can erase any malicious entries for you, but you would need to identify them yourself or post a log. Don't just go taking potshots at your registry.
One thing I would just like to note on Hijack this is with many of the newer viruses out there you won't see any entry for it in hijackthis. Atleast that's been my experiance. I haven't used Superantispyware in a while since if malware bytes doesn't work I go the manual removal route but I would give a big thumbs up to that as well, even if the name does sound dumb.
Is it normal for internet browsers not to work in Safe mode? Just wondering if that's normal or a sign of the virus, because I got back from work and Malwarebytes was still at work and I couldn't use chrome or IE.
When you say you can't use it do you mean it won't start up or that it won't load websites? If you don't select "Safe mode with networking" Windows will not load any of the networking services and drivers. So no websites will load but IE or Chrome should still open. Malwarebytes will take at most around 2-4 hours to finish when doing a full scan. If it's taking longer than that and you don't have an insane amount of files on your hard drive then that sounds like an issue.
It won't load websites is all. Yeah, it's definitely taking longer than 4 hours (over 5 now). However I am doing a full scan on both C and D.... is it even necessary to do it on D?
It's a good idea to scan D as a lot of times these viruses will place a autorun.ini file pointing to a virus on the drive.
Alright, last night while it was scanning at some point it restarted my computer. Is this normal for Malwarebytes to do that after scanning? I believe somewhere I read that it is. Anyways, I check the Malwarebytes and it had no record or findings of any Malware in it's history. I started it up in regular windows mode and I have not seen signs of the Spyware. Still doing another scan.
It should not restart it automatically, it will prompt you for a reboot. Maybe windows update might have kicked in? If you don't see any weird ads and malwarebytes doesn't show anything you're probably good. Normally this virus will change google results to point to their sites, make sure that's not happening.
Yeah I got alot of shit yesterday too. Strange. Norton started to whack out and suddenly I had antimalware doctor or something telling me to scan shit and that my firewall was down. So I got Malwarebytes and I think that took care of it.
Be sure you guys update adobe reader and adobe flash, I would say well over 90% of these types of infections get in using one of those 2 programs.
I should mention that Antimalware doctor was the malware. Apperantly it scans your computer and gives alot of fake warnings, and you have to "purchase" it for it to remove them.
Hm, it appears only one bad result showed up in Malwarebytes. It's vendor is "Stolen.data" and it's \Windows\hook & Weight Fishing Setup Log. txt I should probably do one more scan.
So I got another one of these malware bugs, that starts up when I go into my account. I ran MalwareBytes twice in safemode, it found some stuff, I removed it, but the Malware is still there when I start up my account. Will Superantispyware do anything more? Any suggestions?
MalwareBytes is totally worthless in my opinion. (EDIT: not worthnothing, but worthless.) Just use Spybot S&D THIS TOO. In fact, that's what I use for other's computers. I've told time and again how to set up browsers to make you god damn invincible. You guys disappoint.
Well, I ran Spybot and Superantispyware. Got rid of the Malware that popped up on my screen every time, but I still have a weird ****ing problem- Every time I search google, and click on a link, it takes me to a random, unrelated website (different website every time). Should I reinstall my browsers? Run more scans?
What I do when fixing computers, is use taskmanager and google anything that doesn't seem right. It sounds like something my mother's computer was infected with. It's like searchhelper.exe or couponfinder or something. Once you google the thing, lots of results should show on how to get rid of it. This one wasn't too hard to get rid of, if I remember correctly. Expect to spend an hour at least. Also, check to see what you have installed in your browser. (toolbars/plugins). But definitely do check the taskmanager. Its funny because she also had the other malware you had - the one with the fake virus scan. I can tell you how to keep from getting these damn problems, but you won't probably like it.
tell meh, virus. Btw, I found this regarding the google thing, i'll try it out when i get back home- http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html
Well I followed most of those steps in the above link and it removed the weird google redirecting virus. Some other issues though, since I had to quarantine so much crap. Starting up my main account I get about a dozen errors for certain programs not working like my tablet drivers, java, windows live etc. Should I simply write all these programs down and then update them with the latest drivers? Also is there anything else I should check out in terms of my internet connection, just to be safe? Edit: Goddamit, its back
http://support.kaspersky.com/downloads/utils/tdsskiller.zip I just had a browser hijack today, this fixed it right up.
well that was completely useless, the google redirect virus is still there, all it did was leave me without a wireless connection (Connected to the house modem right now) Is there anything else I can do at this point or am I ****ed?
Yeah, they almost always hide in your recycler (which is hidden and protected), so they just come back. You can show hidden system files, and go in there in safe mode and delete it. I guess. Been a while. Some people disable volume recovery, so malware can't resurrect itself. I've only actually needed to recover once, and it didn't really produce great results. But if you can't reinstall for some reason, then you better leave it. - But you can delete any recovery volumes for now, and then create new ones after you squash this.
control panel>system>advanced system settings>[SYSTEM PROTECTION TAB]> Turn protection off (EDIT: Oh, by the way, those steps I listed are for Windows 7 Ultimate 64, your OS may vary) Not sure exactly what other steps you would take, so please do some research. When you delete the malware, apparently, it's got something in your hidden recovery volume that resurrects it. You said its back, right? I mean, it could hide anywhere really, but I'm guessing that's how it came back after you removed it.
I cant find any such thing under advanced system settings. Ugh, can't I just save some of my important files, and wipe my computer clean and start over? That almost seems like the best option at this point because nothing appears to working.
http://www.google.com/search?hl=en&...ry volume malware&aq=f&aqi=&aql=&oq=&gs_rfai= ...Of course you can reinstall if you want. In all honesty, that's what I would probably do if I was frustrated.
Reading a lot on how to go about this, one of the final instructions for doing a clean install is- "On the Where do you want to install Windows? page, select the partition where you want to install Windows." How will I know which Partition to install it on?
Have you installed Windows before? Do you have the install disc or just a recovery disc? - You would install Windows on the current Windows partition. (C drive) If you didn't create any extra partitions, then just install it on the hard disk that Windows is currently installed on. - Make sure to export your bookmarks, and such shit. The entire partition (or Hard disk, if you don't have any extra partitions) will be overwritten.
I never have installed windows. I have a "reinstallation" vista disc. I don't understand what you mean by this.
Are you for real? I'm not totally sure I understand your question. Windows gets written (installed) to a hard drive. To install it, you must choose where to put it (where to write it). You already have Windows installed somewhere, and you want to replace the old Windows installation. This is called overwriting. This is what you want to do. 'Re-install Windows' means: replacing the old Windows installation with a new one by overwriting. (NOTE all data on the partition or hard drive will be erased). Are we on the same page? It seems to me you are going to need some help in person. I can't teach you Computers 101. That's a 6 month class. EDIT: *There is a repair option, but I'm not really familiar with it. It's been about 5 years since I've used an OEM copy of Windows - and each manufacturer uses a slightly different interface for Windows repair. I think you just insert the 'Windows Vista reinstallation' disc (as you called it), and follow the onscreen prompts. Repair means: it will preserve all of your documents. However, you will need to reinstall any software. *There is also a backup option. This means that the malware (or any of your data) won't be erased, it will be moved to a backup folder. However, the malware needs registry entries in order to do its thing, so it will effectively be deactivated. So, if you choose to do a backup and new copy of Windows, then you should be safe - just scan your computer for malware and it should find anything and destroy it. Bottom line: I recommend you do the backup option. Insert the Windows Vista disc you have and reboot your computer. On reboot it should boot from the Vista DVD ROM. Select "backup Windows and install a new copy of Windows".
Alright, well I understand that. I overwrote the C drive only and it sent everything to a folder called "Windows old", assuming that is the backup folder you are talking about. However a few random things are still on my C Drive, like my System Shock 2 files.. I'm a bit concerned that it didn't put it with Windows old. Anyways, thanks and sorry for the trouble.