Help me, I got a virus attack

I am now in safe mode. After I follow steps 1-4, in step 5 it says:

"5. Download an automatic removal tool from this page and run a full system scan. Or download it form alternative location."

So, I clicked the "Download remover for AV Security Suite", and then it says:

"Before you download: run a free scan for Windows error", and tehn when I clicked that it asks me to run "registry".

Should I click that?

Btw, I am so sorry for typing slowly, and whether it disturbs you??

I mean, it porbably will take long.. as it is now 4:40 AM, I will sleep in half an hour, becasue I have to go to uni tmorrow (I mean today), but I will check back this thread in the afternoon, in case you also have to do other activities.

Thanks a lot for your help!

So I click "registry", yes...?

 

Log in or Sign up to hide all adverts.

Ok, I will do this...

 

Log in or Sign up to hide all adverts.

I figured that I have to follow step by step, so I am now running "registry booster"..

very sleepy.. >.<

 

Log in or Sign up to hide all adverts.

NOOOOOOOOO...

registry tools do way more harm then good. why not sleep, run your superantivirus and macefee in safemode without networking, but do them in a complete scan

 

It says 892 registry error founds! There is ana option:

* purchase now
* try 15 registries..

I think I am lost... no hope

Please Register or Log in to view the hidden image!

I will continue in the afternoon..

I appreciate your help, I have to logout first now, otherwise i cannot work whole day, and I figure it will take long..??

Gppd night, thanks

Please Register or Log in to view the hidden image!

Please Register or Log in to view the hidden image!

 

?? Oh, I already clicked registry, because when it says "Thank you for downloading Spyware Doctor", then there was nothing. I don't know where to find what I download and run it.. and I though I had to do that??

yes, I guess I will sleep first, I will check back thsi thread in th afternoon. I now first sleep until at least 9 AM, then go to uni, then I will check back after lunch.

Ok, see you later, thanks for your tiem, good night!

 

yeah spy ware doctor is another fake program...

be here tomorrow, we will get this all fixed.

and night..

 

On step five it says "Download an automatic removal tool from this page and run a full system scan. Or download it from alternative location." The highlighted portion of that is a direct link to the Av Suite removal tool that they are recommending. It's a direct link to Spyware Doctor.

Spyware Doctor is well reviewed on CNET. http://download.cnet.com/Spyware-Doctor-2010/3000-8022_4-10293212.html Edit: reading the reviews implies it won't remove malware unless you buy the pay version. Get Malware Bytes instead.

Malware Bytes has an even higher rating, http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop but either should get the job done.

 

Here is a link to a malware removal forum where someone is still having problems with AV Suite even after running Malware Bytes, http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=51872

Hopefully you won't have to resort to such advanced measures.

 

If you want to stop micro-fixing the problem and just get things working again...put your Windows Install disk in your drive...boot from it. After it loads from disc try either the 'system restore' option, or you can just re-install windows WITHOUT LOSING YOUR FILES by following the very simple commands on the disc.

If you don't have a disc, press your system restore button which a lot of new companies put in their computers.

If you don't have either because you stole Windows, you get what you pay for.

 

There actually isn't a whole lot to this piece of malware. It's not as if it's some sort of mass-corruption of the OS where drastic measures need to be taken. It's just one folder with the executable and a couple of startup values in the boot options. For the most part, the malware simply intercepts/blocks a few user-click-events, disables a couple of other processes (like whatever real AV software you have installed) and spams them with stupid messages

The way I generally get rid of this is to boot into safe mode, and run MSCONFIG. The last times I looked, I remember there were a couple of processes in the service tab that needed to be disabled, and they were easy to spot because they had a stupid name (like randomly generated strings almost). Last time, they looked something like "cXldx46GLd".
After these are unchecked, windows boots like normal and no more fake AV. Assuming you haven't already located and deleted the files (should be the one folder with the fake AV executable and a few back-door objects somewhere), then running any legit anti-spyware program will find them and delete them for you.

As far as what programs to keep installed on your machine, I think the standards are Ad-Aware, Malwarebytes, and AVG.

.....of course, Kira appears to be one of those users that installs all kinds of dodgy stuff , so there's bound to be other weird startup processes listed. If she paid me to work on her machine, she'd get it back and probably wonder why her "Bonzai Buddy system tray weather widget" stopped working

Please Register or Log in to view the hidden image!

 

domesticated om: I agree that the specific trojan is relatively easy to fix, as a general rule of thumb after 2 pages in a thread (or an hour on the phone) if they haven't figured out how to remove it through micro-processes (fix msconfig / fix registry etc...) then they will never get it until they figure out how a computer works. In that instance I usually tell them to smash a fly with a mallet and instruct them how to just reinstall Windows without losing their files entirely.

I was tempted to instruct her on how to create a bootable anti-virus such as Kapersky which is actually easier to most people than fixing the actual computers settings manually. The problem is every shmuck 'computer wizard' on the planet has "Software which will solve every problem!" and suggests it.

I'll go on a little rant here... my sister was in college and had her own computer really for the first time with constant internet. She clicked on a bunch of garbage and got virii galore. Because she was a girl, and because every guy WoW_Geek in her dorm was a "computer expert" they all installed their anti-virus software, some of which I determined to be virii themselves. One guy even installed Apple Safari...wtf? It took me 2 hours to get rid of all of the conflicting registries and nonsense modified dll library. I simply installed privoxy and set up the proxy for her.

That being said; I can't blame kira or others, the BONZI Monkey is really cute.

 

Kira

I picked up something like this last winter. It was installed via a compromised website and other people did not get infected, and I was getting re-infected each time I visited the site (the site operators were having a time of it, getting the download link off their site).

On Repomans link, #69 some of the things I had to do are listed there.

http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=51872

www.bleepingcomputer.com is another site for searching for fixes.

TDSSKiller found stuff and fixed it. But I still had issues.

Reading a few places, I found that my version of Java was out of date and a security risk that this malware sometimes used as part of its invasion of a system.

I removed Java from my system. Did not put a newer version of Java on. Still had some issues (malwarbytes scan was finding pieces of this on my pc each boot up).

I went in and found folders and pics left on my system from the java uninstall. I removed those pieces and thats when it stopped.

My computer ran fine without Java and a it was a few weeks before I found a reason to re-install a new version of Java.

 

Hello everybody,

I appreciate very much all of your suggestions! However, as I am not savvy on it, I am afraid that I'll do mistake in doing suggested instructions. Therefore, I have decided to bring my PC to the shop where I bought it, I still have the guarantee paper which is valid for 2 years (still have one more year guarantee). I'll ask those guys do it for me and save myself from headache

Please Register or Log in to view the hidden image!

. I hope I don't have to pay (much)!

Anyway, thanks again, I think I am too old to learn this kind of thing

Please Register or Log in to view the hidden image!

I can still use my office computer and my netbook temporarily while my pc is repaired.

Thanks again for your time, and I really mean it! ;-)

 

The simplest method to disable the malware is to actually use a System Restore point prior to when it started to become a problem. This will cause your Registry to be "repaired" with an older copy, this however doesn't remove the rogue files from your system so you could be open to reinfection if the file is accidentally triggered.

So it's a good idea to have an antivirus program do a scan once you've run a system restore.

To do this, enter safemode:
(Boot, and either press F8 when the text for it appears or hold the CTRL key after the initial keyboard check has been complete)
Pick Safemode with Command prompt
Once loaded type in the commandline interface:
rstrui.exe and press enter

(link)

Try to pick a Restore point that is recentish, but not so recent it had the virus/malware.

 

Not everyone has to know how to do everything; different people have different skills. But don't use age as an excuse - I'm 44, and didn't get my first computer until I was 35. But yes, if you are uncomfortable with the idea of trying the suggestions here, by all means take it in. For help in preventing future malware infestations, ask what anti virus/anti malware software they recommend. McAfee seems to have a poor reputation these days, and hasn't seemed to help you much. Of the free anti virus products, Microsoft Security Essentials seems to have a good reputation, and is what I've been putting on the computers I build for friends and family for a while now.