Anti-malware

rockcat

TCS Member
Thread starter
Top Cat
Joined
Nov 6, 2002
Messages
6,665
Purraise
18
Location
The Spacecoast
I was online looking at Google+ and my AVG popped up and said I had a threat. It identified the threat as coming from Wild angent games that my DH plays. (Well, not anymore.) Since then, the identity protection component of AVG is not active. The fix button does not fix it.

I tried to use Malwarebytes anti malware, but it closed 3 seconds after I started it. I uninstalled it and copied it from a different computer. The same thing happened the first time I tried to run it, but after that it will not even start to open. A pop up box says that windows cannot access it.

I uninstalled it again and renamed the one I still had on my jump drive from the other computer, thinking maybe I could trick whatever was preventing me from running it. That didn't work.

I downloaded Lavasoft Ad Ware to another computer and copied it onto mine with the jump drive. It installed and was several minutes into updating and then closed unexpectedly. I tried to reopen it, but a box pops up and says failed to connect to service.

I am so not a tech person. I am no longer accessing my email or bank account from this computer.

Any suggestions? If you reply, please be very descriptive as I really don't know what I'm doing.

Thanks in advance!
 

mrblanche

TCS Member
Veteran
Joined
Jan 28, 2008
Messages
12,578
Purraise
119
Location
Texas
What you have is a nasty little virus that is very hard to get rid of. If you're not tech savvy, you will likely have to do one of two things. You will either have to wipe your hard drive and do a full restore, or you will have to get a tech to remove the virus. I've done it, but it takes several hours and some tricky file work.

What is happening is that your virus is popping up a warning that you have a virus and trying to send you to a fake virusware web page to buy a fake program. It then has your money, and your ID info to max out your credit cards, or however you pay for it.

But it's a clever little program that stops Windows from running any program that might be an anti-virus program. And, should you happen to kill the program files that are doing it, there is a hidden program that re-installs it, giving it new, random names.

The virus loads when your computer boots up, and it's tough to get any virus-killer started before it starts up.

Here's an example of one such virus:

http://www.2-spyware.com/remove-xp-anti-virus-2011.html
 

rewboss

TCS Member
Young Cat
Joined
Oct 2, 2011
Messages
55
Purraise
1
Location
Lower Franconia, Germany
Ouchie. Sounds like a pretty bad infection.

One last thing you can try is a little application called HijackThis; you might also want to befriend a geeky nerd to help you with this, because although it's simple to use, understanding the results requires a bit of know-how.

Essentially, you install it and run it, and it spits out a load of information from the registry and a few other places. You then copy the results to your clipboard and consult Google for a HijackThis analyzer or a HijackThis forum. You paste the HijackThis log into an analyzer for an automated read-out which tells you what's running on your system and whether it thinks it looks dangerous; or you paste it to a forum post and wait for an expert to tell you what the problem might be.
 
  • Thread Starter Thread Starter
  • #4

rockcat

TCS Member
Thread starter
Top Cat
Joined
Nov 6, 2002
Messages
6,665
Purraise
18
Location
The Spacecoast
Ew. Well, thank you both. I was afraid it was bad.

I think my best bet is to wipe my hard drive and do the full restore. It's a home computer and I don't have much on there that I haven't backed up.

I have another (possibly silly) question. Is it possible that my jump drive is infected too? Since I've known of the virus I have not copied anything from the infected computer to the jump drive. I have copied anti virus programs from the jump drive to the computer though.
 

rewboss

TCS Member
Young Cat
Joined
Oct 2, 2011
Messages
55
Purraise
1
Location
Lower Franconia, Germany
Yes, it's definitely possible that your jump drive is infected.

I would consider reformatting the hard disk an absolute last resort. Apart from anything else, some of the nastier viruses -- known as "rootkits" -- will survive even that.
 

kluchetta

TCS Member
Top Cat
Joined
Apr 5, 2005
Messages
11,023
Purraise
30
Location
Golden, Colorado
http://www.howtogeek.com/57837/how-t...re-infections/

Is it this one? It's a PITA, but I removed it without wiping my hard drive. Unfortunately, it's on my laptop at home, but what I remember was having to login as an administrator, and upload a file. Think I did it with email as I didn't have a thumb drive at home. Let me know if you need help, I'll look through my email to see if I can get the EXACT instructions. Good luck!
 
  • Thread Starter Thread Starter
  • #7

rockcat

TCS Member
Thread starter
Top Cat
Joined
Nov 6, 2002
Messages
6,665
Purraise
18
Location
The Spacecoast
Originally Posted by rewboss

Yes, it's definitely possible that your jump drive is infected.
*bangs head on desk* Wow. Even though nothing went from the computer to the jump drive. That's where most of my back ups are.


Originally Posted by rewboss

Even though I would consider reformatting the hard disk an absolute last resort. Apart from anything else, some of the nastier viruses -- known as "rootkits" -- will survive even that.
I think I need a professional to take care of this for me. Thanks.
 
  • Thread Starter Thread Starter
  • #8

rockcat

TCS Member
Thread starter
Top Cat
Joined
Nov 6, 2002
Messages
6,665
Purraise
18
Location
The Spacecoast
Originally Posted by kluchetta

http://www.howtogeek.com/57837/how-t...re-infections/

Is it this one? It's a PITA, but I removed it without wiping my hard drive. Unfortunately, it's on my laptop at home, but what I remember was having to login as an administrator, and upload a file. Think I did it with email as I didn't have a thumb drive at home. Let me know if you need help, I'll look through my email to see if I can get the EXACT instructions. Good luck!
Similar. It could be a variation of it. My OS is Vista. If you still have it, I would like to look. Thank you.

I read some of the forum answers and over the last few months it looks increasingly difficult to remove.
 

kluchetta

TCS Member
Top Cat
Joined
Apr 5, 2005
Messages
11,023
Purraise
30
Location
Golden, Colorado
OK, I went to this site:

http://www.bleepingcomputer.com/viru...-security-2011

About halfway down the page, there's a title called:
Automated Removal Instructions for XP Anti-Virus 2011, Vista Total Security 2011, and Win 7 Home Security using Malwarebytes' Anti-Malware:

The thing that worked was the FixNCR.reg. I tried several other things, including HijackThis, and other types of programs, but that file was the one that fixed it.

And frankly, I don't recall doing anything past step 4. I don't think I ran the rkill program, and that was in June that I fixed that virus.

Good luck!!!!
 
  • Thread Starter Thread Starter
  • #10

rockcat

TCS Member
Thread starter
Top Cat
Joined
Nov 6, 2002
Messages
6,665
Purraise
18
Location
The Spacecoast
Originally Posted by kluchetta

OK, I went to this site:

http://www.bleepingcomputer.com/viru...-security-2011

About halfway down the page, there's a title called:
Automated Removal Instructions for XP Anti-Virus 2011, Vista Total Security 2011, and Win 7 Home Security using Malwarebytes' Anti-Malware:

The thing that worked was the FixNCR.reg. I tried several other things, including HijackThis, and other types of programs, but that file was the one that fixed it.

And frankly, I don't recall doing anything past step 4. I don't think I ran the rkill program, and that was in June that I fixed that virus.

Good luck!!!!
Thank you. I'm going to give it a shot.
 
Top