Just got hit by nasty virus!

opethdisciple

opethdisciple

opethdisciple

Soldato
Joined
18 May 2010
Posts
23,678
Location
London
First time for a long time that I have been hit by a virus.

The last thing I need after a long day at work and a hard gym session.

Virus is your typical "Platinum Security" software installation.

Problem is, it has deactivated all my security software and stops any .exe or .dll from loading or running.

I tried to install malewarebytes from usb, it blocks it, I tried downloading calmwin usb version to get round the fact it blocks all installations, nope blocks that as well.

Any ideas?

Think if I reformat (which I'm planning too) I might give mse a go this time considering AVG has let me down in epic fashion!

MSE is just antivirus right, I still need a firewall?

Can you still deactivate temporarily whilst gaming?
 
Google hirens boot disc. It will boot into a cutdown version of XP from CD (maybe from a USB) and give you access to a whole range of antivirus and spyware.
 
PapaLazaru said:
Have you tried stopping the process using rkill? It may try and block it but I find the .scr one works best. Once it has stopped the process you can run Mbam.

http://www.bleepingcomputer.com/download/rkill/
Click to expand...

This sounds like what I need.

Not sure how this virus managed to get on my system. Was just going a google image search, I noticed that something was bogging down the system, AVG popped up saying it detected a Trojan and blocked it, next thing i know it closes all my windows, all my security software and loads this bs security software, telling me i have been infected!
 
Copy this into notepad

Code: 
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]

[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]

[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOT\secfile]

Save it as a .reg file, merge that and you should be able to run .exes again. After that in safemode you should be able to run whichever AV programs you like again.
 
Might sound silly, but have you tried booting into safemode? From there you should be able to run Malwarebytes. At least I could when my friend got something similar.
 
I had a similar virus, tracked it down, booted into command prompt and removed the executables from there then cleaned up the registry and ran a good old scan.
 
xb8browney said:
AVG is free for a reason. Maybe consider buying something like Eset, Kaspersky or Norton.
Click to expand...

They make a ton of money from the free product. They're paid by download.com to drive traffic to their site.

opethdisciple said:
Not sure how this virus managed to get on my system. Was just going a google image search, I noticed that something was bogging down the system, AVG popped up saying it detected a Trojan and blocked it, next thing i know it closes all my windows, all my security software and loads this bs security software, telling me i have been infected!
Click to expand...

Unpatched browser/plug-ins.
 
KIA said:
They make a ton of money from the free product. They're paid by download.com to drive traffic to their site.



Unpatched browser/plug-ins.
Click to expand...

Im quite anal about having a fully patched up/uptodate system.

I might switch to MSE, although AVG, has been great for many many years. Saved me many times when this sort of thing happend.

This time tho, it got through and installed, even though AVG detected it, and I choose to move the file to the vault (what you have to do before deleting it) but it still instaleld its self and shut down all my security.

Do you think MSE will do a better job?
 
Last edited:
opethdisciple said:
Im quite anal about having a fully patched up/uptodate system.

I might switch to MSE, although AVG, has been great for many many years. Saved me many times when this sort of thing happend.

This time tho, it got through and installed, even though AVG detected it, and I choose to move the file to the vault (what you have to do before deleting it) but it still instaleld its self and shut down all my security.
Click to expand...

Do you run Java? Before last night, being up-to-date wasn't good enough. Do you run Win7 with UAC enabled?

You should definitely consider enabling interactive plug-in mode.

Chrome: Settings > Advanced settings > Content settings > Plug-ins > Click to play
Firefox: about:config in your URL bar and then search for and enable the plugins.click_to_play

Great protection against Drive-by malware attacks.
 
KIA said:
Do you run Java? Before last night, being up-to-date wasn't good enough. Do you run Win7 with UAC enabled?

You should definitely consider enabling interactive plug-in mode.

Chrome: Settings > Advanced settings > Content settings > Plug-ins > Click to play
Firefox: about:config in your URL bar and then search for and enable the plugins.click_to_play

Great protection against Drive-by malware attacks.
Click to expand...

Good advice. I do unforutunalty use java, as I need it for some programs.

Will defo disable it in firefox after I reinstall O.S.

Will take a look at the click to play thing.
 
You must log in or register to reply here.
Back
Top Bottom