Damm virus

[Kennysevenfold]

Got some virus by the name of "antivirus soft" that is supposidly scanning my computer to clean it
it keeps shutting down task manager and msconfig. how can i get rid of it?
have MSE installed and scanning but finds nothing.!

Help please

 

[SexyGreyFox]

Boot into Safe Mode.
Open up Windows Explorer and first of all look for EXE files in the root of the C: drive that look like they shouldn't be there (look for the date which will give you a good idea).

Open up the Windows directory and look for EXE files that have have been added in the last couple of days (when the virus started)

Open up system 32 directory and look for similar.

Now you need to look inside any Temp directories and delete everything especially any EXE's that have gone in (I have 3 Temp directories).

Download a prog called STARTER and look for programs that look like they shouldn't be there eg c:\windows\taskmanager.exe or c:\windows\system32\msconfig.exe (these should not load on startup) and delete.

I've become quite good at this.

 

[SiriusB]

Use CCleaner and check what is loading at startup. Anything suspicious/dont recognise make a note of it and then disable/delete it.

Reboot and see if it goes away. If it does, find the file(s) the entry was pointing to and nuke.

*waits for bledd to copy and paste*

 

[Kennysevenfold]

Sorted

Cheers big man

Much appreciated.!

 

[SiriusB]

Damn

 

[bledd]

Probably worth running through this lot too

sorry for the copy/paste, but do this

disable system restore
remove your 'av'
run ccleaner slim http://www.ccleaner.com/download/builds/downloading-slim
run nod32 trial http://www.eset.com/download/free_trial_download_int.php
run mbam http://www.malwarebytes.org/mbam-download.php
run spybot http://fileforum.betanews.com/download/Spybot-Search-Destroy/1043809773/1


still screwed?
run combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix


following this, stop going to bad sites etc

use firefox http://www.mozilla-europe.org/en/firefox/
install this addon for firefox https://addons.mozilla.org/en-US/firefox/addon/1865

when firefox opens following the restart, tick the 'Easylist' subscription



Now remove the NOD32 trial and spybot and install Microsoft Security Essentials

combofix is great

 

[tonyf1971]

you haven't said what OS your running, if it's x64 Combofix wont work.

You have a Rouge AV,if your 32bit 7,vista or xp Combofix will work

I would recommend running Hitman pro trial, followed by MalwareBytes as your first two ports of call

Hitman Pro scans are fast and uses multi tiered AV engines(Nod, Avira, Prev X etc) all in the cloud, and Malware Bytes is one of the best for removing rouges

http://www.surfright.nl/en/downloads

 

[Kennysevenfold]

Yeah its vista 64.

Will go over the steps you said bladd and tony just to make sure


Cheers.

 

[JEL8]

You might find this guide useful http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft

 

[SexyGreyFox]

Yeah its vista 64.

Will go over the steps you said bladd and tony just to make sure


Cheers.

Don't forget to look for those files in the folders I specified.
They are named to 'normal' EXE's like outlook.exe, taskmanager.exe and so on and others may be something like 325674378.exe but the date is always a giveaway.