Urgent cant get rid of virus on computer

bernardben · 17 Feb 2010 at 11:48

This started a few weeks ago and only got worse yesterday, i can't open anything on my computer because it keeps popping up with a security tool warning saying that i must buy security tool to get rid of the viruses it is saying i have many viruses on my computer including worms the background on my computer has turned red and it won't let me access any of my virus software to get rid of it but i can access other websites but it just always pops up asking me if i want to continue unprotected
Thanks for any help given.

Ps, im unsure if this was posted under the correct topic and if so, im sorry.

div0 · 17 Feb 2010 at 11:55

What Anti-virus program do you have?

What Anti-malware programs do you have?

Try booting into Safe Mode (press F8 during startup).

Try renaming any anti-malware or anti-virus programs to something like test.exe and see if they will run then.

If possible scan in full with:

MalwareBytes
SuperAntiSpyware
Spybot Search+Destroy
Avira or Avast AntiVirus

Once you've removed the worst of the infections, turn off System Restore (as the infection will most likely have buried itself in a Restore Point and will keep coming back) - reboot into Safe Mode again and re-scan in full again.

Or - assuming you have things backed up, then just format and re-install - it'll be quicker and easier.

bledd · 17 Feb 2010 at 11:59

sorry for the copy/paste, but do this

bledd. said:
disable system restore
remove your 'av'
run ccleaner slim http://www.ccleaner.com/download/builds/downloading-slim
run nod32 trial http://www.eset.com/download/free_trial_download_int.php
run mbam http://www.malwarebytes.org/mbam-download.php
run spybot http://fileforum.betanews.com/download/Spybot-Search-Destroy/1043809773/1

still screwed?
run combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix

following this, stop going to bad sites etc

use firefox http://www.mozilla-europe.org/en/firefox/
install this addon for firefox https://addons.mozilla.org/en-US/firefox/addon/1865

when firefox opens following the restart, tick the 'Easylist' subscription

Now remove the NOD32 trial and spybot and install Microsoft Security Essentials

combofix is great

div0 · 17 Feb 2010 at 12:04

bledd. said:
combofix is great

That it is!

Although not necessarily the easiest piece of software to use. But it has done the job when I was given a heavily infected PC to clean up, when nothing else was able to remove a particularly stubborn problem.

theheyes · 17 Feb 2010 at 12:06

If you tell us exactly what the fake AV is called, "Antivirus 2009" or whatever, there is probably a specific tool out there to get rid of it.

scoopex · 17 Feb 2010 at 12:10

I used the guide below to get rid off the virus off a friends laptop.

http://www.softsailor.com/how-to/13...ternet-security-2010-virus-removal-guide.html

VeNT · 17 Feb 2010 at 12:35

Calneon · 17 Feb 2010 at 13:10

VeNT said:

It's so true. I've been on Vista for a few years and had no viruses at all.

SiriusB · 17 Feb 2010 at 13:52

Even on XP it was easy to avoid viruses if you took proper precautions. Expecially with SP2 and 3.

PR. · 17 Feb 2010 at 14:33

Sounds like the virus we've had on a few machines at work, in fact I'm cleaning one up at the moment.

We've been using TrendAV which is worse than useless, and has let machines get infected, so it's been a case of installing our new NOD32 stuff running a full scan to clear out the virus then using a regfix to repair the EXE association to stop reinfection. I've also started blocking EXE files from running under the C:\Documents and Settings\%username% which should also help to reduce the chances of infection

Because the users are all standard the virus never leaves the users local profile so it's not been too hard to sort out.

This is the regkey I've been using

Code:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

*Urgent* cant get rid of virus on computer

Urgent cant get rid of virus on computer