Ahhhhhh %^&*_)(&&^^

[STClurker]

so for some reason my wife decided to use my computer. she went on facebook (which I never do (really I don't, I seem to be one of the few people that don't) because I don't care for the whole idea of it)

anyway now my laptop has a virus. its some stupid security program that says it gets rid of viruses...well is freaking IS a virus. not being to computer savvy there isn't much I can do about it. any computer savvy types here that can give me some simple ideas? it won't let me do anything at all. apparently (according to it) everything is infected except the website that is trying to get me to pay for it.

ohhh well, I'll just commandeer the wifes computer until she fixes mine


just noticed I didn't put this in free parking, could a mod move it please

 

[ket-tek]

Reboot tapping f8 during the initial load screens and you will get a menu, select safe mode w/ networking.

This will load windows into a safety mode not loading uneeded processes. try to get to the web then. If you can try these couple scanners.

Adaware
spybot search and destroy
malwarebites

If you still cannot use the web in safe mode use another computer to get these programs and copy them to a usb stick or cd, then boot into safe mode without networking, and then run them..

If all fails use safe mode to copy all your data, pictures, documents, etc you want to keep onto a usb drive or cd and do a fresh windows install or use the manufacture recovery disc that came with the pc. It's the best full proof way to clean the pc out.

As mentioned ccleaner is helpful too, and avg is the best free antivirus out there. Paid for norton, mcafee, and symantec products are junk and cause more problems than they fix, and slow your pc to a crawl. but it's too late for a antivirus at this point.

 

[ket-tek]

No matter what tools you try to run, do them in safe mode.

 

[robertlynk]

They also hide in your restore file. Down load avast run it then turn off the restore app run avast and the turn restore back on or try restore to the restore point before she used your computer

 

[scott37300]

I had this happen also, was googling something and clicked on a link from google and it popped up, nothing dirty it just was a link to a virus.

I"m not to computer savvy either so it took me a couple hours to fix it. To fix it I googled(yes the thing that got me the virus!) what it was saying and how to fix it and finally found a program that fixed it. I had to try a bunch of things before actually getting it off the computer. I believe the program had malware or something similar in it's name and was a free program. Can't remember the exact name.

 

[ket-tek]

I believe the program had malware or something similar in it's name and was a free program. Can't remember the exact name.

likely was malwarebytes as it's one of best out there.. though there is no best solution free or not. well a fresh windows install is actually the best solution and it's free

 

[Shadowdog500]

I had one like that a few years ago, the only program that I found that would remove it permanently was called "spy no more" .

Good luck, I know it ***** to have a virus like that.

Chris

 

[aqr81]

Many of us have experienced similar results from inexperienced users clicking yes to the wrong question. I wish those b@$turds could be prosecuted for their actions!! It takes time and causes frustration even for those of us that know what we are doing....even worse, costs money to fix for those that need help. That's just wrong!!

 

[ulev1st]

I had the same thing called "Security Suite"....it said I had to download their fix..I googled "security suite virus" and there were a couple of links that had COMPLETE line by line , step by step instructions for the computer idiot...I followed them and it worked.

 

[compman25]

Malwarebytes and Superantispyware are your best bets, and both are free.

 

[rodm1]

Trash Windows, burn and install or just run from disk Ubuntu. You will never have to worry about getting infected again.

http://www.ubuntu.com/desktop/get-ubuntu/download

 

[spencejm]

If you know for sure when she got the virus the easiest thing to do is to do a system restore from an earlier date. In my experience (supporting about 600 computers) nothing will reliably get rid of this stupid thing. I've spent hours trying to clean them and usually just wound up reimaging. Doing a system restore is the quickest and easiest way to go.

Joe

 

[babzog]

Best thing I've used is avast antivirus, free for home use. Keeps my systems safe. I've also got windows defender running but it's never given me an alert - guess avast is doing a good job. I also only run the file system monitor in avast - it can monitor email, web traffix, im traffic, etc but in the end, it all comes down to files on disk, so I just run the one. I also don't click on strange emails and links... if I didn't request it or recognize it, it's deleted.

 

[Strouty]

Buy a Macbook

 

[ddawg16]

She most likely got a window that said "Your system is infected with a virus. Press the Clean button to fix". Or something like that...clicking the clean button installs the virus.....

There was a lawsuit against a Russian company for basically infecting computers and then charging people to clean it....

NEVER NEVER press the close button or any other type of button on a window...click on the X or just do Alt-F4.

 

[strelnik]

Reboot tapping f8 during the initial load screens and you will get a menu, select safe mode w/ networking.

This will load windows into a safety mode not loading uneeded processes. try to get to the web then. If you can try these couple scanners.

Adaware
spybot search and destroy
malwarebites

If you still cannot use the web in safe mode use another computer to get these programs and copy them to a usb stick or cd, then boot into safe mode without networking, and then run them..

If all fails use safe mode to copy all your data, pictures, documents, etc you want to keep onto a usb drive or cd and do a fresh windows install or use the manufacture recovery disc that came with the pc. It's the best full proof way to clean the pc out.

As mentioned ccleaner is helpful too, and avg is the best free antivirus out there. Paid for norton, mcafee, and symantec products are junk and cause more problems than they fix, and slow your pc to a crawl. but it's too late for a antivirus at this point.

My son caused me the same problem. What I did:

Go on the wife's computer and download the free version of Malwarebytes on her computer.
Open it up and out the opened up version on her CD

Start your PC on safe mode using the F8 key then put the CD in.
Load the Malwarebytes in safe mode onto your PC. Then run it.

Hope that works, good luck!

PS I never get on things like Facebook, there's more viruses there than maybe anywhere else because of all the kids fooling around.

It's like leaving bored 13 year olds in your workshop!

 

[STClurker]

ok it seems to be working again, just just did a system restore from a few days ago so hopefully all should be well.

thanks for the advice all, now just to pick out a good anti virus program.

Strelnik: I hear you on the facebook thing, I've told my wife a dozen times "DO NOT GO ON FACEBOOK ON MY COMPUTER!" so one of the few times that she does, this happens

 

[Keep]

Combofix is your friend.

You can try malwarebytes, ccleaner, spybot...etc..etc.etc. Combofix will fix things that those cannot, like rootkits and all the other nasties.

www.bleepingcomputer.com

I use this at work on the machines that users love clicking "yes" on.

 

[Art From De Leon]

I had the same thing, only mine seems to have come from a youtube video. The virus eliminated my internet connection. I sent the video to my wife's computer, and it fked hers up also, she took it to Office Depot, and they cleaned out the virus and didn't charge her anything, me, I had the computer people I use send out a technician and he fixed everything, and installed the "new and improved" version of Norton for a grand total, including trip time of $157 dollars. So far so good.

 

[e-tek]

She most likely got a window that said "Your system is infected with a virus. Press the Clean button to fix". Or something like that...clicking the clean button installs the virus.....

There was a lawsuit against a Russian company for basically infecting computers and then charging people to clean it....

NEVER NEVER press the close button or any other type of button on a window...click on the X or just do Alt-F4.

Between you and Torque1st, I'm always amazed at the depth of your respective knowledge bases. Is there anything you guys DON'T know?

 

[Keep]

I had the same thing, only mine seems to have come from a youtube video. The virus eliminated my internet connection. I sent the video to my wife's computer, and it fked hers up also, she took it to Office Depot, and they cleaned out the virus and didn't charge her anything, me, I had the computer people I use send out a technician and he fixed everything, and installed the "new and improved" version of Norton for a grand total, including trip time of $157 dollars. So far so good.

That is your first problem, dump Norton and half your problems will go away, the Free AVG is better then Norton. I just switched all of our 100+ systems away from Norton (to Kaspersky) I was spending more time removing things Norton should have caught then anything else.

 

[STClurker]

Best thing I've used is avast antivirus, free for home use. Keeps my systems safe.

I just tried that on my laptop, while it found a few problems, when I went to open firefox (or even IE) the screen wouldn't show anything. I uninstalled it and things are back to "normal")

 

[babzog]

I just tried that on my laptop, while it found a few problems, when I went to open firefox (or even IE) the screen wouldn't show anything. I uninstalled it and things are back to "normal")

Weird. I've been using for years now with no such problem.

 

[May Pop]

This happened to me today, and I've heard that this virus also has affected some major sites. I currently have Norton 360 Antivirus, and after phoning them, I paid a fee to have a technician remotely remove it from my computer. Norton is now inundated with calls on this issue and what should of been a 10 minute wait from the first responder to the technician who was going to correct this problem, became a 1 1/2 hour on hold wait to get someone's help. I did hear from the Norton tech., that it could of come in through facebook also. There is a way to get it fixed, but it's gonna take some time. Good luck.
Ron

 

[61Tbird]

ok it seems to be working again, just just did a system restore from a few days ago so hopefully all should be well.

thanks for the advice all, now just to pick out a good anti virus program.

The system restore is what I had to do 3 months ago.
A few too many "Oat Sodas" one night,I opened up IE by mistake(I run Firefox)and instant Virus.
Did a search of the Virus (Paladin) and that's how I learned the Sys Restore trick.

I run Malwarebytes,Adaware and Spybot and have NO problems.

 

[tdkkart]

I had the same thing, only mine seems to have come from a youtube video. The virus eliminated my internet connection. I sent the video to my wife's computer, and it fked hers up also, she took it to Office Depot, and they cleaned out the virus and didn't charge her anything, me, I had the computer people I use send out a technician and he fixed everything, and installed the "new and improved" version of Norton for a grand total, including trip time of $157 dollars. So far so good.

That is your first problem, dump Norton and half your problems will go away, the Free AVG is better then Norton. I just switched all of our 100+ systems away from Norton (to Kaspersky) I was spending more time removing things Norton should have caught then anything else.

This happened to me today, and I've heard that this virus also has affected some major sites. I currently have Norton 360 Antivirus, and after phoning them, I paid a fee to have a technician remotely remove it from my computer. Norton is now inundated with calls on this issue and what should of been a 10 minute wait from the first responder to the technician who was going to correct this problem, became a 1 1/2 hour on hold wait to get someone's help. I did hear from the Norton tech., that it could of come in through facebook also. There is a way to get it fixed, but it's gonna take some time. Good luck.
Ron

You've already paid for Norton and you PAY them to remove something manually that their program shouldn't have let on your system in the first place??? WTF????

Norton is a major cluster that insists on having it's fingers in every operation of your computer. You practically have to feed you system ExLax to free it up again. Every computer I've ever worked on that had Norton worked better after it was removed.

I've been using free AVG with excellent results.

 

[Tom McDermott]

Had this one Saturday. It appears to have come from an infected JPEG.
This virus actively kills or fakes out many antivirus software tools and windows utilities.

This virus is particularly nasty in that it is really 3 viruses in one:

Fraud.Sysguard
Virtumonde.prx
Trojan.Hiloti

The first one hijacks your web browser by setting up a fake proxy and redirecting all traffic to your loopback port and a special socket 127.0.0.1:5555 . This completely bypasses the Spybot Immunize function. It also prevents Spybot from updating and makes you think Spybot is working normally. It also kills Autoruns, task manager, and malwarebytes. You have to run a malicious process killer first before you update and run antivirus tools. Current version of McAfee, and Malwarebytes don't yet know about this one. It appears it was launched late Friday so that it had all weekend to spread before the antivirus companies could start work on it on Monday. As of Saturday evening, only the currently updated version of Spybot knows about it (of the ones I tried).

I had to boot into safe mode to kill it's autostartup (multiple entries). Also had to fix 3 registry entries (deleting the fake proxy server) for Internet Explorer before that could come back online.

I read somewhere that it appears to have originated in the Phillipines.

The current version of Spybot (1.6.2.46 with updates from Friday I think) will delete Virtumonde.prx, but you may have to run it 3 times. If Spybot says that there is no update available WITHOUT LETTING YOU SELECT THE UPDATE SITE, then the virus may have control of Spybot and it's not doing what you think. I found a copy of the current Spybot updates packaged as a file that could be downloaded and installed without Spybot actually running.

Hiloti leaves time bombs on your system that will reactive later on if you don't remove all the copies of it. It also hijacks GOOGLE webpages and redirects them elsewhere. So if you are searching for virus fixes, it takes you to other places instead of the real ones. It spontaneously launches IE8 to go look for and download viruses. The current version of malwarebytes (4595) will eradicate it BUT ONLY IF you've sucessfully killed the malicious processes. A program called rkill.com will kill malicious processes until the next reboot, so run rkill.com before running malwarebytes.
It might also work OK if run from safemode - not sure.

Hiloti also captures keystrokes and steals passwords. Change all your high value passwords (from a known non-infected computer)!!!

-- Tom

 

[RPH]

MS essentials is free and works quite well. Caught the fraud one that nailed me.

 

[Tom McDermott]

Be very careful with MS essentials in this specific case. I read (but cannot confirm) that the virus exactly emulates the MS essentials screen and hijacks the link to the real one so you end up running the virus not the actual MS essential.

-- Tom