got this virus - currently on safe mode! Can't get rid! - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HUKD, you accept our cookie and privacy policy.
Get the HUKD app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

got this virus - currently on safe mode! Can't get rid!

GentleTouch Avatar
6y, 6m agoPosted 6 years, 6 months ago
antispyware soft its called
it acts and looks like an antivirus program and pretends that im under threat to try and make me buy it to get rid
Im on safe mode and running malwarebytes and keep deleting it, but then when i go on normal mode its back!?!?
and it keeps restarting my pc :S
how do i get rid? It was setting my internet settings onto proxy so i couldnt use the internet but i found out how to change that and im now on safe mode scanning again... i already had malwarebytes on my pc and it was recommended on this site too when i googled antispyware soft but it dont seem to be removing it because when i get off safe mode and back to normal its returned..
Doing my head in!!
Help please?
Other Links From Mode:
GentleTouch Avatar
6y, 6m agoPosted 6 years, 6 months ago
Options

All Comments

(50) Jump to unreadPost a comment
Comments/page:
Page:
#1
am so rubbish at this sort of thing - but wouldnt running ccleaner help?
banned#2
yep, had this, its called antivirus2010, and I too failed to remove in safemode with malwarebyts

was time to reinstall windows

(nope BB ccleaner wont do it, the best way WAS malwarebytes, but in my experience lately, it doesnt work)
banned#3
do a search for any strange files created today and delete them
run regedit and search for antivirus2010 deleting anything you find with that name
#4
jubbyme
yep, had this, its called antivirus2010, and I too failed to remove in safemode with malwarebyts

was time to reinstall windows

(nope BB ccleaner wont do it, the best way WAS malwarebytes, but in my experience lately, it doesnt work)


dcx_badass
Ccleaner deletes temp files and has nothing to do with virus and similar.



:oops: did say I was rubbish :oops:
#5
how? whats thepoint?
#6
whatsThePoint
do a search for any strange files created today and delete them
run regedit and search for antivirus2010 deleting anything you find with that name


thats what I meant to say :whistling:
banned#7
GentleTouch
how? whats thepoint?


run regedit from command promt, its in accessories
#8
i dont think its antivirus2010 its another one called antispyware soft google it. Its the same principle though, should i just search this instead?
#9
im on regedit now what? i see 5 files and computer
banned#10
GentleTouch
i dont think its antivirus2010 its another one called antispyware soft google it. Its the same principle though, should i just search this instead?


if malware bytes didnt do it, i think the game is up anyway, probably a new variant from the same company infecting your machine, messing with regedit, cleaning out files wont do a thing other than waste time
banned#11
look in system32 in the windows folder, select list by date so anything new comes up first
banned#12
GentleTouch
im on regedit now what? i see 5 files and computer


click on edit, then find
#13
system restore point. deppending when you last made a back up
#14
cant find windows folder?
#15
k im searching registry
banned#16
UKBloodHound
system restore point. deppending when you last made a back up


system restore points will be deleted by the nasty software, looks like the OP will be paying someone to redo windows for them
#17
UKBloodHound
system restore point. deppending when you last made a back up


http://support.microsoft.com/kb/306084
#18
jubbyme
system restore points will be deleted by the nasty software, looks like the OP will be paying someone to redo windows for them


no I won't
#19
jubbyme
system restore points will be deleted by the nasty software, looks like the OP will be paying someone to redo windows for them


shame i never had a virus of this type before
#20
jubbyme
system restore points will be deleted by the nasty software, looks like the OP will be paying someone to redo windows for them


would it still be deleted if in cmd?
#21
okay so a full malwarebytes scan detected nothing now, but probably when i change out of safe mode it will be back..
if worst comes to the worst then i'll get a new laptop cus this ones getting dated and crappy anyway
banned#22
UKBloodHound
would it still be deleted if in cmd?


yes, they are delete gone, its a right nasty begger!

files are locked cant delete, they also affect the ability to run ANY .exe file, (was a trick to do right click and run but they caught that too)
latest version specifically attacks malware bytes too, also blocks most websites, and blocks downloads

in short a right pest, and probably wouldnt trust the machine if i did get rid, best to reinstall
banned#23
just to make it a bit clearer
1 run regedit, then click edit, then find and search for the name of the virus
something else to try
2 go to computer, then drive C, open windows folder, then system32 folder, then click view and sort by date
check any files created today and delete dodgy ones
#24
whatsThePoint
just to make it a bit clearer
1 run regedit, then click edit, then find and search for the name of the virus
something else to try
2 go to computer, then drive C, open windows folder, then system32 folder, then click view and sort by date
check any files created today and delete dodgy ones


the only 1 created today is fntcache.dat 3581 kb? is that it?
quick google suggests its a virus. Have deleted, now shall i go onto windows properly and see what happens?
banned#25
GentleTouch
the only 1 created today is fntcache.dat 3581 kb? is that it?


don't think so, try looking in the windows folder for anything new
#26
whatsThePoint
don't think so, try looking in the windows folder for anything new


that was the only thing that was new and i googled it and its meant to be a virus.. ive deleted it. The last thing in there was about a week ago whereas that was today and seems strange since google suggests its a virus. Im going to get out of safe mode and see what happens.
BTW safe mode seems awfully fast compared to normal lol
banned#27
safe mode is a lot faster because no programs running in the background
#28
do i have the go ahead whatsthepoint? ;)
#29
to put into normal mode? after deleting that supposedly virus and malwarebytes now supposedly not detecting anything.
#30
On ipod
#31
Damn I think my whole pc is like nackerd tbh lol
#32
GentleTouch
Damn I think my whole pc is like nackerd tbh lol


install linux :p
#33
Still a genuine windows den the pan... Will I stil hav all ma files???
#34
It's gone but windows vista is fecked and I can only log onto administrator???
#35
I only quickly scanned but have you used a virus scanner, AVG is free btw
#36
Check this out mate

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-2010

http://www.2-spyware.com/remove-antivirus-2010.html

Also superantispyware is pretty good, need any other help then feel free to message me.

Oh and by the way it is best to stay disconnected from the internet while doing scans etc, as that might make it worse.
#37
As the virus has crippled Windows, running a scan whilst using Windows is ineffective. The virus will be clever and reinstall itself if removed and maybe even try and stop you from opening your anti virus at all. The answer is to run a scan from outside the 'realm' of Windows - use a Linux based anti-virus boot disk to scan your Windows partition externally. That way the virus won't be running at the time of the scan (Windows won't even be loaded) and therefore it can't interfere with your efforts to remove it.

My mate had something similar on his laptop and the only way I could get rid of it was downloading the Bitdefender anti-virus boot disk (http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/), burning it to a CD and loading the computer up from the CD (http://www.hiren.info/pages/bios-boot-cdrom).
I loaded up the disk, plugged the laptop into the router (so I could update the virus definitions online), did the update, ran the scan and it got rid of it.

Few months later my brother had the same thing. I just couldn't get rid of it and we had to reinstall Windows.

Bottom line is that this virus is a real mean mother.. and getting rid of it isn't going to be an easy job so save yourself the stress and get a professional in if my suggestions above sound too daunting. Don't let them fob you off with a reformat/re-installation of Windows unless you know they have exhausted other options too, btw.
#38
The difficulties faced with removing these sort of viruses are:

1. They cloak themselves as they are encrypted in self extracting executables, hence NO virus checkers can detect them.
2. They modify entry points in System DLL files (or even replace them) and virus checkers cannot heal them since the System DLL may well be locked by the OS. This can be fixed using sfc /scannow in the command prompt.
3. Even if system files are cleaned with sfc /scannow, separate processes will respawn and damage will occur again. The process may well be another modified entry point in a DLL or a process in Windows startup.
4. Certain services may also respawn the malevolent processes.
5. Even if your machine appears to be clean, there's no guarantee that other process exists but lie dormant, ready for the next attack.

Your data files may or may not be safe. Certain documents can contain scripts which can respawn processes (Word documents for example). Other documents can use unused bits as clandestine data for malevolent programs. In your case, it is unlikely that this is the case though. A Windows Vista repair install (note: this is NOT the same as Repair Windows from mRecovery Console) can repair system files (see http://www.vistax64.com/tutorials/88236-repair-install-vista.html) but you will need to ensure startup processes are completely disabled. I still feel that carrying out all this would still be a losing battle and a complete reinstall may transpire to be the best method (it is usually quicker and easier than spending hours fighting a losing cause).
#39
oldmanhouse
As the virus has crippled Windows, running a scan whilst using Windows is ineffective. The virus will be clever and reinstall itself if removed and maybe even try and stop you from opening your anti virus at all. The answer is to run a scan from outside the 'realm' of Windows - use a Linux based anti-virus boot disk to scan your Windows partition externally. That way the virus won't be running at the time of the scan (Windows won't even be loaded) and therefore it can't interfere with your efforts to remove it.

My mate had something similar on his laptop and the only way I could get rid of it was downloading the Bitdefender anti-virus boot disk (http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/), burning it to a CD and loading the computer up from the CD (http://www.hiren.info/pages/bios-boot-cdrom).
I loaded up the disk, plugged the laptop into the router (so I could update the virus definitions online), did the update, ran the scan and it got rid of it.

Few months later my brother had the same thing. I just couldn't get rid of it and we had to reinstall Windows.

Bottom line is that this virus is a real mean mother.. and getting rid of it isn't going to be an easy job so save yourself the stress and get a professional in if my suggestions above sound too daunting. Don't let them fob you off with a reformat/re-installation of Windows unless you know they have exhausted other options too, btw.


You beat me to it - uncannily similar to my post.
#40
My advice, don't visit porn sites.

This will drastically reduce, if not eliminate, the possibility of picking up a STD.

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!