got this virus - currently on safe mode! Can't get rid!

50 replies
Found 30th May 2010
antispyware soft its called
it acts and looks like an antivirus program and pretends that im under threat to try and make me buy it to get rid
Im on safe mode and running malwarebytes and keep deleting it, but then when i go on normal mode its back!?!?
and it keeps restarting my pc
how do i get rid? It was setting my internet settings onto proxy so i couldnt use the internet but i found out how to change that and im now on safe mode scanning again... i already had malwarebytes on my pc and it was recommended on this site too when i googled antispyware soft but it dont seem to be removing it because when i get off safe mode and back to normal its returned..
Doing my head in!!
Help please?

50 Comments

am so rubbish at this sort of thing - but wouldnt running ccleaner help?

Banned

yep, had this, its called antivirus2010, and I too failed to remove in safemode with malwarebyts

was time to reinstall windows

(nope BB ccleaner wont do it, the best way WAS malwarebytes, but in my experience lately, it doesnt work)

Banned

do a search for any strange files created today and delete them
run regedit and search for antivirus2010 deleting anything you find with that name

jubbyme;8727952

yep, had this, its called antivirus2010, and I too failed to remove in … yep, had this, its called antivirus2010, and I too failed to remove in safemode with malwarebytswas time to reinstall windows(nope BB ccleaner wont do it, the best way WAS malwarebytes, but in my experience lately, it doesnt work)



dcx_badass;8727959

Ccleaner deletes temp files and has nothing to do with virus and similar.




:oops: did say I was rubbish :oops:

Original Poster

how? whats thepoint?

whatsThePoint;8727962

do a search for any strange files created today and delete themrun … do a search for any strange files created today and delete themrun regedit and search for antivirus2010 deleting anything you find with that name



thats what I meant to say :whistling:

Banned

GentleTouch;8727971

how? whats thepoint?



run regedit from command promt, its in accessories

Original Poster

i dont think its antivirus2010 its another one called antispyware soft google it. Its the same principle though, should i just search this instead?

Original Poster

im on regedit now what? i see 5 files and computer

Banned

GentleTouch;8727986

i dont think its antivirus2010 its another one called antispyware soft … i dont think its antivirus2010 its another one called antispyware soft google it. Its the same principle though, should i just search this instead?



if malware bytes didnt do it, i think the game is up anyway, probably a new variant from the same company infecting your machine, messing with regedit, cleaning out files wont do a thing other than waste time

Banned

look in system32 in the windows folder, select list by date so anything new comes up first

Banned

GentleTouch;8727992

im on regedit now what? i see 5 files and computer



click on edit, then find

system restore point. deppending when you last made a back up

Original Poster

cant find windows folder?

Original Poster

k im searching registry

Banned

UKBloodHound;8728012

system restore point. deppending when you last made a back up



system restore points will be deleted by the nasty software, looks like the OP will be paying someone to redo windows for them

UKBloodHound;8728012

system restore point. deppending when you last made a back up



]http//su…084

Original Poster

jubbyme;8728024

system restore points will be deleted by the nasty software, looks like … system restore points will be deleted by the nasty software, looks like the OP will be paying someone to redo windows for them



no I won't

jubbyme;8728024

system restore points will be deleted by the nasty software, looks like … system restore points will be deleted by the nasty software, looks like the OP will be paying someone to redo windows for them



shame i never had a virus of this type before

jubbyme;8728024

system restore points will be deleted by the nasty software, looks like … system restore points will be deleted by the nasty software, looks like the OP will be paying someone to redo windows for them



would it still be deleted if in cmd?

Original Poster

okay so a full malwarebytes scan detected nothing now, but probably when i change out of safe mode it will be back..
if worst comes to the worst then i'll get a new laptop cus this ones getting dated and crappy anyway

Banned

UKBloodHound;8728039

would it still be deleted if in cmd?



yes, they are delete gone, its a right nasty begger!

files are locked cant delete, they also affect the ability to run ANY .exe file, (was a trick to do right click and run but they caught that too)
latest version specifically attacks malware bytes too, also blocks most websites, and blocks downloads

in short a right pest, and probably wouldnt trust the machine if i did get rid, best to reinstall

Banned

just to make it a bit clearer
1 run regedit, then click edit, then find and search for the name of the virus
something else to try
2 go to computer, then drive C, open windows folder, then system32 folder, then click view and sort by date
check any files created today and delete dodgy ones

Original Poster

whatsThePoint;8728048

just to make it a bit clearer1 run regedit, then click edit, then find … just to make it a bit clearer1 run regedit, then click edit, then find and search for the name of the virussomething else to try2 go to computer, then drive C, open windows folder, then system32 folder, then click view and sort by datecheck any files created today and delete dodgy ones



the only 1 created today is fntcache.dat 3581 kb? is that it?
quick google suggests its a virus. Have deleted, now shall i go onto windows properly and see what happens?

Banned

GentleTouch;8728052

the only 1 created today is fntcache.dat 3581 kb? is that it?



don't think so, try looking in the windows folder for anything new

Original Poster

whatsThePoint;8728064

don't think so, try looking in the windows folder for anything new



that was the only thing that was new and i googled it and its meant to be a virus.. ive deleted it. The last thing in there was about a week ago whereas that was today and seems strange since google suggests its a virus. Im going to get out of safe mode and see what happens.
BTW safe mode seems awfully fast compared to normal lol

Banned

safe mode is a lot faster because no programs running in the background

Original Poster

do i have the go ahead whatsthepoint?

Original Poster

to put into normal mode? after deleting that supposedly virus and malwarebytes now supposedly not detecting anything.

Original Poster

On ipod

Original Poster

Damn I think my whole pc is like nackerd tbh lol

GentleTouch;8728129

Damn I think my whole pc is like nackerd tbh lol



install linux

Original Poster

Still a genuine windows den the pan... Will I stil hav all ma files???

Original Poster

It's gone but windows vista is fecked and I can only log onto administrator???

I only quickly scanned but have you used a virus scanner, AVG is free btw

Check this out mate

]http//ww…010

]http//ww…tml

Also superantispyware is pretty good, need any other help then feel free to message me.

Oh and by the way it is best to stay disconnected from the internet while doing scans etc, as that might make it worse.

As the virus has crippled Windows, running a scan whilst using Windows is ineffective. The virus will be clever and reinstall itself if removed and maybe even try and stop you from opening your anti virus at all. The answer is to run a scan from outside the 'realm' of Windows - use a Linux based anti-virus boot disk to scan your Windows partition externally. That way the virus won't be running at the time of the scan (Windows won't even be loaded) and therefore it can't interfere with your efforts to remove it.

My mate had something similar on his laptop and the only way I could get rid of it was downloading the Bitdefender anti-virus boot disk (techmixer.com/fre…st/), burning it to a CD and loading the computer up from the CD (hiren.info/pag…rom).
I loaded up the disk, plugged the laptop into the router (so I could update the virus definitions online), did the update, ran the scan and it got rid of it.

Few months later my brother had the same thing. I just couldn't get rid of it and we had to reinstall Windows.

Bottom line is that this virus is a real mean mother.. and getting rid of it isn't going to be an easy job so save yourself the stress and get a professional in if my suggestions above sound too daunting. Don't let them fob you off with a reformat/re-installation of Windows unless you know they have exhausted other options too, btw.

The difficulties faced with removing these sort of viruses are:

1. They cloak themselves as they are encrypted in self extracting executables, hence NO virus checkers can detect them.
2. They modify entry points in System DLL files (or even replace them) and virus checkers cannot heal them since the System DLL may well be locked by the OS. This can be fixed using sfc /scannow in the command prompt.
3. Even if system files are cleaned with sfc /scannow, separate processes will respawn and damage will occur again. The process may well be another modified entry point in a DLL or a process in Windows startup.
4. Certain services may also respawn the malevolent processes.
5. Even if your machine appears to be clean, there's no guarantee that other process exists but lie dormant, ready for the next attack.

Your data files may or may not be safe. Certain documents can contain scripts which can respawn processes (Word documents for example). Other documents can use unused bits as clandestine data for malevolent programs. In your case, it is unlikely that this is the case though. A Windows Vista repair install (note: this is NOT the same as Repair Windows from mRecovery Console) can repair system files (see vistax64.com/tut…tml) but you will need to ensure startup processes are completely disabled. I still feel that carrying out all this would still be a losing battle and a complete reinstall may transpire to be the best method (it is usually quicker and easier than spending hours fighting a losing cause).

oldmanhouse;8728397

As the virus has crippled Windows, running a scan whilst using Windows is … As the virus has crippled Windows, running a scan whilst using Windows is ineffective. The virus will be clever and reinstall itself if removed and maybe even try and stop you from opening your anti virus at all. The answer is to run a scan from outside the 'realm' of Windows - use a Linux based anti-virus boot disk to scan your Windows partition externally. That way the virus won't be running at the time of the scan (Windows won't even be loaded) and therefore it can't interfere with your efforts to remove it.My mate had something similar on his laptop and the only way I could get rid of it was downloading the Bitdefender anti-virus boot disk (http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/), burning it to a CD and loading the computer up from the CD (http://www.hiren.info/pages/bios-boot-cdrom).I loaded up the disk, plugged the laptop into the router (so I could update the virus definitions online), did the update, ran the scan and it got rid of it. Few months later my brother had the same thing. I just couldn't get rid of it and we had to reinstall Windows.Bottom line is that this virus is a real mean mother.. and getting rid of it isn't going to be an easy job so save yourself the stress and get a professional in if my suggestions above sound too daunting. Don't let them fob you off with a reformat/re-installation of Windows unless you know they have exhausted other options too, btw.



You beat me to it - uncannily similar to my post.

My advice, don't visit porn sites.

This will drastically reduce, if not eliminate, the possibility of picking up a STD.
Post a comment
Avatar
@
    Text
    Top Discussions
    1. Just heard this...2 ★★★★★★★★★★★★★★ congrats to all on 392k ★★★★★★★★★★★★★★7769543
    2. Add one, leave one game54415458
    3. Meerkat Movies (2 for 1 Cinema Codes) | Official Trading Thread428214657
    4. I want to talk about the WEATHER no politics no religion19247654

    See more discussions