Sign in with
Sign up | Sign in
Your question
Closed

Virus from hell

Last response: in Antivirus / Security / Privacy
Share
December 17, 2011 4:45:37 AM

I say from hell because this would be my first real virus that has been difficult to remove. For those who are not aware I will spare the details on what this virus does when the PC is infected. I have been working on my sisters Windows 7 Home Premium laptop for days now. Long story short a CPU fan replacement turned in to a full maintenance & cleanup. 3 low lever users, 2 are teenagers you can imagine what I was met with, not to mention it was used and there was still that ladies leftover goodies too.

I was met with the Win 7 Internet security 2012 Virus. I am not sure if had I successfully fixed it like these instruction say if I would be here still with an issue. I will explain what happened.

The last step on these instructions is to do a Malwarebytes scan and then remove and reboot. Well sometime during the scan the laptop froze on me, no screen no response. I knew I was screwed. I had to do a hard power down.

When I rebooted (even know the instructions specifically say reboot only after you remove the virus from MWB's. Well when I turned laptop back on the errors and false Win 7 Internet security 2012 messages stopped. Somehow I took this as it having successfully removing the culprit. But I was till met with redirecting of search engines to websites. So I knew I still had it.

I have ran this and many similar versions of this removal tutorial and each time I am met with a laptop that will not boot. It just gets caught in a constant loop. The only fix is to do a System restore.

The only thing I have tried which I just read on Toms Hardares malware removal thread is to run CCleaner Registry fix after. I will try this now, but wanted to leave this here just in case it doesn't work.

Thank you in advance!

More about : virus hell

a b 8 Security
December 17, 2011 4:47:35 AM

Do not do a System restore. It will be infected as well.
Score
0
December 17, 2011 5:16:17 AM

Simple, Remove fake antivirus found here: http://freeofvirus.blogspot.com/2009/05/remove-fake-ant...

Then run super anti spyware found here:
http://www.superantispyware.com/portablescanner.html

The problem with malware bytes being run first is that the fake antivirus is still running in the background which makes it almost impossible to remove. You need to run removefakeantivirus which locates and force stops the registries of the virus. This wont remove it, this will just let you scan with a program and remove it.

Best of luck hope this helps.
Score
0
Related resources
December 17, 2011 5:38:04 AM

Quote:
Do not do a System restore. It will be infected as well.



I have already, like 3 times now. Otherwise I cannot boot. SO are you saying the virus is lingering in the restore files? How do I fix that. I am hopin if the registry fix does the trick and it reboots fine I will do another MWB's scan and then I can clear the Restore files after.

Will it work?
Score
0
December 17, 2011 5:40:00 AM

Quote:
Simple, Remove fake antivirus found here: http://freeofvirus.blogspot.com/2009/05/remove-fake-ant...

Then run super anti spyware found here:
http://www.superantispyware.com/portablescanner.html

The problem with malware bytes being run first is that the fake antivirus is still running in the background which makes it almost impossible to remove. You need to run removefakeantivirus which locates and force stops the registries of the virus. This wont remove it, this will just let you scan with a program and remove it.

Best of luck hope this helps.


Super AntiSPyware, Malwarebtyes, Adware, SpyBot (which I do have Spybot loaded) Aren't they are the same? Can I just do Spybot instead?
Score
0
a b 8 Security
December 17, 2011 5:42:38 AM

Similar tools, different in detection and quality of protection.
Score
0
December 17, 2011 5:48:39 AM

Quote:
I would run #1 and than #2 @ Simple and free guide to removing malware



Thanks, I will try this method. As I can see it seems that the one major difference is that I run CClenaer Reg fix at the end. Also the steps I used have a FixNCR.reg fix and a RKill utility along with iExplorer that I guess should automatically attempt to stop any processes associated with Win 7 Internet Security 2012 and other Rogue programs.

What about the restore files, should I wipe these out when I am finally finished?
Score
0
a b 8 Security
December 17, 2011 5:55:34 AM

CClenaer Reg fix at the end.

Its just a cleaner.

What about the restore files, should I wipe these out when I am finally finished?

Stand by : )
Score
0
a b 8 Security
December 17, 2011 6:01:49 AM

This topic has been moved from the section Windows 7 to section Applications by Nikorr
Score
0
December 17, 2011 3:03:41 PM

nikorr said:
CClenaer Reg fix at the end.

Its just a cleaner.

What about the restore files, should I wipe these out when I am finally finished?

Stand by : )


Sorry, I am still not getting the answer I need; what about my issues restarting after I clean the virus. How do I fix this?
Score
0
December 19, 2011 7:13:27 PM

I was able to get it to boot in safe-mode after booting to command and running Bootsec.exe FixMbr. After this I ran a program to extract the License key and I downloaded a Windows 7 ios and reinstalled using her Windows 7 license key

I hated to have to cop out like that but I need to warp this up.
Score
0
March 4, 2012 6:55:08 PM

What I do with the FAKE win7 anti-virus virus is as soon as I boot. I don't wait to start pressing CTRl+Alt+delete to kill the random three letter.exe process. Then I would go into user\appdata\local and delete the random three letter file. do a registry clean with cCleaner reboot and run a full scan with malwarebytes and get back to computing.

Good luck
Score
0
a b 8 Security
March 4, 2012 6:58:11 PM

This topic has been closed by Area51reopened
Score
0
!