Virus asking me to purchase
Solved/Closed
ihatetechnology
Posts
1
Registration date
Sunday February 28, 2010
Status
Member
Last seen
February 28, 2010
-
Feb 28, 2010 at 07:04 AM
Kina - Apr 1, 2011 at 09:30 AM
Kina - Apr 1, 2011 at 09:30 AM
Related:
- Virus asking me to purchase
- Steam purchase history - Guide
- Goose virus - Download - Other
- Ntuser.dat virus - Guide
- Can jpg have virus - Guide
- Attrib - r-h-s /s /d *.* virus - Viruses & Security Forum
4 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Feb 28, 2010 at 07:34 AM
Feb 28, 2010 at 07:34 AM
Hello,
Sorry to say but your computer has been infected by a rogue type trojan which in effect is a scam which seems to spread like wildfire.
This trojan is running processes which must be stopped before proceeding with a clean-up.
Please try downloading the following two applications from the infected computer, if the virus won't allow you to download you will need to download from another computer and save them to a USB key, Flash drive or other memory device.
Download Process Explorer
http://live.sysinternals.com/procexp.exe
Download Malwarebyte:
Close Process Explorer.
download MalwareBytes anti-malware:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Please transfer both applications to the infected computer's desktop.
Once downloaded and tranfered to your desktop, please let me know and I shall give you further instructions to desinfect your computer.
Since you hate technology, you may wish step by step instructions for transfering the files to your desktop, let me know.
Hang on we will crush the Trojan Horse!
P.S. I will ask a moderator to transfer this thread from Software to Security/viruses
Sorry to say but your computer has been infected by a rogue type trojan which in effect is a scam which seems to spread like wildfire.
This trojan is running processes which must be stopped before proceeding with a clean-up.
Please try downloading the following two applications from the infected computer, if the virus won't allow you to download you will need to download from another computer and save them to a USB key, Flash drive or other memory device.
Download Process Explorer
http://live.sysinternals.com/procexp.exe
Download Malwarebyte:
Close Process Explorer.
download MalwareBytes anti-malware:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Please transfer both applications to the infected computer's desktop.
Once downloaded and tranfered to your desktop, please let me know and I shall give you further instructions to desinfect your computer.
Since you hate technology, you may wish step by step instructions for transfering the files to your desktop, let me know.
Hang on we will crush the Trojan Horse!
P.S. I will ask a moderator to transfer this thread from Software to Security/viruses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 4, 2010 at 09:42 AM
Mar 4, 2010 at 09:42 AM
Hello there,
Did you crush the Trojan?
Did you crush the Trojan?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 19, 2010 at 07:43 AM
Mar 19, 2010 at 07:43 AM
Hi!
Any good news?
Any good news?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
May 10, 2010 at 04:18 PM
May 10, 2010 at 04:18 PM
You have your answer below.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
May 10, 2010 at 04:17 PM
May 10, 2010 at 04:17 PM
Hello Jugger,
Usually this these viruses are self protective rogue Trojan Horses.
In most cases, not all, this is the way we treat them:
Please follow the following procedure carefully and to the letter.
You have a rogue virus Trojan Horse which is self protective, thus it will prevent any antivirus from fonctionning.
You must kill the processes which the virus is presently running. If you don't it will keep reproducing the files for ever.
To kill the processes:
1. Download to your desktop and run Rogue Kill:
https://download.bleepingcomputer.com/grinler/rkill.com
2. You should now see a window that shows all of your desktop icons, including the rkill.com program.
3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.
As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))
Please, DO NOT REBOOT your computer or the processes will come back to haunt you!
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it kioskea.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
(Malwarebyte may reboot your computer, don't be alarmed. Should it happened, relaunch Malwarebyte to complete the FULL scan)
Once all this is completed, I always suggest to delete Malwarebyte as some people have reported that it may interfere with other antivirus applications.
Please let us know about the results which I am sure will be positive.
Usually this these viruses are self protective rogue Trojan Horses.
In most cases, not all, this is the way we treat them:
Please follow the following procedure carefully and to the letter.
You have a rogue virus Trojan Horse which is self protective, thus it will prevent any antivirus from fonctionning.
You must kill the processes which the virus is presently running. If you don't it will keep reproducing the files for ever.
To kill the processes:
1. Download to your desktop and run Rogue Kill:
https://download.bleepingcomputer.com/grinler/rkill.com
2. You should now see a window that shows all of your desktop icons, including the rkill.com program.
3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.
As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))
Please, DO NOT REBOOT your computer or the processes will come back to haunt you!
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it kioskea.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
(Malwarebyte may reboot your computer, don't be alarmed. Should it happened, relaunch Malwarebyte to complete the FULL scan)
Once all this is completed, I always suggest to delete Malwarebyte as some people have reported that it may interfere with other antivirus applications.
Please let us know about the results which I am sure will be positive.
Apr 1, 2011 at 09:30 AM