Virus Protection - TrojanClosed

Question

Hello,
Today a friend gave me a link and when i went to it a "anti virus" pop up came up asking if I wanted to abort my connection or continue, so I hit abort. Then something called Virus Protector started downloading and then ran itself - I never had an option to download anything - After the download it ran the program and continued to tell me that I had multiple viruses as well as someone was trying to use my e-mail for spams. I couldn't get this thing to stop running or even click on any other programs so I turned the computer off and when I restarted it The Virus Protection program started running immediately after signing in. When I use CTRL+ALT+DELETE there is no Run or Task Manager option, nor can I ALT + F4 out of the scan. I tried letting it complete the scan but then it goes on to tell me to Register the item - which of course takes me to purchasing it, but doesn't open a web browser or anything. I thought I could bypass this by hitting Shiftx5 and opening the control panel so I could run my AVG and Advanced SystemCare Program's but I can't open or run any programs from there either. I've even tried opening under safe mode but to no avail,.... any idea's ?

Ambucias · Answer

Hello,

Idea? Yes of course the idea!

You are the victim of a rogue virus which is self protective, hence we must outwit it otherwise it will prevent any antimalware application from running. You must also stop the Trojan's processes from running. To remove it, please follow the procedure described hereunder: 

Download Process Explorer to your desktop 

http://live.sysinternals.com/procexp.exe 

Please rename it to Explorer.exe 

Run the tool and spot any unusual processes especially those that are numeric 

Do not reboot your machine as the processes will be reanimated. 

Next download Malwarebyte to your desktop: 

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/­­es-anti-malware 

Rename it Explorer and install it. 

Connect your USB keys, external disks, Mp3, Mp4, etc 

Launch the application and from the second tab update it. Once the update complete, click on parameters and click stop Internet Explorer during deletion. 

Request a FULL system scan 

At the end of the scan, show results and check delete selection (bold items) 

Once your computer is clean and working normally just to be on the safe side 
•Turn off system restore and wait 30 seconds, 
•Turn it back on and create a new restore point. 

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed. 
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process. 
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging. 

Please do let me know how this worked for you, we like to read about happy ending stories and victories over viruses. 

Best regards

P.S. You say that the link was given to you by a friend? Hum...

Ambucias · Answer

Hello,

Before we can go any further, a few questions:

1. What is your operating system?
2. You say you can't do anything please explain further
3. Can you boot in safe mode with networking?
4. Do you have access to your task manager?
5. Does your start and run work?

Best regards

Ambucias · Answer

Hello Ginger,

If only in safe mode, not networking.. you could open the notepad

reboot your computer in the Safe mode with command prompt. 

Once Windows loaded, command prompt (black window) opens. Type notepad and press Enter. 

A notepad window opens. Type the following text into notepad: 

[Version] 
Signature="$Chicago$" 
Provider=Myantispyware.com 

[DefaultInstall] 
AddReg=regsec 

[regsec] 
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0 
HKLM, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell,0x00000020,"Explorer.exe" 

Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad). Close Notepad. 

In the command prompt type Explorer.exe and Press Enter. Windows Explorer opens. Locate the fix.inf, click right button and select Install. Close Windows Explorer. 

In the command prompt type shutdown -r and press Enter. Your computer will be rebooted. 

Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer. 

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ 

Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to "Update Malwarebytes' Anti-Malware" and Launch "Malwarebytes' Anti-Malware". Then click Finish. 

Insure to update Malwarebyte 

Please return to me for further instructions.

Good luck

Ginger · Answer

I'm having the same problem with vista.  All the fixes talk about going into "safe mode" but even in safe mode the new age of antivirus screen pops up.  I'm at my wits end here.

Ambucias · Answer

Hello Ginger

1. Download Combofix to your desktop. 

http://www.combofix.org/download.php 

2.Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. 

3. Double click on the ComboFix icon. 

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue. 

4. Accept the disclaimer and the recovery 

5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer. 

ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection. 

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. 

If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. 

Do not do anything on the system while the process is running.

Once you are done, paste the log here and report to me on how your system is behaving. 

Regards

Virus Protection - Trojan

5 responses

Similar discussions

Subscribe To Our Newsletter!