'virus protection - the new age of antivirus'

Solved/Closed
RinRin - Apr 4, 2010 at 02:21 AM
 Anonymous User - Jul 29, 2010 at 08:58 AM
i downloaded ' virus protecter - the new age of antivirus' crap and i have downloaded Combofix but i am on my laptop and the infection is on my actual computer and its not letting me past the welcome screen. it starts the scan and then i cant do anything. i've got Combofix on a usb and have tried to boot my system using the usb with only Combofix on it. i'm not at all good with computers and have no idea what to do. If someone could give me a step to step list of what i can do from here, that would be great

Related:

12 replies

Ambucias
Posts
47363
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,279
Apr 4, 2010 at 11:45 AM
Hello,

Well as Her Majesty the Queen would say: "It appears, to our great displeasure, that this wicket is sticky!".

Virus protector is one of the most tenacious of all rogue Trojan Horse, it may require a lot of patience in order to be able to send it to the glue factory.

1. Reboot your computer in the Safe mode with command prompt.

Once Windows loaded, command prompt (black window) opens. Type notepad and press Enter.

2. A notepad window opens. Type the following text into notepad:

[Version]
Signature="$Chicago$"
Provider=Myantispyware.com

[DefaultInstall]
AddReg=regsec

[regsec]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
HKLM, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell,0x00000020,"Explorer.exe"

3. Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad). Close Notepad.

4. In the command prompt type Explorer.exe and Press Enter. Windows Explorer opens. Locate the fix.inf, click right button and select Install. Close Windows Explorer.

5. In the command prompt type shutdown -r and press Enter. Your computer will be rebooted.

6. Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/

7. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to "Update Malwarebytes' Anti-Malware" and Launch "Malwarebytes' Anti-Malware". Then click Finish.

Insure to update Malwarebyte

8. Please return to me for report and for further instructions.

Good luck
2
when i click install nothing happens
0
Help.............. I get to step 4 and find the file but when i right click to install i have no opition to install it now what
0
Ambucias
Posts
47363
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,279
Apr 27, 2010 at 05:29 PM
Nancy,

I don't know what is your os, nor do I know if you have a desktop, each case is different.

Please follow the following procedure carefully and to the letter.

You have a rogue virus Trojan Horse which is self protective, thus it will prevent any antivirus from fonctionning.

You must kill the processes which the virus is presently running. If you don't it will keep reproducing the files for ever.

To kill the processes:

1. Download to your desktop and run Rogue Kill:

https://download.bleepingcomputer.com/grinler/rkill.com

2. You should now see a window that shows all of your desktop icons, including the rkill.com program.

3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.

As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))

Please, DO NOT REBOOT your computer or the processes will come back to haunt you!

Download to your desktop Malwarebyte.

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/

Once on your desktop, we must still outwit the virus.

Right click on the MBAM icon and click on rename. Rename it kioskea.exe.

Install Malwarebyte and launch it. From the second tab, update it.

Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.

Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

(Malwarebyte may reboot your computer, don't be alarmed. Should it happened, relaunch Malwarebyte to complete the FULL scan)

Once all this is completed, I always suggest to delete Malwarebyte as some people have reported that it may interfere with other antivirus applications.

Please let us know about the results which I am sure will be positive.

Regards
0
In my case..safe mode with command prompt also not working..
0
Ambucias
Posts
47363
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,279
Apr 29, 2010 at 03:08 PM
Hello Pal,
If you do not have at least command prompt to open the task manager, the last alternative is to boot on your Windows disk and attempt a repair. Sorry Pal.
0
sumana soh
Posts
62
Registration date
Monday March 15, 2010
Status
Member
Last seen
May 10, 2010
1
Apr 4, 2010 at 03:40 AM
ask ambucias
0
patgooly
Posts
1
Registration date
Sunday April 4, 2010
Status
Member
Last seen
April 4, 2010

Apr 4, 2010 at 06:09 PM
This happened to me too. I nearly cracked up cos I'm not a computer whiz. eventually I put in my operating system cd and this allowed me to set a system restore and this solved the problem! I hope this is helpful to someone here. Good luck!
0
Ambucias
Posts
47363
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,279
Apr 6, 2010 at 07:22 AM
Hello Pat,

Thank you for your contribution.

Although your problem is solved, to be on the safeside, I strongly suggest that you run Malwarebyte and request a FULL system scan. Malwarebyte is capable of performing a "scrubby dub dub" right in your system volume information/restore.

Thanks again
0
Ok ambucias, i did everything you said and when my computer rebooted after step 5 it logged me right back into this program again that takes up the entire computer screen. i can't get to anywhere from here.
0
Ambucias
Posts
47363
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,279
Apr 8, 2010 at 04:46 AM
Hello Badluck

I suggest that the rogue you have is not of the same family.

I don't know the state of your system now, however, I shall prescribe to you a very powerfull antidote that is able to kill and send and Trojan Horse to the glue factory. It is of very last resort and should not be abused of, as matter of a fact, once you have used it, I suggest you delete it from your system.

To keep your system safe, you must follow the instructions hereunder to the letter:

1. Download Combofix to your desktop.

http://www.combofix.org/download.php

2.Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

3. Double click on the ComboFix icon.

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.

4. Accept the disclaimer and the recovery

5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.

ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.

If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

Once you are done, paste the log here and report to me on how your system is behaving.

Good luck

Ambucias
0
THANK YOU Ambucias! Was tearing my hair out and this worked beautifully!!!! Bravo!
0
Ambucias
Posts
47363
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,279
Apr 11, 2010 at 05:07 AM
Sound the trumpets! Let the bells ring and the banners fly!
You are totally welcome and thank you for your feedback.
0
how do i download it to my desktop if i dont even have access to it?
0
Ambucias
Posts
47363
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,279
Apr 11, 2010 at 05:19 PM
Hello Jocelyn

Have you read my message of April 4th on this same thread? I gave a solution for those who do not have access to their desktop.

Regards
0
yes i did read it but when i go to step 5, nothing happens.
it goes bak to the virus screens
0

Didn't find the answer you are looking for?

Ask a question
i have the SAME problemmm! can someone help me
0
kristain
Posts
69
Registration date
Friday March 12, 2010
Status
Member
Last seen
May 30, 2011
20
Apr 11, 2010 at 09:47 PM
As the risks associated with using ComboFix are quite high and you are comfortable using this tool, you may opt to seek the help of more efficient tools to detect malware from system.,
Double click on the ComboFix.exe icon to run the scan. When the program is running do not click anywhere in the ComboFix window. You should not touch your PC at all during the time the ComboFix scan is on.
Click Run. Press Yes to proceed further.
ComboFix will start to work by first creating a system restore point and then backing up your registry.
Next, you are asked whether you have Recovery Console installed on your computer. If you don't have, you can follow the instructions given by ComboFix to install it on the computer. After installing Recovery Console, click Yes.
Afterthat, ComboFix will start scanning your system for malware infections. After the scan is complete, a log report of the scan is prepared. Do not do anything on the system while the process is running. The log is saved in the C:\ComboFix.txt file. You can analyze the log and detect the problem with your PC.
0
Ambucias
Posts
47363
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,279
Apr 12, 2010 at 04:49 AM
Hello Krystain,

Thank you for the most judicious addition to the solution.
0
Ambucias
Posts
47363
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,279
Apr 23, 2010 at 05:30 AM
For Jocelyn and THR,

Please here is a tool, less sophisticated as Combofix which just might kill this vicious virus:

? Donwload List_Kill'em

double click

Click on end and the programme will self start

Select Search

A black and white icon will appear on the desktop and will serve to relaunch the programme, another red and black will serve to uninstall the programme after disinfection.

? Leave the tool work

When the white window appears, it's a little long, it is normal the programme is free to run

You may post the report after the scan is 100% completed.

? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

Good luck and please let me know.
0
Anonymous User
May 21, 2010 at 07:12 AM
hello Ambucias

i felt on this topic hazzardly

you forgot the url

http://sd-1.archive-host.com/...
0
Ambucias
Posts
47363
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,279
May 21, 2010 at 07:14 AM
Thank you Gen-hackman

Lost me head for a second
0
Anonymous User
May 21, 2010 at 07:34 AM
ok ^^
0
Anonymous User
May 21, 2010 at 04:38 PM
no answers...perhaps Combofix killed treir computer ^^
0
Ambucias
Posts
47363
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,279
May 21, 2010 at 04:49 PM
Greetings gen-hackman,

It is refreshing to see you coming over from CCM to give us a hand. There are several people requesting help on this thread and only one person with a severe problem was recommended Combofix with the recommendations d'usage. Unfortunately, unlike CCM, many times we do not get feedback unless we plead for it and yet.

Anyhow, what is your opinion for I gave great respect for your skill and competence in matter of viruses and security.

P.S. Do you have a VM?
0
Anonymous User
May 21, 2010 at 06:06 PM
no I do not have VM

to answer the previous question ,.... i Like to See What Does My tool
but I am not a "big helper" ^ ^
I just know my limits:)
0
Anonymous User
May 21, 2010 at 06:06 PM
what a translator !! ^^
0
Anonymous User
Jul 28, 2010 at 11:41 PM
salut ambucias je reviens vers toi pour te dire que le lien a encore changé depuis que j ai pris la version payante chez archive host et que malheureusement ben c'est plus le meme lol ^^

http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe

?G3?-?@¢??@?(TM)©®?
0
Ambucias
Posts
47363
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,279
Jul 29, 2010 at 04:21 AM
Bonjour Gen-Hackman,

Merci beaucoup pour cette mise à jour du lien, je l'apprécie vraiment. Il est maintenant dans ma biblio de références.

Après tout ce temps c'est vraiment chouette que tu ais pensé à moi.

Cordialement
0
Anonymous User
Jul 29, 2010 at 08:58 AM
au plaisir :D
0