OT-computer virus

[Nancy Howell]

Any computer gurus out there?

Our computer got hit with a virus last week, the one where it wants you to buy antivirus software. Took it in got it cleaned. We got hit with the same virus again yesterday. I wasn"t even out on the internet. Virus came up when I turned the computer on. What makes me really mad is it eventually brings up porn sites.

Scans with spybot, malwarebytes and antimalware pro were not successful.

I"m thinking this thing has our "address". Is this possible?

Is there anyway to block it?

If I turn on "parental controls" will that block the porn sites?

 

[glennster]

dunno nancy, i got an email from a friend of mine said if that thing pops up, dont click anywhere on it, and reboot the system. after kruser got the email spam thing, i have been getting 2-3 emails a day that are spammy looking, and i delete them without opening the file. you and james gonna help plant stuff this weekend???? got lots of berries and stuff to go in the ground, 50 grape plants too!!!

 

[Howard H.]

Hi Nancy -

That is tough. Sounds like they didn't get it totally removed the first time.

I've seen versions that will install scheduled tasks to "renew" themselves at some later point.

There are half dozen other ways they can "booby-trap" themselves back into existence, too.

Generally speaking, a rootkit is a more serious class of virus that either modifies part of the operating system files themselves. Since at that level of control, a virus can easily make Windows "lie" to you - and it sounds like you may have a rootkit - it is usually easiest to reinstall Windows. You can do that without losing your data by installing a new copy of Windows without doing a format first - or just back everything up to a flash drive and then do a format and reinstall.

If you don't have to have the PC for a couple of weeks, it often works to just set it in the corner off the Internet for a couple of weeks, then use a flash drive to put a copy of the latest Malwarebytes and/or Security Essentials on it and do a complete scan of the drive.

By not letting the virus update itself, and by getting a newer copy of an AV solution that is updated to be aware of that threat, it will often find and cleanly remove the original virus.



Howard

 

[Nancy Howell]

50 grape plants? Are you starting a winery?

 

[rhouston]

you need to do the scan in safe mode. You need to make sure the programs are up to date. Disconnect your internet from the computer while scanning and leave it disconnected until the infection is removed.

Lastly take it to a professional there are many tricks we can use that cannot be easily put into writing. However if they charge by the hour then a reformat and reload is cheapest. Many of the scans take hours to run and they need to be run multiple times using multiple programs.

If you were closer I charge $35 to remove the infection but you have to bring your PC to me.

I wish I could help you but each infection is somewhat unique and what worked on a machine yesterday may not work on another machine today.

 

[rhouston]

Very good advice there Howard

 

[PJH]

Nancy - I just got hit with the same type of stuff a couple days ago. I posted about it on tool talk. I hate to hear that it's back to haunt you again. I thought I had it behind me - mebbe not. . . It's very agressive and annoying. I managed to get my anti-spyware after it and it is not showing itself - at present. . .

I am definately NOT a computer guru.
Paul

 

[Kruse]

I have seen these types of virus infections nest in a zip drive. The computer is cleaned, the zip drive is reinserted and the computer is infested again. Just be aware of it.

 

[550Doug]

I had the same virus (actually a SCRIPT) and have had success with Microsoft Malicious Software Removal Tool 3.4.
Let us know how you fare


You can get this from



HERE

 

[Nicklan]

(quoted from post at 06:33:43 04/08/10) Any computer gurus out there?

Our computer got hit with a virus last week, the one where it wants you to buy antivirus software. Took it in got it cleaned. We got hit with the same virus again yesterday. I wasn"t even out on the internet. Virus came up when I turned the computer on. What makes me really mad is it eventually brings up porn sites.

Scans with spybot, malwarebytes and antimalware pro were not successful.

I"m thinking this thing has our "address". Is this possible?

Is there anyway to block it?

If I turn on "parental controls" will that block the porn sites?

Nancy,

I'm guessing that it (your virus) is living in your system restore folder. This is a "hidden/system" folder that antivirus programs do not a good job of cleaning. Bring it back to them (or someone who knows what they are doing) and have them clean it correctly.

Nick

 

[Anonymous-0]

I fought the same problem for 2 weeks....finally had my IT guy come over and he fought it for an hour before he googled the symptoms and found a program called Hitman Pro 3.5 Ran it and in 5 minutes everything was fine. Now I google the symptoms and fix my own problems....

 

[RusselAZ]

Nancy, I ended my problem with a registry cleaner from Uniblue. The scan is free but to clean you have to pay. The price is 29$.

I have cleaned two in the last month.

 

[Drew]

I got that virus about a month ago. I did a system restore to the day before and all is well.

 

[bc]

I've seen some of these cleaner bots show up when clicking on a website from google searches.

Russell, my concern with the registry cleaners and malware cleaners is that they may not know the good programs from the bad and clean out the wrong stuff that can't or would be extremely dificult to reload. Even though they may ask before deleting, I don't really know what is supposed to be there and what is not.

What is your and anyone else's experience with that issue? Thanks.

 

[Ken Thies]

You can try this it"s free. (http://www.pandasecurity.com/usa/mariposa-botnet.htm
) Been using Panda for 10 years. Works for me.

 

[Anonymous-0]

Nancy, Mine did the same thing on Sunday morning. It kept trying to sell me a anti virus software system and I could not access any thing else. Off to the guru for cleanup. I have not talked to him but it still make me mad. Some people just have to ruin it for all the rest

 

[gitrib]

Hey Nancy: Make a trip up to see son getting hay equpment ready to go. I got a couple of what ever those guys are called living here. Just bring them a home-made pie and I bet they would fix it.
gitrib

 

[olddog]

Quote Howard "If you don't have to have the PC for a couple of weeks, it often works to just set it in the corner off the Internet for a couple of weeks, then use a flash drive to put a copy of the latest Malwarebytes and/or Security Essentials on it and do a complete scan of the drive"

I think i've saved ours by doing just exactly what Howard sez here.

 

[dhermesc]

Agreed.

A couple guys in the office on Drudge got hit with this. I had the same one pop up and instead of clicking on it I hit Control Alt Delete and used the task manager to shut it off. Clicking on it in anyway activates the virus.

 

[RusselAZ]

This one was a program that Kim Komando recommended. If she says it is good, that's good enough for me.

When you tell this cleaner to clean, it does it's own back up, does the cleaning and presto, it is done. There are a few registry entries that it will not touch if they are still needed.

I'm like you. I don't know what is suppose to be there. I ran this because I couldn't get rid of a "redirect" malware that writes to the registry, which is where it can protect itself from virus programs.

 

[Hurryin_Hoosier]

One other malware remover to try is superantispyware. Go to their website by the same name and download the free version either on that computer or to a usb drive on another.

The fact is the latest of these phony antivirus malware programs make it difficult for any single cleaner to remove them. I"ve dealt with a couple recently that even prevent malwarebytes from even starting, forcing me to change the software name (mbam.exe) to a made-up name just to get it to start.

One site I have had success with is bleepingcomputer (dot) com. Google the exact name of the "antivirus" that has infected your system and the word bleepingcomputer and with any luck you will find specific instructions for removing your malware.

In some cases I find it is just simpler to format and reinstall. That has led me to use a USB hard drive and imaging software that lets me just shoot the thing back to when it was completely clean rather than spend a great deal of time trying to fix something I may not be able to. But that also means you have to keep files backed up separately.

Good luck

 

[Hurryin_Hoosier]

In an answer to your questions -

It likely doesn't "have your address". What is happening is it is not being completely cleaned and is in effect reinstalling itself.

Can't really block it, need to remove it.

Parental controls may or may not help with the porn sites, but the problem needing addressed is getting it removed as in most cases it will eventually screw up Windows to the point where the computer may not even boot completely without bluescreening or locking up.

 

[Hurryin_Hoosier]

There is a distinct difference between a registry cleaner and a malware remover. Most registry cleaners have zero effect on malware. They are designed to remove orphaned entries and potentially boost start up time by defragging the registry. Most are fairly benign in what they remove, but I did kill one windows install using CCleaner. But this was one out of several hundred computers I've run it on.

Malware removers tend to be more aggressive, but are typically designed to target specific signatures and file names, not unlike antivirus software. The biggest problem is the malware has screwed up things so bad that when you do finally remove the malware, the damage it has done is left behind unfixed. Simply removing the kid from the room doesn't clean up the mess he made.

 

[bc]

Thanks Hoosier, Now I wonder what imaging software you are using to do a clone. I've been looking for some. I saw this one this afternoon for 49.95 over on one of the sites I run into that sells the koppix cd/dvd that Mark sent us to. Looks like it does about everything for cleaning a computer as well.

This must be a bad week for computers. Lots of posts. I lost my wireless connections on my router a while back. Then I forgot my router logon and password. Finally found it today and figured out my router was using 2006 firmware that was prior to the change of dates for daylight savings time. I synchronized the router and got my wireless connections back. Woohoo, no more changing cables back and forth. Guess I'll update it next.

 

[old bc]

Malwarebytes Antimalware. It is free and does a good job of cleaning. I turn System Restore off after I clean a computer and then immediately turn it back on. This keeps you from putting the virus back on the computer if you use a restore point later.
Malwarebytes Antimalware

 

[Dennis (VA)]

Nancy

You can get Windows Defender free from Microsoft.com which as stopped all of the unwanted junk from popping up. In addition recommend you use Avast anti-virus software which is also free and is up-dated daily. Since installing these two programs, no more problems

 

[Hurryin_Hoosier]

Macrium Reflect.

The free version does imaging, but you have to buy the upgrade to do incremental backups. I have over 100 laptops of 5 different models that I support and making a base image of each model makes it short work when a hard drive needs replaced or one gets buggered up by malware.

Can't beat free when it works.
Macrium Reflect