Evil Virus or Why no Chat

[drmom777]

Molly managed to infect my computer with a vicious virus yesterday. It is called Antispyware Soft and is unlike anything I have ever seen. It's a for profit virus. It claims your computer is infected with other viruses and offers to fix it for a fee of fifty bucks. If you pay the money, they remove the virus (and probably steal your identity via your credit card info).

It is a very smart virus and anything you do to try and remove it you can do once, and then it blocks further attempts. We have been at it in shifts all day, and an online search hasn't revealed anyone who has gotten rid of it.

My computer sort of works, for now, in safe mode. But no chat--just lucky to be here at all. If anyone knows how to get rid of this, please share. We have tried everything we could think of and everything suggested on line.

If this is going around I don't know why there isn't more publicity. This is clearly a crime. They first infiltrate your computer and then extort money to let you have it back.

 

[AGonzalez]

Doc, what I've done with my ex's PC when it has gotten the incureable crud is to backup all photos and documents you want to keep and wipe the hard drive. Eat that virus making asswipes!

Just some food for thought, but look up Smit Fraud Fix, it has gotten rid of some of the more viral nasties I've gotten on the PC.

 

[eddieq]

Have you tried the malwarebytes cleaner? Malwarebytes and click on "downloads" and run the installer. Let it update and then do a full scan. That one many times is able to clean the nasty buggers out.

 

[drmom777]

Eddie, this virus will not let me download or use any kind of cleaning or detecting software. It seems to be smarter than me. If I try it tells me that the stuff i am trying to download is itself a virus.

I do suspect i will have to wipe the thing. Sigh.

 

[happyhound]

I've had that before... ugh, worse than viruses themselves. I'll try to find the site I used to help me get rid of it. Don't bother downloading Malwarebytes etc you will just end up having to reinstall it to get it to work.

 

[happyhound]

Remove Antivirus Soft (Uninstall Guide)

That's where I went to get rid of it.

In a nutshell, close all the programs you have running. Download and then run http://download.bleepingcomputer.com/grinler/rkill.com . If you have already installed Malwarebytes, you may need to reinstall it if it isn't working. Run Malwarebytes and it will pick it up. If you restart your computer inbetween running the rkill and running Malwarebytes you will need to run rkill again.

 

[smkie]

YUp i am going through this tonight. I tried to open my malware that Eddie posted about and it won't let me...it says THAT is what is infected. Thanks Happyhound.

 

[Izzy's Valkyrie]

My computer had it once, I ended up getting the whole thing re-imaged.

 

[drmom777]

Smkie, I have it scanning after the rkill thing. It looks vaguely promising. Are you in safe mode with networking? that is the only way to get it to even begin to cooperate.

 

[smkie]

Eddie, this virus will not let me download or use any kind of cleaning or detecting software. It seems to be smarter than me. If I try it tells me that the stuff i am trying to download is itself a virus.

I do suspect i will have to wipe the thing. Sigh.

me too. I can't shut my computer off either. It won't do it. all kinds of crazy things are happening.

 

[happyhound]

Smkie- try the rkill and Malwarebytes. I had the Antispyware Soft on my computer and got rid of it after using that.

 

[CharlieDog]

Smkie- try the rkill and Malwarebytes. I had the Antispyware Soft on my computer and got rid of it after using that.

This is also what I had to do. If youre running windows as well, after you clean up with rkill and malwarebytes, download Microsoft Security Essentials, it's worked extremely well for me, and found stuff even Malwarebytes didn't find.

Antispyware Soft is the DEBOL, but you CAN get rid of it without wiping everything.

 

[Romy]

Just some food for thought, but look up Smit Fraud Fix, it has gotten rid of some of the more viral nasties I've gotten on the PC.

We've used Smit Fraud Fix in the past with much success with these types of bugs. Back up your important things just in case, but don't give up hope.

What anti virus software do you normally use? We finally switched over to Avast Antivirus. Their software is free for home PC use, they only charge businesses. And it works EXTREMELY well, updates itself, etc. I've had it for almost 5 years now and not one single virus since it was installed.

 

[drmom777]

So far it looks like the rkill and malwarebytes suggestion may have done the trick. I love this forum. It's a dog forum, but when in doubt about anything, I try it here first. Thank you so much for the help.

I was using Macafeee, and added the free Avira, but my internet service is giving away free Norton, which is supposed to do a good job.

 

[eddieq]

Hey, I learn something new each time. I have now filed "rkill" in the q knowledge base

 

[smkie]

i was finally able to get malaware open not by using my desk top but by going through the menu. It was two trojans so we will see if it is all clear now.

 

[Puckstop31]

What OS are you using?

I ask because the bug you are talking about it easy to kill from safe mode, manually.

The bug lives in (if XP) the C:\Documents and Settings\%username%\Local Settings\Application Data\ folder. In THAT folder there will be a folder called some sort of jibberish... tdhyrhjfjsdj for example. Delete that folder. Then, delete the entire contents of the folder labeled TEMP that is in the same folder I described above.

(Note that %username% represents the account name you are logged in as.)

Empty the recycle bin and reboot. Bug should be gone.


Its a smidge more complicated if you run Vista or 7. But, if you are running 7 the only way this one gets you is if you agree when User Account Control asks you if it is OK to run a file named "jibberish.exe". (meaning a WEIRD name, like tfhdsyrtfgd.exe or something)

Lemme know how it goes.

 

[Puckstop31]

Also... This new series of bugs going around exploits the Java Runtime Environment. Like our chat here on Chaz.

A good reason to get a Mac ($$$$) or a PC running Windows 7.

Just sayin.

 

[AGonzalez]

Also... This new series of bugs going around exploits the Java Runtime Environment. Like our chat here on Chaz.

A good reason to get a Mac ($$$$) or a PC running Windows 7.

Just sayin.

Agreed, Win 7 is superior (and I never went to Vista, I stayed with XP until a few months ago) and Avast! anti-virus is good, I personally think Norton and McAfee are crap and prone to crashing the PC (especially with XP) if not just their own program.

Avast has caught viruses on Chaz before when I've logged in, so it has my vote.

 

[MeatyTreats]

You need to boot in safe mode with networking and then run malewarebytes. Search Bleeping Computer - Computer Help and Discussion and they will give u instructions.