Last night while browsing the internet, my anti-virus program (Avast) detected a Malware virus. Windows Security Centre then popped-up alerting me to a viral attack with over 30 possible infections detected. Windows Security Centre also informed me that my firewall had been disabled and when trying to remove the viruses stated that my subscription had expired and to purchase the upgrade.

Thinking that it was a bit ‘off’ that Windows Security Centre would tell me that my credit card details have been compromised and then to purchase the upgrade just didn’t add up. I obviously did not take this action.

Avast would not launch in order for me to run a scan so I logged into my partners profile (partitioned) and was able to run a scan on the whole computer. The results turned up nothing.

Logging back into my profile (and even restarting the PC) just displayed the pop-ups and Windows Security Centre alerts again.

I performed a system restore from the day before and this seems to have removed / prevented the pop-ups from reoccurring however I am a bit worried that any viruses present may not have been removed completely. Of course, that might just be me being overly cautious.

A Google search today (on another PC) showed that this was obviously a virus that tells you that you have one and to purchase an update which is a virus in itself.

Just wondering if anyone else has encountered this and what steps did you take to remove the threat / nuisance. Did a system restore only work for you? Did you run Malware detection s/w?

My knowledge of accessing the registry is very limited therefore I am hesitant to do this if it can be avoided. Like I said, it appears to have been removed after the system restore, but I have also read that perhaps this is not the preferred way of removing malicious programs.

Any assistance / help would be appreciated.

Ben, make sure you download and run Anti-Malware from Malwarebytes. Here's a direct link to the program -> http://majorgeeks.com/downloadget.php?id=5756&file=14&evp=693ee0b20204960edfd909666f809b26

You do not need to purchase this program to remove the virus. And the only diff between this and the full version is scheduling scans.

Thanks mate. I'm guessing that it's best to download it to an external HD or USB device instead of the PC that may be infected?

Also, (noob question here) should I run it in 'safe mode'? I didn't do the system restore in safe mode and it seemed to work.

EDIT: I've also read that some variations of this virus won't allow you to run a system restore. I'm assuming that since I was able to, it should be fixed :confused:

Everyone get this:

http://www.microsoft.com/security_essentials/

DO IT DO IT DO IT.

I've had it with 3rd party anti virus. The only version of this one is free, there is no $ motive.

As for the ops problem, what was it exactly? Wasn't that vista defender virus was it? My nieghbour had that nightmare a while ago.


Thanks mate. I'm guessing that it's best to download it to an external HD or USB device instead of the PC that may be infected?

Also, (noob question here) should I run it in 'safe mode'? I didn't do the system restore in safe mode and it seemed to work.

EDIT: I've also read that some variations of this virus won't allow you to run a system restore. I'm assuming that since I was able to, it should be fixed :confused:

Gotta get to know what exactly has hijacked your system first. You'll find they wipe out being able to system restore and to go to anti virus websites, so it's hard to fix the problem after the fact.

Everyone get this:

http://www.microsoft.com/security_essentials/


Can I run this in conjuction with my other anti-virus s/w?


As for the ops problem, what was it exactly? Wasn't that vista defender virus was it? My nieghbour had that nightmare a while ago.


It's looks something like this (amongst a million and one other pop-ups)...

http://img.photobucket.com/albums/v374/vishaal_here/Antivirus_1.jpg

When you click on the 'remove' button, it asks for your details to upgrade to the newest version.

This is what I think I have (or a variation of) >
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fInternetAntivirus

Can I run this in conjuction with my other anti-virus s/w?

No, uninstall your other stuff. Dunno. The MSE does anti vir, firewall, malware, etc. It does it all.

Besides, why would you want to?




It's looks something like this (amongst a million and one other pop-ups)...

[IMG]http://img.photobucket.com/albums/v374/vishaal_here/Antivirus_1.jpg

When you click on the 'remove' button, it asks for your details to upgrade to the newest version.

This is what I think I have (or a variation of) >
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fInternetAntivirus

Yea, looks like a hijack. You don't get that shit accidently.

http://www.bleepingcomputer.com/virus-removal/anti-virus-1-removal

Personally, I'd just nuke the site from orbit, (reinstall windows), to be sure. But I assume you have a crapton of photos and other crap you've never backed up, so you can't.

http://www.bleepingcomputer.com/virus-removal/anti-virus-1-removal


Follow the link provided by MV75, which eventuates to Malwarebytes Anti-Malware anyway~

You can download that from the link I gave in the first post from the infected computer and it doesn't need to be in safe mode to run. Just make sure you follow the instruction to restart after running a FULL SCAN

Cheers guys! You're both awesome :)

One last question - so considering all of the above suggestions you've given me, I take it that the system restore that I ran didn't do jack?

Well, it's still popping up, right? My question should answer your last question.

Nope, it's not popping up anymore. From what I have read elsewhere, a system restore doesn't necessarily remove the infected files but rather they are just 'dormant' and can still cause issues at a later stage.

I guess I just want to make sure they are removed altogether avoiding having to do a complete re-install.

Can I run this in conjuction with my other anti-virus s/w?You can, but I wouldn't recommend it.
You should only run one anti-virus on your system as they dont play nice with each other.

Also, (noob question here) should I run it in 'safe mode'?If your system has been breached then running scans, system restores and such from safe mode is often your best bet as safe mode limits file and registry access (less chance of the virus spreading).

I guess I just want to make sure they are removed altogether avoiding having to do a complete re-install.I would say get SpyBotSD (http://www.safer-networking.org/en/spybotsd/index.html) and run it a few times to check the registry for nastys.
That program coupled with your anti-virus and windows user account control (which is on by default) should protect you.

Nope, it's not popping up anymore. From what I have read elsewhere, a system restore doesn't necessarily remove the infected files but rather they are just 'dormant' and can still cause issues at a later stage.

I guess I just want to make sure they are removed altogether avoiding having to do a complete re-install.

After running malwarebytes, run a FULL AV scan (I'm certain at this point there isn't any other bug)


I would say get SpyBotSD (http://www.safer-networking.org/en/spybotsd/index.html) and run it a few times to check the registry for nastys.


However if you wanted to be sure there's nothing else, you can run spybotSD. I wouldn't rely on it too heavily as the scan engine is quite similar. Also you may find that spybotSD is now rather resource intensive (not like the version they had a couple of years ago)

After which if you think your restore points are infected and don't need it anymore, you can delete it by running a disk cleanup (start, accessories, system tools), 2nd tab provides you an option to delete all restore points except the last

After which if you think your restore points are infected and don't need it anymore, you can delete it by running a disk cleanup (start, accessories, system tools), 2nd tab provides you an option to delete all restore points except the lastPersonally I find that if you don't need any of the restore points and you think they might be infected your best bet is to turn them off as it wipes them completely.
If you do actually have something hiding in the restore points, deleting all but the last one might not do anything as it could just be hiding in the last one.
Then you can run your scans in safe mode and afterwards if all is clean you can always turn system restore back on.

After running malwarebytes, run a FULL AV scan (I'm certain at this point there isn't any other bug)


I'll give malwarebytes a go because even when I ran a thorough AV scan before the system restore it didn't pick up on any infections so I'm not 100% confident in the AV s/w that I am currently using. I might make a switch to MSE as per MV75's suggestion.

I thought about deleting restore points but I am fairly certain of when the attack happened. Also, I am hesitant to do this because if things go absolutely pair-shaped, I have no way of reverting back and reinstalling the OS would be my only option.

Once I have done all of the above and I have some confidence that any malware / viruses have been removed, I'll create a new restore point.

Personally I find that if you don't need any of the restore points and you think they might be infected your best bet is to turn them off as it wipes them completely.

I also find restore points useless :)


If you do actually have something hiding in the restore points, deleting all but the last one might not do anything as it could just be hiding in the last one.

The idea is to have at least one restore point regardless of infection to fall back on. Also it isn't a bad thing to actually create a restore point now, now that scans have pick up and removed most of it.

Here's a thougt I bought a Norton's anti-Virus pack for my computer and it also contains a utilites disk as well so I have downloaded them both that keeps the anti-virus and malware away from my computer :)

Thanks for all the suggestions guys. Everything appears to be working great - my PC even seems a bit faster.

Just in case anyone else gets stuck with this problem, below are the steps I took -


Performed a system restore
Downloaded Malwarebytes (thanks to Saintly and MV75) which picked up 12 infections
Downloaded updated version of Avast 5.0 and ran a full system scan
Created a new system restore point and deleted all previous restore points


It feels like a new PC :)