Tech Advice Needed - Malware Problem

[5FDP]

Last night while browsing the internet, my anti-virus program (Avast) detected a Malware virus. Windows Security Centre then popped-up alerting me to a viral attack with over 30 possible infections detected. Windows Security Centre also informed me that my firewall had been disabled and when trying to remove the viruses stated that my subscription had expired and to purchase the upgrade.

Thinking that it was a bit ‘off’ that Windows Security Centre would tell me that my credit card details have been compromised and then to purchase the upgrade just didn’t add up. I obviously did not take this action.

Avast would not launch in order for me to run a scan so I logged into my partners profile (partitioned) and was able to run a scan on the whole computer. The results turned up nothing.

Logging back into my profile (and even restarting the PC) just displayed the pop-ups and Windows Security Centre alerts again.

I performed a system restore from the day before and this seems to have removed / prevented the pop-ups from reoccurring however I am a bit worried that any viruses present may not have been removed completely. Of course, that might just be me being overly cautious.

A Google search today (on another PC) showed that this was obviously a virus that tells you that you have one and to purchase an update which is a virus in itself.

Just wondering if anyone else has encountered this and what steps did you take to remove the threat / nuisance. Did a system restore only work for you? Did you run Malware detection s/w?

My knowledge of accessing the registry is very limited therefore I am hesitant to do this if it can be avoided. Like I said, it appears to have been removed after the system restore, but I have also read that perhaps this is not the preferred way of removing malicious programs.

Any assistance / help would be appreciated.

[Saintly]

Ben, make sure you download and run Anti-Malware from Malwarebytes. Here's a direct link to the program -> http://majorgeeks.com/downloadget.ph...d909666f809b26

You do not need to purchase this program to remove the virus. And the only diff between this and the full version is scheduling scans.

[5FDP]

Thanks mate. I'm guessing that it's best to download it to an external HD or USB device instead of the PC that may be infected?

Also, (noob question here) should I run it in 'safe mode'? I didn't do the system restore in safe mode and it seemed to work.

EDIT: I've also read that some variations of this virus won't allow you to run a system restore. I'm assuming that since I was able to, it should be fixed

[MV75]

Everyone get this:

http://www.microsoft.com/security_essentials/

DO IT DO IT DO IT.

I've had it with 3rd party anti virus. The only version of this one is free, there is no $ motive.

As for the ops problem, what was it exactly? Wasn't that vista defender virus was it? My nieghbour had that nightmare a while ago.

Thanks mate. I'm guessing that it's best to download it to an external HD or USB device instead of the PC that may be infected?

Also, (noob question here) should I run it in 'safe mode'? I didn't do the system restore in safe mode and it seemed to work.

EDIT: I've also read that some variations of this virus won't allow you to run a system restore. I'm assuming that since I was able to, it should be fixed

Gotta get to know what exactly has hijacked your system first. You'll find they wipe out being able to system restore and to go to anti virus websites, so it's hard to fix the problem after the fact.

[5FDP]

Everyone get this:

http://www.microsoft.com/security_essentials/

Can I run this in conjuction with my other anti-virus s/w?

As for the ops problem, what was it exactly? Wasn't that vista defender virus was it? My nieghbour had that nightmare a while ago.

It's looks something like this (amongst a million and one other pop-ups)...



When you click on the 'remove' button, it asks for your details to upgrade to the newest version.

This is what I think I have (or a variation of) >
http://www.microsoft.com/security/po...ernetAntivirus

[MV75]

Can I run this in conjuction with my other anti-virus s/w?

No, uninstall your other stuff. Dunno. The MSE does anti vir, firewall, malware, etc. It does it all.

Besides, why would you want to?

It's looks something like this (amongst a million and one other pop-ups)...

[IMG]http://img.photobucket.com/albums/v374/vishaal_here/Antivirus_1.jpg

When you click on the 'remove' button, it asks for your details to upgrade to the newest version.

This is what I think I have (or a variation of) >
http://www.microsoft.com/security/po...ernetAntivirus

Yea, looks like a hijack. You don't get that shit accidently.

http://www.bleepingcomputer.com/viru...irus-1-removal

Personally, I'd just nuke the site from orbit, (reinstall windows), to be sure. But I assume you have a crapton of photos and other crap you've never backed up, so you can't.

[Saintly]

http://www.bleepingcomputer.com/viru...irus-1-removal

Follow the link provided by MV75, which eventuates to Malwarebytes Anti-Malware anyway~

You can download that from the link I gave in the first post from the infected computer and it doesn't need to be in safe mode to run. Just make sure you follow the instruction to restart after running a FULL SCAN

[5FDP]

Cheers guys! You're both awesome

One last question - so considering all of the above suggestions you've given me, I take it that the system restore that I ran didn't do jack?

[MV75]

Well, it's still popping up, right? My question should answer your last question.

[5FDP]

Nope, it's not popping up anymore. From what I have read elsewhere, a system restore doesn't necessarily remove the infected files but rather they are just 'dormant' and can still cause issues at a later stage.

I guess I just want to make sure they are removed altogether avoiding having to do a complete re-install.