Well today I got some message that my PC may be infected and is being attacked and do I want to run AntiSpyWare and stop it and I have to purchase it in order to stop the virus. I can't open any other programs at all and I was able to do a restore and it worked but then today it started again. I booted up in safe mode and have been burning my files that I want to save. Afterwards should I just re-install windows? What type of free spyware or anti-virus links are you all familiar with.
I know I don't normally post in here but thought I'd ask those whom I think would more likely know.
Thanks. :tu

Stinger v10.1.0.843 (http://download.nai.com/products/mcafee-avert/stinger1010843.exe)
great for removing fake anti-viruses

thanks for the link! :tu

SuperAntiSpyware - http://www.superantispyware.com/?tag=GOOGLE-SUPERANTISPYWARE

Malwarebytes - http://malwarebytes.org/

Avast! Anti-Virus - http://www.avast.com/free-antivirus-download

It sounds like you got Fake Alert, also known as "Anti Virus 2010"

Does the alert look something like this?
http://www.tss.oregonstate.edu/OCH/tech_tips/fakeAV/antivirus-2010.jpg

If so, SuperAntiSpyware will probably do the trick. If your savvy enough with a computer, you might also want to check msconfig in the "startup" tab for something funky. It might be trying to launch an executable either called av.exe or ave.exe.

The reason it came back, and Im willing to put money on this, is because there is a prefetch file in your computer. Do a file search, make sure to search even for hidden system files, and search for ave.exe. It will probably come up with a prefetch file as the only listing. Delete it.

Next, if your comfortable with it, go into your registry and do a "Find" for ave.exe and delete every one that it finds (hit F3 to search for the next one). Just make sure to delete the ones that are ONLY ave.exe, the search will come up with other finds, for example screensave.exe and you dont want to dele those. In fact, make a backup of your registry before you do anything.

By any chance, have you visited mysa.com recently? We have had to block our users from accessing their webpage because they are infected.

dude...

combofix/sdfix
a-squared

Thanks everyone. I burned all the files I wanted and yes, that Anvti-viris thing is popping every few minutes and it won't allow me to open up any other programs.

I will try the above fixes. :tu

well i downloaded the superantispyware but it won run because I keep getting message that it is infected and won't launch. I such an idiot.

Maybe try safe mode.

Maybe try safe mode.

I'm going to try that and see if I can run it from there. Thanks!

Hey Joe right click the program don't double click it.. when you do you will see "run as" then you get a window like this.

http://www.jmu.edu/computing/helpdesk/selfhelp/safeaccount/Run-As-Entry.gif

pick a user then open the program.

I had a notebook with that annoying windows security alert crap and I couldn't get spywear terminator to open unless I did it with run as but it worked for me.

thanks for the 2 programs. no wonder why i couldnt dl at full speeds cause i had fkn bs on my comp


hey mouse know any programs i can use to throttle speeds on other wireless comps in the house???

I have been using this.

http://www.uniblue.com/software/speedupmypc/


http://www.whatsabyte.com/images/SpeedUpMyPC2009/SpeedUpMyPC2009_9.jpg



You can get it free here.

http://btjunkie.org/search?q=speed+up+my+pc

FYI, you'll save yourself a lotta headaches by reinstalling Windows :D

NAW JUST USE System Restore THIS HAPPENED TO ME THE OTHER DAY ITS ONLY A VIRUS IF U CLICK YES, NO VRUS REMOVAL WILL REMOVE IT YOU HAVE TO DO THIS

1- click start at bottom of screen
2 - then click all programs
3 - then click pc help tools or could be in accessory's
4 - then click on system restore
5 - then click on restore to an earlier date
6 - choose a date when it was working
7 - let it run it may take a while - follow directions - if any
8 - restart

some virii out there attach themselves to restoration points/recovery partitions.

some virii out there attach themselves to restoration points/recovery partitions.

yes, dont do a restore.... almost always a waste of time with this malware.

You need to find the process or application associated with the malware and kill it.

SuperAntiSpyware wont install under safemode BTW. I've ran into the same situation before at work, trying to remember how to get around it....

If I remember right, you need to kill the process or application associated with the malware... Like I said in my previous post its probably going to be called av.exe or ave.exe. Just look for it in the task manager.

If its not there than its definately running off of a prefetch file and you need to do a search for it, including hidden system files, and delete it (do a file search for all file types, there should be an option to include system files as well, search for ave.exe). After that you should be able to install superantispyware.

Or.... if you want to go an easier route (which may not get rid of the problem completely but may get you a step in the right direction).... MalwareBytes, if I remember right, WILL install under safe mode. Just make sure to do safemode with networking so you can get the latest DAT file.

I can tell you this, its not going to be as easy as running a program to fully get rid of it. You will still have to do some registry cleaning and IF there is a prefetch file, it will keep coming back until you get rid of that.

download this tool ---> http://www.technibble.com/rkill-repair-tool-of-the-week/ run it, then run malwarebytes after updating its definitions.

This is how I fixed a friends computer with the same problem

step by step guide can be found at http://www.bleepingcomputer.com/

It sounds like you got Fake Alert, also known as "Anti Virus 2010"

Does the alert look something like this?

Thanks for the detailed response. Because I had read this I knew what a friend was talking about when she was screaming that her computer went nuts. :lol

She wasn't too smart, not only did she click it but she paid them. :lol

Anyway, thanks to this thread I was able to help. Appreciate everyone's knowledge. :tu

Thanks for the detailed response. Because I had read this I knew what a friend was talking about when she was screaming that her computer went nuts. :lol

She wasn't too smart, not only did she click it but she paid them. :lol


:lmao:lmao:lmao:lmao

Do a system restore. Use MSE.
Just google search it.

:lmao:lmao:lmao:lmao

:lol It gets better. It told her the payment didn't go through and she entered her credit card info a second time.

Maybe try safe mode.

Thanks! Looks like it is working fine now. :tu

This thread needs to be pinned and enshrined in gold.

I fucking hate this shit, as my wife clicked on one of these things once. GRRRRR.

If I ever find the jackasses who wrote these viruses, I would set aside my normal ethical stances against beating another human being to a bloody pulp.

:lol It gets better. It told her the payment didn't go through and she entered her credit card info a second time.

Ouch

I had that same shit about 2 weeks ago and I got rid of it with the malware malbytes link someone posted above me

im gettin it fkn now, this is fkn bs

download this tool ---> http://www.technibble.com/rkill-repair-tool-of-the-week/ run it, then run malwarebytes after updating its definitions.

This is how I fixed a friends computer with the same problem

step by step guide can be found at http://www.bleepingcomputer.com/

ok i get it now, all rkill does is gets rid of the process app, so you can run the malware program to remove the malware in safemode...cause without the rkill stopping the process whatever program u use trying to detect and remove wont allow it....