Results 1 to 14 of 14
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Toledo, Ohio, USA
    Posts
    6
    Thanks
    10
    Thanked 0 Times in 0 Posts

    Virus attack: MSE disabled, Web access disabled

    My wife’s laptop has been affected with a virus.
    The virus disabled MSE, Internet access, and pretty much everything else.
    The machine runs with windows XP. We kept windows updated so I assume it is Service Pack 3 (?).

    How can I get rid of this virus?
    I tried to search in the archives here, but couldn’t find anything helpful. Could you please point me to the right thread if other people have had the same problem?

    I pasted a couple of photos below that show the windows that pop up. One of the photos shows the MSE-castle in red in the tool bar but when I moved my mouse over it the icon disappears.


    Virus 1.jpg
    Virus 2.jpg
    A couple months ago we switched her computer from AVG-free to MSE based on an article from Susan Bradley. Since then, I haven’t been happy with the performance or the upkeep of MSE compared to AVG

    Is “Security & Backups” the right Lounge or should I post this in a different Lounge?

    Your help and tips are greatly appreciated.
    Thank you,
    Martin

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,577
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    It appears you've been infected with one of the most common pieces of malware around now. It most often happens by social engineering. You should download and run the free version of Malwarebytes Antimalware.

    Joe

  3. The Following User Says Thank You to JoeP517 For This Useful Post:

    Mietz (2011-03-02)

  4. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Toledo, Ohio, USA
    Posts
    6
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Joe,
    Thanks for your fast response.
    I did download the program, and it created an icon on the desktop. But that is about all it allows me to do. When I click on it nothing comes up. I tried different routes to get it to launch. I tried other programs, too, like Notepad which comes up for a second and then it is gone.
    Is there anything else I can do? Can I run Malwarebytes from the safe-mode? if so, how does that work?
    Thank you,
    Martin

  5. #4
    Star Lounger
    Join Date
    Dec 2009
    Location
    Eastover, NC, USA
    Posts
    78
    Thanks
    0
    Thanked 6 Times in 6 Posts
    Try renaming Malwarebytes when you download and save it. Click here for instructions.

    JB

  6. The Following User Says Thank You to junebug For This Useful Post:

    Mietz (2011-03-02)

  7. #5
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts

    Lightbulb "Fake/Rogue" program

    Hi : It would have been helpful IF you had told us ALL the names ( other than MSE ) of the security program(s) on the computer . Best info is that the computer has been "infected" by WHAT the security community calls a "Rogue" or "Fake" security program and the "Antivirus software Alert" PopUp is "linked" to a program called "AV Security Suite" . The Bleepingcomputer site has many "Uninstall Guides" since these Rogues come in many different "Favors" and the "Uninstall Guide" for the most likely "suspect" is at http://www.bleepingcomputer.com/viru...security-suite . Please pay particular attention to "Instructions" numbers 2 & 3 to start the "process". IF you are unsuccessful in completely removing the infection, I recommend you seek assistance from an experienced, trained, certified, Volunteer "Malware Removal Specialist" that help on many advanced removal forums. I recommend the One at www.geekstogo.com/forum/forums.html
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

  8. The Following User Says Thank You to SpiritWind For This Useful Post:

    Mietz (2011-03-02)

  9. #6
    Gold Lounger Roderunner's Avatar
    Join Date
    Dec 2009
    Location
    Scotland.
    Posts
    3,462
    Thanks
    16
    Thanked 216 Times in 183 Posts
    Hi Mietz, i suggest you get a clean PC to download SuperAntiSpyware Portable save to a USB sick, plug it in to your PC and do a complete scan in 'Safe Mode'.
    O wad some Power the giftie gie us, to see oursels as ithers see us!

  10. The Following User Says Thank You to Roderunner For This Useful Post:

    Mietz (2011-03-02)

  11. #7
    New Lounger
    Join Date
    Dec 2009
    Location
    Toledo, Ohio, USA
    Posts
    6
    Thanks
    10
    Thanked 0 Times in 0 Posts
    All,
    Thanks for your replies. Very much appreciated!
    Junebug,
    I followed your suggestions and when that didn't work I followed the link's suggestion but without luck.
    Spiritwind,
    I only had MSE installed, so I wasn't sure what you meant and where the program called "AV Security Suite" was coming from. Maybe my wife installed it accidentally, or the cat did (which loves to sit on the keyboard pushing buttons).
    The link to www.bleepingcomputer.com was helpful and I was working through their instructiuons, but with little success (yet), but then I saw the message from
    Roadrunner,
    it was easy, it was fast, it worked! We'll make a donation to the SuperAntiSpyware people. Thank you! Thank you! Thank you!
    ----------------------------------------------------
    ----------------------------------------------------
    Is the machine clean now?
    I'm currently running a Malwarebytes scan. I will run a MSE scan afterwards (before I replace MSE with AVG). Is there anything else I need to do?
    I am not sure how to make a switch from MSE to AVG. I mean: what is the correct order of installing or uninstalling. But I believe that needs to asked in a new thread since my original problem is solved, right?

  12. #8
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Mietz,

    Probably booting the PC in safe mode with networking would stop the malware from running and you could run Malwarebytes. With these types of malware, it's very frequent that they don't get loaded in safe mode, so safe mode with networking gives you the possibility of downloading whatever tool may be needed to perform the cleaning job.

  13. #9
    Silver Lounger
    Join Date
    Apr 2010
    Location
    Montréal
    Posts
    1,795
    Thanks
    33
    Thanked 52 Times in 51 Posts
    Rhumrunner, hello.

    Thanks for the link on this anti-spyware. It looks quite good. I have donated too. JP.

  14. #10
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts

    Computer "clean", etc ?

    Hi Mietz : Difficult to say IF the computer is "clean" !? For a Top Expert opinion on that subject, I recommend you go to that GeeksToGo site I previously mentioned, then read the info in their "Malware and Spyware Cleaning Guide" . By "registering" there and post- ing a "log" of the OTL program, someone will take a look and let you know IF they spot anything that should be "fixed" . As to switching antivirus programs, I recommend the following procedure : 1) DOWNLOAD ( But do NOT "install" ) the new antivirus program 2) Follow the Instructions at http://support.microsoft.com/kb/2435760 3) Assuming everything goes fine, go off the internet and "Install" the new antivirus program
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

  15. The Following User Says Thank You to SpiritWind For This Useful Post:

    Mietz (2011-03-26)

  16. #11
    New Lounger
    Join Date
    Dec 2009
    Location
    Toledo, Ohio, USA
    Posts
    6
    Thanks
    10
    Thanked 0 Times in 0 Posts
    SpiritWind,
    Thanks for your reply.
    Computer clean: I ran know 3 scans: MSE, Malewarebytes and SuperAntiSpyware Portable . And all came up clean, so I hoped I'd be in the clear.

    MSE uninstall: They recommend that I verify that I cannot uninstall MSE by using Add or Remove Programs first. If that fails, it looks like plenty of work. I need to give it a think.
    Maybe I buy MalewarebytesPro and let it run next to MSE.

  17. #12
    Gold Lounger Roderunner's Avatar
    Join Date
    Dec 2009
    Location
    Scotland.
    Posts
    3,462
    Thanks
    16
    Thanked 216 Times in 183 Posts
    Quote Originally Posted by Mietz View Post
    Maybe I buy MalewarebytesPro and let it run next to MSE.
    Do not use 2 programs that do the same job.
    O wad some Power the giftie gie us, to see oursels as ithers see us!

  18. The Following User Says Thank You to Roderunner For This Useful Post:

    Mietz (2011-03-10)

  19. #13
    New Lounger
    Join Date
    Feb 2011
    Posts
    9
    Thanks
    0
    Thanked 4 Times in 3 Posts
    Like ruirib said, try scanning with your current programs (MSE, MBAM, etc) in Safe Mode. To do this, tap an F Key on your keyboard as the computer is booting up. (Tap means to press down for a second, release for a second, continue until PC boots up) If it just boots normally, try again, tapping earlier than before. Eventually you'll get to a screen and click on Start in Safe Mode. You can google - "F key boot safe mode Dell" (or HP, Sony, whichever brand)...that should tell you the right F key. Booting in safe mode allows you to remove it before it can activate and hide (and maybe stop disabling your security programs).

    --If above doesn't work (or want to do this 1st), download the Avira Rescue CD from http://www.avira.com/en/support-down...-rescue-system. DL the .iso file and burn it to CD. Then make sure the boot sequence is set to CD 1st. You can try it first with the Avira CD inserted to see if it is. If it boots normally its not -- here's Dell's directions to Change the Startup Order. Set it to CD 1st, Hard Drive 2nd, anything else 3rd and 4th, then save and exit. You can also Google your brand's instructions for directions. Its not hard at all.

    DELL - Changing Boot Sequence for the Current Boot
    You can use this feature, for example, to restart your computer from a USB device, such as a floppy drive, memory key, or CD-RW drive.

    Turn on (or restart) your computer.

    When F2 = Setup, F12 = Boot Menu appears in the upper-right corner of the screen, press <F12>.

    If you wait too long and the operating system logo appears, continue to wait until you see the Microsoft Windows desktop. Then shut down your computer and try again.

    The Boot Device Menu appears, listing all available boot devices. Each device has a number next to it.

    At the bottom of the menu, enter the number of the device that is to be used for the current boot only.

    So...when its set, just put the CD in and reboot and Avira will give instructions. Avira always has some of the best detection rates, so its a good one to use!
    Last edited by skp14; 2011-03-03 at 16:40.

  20. The Following User Says Thank You to skp14 For This Useful Post:

    Mietz (2011-03-10)

  21. #14
    New Lounger
    Join Date
    Dec 2009
    Location
    Toledo, Ohio, USA
    Posts
    6
    Thanks
    10
    Thanked 0 Times in 0 Posts
    skp14
    Thanks for your reply!
    As mentioned earlier, Roderunner fixed my problem with SuperAntiSpyware Portable. An amazing software: I have never seen anything that is effective, fast, and easy to use, all at the same time.
    Last edited by Mietz; 2011-03-10 at 09:38.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •