Results 1 to 10 of 10
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Manchester, MO USA
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    How to get rid of Windows 7 Antivirus Pro 2013

    I have picked up the malware/scareware above and can't figure out how to get rid of it. It is filling my screen with bogus warnings and is blocking access to my security apps. Have been trying to find a fix but all I get from the usual search locations is offers to fix it IF I buy thier SW. Now it seems to have attacked MS Office and I can't open any of the MS apps. Help please!

  2. Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,278
    Thanks
    130
    Thanked 1,153 Times in 1,062 Posts
    Here are full detailed instructions on how to get rid of it:

    http://www.bleepingcomputer.com/viru...virus-pro-2013

  4. #3
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 930 Times in 851 Posts
    Once you have cleared this, the best way to avoid these things is to use the Task Manager (Ctrl+Alt+Del) to end the task. Quite often the purveyors of this garbage reprogram the Rex X to start the installation rather than close the pop up.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  5. #4
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    I've found that running from Safe mode with networking while infected with these Trojan Dropper infections can lead to deeper embedding of the infection. My normal solution is to boot into Safe Mode without networking, run a System Restore to a time before the infection and reboot back into Safe Mode without networking to complete the restore. Once completed, boot into normal mode, download Malware Bytes, update and run a full scan.

    Also consider using Autoruns to look for traces of the infection after the restore.

    Finally, consider enabling adblocking tools to the browser. Many of these infections get in through poisoned malvertising, so update Flash Player and Java if you have it installed.

    The cleanup on some of these scarware infections is getting increasingly difficult. I have a machine on the bench just now that not only set the hidden attribute on all the user's documents but also deleted all restore points and removed the registry keys for the Windows Firewall. Although the user's data is back safe and sound, the system security is trashed and I'm unable to safely rebuild the registry. I can feel an OS re-installation looming. Not a happy place to be...
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  6. #5
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Slough, Berkshire UK
    Posts
    917
    Thanks
    51
    Thanked 52 Times in 50 Posts
    If you have been making regular image backups (you have haven't you? ), Then puttting the repair disk from whatever software you used to do the image (if windows image backup use the windows boot disk to get to repair and restore). Then do a complete restore from an image before you got infected. If not sure which one is definitely before then choose an image from before that time. Make sure it formats the drive to restore to so as to be more sure of removal of malware. You may have to re-install anything you have done after the backup date but will be quicker than the only other option of a completely clean install.
    (In my opinion the only true way to get rid of nasties).
    Clive

    All typing errors are my own work and subject to patents pending. Except errors by the spell checker. And that has its own patients.

  7. #6
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 930 Times in 851 Posts
    I have to agree with Clive, the format, then restoration from an Image will definitely remove the malware, assuming the Image was created before the infection happened.

    Using Acronis Rescue disk to restore, the partition (disk) is formatted then the Image restored. That is the default procedure. I suspect it may be default with other Imaging apps as well.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  8. #7
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Marietta, Georgia, USA
    Posts
    235
    Thanks
    4
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Tinto Tech View Post
    The cleanup on some of these scarware infections is getting increasingly difficult. I have a machine on the bench just now that not only set the hidden attribute on all the user's documents but also deleted all restore points and removed the registry keys for the Windows Firewall. Although the user's data is back safe and sound, the system security is trashed and I'm unable to safely rebuild the registry. I can feel an OS re-installation looming. Not a happy place to be...
    All I can say is WOW - that is a really nasty program. What will the malware writers think of NEXT??
    Rick Groszkiewicz
    Life is too short to drink bad wine (or bad coffee!)

  9. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Canton, Ohio, USA
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts

    FBI Virus

    I had a customer of mine, call me and he said that he got an FBI warning and locked out his computer and said he had to pay $200.00 to unlock his machine. I knew it was a scam, and took his comupter, and hooked his hard drive up to my computer through a USB adaptor, and did a scan. Got all kinds of hits, which Avast put in the chest. This computer would not even boot into Safe mode. CTRL-ALT-DEL was locked out, and the only thing I could get into was Safe Mode with CMD prompt which did me little good. I told him I would have to do a complete install, but was able to save his personal files off the drive before I did so. He didn't want to do the complete reinstall, and took it to someone else that he thought could fix it, and the other guy ended doing a complete reinstall. That was the worst virus I have seen. Too bad we can't find these guys that write this stuff, and have a lynching on prime time TV in public square. NO trial, NO laywers, just a straight trip to the noose.
    Denny in Waco Ohio

  10. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    Manchester, MO USA
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks a bunch! That did it. Reason #23987 for frequenting The Lounge.

  11. #10
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,306
    Thanks
    138
    Thanked 113 Times in 97 Posts
    Bottom line on prevention of future attacks:

    (1) make regular image backups with a program which can restore from a bootable rescue disk, and set your BIOS so that this disk can boot before Windows.

    (2) Have ready up to date copies of Windows Defender Offline, and maybe two portable antimalware scanners with current definitions, or have a clean computer available to download newer versions when needed.

    (3) protect your browser with ad blockers and possibly script blockers. Flash and javascript (unrelated to Java Runtimes) are particularly vulnerable.

    (4) periodically scan for outdated software, using something like Secunia PSI or Secunia OSI scanners. Look for every location where plugins or runtimes may need to be updated, and for each user.

    (5) don't click on just anything which looks security-related, especially if it's somehow different from your familiar security alerts.

    (6) know how to repair and restore your OS in case things really go wrong. Have product keys in a location where you can find them for reactivation.

    (7) a good firewall in your router, plus a good DNS Service, can sometimes help defend against these sorts of infections.

    Personally, I use Macrium Reflect's WinPE Rescue CDs for restorations. This way, if you have in any way resized or relocated the partition to be restored, or if you are restoring to a new hard drive, the restoration can proceed normally. Acronis True Image Home is also good at these things, but many other backup and recovery programs are not so good, as they rely on Linux based rescue environments.

    Painful as it is to recover from a system rollback using an older system image archive, it sure beats a full-scale rebuild from essentially bare metal.
    Last edited by bobprimak; 2012-11-08 at 11:03.
    -- Bob Primak --

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •