Help
This post has been edited by Budapest: 15 March 2011 - 12:47 AM
Reason for edit: Moved from Virus, Trojan, Spyware, and Malware Removal Logs and link removed~BP
Page 1 of 1
virus problem
#1
- New Member
-
- Group: Members
- Posts: 2
- Joined: 14-March 11
Posted 15 March 2011 - 12:35 AM
I do not know too much about computers and have been trying to find help. I use my computer for Facebook and email.. here is my problem: big warning is on it saying in Red WARNING! YOUR IN DANGER! YOUR COMPUTER IS INFECTED WITH SPYWARE..ALL YOU DO IN YOUR COMPUTER IS IN YOUR HARD DISK AND ON AND ON...I get a message saying I got Imonster and AvastSve.exe spyware on my PC. I tried running my virus Procter and it wont pick it up. I tried downloading others from internet and it will download but not run them.Please suggest me what i have to do?
Back to top
#2
- Bleepin' Janitor
-
- Group: Global Moderator
- Posts: 25,516
- Joined: 09-July 05
- Gender:Male
- Location:Virginia, USA
Posted 15 March 2011 - 08:29 AM
Please reboot in "safe mode with networking", then download Malwarebytes' Anti-Malware (v1.50.1) and RKill by Grinler, saving them to your desktop.
RKill is available in several versions to include renamed versions in case one does not work, you can try another. As such, you may want to download and save more than one before proceeding.
Reboot normally, then proceed as follows:
-- If you get an alert that RKill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run RKill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that RKill can perform its routine.
-- Some security tools may flag RKill as malware, especially when renamed to iexplore.exe, explorer.exe, winlogon.exe, etc because they have definitions in place that flag certain file names used outside their normal path. If you encounter such an alert when running Rkill, you can safely ignore it and continue to allow the program to run.
Important: Do not reboot your computer until after performing a scan with Malwarebyes'. A scan must be completed immediately after running RKill.
Perform a Quick Scan in normal mode with Malwarebytes' Anti-Malware and follow these instructions. Check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally will prevent Malwarebytes' from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
- Renamed versions if the above do not work:
iExplore.exe Download Link
eXplorer.exe Download Link <- this renamed copy may trigger an alert from MBAM...just ignore it.
WiNlOgOn.exe Download Link
uSeRiNiT.exe Download Link
RKill is available in several versions to include renamed versions in case one does not work, you can try another. As such, you may want to download and save more than one before proceeding.
Reboot normally, then proceed as follows:
- Double-click on the Rkill desktop icon to run the tool.
Vista/Windows 7 users right-click and select Run As Administrator. - A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it still does not work, repeat the process and attempt to use one of the remaining versions until the tool runs.
- Note: You may have to make repeated attempts to use RKill several times before it will run as some malware variants try to block it.
- A log file will be created and saved to the root directory, C:\RKill.log
- Copy and paste the contents of RKill.log in your next reply.
-- If you get an alert that RKill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run RKill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that RKill can perform its routine.
-- Some security tools may flag RKill as malware, especially when renamed to iexplore.exe, explorer.exe, winlogon.exe, etc because they have definitions in place that flag certain file names used outside their normal path. If you encounter such an alert when running Rkill, you can safely ignore it and continue to allow the program to run.
Important: Do not reboot your computer until after performing a scan with Malwarebyes'. A scan must be completed immediately after running RKill.
Perform a Quick Scan in normal mode with Malwarebytes' Anti-Malware and follow these instructions. Check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally will prevent Malwarebytes' from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
Microsoft MVP - Consumer Security 2007-2012 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Share this topic:
Page 1 of 1