Help
First let me thanks the guys at Bleepingcomputer for making a good article for removal of the trash:
http://www.bleepingcomputer.com/virus-removal/remove-vista-antispyware-2012
I was infected by Vista7 Antispyware 2012
And got a popup of this Fake program telling me after a scan i had so many viruses
It then Locked down my .exe file extension so i could not run any .exe files
Now i was worried this was like Virut Virus i had some years ago which made all my .exe file useless having to format PC
I rebooted pc in both safe and normal mode but could now not get kaspersky antivirus to run
could not run malwarebytes or hijackthis
All Exe files seem to be Locked somehow
after a while i was able to find out some programs that run in background:
bmy.exe (microsoft adress book import tool)
unsecapp.exe
WMDCBASE.exe
mrwmceasox.exe
most of this programs was found in:
c:/users/usuario/appdata/local/temp/
On my Windows 7 64 bits
Fortunaly i came across the Bleepingcomputer article and proceeded to Fix the .exe file
downloading the program on another pc and using a pendrive to transfer the fix to the infected pc
After run this amazing program .Exe file are working
I could get Kaspersky up and running and it quickly detected mrwmceasox.exe saying it was a HEUR:trojan.win32.generic
Now i am following the instruction on this site
What i done so far and right now Are scanning my pc with Kaspersky Internet security 2011
and Malwarebytes
What I do with antivirus is right-click each folder one by one (if big one)
and scan it separatly so it dont take so long time, starting with Users,temp and windows folder
This is because most of the time viruses are limited to the Users,temporary and windows folder only
(i will however do a full scan after,this metod here used is to quickly find traced of the virus if there is more left)
As for bmy.exe i quickly realized this was the first generic name of win7 antispyware 2012
So i manual removed it to trash and plugged out internet and proceeded with the automatic removal of the rest
I will report back with the results of the scan.
As for Rkill I am not sure if i Used this program good
for every file it scanned I get a Firewall warning from kaspersky
I guess it was nesesary to Acept the file so i clicked yes temporary for all files
I had to run this program several times since it closes by itself many times
So not sure if Rkill has done what it should
the .txt logs didnt show anything suspect atleast
I also used TDSSKiller and it didnt found anything
Right now scanning with malwarebytes and Kaspersky internet security 2011 (both at the same time, I have fast powerful pc)
So question is
Anything else i should check for now?
I highly apreciate your help on this matter
And i was so glad for the Removal kit help that i decided to register on this forum
and ask here about any futher help
This post has been edited by Angelos: 20 January 2012 - 03:31 PM
Back to top
