I'll try to make this as clear as possible:
The day before yesterday, my wife as working on her laptop. She clicked on an Internet link to a MySpace site and suddenly her computer was hijacked by a virus posing as an Internet security scan by "Antivirus Pro", which not only began running a false scan, but continually posted pop-ups saying that one file after another was infected and could not be used, and also began opening a porn Web page. Obviously, my wife freaked out and started yelling to me for help.
My wife was just recently given this laptop as a hand-me-down from her father, so I wasn't really sure what AV program she had on it and neither was she. I knew she had downloaded Malwarebytes before, so I tried to run that, but at first the virus wouldn't let me. However, after several false starts, Malwarebytes finally ran a quick scan, but came up clean. I then ran the Malwarebytes full scan, but with the same results.
Next, I went online to try to run a free ESET scan
, and it was at this time that I realized her computer already had a paid subscription to ESET Antivirus through December, and ESET was active. However, it had not caught this virus! Even thought ESET said it was current and updated, I ran a full ESET scan anyway, but again, it came up clean.
All the while, I had to keep "X"ing out of pop-up after pop-up from the virus, each one either advising me of another file that was corrupt or telling me my computer was in danger and did I want to "activate my antivirus software".
Since neither Malwarebytes nor ESET had worked, I deleted the ESET
so that I could download and run other Anti-virus/Spyware software.
As soon as ESET was deleted
, Windows Defender
(another program I didn't even know was installed) popped up saying it had found a Trojan
that was some sort of fake anti-spyware program and did I want to remove it. I said yes, and a few moments later, the virus stopped.
Breathing a big sigh of relief, I opened Windows Defender and checked all its settings, maximizing them (I thought) to continue protecting her computer in the best way possible. But when I went to update it, I suddenly ran into another unforeseen problem: A notice came up saying that Windows was unable to update itself.
When I searched to see how to resolve THIS problem, I couldn't find anything that didn't involve rebooting with the original Windows Vista DVD
(which we do not have, and I'm not sure even her father has; either way, he lives over a thousand miles away).
Back to square one, I decided to reboot her computer and make sure the virus really was gone. I rebooted and guess what...the virus came up again immediately. However, after several minutes of battling the pop-ups, Windows Defender came up once more and I was able to stop the virus.
Next, I downloaded SpybotSD and ran a scan; results came up clean.
I deleted SpybotSD and downloaded Spyware Terminator.
This time I was encouraged when it returned with 2 infections, one a Trojan and the other in my Startup. I told it to remove both, which it said it did successfully. I then enabled all Spyware Terminator's features, including real-time protection for browser settings and their ClamAV for additional virus protection. Her computer was now running smoothly and I was satisfied I had solved the problem. However, when I rebooted...yup, you guessed it...the virus was back, and only got caught by Windows Defender. When I went back into Spyware Terminator, its real-time protection was turned off as well as its anti-virus function.
Finally, feeling thoroughly defeated, I decided to turn to you folks at BleepingComputer, since you had helped me with a similar hijack issue on my own computer just days ago.
So, I logged on and went to Windows Vista
, where I followed these links: BleepingComputer.com
> HijackThis Logs and Virus/Trojan/Spyware/Malware RemovalNOTE: MY COMPUTER'S OPERATING SYSTEM IS XP, BUT MY WIFE'S IS VISTA.
At that point, I started following the Preparation Guide for use before posting about your potential Malware problem
by "Grinler".EVERYTHING WENT FINE UNTIL I GOT TO STEP 7: Create a RootRepeal LogAt the point where it said: "You will now see the main RootRepeal window. Click on the Report tab as designated by the blue arrow in Figure 11 below. Once you are in the Report screen, click on the Scan button as designated by the red arrow in Figure 11 below."
I messed up! I accidentally clicked on Scan, which ran some sort of scan and came up with a report. Knowing that I had erred, I decided to start over again, so I clicked on the "X" at the top.
Suddenly, a window opened up saying that Windows Explorer had shut down and was trying to start up again. Momentarily, my screen flashed and everything went away. When it came back my desktop background was there, along with the virus pop-ups and the same Windows Explorer warning, but all my other task bars and icons were gone.
I had no control over anything, so I pressed Control+Alt+Delete and opened up the Task Manager. From there, I shut down the computer.
Next, I rebooted into Safe Mode and did a System Restore back to an earlier restore point,before the virus. The system restore was successful, but after Windows finished rebooting, the virus was back again, and so was the Windows Explorer cycling.
At this point, I just shut her computer down and have left it alone until I could get help from you. PLEASE tell me there is an online solution to these problems!
I am communicating with you from my computer.