Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Scanner Virus >_<


  • Please log in to reply
7 replies to this topic

#1 Maaaaak

Maaaaak

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 20 December 2009 - 01:14 AM

Hello all, I just got the worst virus that I've ever had on my computer, it was a fake scanner claiming that my computer was infected and that I needed to buy some bogus software to get rid of it, I believe it was disguised as WinGuard. I ran Malwarebytes and Avira, it detected some trojans and got rid of them, but the registry is still messed up so that I cannot access the internet through a browser or anything. I opened cmdprompt and was able to ping google.com, and tracert it as well. I tried the WinSock XP 1.2 fix and it didnt bring back my internet connectivity.

Ive had a similar virus before, and my solution was to partition the drive and install xp again, now its back (or a newer version of it) and id rather not reinstall xp.

Ive got WinXP Pro SP3.

Where should I start?! This thing is pissing me off so bad!

Any help is MUCH appreciated!!

Thanks!

-Mike

BC AdBot (Login to Remove)

 


#2 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:09:15 PM

Posted 20 December 2009 - 08:21 AM

Download and run the following files

Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif

and then run malwarebytes and spybot search and destroy
Microsoft Certified Desktop Support Technician

#3 rhino1366

rhino1366

  • Banned
  • 524 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 20 December 2009 - 08:24 AM

Hi Mike. Let me welcome you to BleepingComputer Forums.

Piriform's CCleaner has a built in registry cleaner with some good reviews, but results must be analized, before cleaning... CCleaner

Hope, this'll help to you.
rhino1366

P.S. Remember - there's no completely / on 100% safe registry cleaners out there... so, the results must be analized (look for a problem group).

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:15 PM

Posted 20 December 2009 - 10:42 AM

I am moving this topic from the XP forum to the Am I Infected forum for you.

~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Maaaaak

Maaaaak
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 20 December 2009 - 05:40 PM

Download and run the following files

Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif

and then run malwarebytes and spybot search and destroy


I started to download those files, and the Rkill.pif was flagged as a virus, based on heuristics, should I proceed anyways?

Also, I downloaded CCleaner, ran it, it found a bunch of objects and removed them, however I still have no connection to the internet, I think something in the registry is still messed up quite a bit. Any more ideas for getting the internet back? The software seems to be gone for the virus, at least it appears that way, so I'm guessing its going to be the registry.

I looked for a pattern, it was mostly a bunch of missing dll's and a few other things (found 59 total), is there a way I can copy and paste what it found, I closed the window and I'm looking for a log, though I cannot find it. I backed up the registry information though when I had CCleaner fix everything.

Thanks for the help so far!

-Mike

#6 spotts5

spotts5

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 21 December 2009 - 05:26 AM

I had the same problem where I tried to start R Kill and it didn't work. the malware then appeared yo infect the R Kill app.
What worked for me was mto delete the R Kill app, download it again from a clean computer and put it back on the desktop. I found from other threads that the malware doesn't start for about 2 minutes when the computer starts up so I rebooted and started R Kill as soon as possible while the computer was booting up as other applications were starting, this worked for me. I then ran mbam.
My internet was also down showing no connections, I run from a network with Lan settings, when i compared these by going to IExplorer - tools - options - connections - Lan settings - proxy server - advanced - there was a proxy address in there which I deleted. Windows gives a warning message that this prevents access to the internet but mine worked

#7 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:09:15 PM

Posted 21 December 2009 - 07:36 AM

So in Start ->control panel -> Network Connections -> there was no LAN ?
Microsoft Certified Desktop Support Technician

#8 spotts5

spotts5

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 21 December 2009 - 11:20 AM

So in Start ->control panel -> Network Connections -> there was no LAN ?

My IExplorer page came up with no connection to internet so I went from there to tools options on the IExplorer page




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users