Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security 2010 virus


  • Please log in to reply
2 replies to this topic

#1 Kayten

Kayten

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 27 January 2010 - 10:52 PM

I know for a fact that I have this virus, and several places online have referred to the tutorial on this website for getting rid of it. I had already downloaded malwarebytes before finding this site and ran it for over an hour before realizing the specific instructions in the tutorial.

I uninstalled the program and started from scratch. However, when I got to the part about having to re-download one of the executables of malwarebytes' program that the infection destroys, I wasn't able to save it in the malwarebytes folder as instructed. I tried saving it in a different folder and double clicking it to see if that would work, but it did not.

At the moment I'm running malwarebytes as it came, without that step in the tutorial. There's an annoying little popup box from the virus on the bottom right of my screen and at this point I'm so confused, I don't know whether to get rid of it or let it stay there while my computer is scanned.

Can anyone help me out?

Oh, and I noticed when I go into 'my computer' there's a bunch of letters and numbers before the (C:) where you click to view the c drive ... I may not be terribly good at these things, but I know those were never there before. I'm wondering what that is, and if it is related to my not being able to save that additional .exe for the malwarebytes program.

Again, any help is appreciated. I'm just sitting here ... I can respond instantly.

BC AdBot (Login to Remove)

 


#2 Kayten

Kayten
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 27 January 2010 - 11:11 PM

Also, malwarebytes has been on run #2 now (#1 was aborted when I found the tutorial on this website and started my mission from scratch) and so far it hasn't found anything - again. Considering I've heard such positive things about this program, I'm frustrated - and still concerned it's not going to work until I find out how to get that one .exe the tutorial insists the infection destroyed from the get-go.

I don't know whether or not to try to download a new anti virus or any other kind of program ... at this point, I feel like anything I do will be a waste of time because the virus will inhibit anything I try to download.

Help?

#3 Upsdrvr

Upsdrvr

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 28 January 2010 - 12:35 AM

This may not be the same virus but sounds similar to Antivirus 2010. I've dealt w/ Antivirus 2010 on a couple PCs over the last week. It appears to be profile specific, it drops a folder w/ an executable at C:\documents and settings\(username)\local settings\application data. the folder usually has a name that looks like a random string of letters. You will not be able to delete it if you are logged in under the infected profile.

Login under a different username and IMMEDIATELY go to Start->Run and enter msconfig. If you don't act quickly the popups will start under the new login profile and disable executables. Once in msconfig, go to the startup tab and look for anything being called from C:\documents and settings\(username)\local settings\application data\(unusual folder name). Notate the last folder name in the string. Uncheck the box next to that item. If you see any check boxes checked followed by a blank path, uncheck those too.

Reboot and go to the C:\documents.........\application folder and delete the folder that was listed under msconfig.

Go to www.malwarebytes.org, download and install the latest version. Update when prompted and run a full scan. When scan completes, click Show Infected Items, and then click Delete Selected Items. If you get a prompt that registry editing is blocked and asking if ok to enable editing, click yes. Reboot when prompted.

Once rebooted, try to browse the web. If you get Page Cannot Be Displayed error, in IE click Tools->Internet Options->Connection Settings tab->LAN Connections buttons. If the Use a Proxy box is checked in the bottom half of the window, click the Advanced button. AV2010 usually drops a proxy in to localhost or 127.0.0.1 (same thing) on port 5555. Clear these entries. If prompted that you are disabling the proxy connection, click ok. Click ok on all open windows and try to browse again. CAUTION: Some software packages such as parental control packages may set a proxy. If you remove any proxy settings notate the proxy location and port before deleting. If the proxy was set for a valid program yo umay need to re-enter it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users