Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fast Acting Malware/Adware


  • Please log in to reply
1 reply to this topic

#1 pcvulkan

pcvulkan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Plattsburgh, NY
  • Local time:11:34 AM

Posted 02 May 2010 - 12:53 PM

I have Vista Home Basic on my PC and it doesn't have a 'start in safe mode' option as the older one with XP does. That probably would allow me to check out my options one at a time during the restart.

Now I can barely get into Windows Defender, Spybot, Norton AV, Task Mgr or msconfig to begin to look for anything that is being directed to AV-Force.net and calls itself Antispyware Soft the AV program that they are trying to sell from a reported unsafe website.

As the PC goes through start up, it quickly affects and stops almost all programs that try to run saying that they are infected. I cannot even see how they passed the spyware, AV program and other steps to even get the program going on the PC so rapidly in the first place.

I just tried to download the defogger program and it downloaded to the PC, but when going to run it -- it says it is infected and stops it just as I am about to hit the disable button.

I could use any help in getting this cleaned out -I've been trying differentthing for almost 6 hours between last night and mid-morning to day. Theyn I found this web-site by Googling Ad-Force Infected PC.

If you have any ideas, please post them here, but if you could also send me an e-mail to pcvulkan at yahoo c com - I would probably get that faster.
I am just heading out to get something to eat and get some groceries, but will leave the browser up and on the site. Please contact me if you need any other information.

Thanks,
Pat

BC AdBot (Login to Remove)

 


#2 pcvulkan

pcvulkan
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Plattsburgh, NY
  • Local time:11:34 AM

Posted 02 May 2010 - 09:25 PM

After hours of working on this today and the site going down I was finally able to remove the exe file.

It was hidden in the AppData - Local - mcwmaqmh folder as ndboieltssd.exe. Norton finally found it but wasn't able to quarantine or delete it, but did show it was a fake virus file from AD-Force,net who is trying to sell the Antivirus Soft program to delete it.
It was written in such a way that it quickly blocked most programs, system restore, Malware/Adware and other programs
Somehow I figured that since it was so fast when I tried to delete the file, but it called for authorization to continue and blocked it. I kept restarting the PC and trying different things and was finally able to put it out of the file to the desktop - but still wouldn't delete it. Tried pulling it into the recycle bin but quickly stopped that too - kept after it and was finally able to drag it into the recycle bin - emptied the bin (and file).
Kept restarting the PC through all these attempts until it got it to delete. When it was gone went through complete Norton AV scan, Windows Defender, Spybot and Registry Mechanic. Seems to be gone now, but I even tried to compress it into an e-mail to send back to AV-Force.net --- now that would have been poetic justice.

Pat




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users