Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake AntiVirus Help Please


  • Please log in to reply
9 replies to this topic

#1 CarwinFan

CarwinFan

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 04 July 2010 - 05:11 AM

So I ended up with a fake antivirus that stops everything from opening and says its infected, it wont let me open up explorer, chrome, or opera. So here is what I have done in order.
Restarted in safe mode and ran malwarebytes which found 4 things and i deleted
Still had the problem
Researched and found out about rkill so I can that and was able to stop the process so I could run things on the computer
Ran malwarebytes in quick scan it found one thing is hasnt been updated since september of last year. Deleted the one thing
Added new install of ad aware and also new dl of malwarebytes but am still unable to connect to the internet after stopping the process so I cant update the programs.
So now I'm running malwarebytes on full scan and about to go to bed to let it run, ive been at this all night and im about to go nuts.

So what can I do? What should I do? Please help I have a ton of nursing things on my computer which I need for school and boards. Thanks in advance

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:24 PM

Posted 04 July 2010 - 04:00 PM

Hello and welcome
Please click Start > Run, type inetcpl.cpl in the runbox and press enter.

Click the Connections tab and click the LAN settings option.

Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.

Now check if the internet is working again.


now run NcAfee FakeAlert Stinger


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 CarwinFan

CarwinFan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 05 July 2010 - 03:53 AM

Alright so I did everything as you said and nothing else was found. I was able to get malwarebytes updated earlier today and ran a full scan, then just did it again along with everything you said and nothing else was found, I'm also able to connect to the internet now. :thumbsup: Thanks SO MUCH. So is my computer clean now? What is recommended for protection against this stuff? This website is a lifesaver

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:24 PM

Posted 05 July 2010 - 12:04 PM

Excellent !!
If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 CarwinFan

CarwinFan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 05 July 2010 - 04:55 PM

Alright so now I have done everything you said create the restore points etc... Now I'm on to protecting my computer from further complications. I've also noticed some delay when starting IE (I'll be switching browsers to Firefox or Opera) So here is what I have going now

I have the AVG Free Anti Virus updated and running, AdAware is also running adwatch live those are the two things running in my active tray. I have went to windows update and everything was up to date. I have malwarebytes, adaware and avg all downloaded. I also ran the Trend online virus scan which found nothing. I also have zonealarm downloaded and will install that as my firewall. So any suggestions on what to have running at all times? Anything I need to add to this? THANKS SO MUCH FOR THE HELP THATS BEEN PROVIDED!!

#6 CarwinFan

CarwinFan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 05 July 2010 - 04:59 PM

Was also wondering how good is Trend Micro PcCillin? I have it but I need to register it and buy but wasnt going to if its not a good product.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:24 PM

Posted 05 July 2010 - 08:20 PM

First you are very welcome!!.
Remember one AV,a couple anispyware tools and one firewall.
I prefer MBAM and Super Antispyware over AdAware.
Trend makes a good product,but I prefer either free AVira or Avast. I use Avira with MBAM and SAS. I also use a tool caleed spywareblaster. I update and scan with all weekly.
These can all be found here if you want to try them.

Freeware Replacements For Common Commercial Apps
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 CarwinFan

CarwinFan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 06 July 2010 - 12:37 AM

Was also going to ask you about the startup, when i go to msconfig i have a ton of things running.

EH TRay
NvCpl
nwiz
rundll32
stsystra
avgtray
pccguide
hpztsb04
qttask
Apple Sync Notifier
Itunes Helper
jusched
Search Protection
GrooveMonitor
reader_Sl
AdomeARM
ctfmon
Yahoo MEssenger
TMAS_OEMon
Search Protection
Google Update
E_S330

Thats it so what is all this stuff? And how do I get it to just be running what needs to be ran unless I open it?

#9 CarwinFan

CarwinFan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 08 July 2010 - 01:34 AM

Also there is a major difference in the speed of my browser now and before. Now everything I click its super slow. Any idea?

#10 chinkymrsettles

chinkymrsettles

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 08 July 2010 - 08:40 AM

some of those are just updaters and apple sync apps. it would be safe to disable anything that says "google updater" or "apple itunes" unless you want them to autorun of course




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users