Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected and do not know what to do


  • Please log in to reply
14 replies to this topic

#1 baisebeige

baisebeige

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 25 September 2010 - 12:38 PM

I am infected with Antivirus 2010. I was using my computer when something just took it over and made me pay $50 to get it back. I got a receipt from a company called webtopbilling.com for this security product. It has made a mess out of everything. Sometimes my browser will become uninstalled. Today my computer refuses to turn off. It will disconnect anything like real security. It disables firewalls. It stops any scan.

I have an aspire one netbook that is made by a company called acer and has windows7 installed in it. I got it so I could open a shop on etsy.com and market myself via social networking. I don't really know what you are calling an application??????????? I have a printer/scanner. I do not play any games. I am a working artist and have only had this since the middle of June. Before that I used the computers at the library.

I had McAfee Antivirus Plus at the time my computer was infected. The company tried to reinstall it yesterday but it failed like everything else. They said they can remove it for money which I have very little of. Should I trust this??? I have to do something because fake warnings are popping in my face while I am typing this.

Today, they refunded my money. I will still file a complaint with my state's Attorney General.

Laura Fisher
baisebeige@gmail.com

BC AdBot (Login to Remove)

 


#2 baisebeige

baisebeige
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 25 September 2010 - 04:05 PM

I discovered that I am able to shut down my comouter if I disconnect it from our wireless network first. How peculiar...

I am really concerned about preparing for help because I get to step 5 about enabling firewalls and I cannot do it with this malware. Any suggestions?

Should I just use a virus removal service I cannot really afford? Which one? I really don't trust McAfee anymore as their product protected me from nothing.

What about a new service after the problem is fixed? Any opinion on microsoft free stuff...I'm on a tight budget that's probably going to get smaller!

Laura Fisher

#3 Darthy

Darthy

    The red side of the Force


  • Members
  • 1,217 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Solar System of Ors
  • Local time:01:18 AM

Posted 25 September 2010 - 08:00 PM

Try to read and follow these steps and tell me something.
http://www.bleepingcomputer.com/virus-remo...irus-vista-2010
Εν οίδα οτι ουδέν οίδα - Socrates
Thanks John

#4 baisebeige

baisebeige
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 26 September 2010 - 06:07 PM

Hi, Darthy!

Thank you so much for replying to my message. I did read the article but I do not think this is the culprit for several reasons:
1. I have not seen any of these names associated with my problem before. Although this infection did prevent me from downloading and or running my McAfee program and Microsoft Security Essentials, I was successful at running a scan with a Mozilla product and I did see some results which I believe were true and not hoaxes. There were about six other problems which were low level threats called adware and one of them in particular, words of life, I recognized as something I had experienced myself recently and didn't know what it was exactly when I was redirected there. I had dismissed that.
2. There was a medium level threat identified by Mozilla which was exactly labeled as
RogueAntispyware.Antivirus2008
I was careful to write that down before deleting the Mozilla tool. It seems like the infection behaved less aggressively when any security product was completely removed. So, that's why I got rid of that. I needed to search the web for info and I was afraid my browser would get stolen again.
3. The article you directed me to said the browser was hijacked which was not exactly my experience. I believe my browser was completely uninstalled for various reasons:
a. The first message I got always said access was denied, no permission to access
b. The second message inquired if I wanted to remove the icon from the screen since the program had been uninstalled
c. The program no longer appeared anywhere on the list of programs in the control panel.
d. Anytime I tried to access a security progam or firewall program on the web, it would take my browser (exception:Mozilla)
It took Explorer, Google Chrome, and Firefox multiple times for each one.
e. I think it was really gone because I could download and install Explorer which Explorer will not let you do if you have any
copy of Explorer. I had to save my second copy as a file which I did.

I used the information from the Mozilla scan to learn more about my problem and my search brought me here. Pretty much everything I read about AntiVirus2008 agrees with what I am calling AntiVirus 2010 which is what my receipt said. I paid for it just to get my computer back because I did not know how to do so otherwise and I was well aware that this was some kind of scam because words were misspelled in the conversation boxes ("imadiately"). I was also pretty aware that my computer was already infected.

The difference between Antivirus2010 and the '08 was the scan id appearance of the product screen- slightly different layout and mine is green not blue. I also never got the blue screen of death whatever that was. I got a black screen with red letters and the only way out was an order form.

I did successfully get my money refunded after sending them a very short and to the point email with those "prosecuted to the full extent of the law" words. :thumbsup: Immediately after receiving the refund my computer has developed the problem of rebooting after shutting down. I have to disconnect my computer from the wireless network, wait at least 30 minutes, shut it down, wait until it reboots and then turn the power off and it will stay off for awhile.

Last night, I unplugged the ac cord to see if it came on at night. The battery had a full charge. When I turned it on this morning, The battery was about 2 1/2 hours low. Hmmmm. The computer program is also behaving differently. I will only get the warning popups when the computer is not connected to the Internet. They do NOT happen when I am online at all! Whew...that was just too annoying. When I pass the mouse over their attractive fake security shield the message is no longer "full active" but has now been altered to "protection is not full active [You need check your PC!, Protection is not active, Internet protection is disabled, Application"
Exactly that!

I also was able to download Microsoft Security Essentials and it did start to scan but it was interrupted and could not be restarted but I did not lose my browser. Also, I was able to turn on Microsoft Defender firewall and I do believe it is still on as I have not received an warning about that. I have found warnings on my screen and in the control panel which I believe are real about needing a virus protection program. I do not think Essentials is working.

I hope this is helpful. Let me know what I should do next!
Laura

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:18 PM

Posted 26 September 2010 - 07:14 PM

These infections change often so let's start with our best tool.


Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Chewy

No. Try not. Do... or do not. There is no try.

#6 baisebeige

baisebeige
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 27 September 2010 - 02:52 PM

Hi, DaChew!

I tried to post this before and the reply vanished before posting and I have been denied access via Explorer and am back via Firefox. I got an error message when installing the malware program:

MBAM_ERROR_UPDATING(120007,0,WinHttpSendRequest)

I selected OK because that was the choice.

I am ready with everything else to start removing the virus.

I have also posted on your Facebook page if I can't get back in.

My email is baisebeige@gmail.com.

Thanks for your help! Please try to get back in touch with me soon!

Laura

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:18 PM

Posted 27 September 2010 - 06:02 PM

We are going to need use of a clean computer and a usb jump drive to attack this infection.

http://download.bleepingcomputer.com/sUBs/...Disinfector.exe

Use this program to immunize the clean computer and the jump drive before exposing either to the infected computer

http://www.bleepingcomputer.com/forums/topic308364.html

RKill might help us here, take your time and read directions carefully
Chewy

No. Try not. Do... or do not. There is no try.

#8 baisebeige

baisebeige
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 27 September 2010 - 08:03 PM

Hello again, DaChew!

Thank you for the new article. I have printed it and will study it. I am, however NOT optimistic about finding another computer and a jump drive in order to perform this operation. I was however able to get someone to download the Malwarebyte's program (and prepare it for use) onto a flash drive. Would it be possible to plug this into my computer and scan it in this way? I do not want to proceed without an expert opinion.

I was able to restore my computer so that I can access this site again via Explorer. The popups have abated again, too!:thumbsup:

I appreciate you help so much! Thank you!
Laura

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:18 PM

Posted 27 September 2010 - 08:10 PM

Please run the disinfector on your friend's computer and flash drive so we don't spread the infection.

http://www.malwarebytes.org/mbam-download-...lone-random.php

A new link has been created to host the randomly named copy of mbam.exe. This is the actual executable to be used when MBAM has been blocked from running by name or is being deleted by name after installation


I would start with this and the manual definition and all the different named copies of RKill
Chewy

No. Try not. Do... or do not. There is no try.

#10 baisebeige

baisebeige
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 27 September 2010 - 08:50 PM

Wow! That was fast... I do appreciate the speedy reply...Thank you so much

This is what I understand and I am counting on you to tell me if I am right or wrong

This new link contains exactly the same program I tried and failed to download today. The difference is that the program has a name that is new and theoretically unrecognizable by the virus. I may be successful in downloading and installing and running this program. Since it is exactly the same, I can follow the same step by step instructions in the original tutorial. I can go ahead and see if this works.(?????)

IF this does NOT work,THEN my friend should erase the program that is already installed on the flash drive. Then my friend should run the program to protect his computer and the device. He can just access this public thread and click on the link to do this. After he runs that program, then he can download the randomly named program. I'm assuming there will be a new random name everytime this program is accessed.(?????) Then I can try to run the program from the device.

Laura

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:18 PM

Posted 28 September 2010 - 12:23 AM

Yes, that's the gist of what needs to be done.
Chewy

No. Try not. Do... or do not. There is no try.

#12 baisebeige

baisebeige
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 29 September 2010 - 05:54 PM

Hi,

I wanted to let you know that I'm still working on it. The download failed but all downloads are failing or not installing properly. Not even Windows updates are installing properly.

I will try the flash drive trick when I find someone to help with that soon. I don't think anyone is going to be eager to move onto the clean computer and jump drive step with me. I will keep asking.

I appreciate your help very much and will keep you updated on my progress.

Thanks!
Laura

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:18 PM

Posted 29 September 2010 - 06:33 PM

Maybe a friend would burn some cd's for you, that's a pretty safe operation, and we could get your computer back on the right track.

I would download and burn the random named MBAM installer and the manual updates and Rkill for starters.
Chewy

No. Try not. Do... or do not. There is no try.

#14 baisebeige

baisebeige
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 29 September 2010 - 06:44 PM

Hi, DaChew!

Thanks again for the quick reply! I have an acer aspire one netbook which is "slotless." I cannot use CD's at all. That would be a great solution if my circumstances were different, though! :thumbsup:

Laura

#15 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:18 PM

Posted 29 September 2010 - 06:55 PM

For using a usb jump drive in windows computers, flash_disinfector only works in XP

Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users