I'll try to give as much as detail as possible while trying to make sense:
I have a laptop with a fake antivirus that restricts use of most applications namely those with .exe extensions (but it allows IE) and infected the laptop when the User accidentally clicked on an add when watching a movie online. It brings up a window that runs a scan and is called "Antivirus Scan Protecting Every Second." When trying to run IE, I get a warning that disallows access. Most of this is described in http://forums.malwarebytes.org/index.php?showtopic=71899&hl=fake+antivirus
. However the instructions on it basically ask for the log files. I do not want to install ten different programs just for their lo, so I tried to resolve the issue on my own:
I first tried to run the taskmanager but the fake antivirus wouldn't allow me. So I tried a hard reboot (holding the power button for several seconds)and booted it in safe mode. I deleted all programs in the startup folder and I ran a full system scan with both Microsoft Security Essentials and MalwareBytes. Neither of these reported any infected files.
I restarted the computer with a normal boot and clicked ctrl + shift + esc rapidly before the virus could start. It worked and I searched through the processes and found a process that I haven't heard before called nactbyjuerb ( i think its called nact and Juerb is the creator). Before ending the process I right clicked on it to find its properties and found it was an application in AppData\Local\Temp\fvndyfba and called as nactbyjuerb.exe. When I terminated the process the annoying scan stopped and I gained control over the laptop, however I found that the internet wouldn't work (it would just redirect you to a page that disallowed access and said "...visiting this website may harm your computer!" and tried to redirect you to http://protectep.com/shop?abc=cGdpZD04JnI9NzguMg==
that tried to sell you some malicious antivirus removal software). I found the proxy settings was set to the http: IP adress 127.0.0.1 and port 8992 which basically creates a loop back to the computer. I fixed this by disabling the use of a proxy address and enabled the automatic configuration of settings.
Now, here is my concern, if I delete nactbyjuerb.exe file or even the entire \temp\ folder manually, will it get rid of the entire virus and repair all of its damage? I say this because I think a seperate program may have caused the internet messing up while another may have caused the false scans. I also know that everyone warns to not delete the virus for it may infect other files; however, the MWB and MSE did not detect the file( I even right clicked on the application and scanned it separately several times) and the computer seemed to run fine once the process was terminated.
Any help is greatly appreciated.
PS - the laptop has IE8 and Windows Vista Business service pack 2 32 bit.