My coworker told me had the Windows Restore virus pop up on his laptop and he searched some forums and downloaded StopZilla to remove the virus. He then told me that it had worked but now everything was all 'jacked' up and he was having audio advertisements playing in the background. The definition of jacked up is that the virus or something else had set all folders on the hard drive to hidden.
I did some looking on the web because I had never heard of stopzilla and came across mixed reviews for it. He brought me the laptop so I could look at it and see what was all happening. The Windows Restore virus seems to have been removed and after reading some of the bad reviews of Stopzilla (and considering that WoT for firefox had its website listed as RED) I also removed it.
I then installed and updated Malwarebytes and CCleaner. Ran CCleaner and rebooted the system. I started it again a second time but this time into safe mode so I could let MWB do its thing without any possible background interference. After doing a quick scan it came up with 3 infections. A trojan.fakealert and 2 registry infections that I can't remember off the top of my head, they did affect the windows security center and AV from operating.
After having MWB fix those issues and starting into normal operations I was able to restore settings for the Windows Security Center. BUT after a couple of minutes the audio advertisements began playing again. Movie trailers, hair care products etc.
What necessary steps/info do I need to do or provide so that I may remove this nuisance from my coworkers laptop.
Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.
Then post your DDS and GMER logs as a reply to this topic. Once you have done that I will remove my reply and consolidate the posts so that you retain your correct place in the queue.
If you can produce at least some of the logs, then please explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
I have ran into a couple complications while trying to run the DDS.SCR file.
First the file extention .scr is also used by autocad which is installed on the laptop and is preventing the program from starting up properly. I tried to right-click and do a open as but that option wasn't available.
Then shortly after I tried to get the DDS file to run I got a surprise visit from 'XP Total Security 2011' which I know is fake and a trojan. I tried to run MWB again while in safe-mode but this time it found nothing. It has hijacked the laptop now and is preventing firefox and AVG from running. Only IE will run but it's home page was getting redirected to many different search engines.
If I am able to get the DDS or GMER to run I will post up their logs for your review.
EDIT: Posts merged. Don't worry about the logs for now. When one of our helpers gets to your topic they will know what to do. ~Budapest
Edited by Budapest, 20 April 2011 - 07:22 PM.