Earlier today I clicked on some link and my computer got infected with the Windows Vista Repair trojan. It threw me at first - I thought my computer really was crashing and I was prepared to buy the 'advanced module repair' program it says you need. But then I got on a second computer and did some research, and discovered (to my embarrasment) that it is a scam. My research brought me to this website, and to these forums. I'm hoping someone here can help me.
I tried to follow all of the instructions from this removal guide: http://www.bleepingcomputer.com/virus-removal/remove-windows-vista-repair.
I have not been successful.
I have not been able to download RKill. I've tried and tried
. Using a second computer, I tried saving it to a USB thumbdrive to open on the infected computer. When I open the thumbdrive folder the RKill files are automatically deleted with an error message that says it is "not a valid Win32 program." I've tried burning it on to a CD and then opening it on the infected computer, but that won't work either. I've tried emailing the file to myself, and then downloading that on to my desktop. It will not save, with an error message saying "due to an unknown error" it's not able to be saved. I've tried downloading all of the variations on the download page (http://www.bleepingcomputer.com/download/anti-virus/rkill
), but none of them work. I was able to save the screensaver version (rkill.scr), but nothing happens when I open it. It's like the malware "knows" I am trying to download/save the Rkill file, and it stops that from happening.
able to download the Malwarebyte's Anti-Malware program on to the infected computer, and I ran the full scan. It found seven trojan files, which I deleted. However, it seems the trojans are not entirely gone since I cannot download RKill.
One of the problems that this trojan is causing is that when I try to click on a website it redirects me to a commercial/advertising site. It does this when I click on any link that has to do with the RKill file. For example, when I search for 'Rkill download' or something similar in a search engine, any results I try to click on (such as the Bleeding Computer site) get redirected. The aforementioned removal guide has a link for instructions on how to remove Google Redirects, which I tried to follow. I went to the Kaspersky Lab Tech Support link (http://support.kaspersky.com/viruses/solutions?qid=208280684
) and downloaded the TDSSKiller.zip zipfile. I was able to save this file on the infected computer; however, when I click on TDSSKiller.exe to run it it doesn't do anything. I get a message saying that I need to give permission for it to run, which I do, but then nothing happens after that.
If anyone here can give me any further advice on how to successfully get RKill downloaded on to my infected computer, I would be greatly appreciative. I realize what I have written here may not be that coherent; I'm not too savvy about these kinds of things (as I'm sure you guessed), and I'm not sure of the proper lingo or termonology when describing these problems. Again, if anyone can please help me get RKill successfully working on my computer, I would really appreciate it
Thanks for your help.