Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 Antivirus 2012 Infection


  • Please log in to reply
12 replies to this topic

#1 balon

balon

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:I like turtles
  • Local time:09:48 PM

Posted 13 December 2011 - 04:28 PM

Hello there.

So this is basically what happened...
I was doing some work on my computer, went on a normal site I go on daily, guessing an ad came up and was infected by the virus immediately. Avast popped up warning me about my Java being infected, which it seemed to block. Then two "Droppers" came up next, warning me a .dll in Windows\System32 was infected and it moved the file to the chest. After that a Flash Player update came up from UAC, which by not focusing I clicked "Yes" thinking it was legit. After that Windows 7 Antivirus 2012 installed itself onto my computer. Before I clicked anything else I followed some paths within by computer and deleted a few .exe's that were created by the virus as well as attacking some of the processes. I shutdown all of the processes and deleted what I could then started my computer up as an Avast Boot-Time scan, which failed to locate any viruses. Then i proceeded onto my computer and found this article:

http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

This helped me remove the virus from my computer. Now I am pretty certain that the virus was successfully removed but I am having issues with some of my windows services.
Posted Image
Check Security Status

Posted Image
Advanced Windows Firewall Settings

Posted Image
Windows Firewall Box

Posted Image
Result upon click

I have been searching this thing for HOURS now, and I do not understand what is causing my firewall not to start up, as it seems I have removed the virus successfully. I looked on the Microsoft forums the most and a LOT of people are having this issue more recently.

So my question is now, how can I fix this for my computer? The virus took my firewall with it so it seems. I really hope someone here can help me as I have heard high of bleepingcomputer.


My Regards
-Balon

BC AdBot (Login to Remove)

 


#2 werdsmada

werdsmada

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 13 December 2011 - 06:58 PM

I have the same problem as you. That site you went on didn't happen to be reddit or imgur, did it? Because I had the exact same thing happen......

The virus was one of those fake anti-virus popups, which i removed, and was using tasks iud.exe and ping.exe *32 to dial back. I'm pretty sure it wasa key logger.

Anyways, just posting here to remind myself to check back to this thread, as I don't have an answer either. Best of luck!

-Drew

#3 Kelly D

Kelly D

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:48 PM

Posted 13 December 2011 - 08:24 PM

It's unfortunate but you guys will probably have to format. I had the "2011" version a year ago and it never really ran the same after removing it. You're best off just backing up the files you do need and starting over.

#4 balon

balon
  • Topic Starter

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:I like turtles
  • Local time:09:48 PM

Posted 14 December 2011 - 07:39 AM

New update on the issue.. it seems that on my Avast it says Firefox is not installed nor is it located in the Control Panel yet I was using it last night as it was telling me it didn't exist.

#5 dac10012

dac10012

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 14 December 2011 - 11:22 AM

This site helpfully posts instructions on how to remove XP Antispyware 2012, Vista Antispyware 2012, and Win 7 Antispyware 2012, which are all versions of the same scareware. This is phony spyware that tricks you into believing you have a virus and offers to remove it if you buy the software, when, in fact, it is a virus itself. The instructions walk you through downloading and running three free programs: FixNCR.reg (which will fix the registry changes which allow the virus to work), RKill (which will stop the virus from running) and Malware Bytes Anti-Malware (which will scan your computer for infections caused by malware like XP Antispyware 2012, Vista Antispyware 2012, and Win 7 Antispyware 2012 and remove them).

However, there is a much easier way to remove malware and viruses that doesn't require you to download or use any other programs than one which is already included in Windows 7, Vista and Windows XP. Unlike the ones mentioned above it is almost foolproof and nearly always effective. It is called System Restore and, with the correct use of the program, it will solve your problems even if your computer is totally frozen by the malware or virus, even after rebooting.

First, you will have to reboot in Safe Mode, so that the malware or virus can't block your access to System Restore. The viruses we are talking about here will not let you access System Restore in Normal mode. This requires you to reboot and tap the F8 key while booting in order to be able to select Safe Mode.

Once you have rebooted into Safe Mode (this will take awhile longer than a regular boot into Windows), you can use System Restore. There are a variety of ways to access System Restore: 1. Click on Start, Programs, System Tools, System Restore; 2. Click on Start, Settings, Control Panel, Help and Support, Undo changes to you computer with System Restore; 3. Click on Start, Run and then type restore or rstrui in the dialogue box and click on Run when you see System Restore as an option or click on restrui.exe if you see this file. There are other ways to access System Restore which you can find on the Internet.

Follow the on-screen directions for restoring your system to an earlier point in time. Windows creates system restore checkpoints at regular intervals and you should be able to select one. You may also create your own. You must go back to a date and time that was before the infection. This is a critical point in removing the malware or virus. It may be necessary to check "Choose a different restore point" in order to be able to choose an earlier date. Note that any programs you may have installed after that date will be uninstalled. However, you can always re-install them.

Another important point to remember when using System Restore is to not interrupt the process or attempt to do anything else on your computer while it is working. System Restore can take a long time, especially when operating in Safe Mode. Not allowing System Restore to complete properly will likely corrupt your system registry and you will probably have to reinstall Windows as a new install, which will also require reformatting and losing all your data.

This is, by far, the easiest way to remove malware and viruses from your computer.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:48 PM

Posted 14 December 2011 - 01:42 PM

Hi

Download both the registry files

<content removed>

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service

:thumbup2:

Edited by elise025, 17 December 2011 - 08:17 AM.
content removed


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:48 PM

Posted 14 December 2011 - 03:22 PM

Please do not post REG EDITS without a back up ..thanks

What may be simple enough for you,may not be for a novice. And an error here for any member can be trouble.



A suggestion has been made that involves modifying the registry. Modifying the registry can be dangerous (and can render your system unbootable) so it's advisable that you make a backup of the registry before proceeding.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

For more information about modifying the registry, see this Microsoft article: http://support.microsoft.com/default.aspx/kb/256986
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:48 PM

Posted 14 December 2011 - 03:45 PM

I'm sorry

yes,back up registry before working on registry

Thanks

#9 balon

balon
  • Topic Starter

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:I like turtles
  • Local time:09:48 PM

Posted 14 December 2011 - 04:48 PM

Please do not post REG EDITS without a back up ..thanks

What may be simple enough for you,may not be for a novice. And an error here for any member can be trouble.



A suggestion has been made that involves modifying the registry. Modifying the registry can be dangerous (and can render your system unbootable) so it's advisable that you make a backup of the registry before proceeding.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

For more information about modifying the registry, see this Microsoft article: http://support.microsoft.com/default.aspx/kb/256986


I created this but what do I do now? How do I use this file if my registry gets messed up? Should i burn it to a disk or...?

Thanks


(For anyone else reading this.. i still need some help i may have the Win 7 Antivirus or another virus on my computer as some things are acting weird.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:48 PM

Posted 14 December 2011 - 08:21 PM

How to Restore from the ERUNT Backup
Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore if you can boot, navigate to C:\WINDOWS\erdnt, choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:48 PM

Posted 14 December 2011 - 08:54 PM

Hello,I didn't mean to take over the topic only moderate it. Have you run post 5 after the back up?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 balon

balon
  • Topic Starter

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:I like turtles
  • Local time:09:48 PM

Posted 14 December 2011 - 09:58 PM

Hi

Download both the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service

:thumbup2:


Successful!
Thank you SO much for helping me get my Firewall re-enabled...

On another hand, now I would like to know if I can still get some help finding out if I have any other viruses within my computer, I have read in a lot of places usually rouges drop RootKits, what should I do to make sure my entire computer is virus free?

Thanks in advance for anyone who helps me make sure my system is secure!

Best Regards
-Balon

#13 balon

balon
  • Topic Starter

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:I like turtles
  • Local time:09:48 PM

Posted 14 December 2011 - 10:04 PM

Updates Some issues still not fixed...

So my windows firewall is on which I am EXTREMELY happy about, but now I have this issue here:

Posted Image
I cannot turn on the Network Access Protection or Start up that windows feature..

Plus my Avast Antivirus is still saying Firefox is not installed on my computer, yet I am typing out this message on Firefox.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users