Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Win 7 Antivirus 2012 - Reinfection

  • Please log in to reply
No replies to this topic

#1 Nightingaling


  • Members
  • 12 posts
  • Local time:08:57 AM

Posted 22 December 2011 - 05:01 PM

Hey guys! I'm having an issue removing a particularly annoying rogue antivirus program (which I see that other people on this forum have also been having trouble with. Man, is this an obnoxious program). The infected laptop in question is a Lenovo ThinkPad with Windows 7, and the second time that the computer has had a nasty virus. The last time (and with greatly appreciated help from this same forum!) I had to restore it to factory settings, so I hope I won't have to do that this time.

Firstly, the Win 7 Antivirus 2012 showed up on one user account only, and every other user account on the laptop appeared to be fine.
I've gone through the Win 7 Antivirus 2012 instructions given on this website - I used the fixNCR.reg file, rKill, and then did a full scan with MBAM in safe mode (though it was on a different user account than the one displaying symptoms). MBAM found an infected file and removed it, I rebooted the computer, and everything seemed just peachy.
However, after the first removal, I found that I couldn't open any .exe files on the account that had shown the symptoms!

I used the registry fixing file, this time on the account that had been affected, and afterward could open .exe files again. Less than ten minutes later, the computer started crazily asking me for updates - it came up with those account-generated popups that happen when you try to update a program, saying that it wanted to perform a file operation (with the source being from the hard drive). I denied all of them, and then Adobe Flash started requesting updates. I denied all of those, too, then restarted the computer. After I logged back in, lo and behold - Win 7 Antivirus was the first thing that popped up.

I read some online articles, and there seems to be evidence suggesting that I have a rootkit (ugh, nasty) bundled with the initial infection. Whatever it is, I'd really appreciate some help removing it so that I can work on that computer again! Thanks for your time, guys.

EDIT: Oh, and I forgot to mention. After I removed the program the first time and saw that my account couldn't open .exe files, I made a new user account. However, I couldn't log onto it - it said "The User Profile Service failed the logon. The User profile cannot be loaded." Is this because of the virus as well? Or is my registry simply corrupted?

Edited by Nightingaling, 22 December 2011 - 05:03 PM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users