I'm new to this forum, have been receiving help @ the Seven Forum and was referred
to Bleeping Computer by one of their Senior Members.
I have I think removed the Win 7 Fake Virus but I'm still having some issues.
Here's where I am with my progress
Originally got the virus, had all the POP-UP's going on and that's as far as it got.
I immediately opened Task Manager and killed the process without clicking on the program.
I also shut down and restarted in Safe Mode wNetworking.
Downloaded the Malwarebytes program and ran it, it founds several things which I quarantined.
Went back and ran the quick scan which showed I was okay.
Next day the pop-up reappeared ..
Ran a thorough scan using Malwarebytes, again found a couple of things
with essentially the same name, .exe file name changed but I could tell it was reinventing itself.
Here is a screenshot of the items in Malwarebytes Quarantine,
Went to the SevenForum and searched, found a help thread there and followed those directions.
Downloaded and ran TDSSkill, no rootkits found.
Downloaded and ran Rkill.exe, said process's terminated while running
Accepted the Trial of Malwarebytes and ran the Flash Scan, showed no issues.
Thought everything was okay but found 3 things in the Control Panel > Notification Area Icons,
These aren't suppose to be there.
Found ::: proxychecker.exe > gud.exe > and a dwx.exe
Here is the screenshot for that
Next » Viewing 3 of 14
Yesterday ran a thorough scan using both Avast (my normal antivirus) and Malwarebytes this time
came up CLEAN.
Still I would LOVE to remove those 3 things that I found in my Control Panel.
Today, I opened Regedit, searched for the .gud.exe and dwx.exe found both of them in the Registry
under this key ..HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
As I'm new to prowling around in the Registry I just backed back out of it but wondered what would
happen if I deleted those two values in the MuiCache key ??
Also, I never did find the proxychecker.exe and have NO CLUE what it is either.
In viewing the Malwarebytes Quarantine screenshot, it shows Firefox (which is the browser I use)
and Explorer to be somehow indicated in this.
Anybody that can help me with these issues I would be eternally grateful.
Thank YOU for your time in reading this message.
Edited by JenniBee, 03 January 2012 - 07:00 PM.