Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Internet Security hijacking computer


  • Please log in to reply
7 replies to this topic

#1 maddbassist

maddbassist

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 19 March 2012 - 03:45 PM

Hey everyone,

Every time I start my computer, I get a fake Internet Security scanner that starts and tells me I have a Blaster worm etc. I can close that window, but nothing else is accessible. I was able finally to get into safe mode after repeated attempts, but under normal boot I can't run msconfig, any .exe, cmd, etc. so I can't run malwarebytes, or any other scan. I just get an error that pops up that says that "XXXX.exe" cannot be started.

Anyone have any idea how I can get this removed? Thanks for any input!

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:53 AM

Posted 19 March 2012 - 04:38 PM

Hi maddbassist,

I will be helping you with your problems
Please do the following:

Step 1:

Please download Rkill by Grinler and save it to your desktop.Link 1 Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

Step 2:

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes'
    Anti-Malware
    and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Do NOT restart the computer otherwise malware stopped with Rkill may appear again.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 maddbassist

maddbassist
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 19 March 2012 - 05:51 PM

Thanks. I put RKill on the desktop, and when I try to run it, I get the error "RKill cannot run, it is infected with the Blaster Worm". Nothing can run in normal desktop mode, cmd, .exe, etc. Nothing runs.

#4 maddbassist

maddbassist
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 19 March 2012 - 06:00 PM

And a side note...I can only get malwarebytes to run in safe mode. But it doesn't find anything in safe mode.

#5 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:53 AM

Posted 19 March 2012 - 06:14 PM

Hi maddbassis,

Rename rkill to explorer.exe and try to run it now

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#6 maddbassist

maddbassist
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 19 March 2012 - 06:20 PM

I'll try, but I did the same with malwarebytes, renamed to something else and still get the error. I can't get anything to run, not command prompt, msconfig, .exe, can't get to the internet, etc.

By the way, I just downloaded a copy of Hiran's bootCD. Would that help?

#7 maddbassist

maddbassist
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 19 March 2012 - 06:39 PM

Nope, won't run. Nothing I try runs in normal mode.

#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:53 AM

Posted 20 March 2012 - 06:39 PM

Hi maddbassis,

Please try the following:

Step 1:

Show file extensions for known file types:
  • On your desktop, click the windows "orb"
  • In the "search programs and files" box type Control and press enter.
  • Double click "Folder Options"
  • In the folder options window, under View> Advanced Settings> uncheck the box for "Hide extensions for known filetypes".
  • Click "Apply" then "OK"

Step 2:

Try renaming the file to "test.com" and see if it runs now.
If it doesn't then try a quick scan with malwarebytes in safe mode.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users