Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wife clicked on Rogue AV popup; now can't get rid of infection


  • Please log in to reply
3 replies to this topic

#1 rbarry

rbarry

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 01 September 2013 - 12:01 PM

Running Win7 64-bit. My wife thinks she clicked on a rogue AV warning window in IE10.

 

Whatever it installed, it redirects searches in IE and flags all downloads as containing a virus, blocks MSN mail access, disabled MS Security Essentials (and won't let me reinstall it, although I was able to uninstall it with the MS fix-it tool) and a reinstall fails at the last step.

 

I tried some of the solutions that came up in a google search (Housecall- scanned for four days, said it fixed five issues; TDSSkiller- reported no zeroaccess problems; Roguekiller- hung at scanning the Hijacks; Malwarebytes Anti-Malware- fixed 9 problems), but the problem remains. Then I discovered this site.

 

I had DDS generate a report, and could certainly use some help.



BC AdBot (Login to Remove)

 


#2 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:10:00 PM

Posted 01 September 2013 - 01:39 PM

Did you try to scan using Malwarebytes Chameleon, you can find it within Malwarebytes folder inside Program Files?



#3 rbarry

rbarry
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 01 September 2013 - 05:39 PM

Did you try to scan using Malwarebytes Chameleon, you can find it within Malwarebytes folder inside Program Files?

Just did; it found and removed one threat under registry keys:

 

HKLM\SYSTEM\CurrentControlSet\Services\.toober no eteleD <- (sseccaZ.janort) gupdate

 

What would be the next step that would confirm it's clean?

 

I'm mainly wondering whether this is what is killing my MS Security Essentials install.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:00 PM

Posted 01 September 2013 - 09:07 PM

You have a new variant of the 0access rootkit and we need you to post your DDS log here..

Virus, Trojan, Spyware, and Malware Removal Logs

 

Let me know if that went well.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users