Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i need help with the Fake Windows Product Key Screen Scam removal process


  • Please log in to reply
2 replies to this topic

#1 djhardway

djhardway

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 24 December 2016 - 04:44 AM

My computer appears to be infected with the Fake Windows Product Key Screen Scam. I have downloaded all the programs needed to remove this virus using the self help tutorial but right away I am having some issues.

 

First, I am running Windows 7 Home Premium SP1 on a Sony VAIO all in one PC (VPCL137FX).

 

So when I run Task Manager I do not see either of the processes you have listed. In fact, all the processes running look legit other than some ending in *32. There are a couple that do not look familiar although I can end them all I want...they just restart right away.

 

one is nad64.exe (description: Google Chrome)

 

The other suspicious item doesn't show as a process but it shows as a program and it is called MPC Cleaner.

 

I cannot remove either of these but I went to the next step anyway which was to open iexplore.exe and type the following into the address bar

 

http://download.bleepingcomputer.com/bats/clean-hkcushell.bat

 

Nothing happens. I get messages that there is no internet access but when I check that  my internet is showing as running even though I can;'t access it.

 

This is as far as I ahve been able to get and I need some assistance please...maybe you can see where I missed a crucial step.

 

Thank you,

 

djhardway

 



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 27 December 2016 - 02:56 AM

Run the Task Manager and type hh h hit enter.

Then click on the yellow question mark in the top left corner of the bix that pops up.

Go to Jump To URL.

Go to google.com

Then Search this ProcessClose Toolslib

https://toolslib.net/downloads/viewdownload/85-processclose/

Right click it and run as admin.

Then use the built in browser to download Zemana Antimwalre.

Grab the portable Version.

https://zemana.com/en-US/ThankYou/Download?source=download&ProductID=2&IsFree=False&IsPortable=True

Install it and run a deep scan, reboot the machine and see if you are able to use your computer.

 

Zemana Deep Scan.
 

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • oHw0QqX.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.

Security Check Scan.



  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.



#3 kaljukass

kaljukass

  • Banned
  • 291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 AM

Posted 27 December 2016 - 09:39 AM

one is nad64.exe (description: Google Chrome) - weird

maybe is nacl64.exe (description: Google Chrome), and even this is possible only if You have very old Chrome version.
In newer version so called file doesn't exist no more.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users