Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Vista security 2011 Rogue anti-virus help!
#1
Eh, I accidently downloaded the Vista security 2011 virus. At first it didn't let me use internet, but I got some help from friends on skype. I have tried, AVG, and am currently scanning with Malwarebytes, and ESET Online scanner. Any other programs I should try? Please help, this malware is scary! Bebe-pleure [Image: xp-total-security-2011-virus.png]
Reply
#2
Please follow the directions of this thread.
Reply
#3
Greetings,

Whilst I am in the process of scrutinizing your complete set of provided logs for any possible infections or problems, I ask for your forbearance. Understand that the process of analysis requires time and careful examination hence the need for a cautious response. Accuracy is of the essence. Once I come across infections, I shall present the finest methods of removal for your convenience.

In return for this service, I propose to you two conditions:
  1. You are not to create any new threads regarding the similar topic as it will waste another helper's time.
  2. You are not to install any new software in your system, as it may hinder our process thus making this futile.
In accordance to my terms, I also ask of you five things, stated below:
  1. You are not to modify the logs in any way. Failure to do so will instantly deprive you of this service.
  2. You are to paste each log separately at PasteBin as it is. That is correct, no syntax highlighting, no editing - just the log purely. Post back the links for each log. You shall not hide them under spoiler codes.
  3. You are to provide the complete set of requested logs.
  4. You are to respond to every step I ask you to do using the format provided at the end of my post.
  5. You agree that I have the right to discontinue the analysis at any time, upon a violation of a single rule.
Provided that you will continue with this service, you hereby agree to the above statements. If you deem the conditions are portraying equality, I will willingly perform the analysis without further delay. Should you have any concerns or problems with the above conditions, or if you feel that I have overlooked your log, do inform me through a Private Message by clicking 'this'.

Thank you.

Genuinely yours,
Quintus
  • Pre-Step

    Click 'here' to download Temp File Cleaner by OldTimer. Save it to your Desktop.
    • Close any open windows.
    • Double-click TFC.exe and select 'Run' when prompted to execute the program. It will close all open programs itself in order to run.
    • Click the Start button to begin the cleaning process.
    • Please let the program run uninterruptedly.
    • Once the cleaning has been done, your computer should automatically reboot. Otherwise, please do so when it does not.
  • Prerequisite

    If you are having a problem running HijackThis as Administrator, please follow the steps below.
    • Go to My Computer and navigate to your default disc drive (C: is the most common).
    • Go to Program Files > Trend Micro > HijackThis.
    • Right-click HiJackThis.exe and run it as Administrator.
  • Step 1

    Please download RKill.
    • Please chose "iExplore.exe" and save it to your Desktop.
    • Double-click the file for it to stop any process associated with the rogue program.
    • When done, a prompt will automatically close.

      "If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by Antimalware Doctor when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Antimalware Doctor. So, please try running RKill until the malware is no longer running. If you continue having problems running RKill, you can download the other renamed versions of RKill from the Rkill download page. All of the files are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab. Do not reboot your computer after running RKill as the malware programs will start again."
  • Step 2
    • Please download Malwarebytes' Anti-Malware 'here'.
    • Double-click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to 'Malwarebytes' Anti-Malware' and 'Launch Malwarebytes' Anti-Malware', then click 'Finish'.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select 'Perform Full Scan', then click 'Scan'. The scan may take some time to finish, so please be patient.
    • When the scan is complete, click 'OK', then 'Show Results' to view the results.
    • Make sure that everything is checked, and click 'Remove Selected'.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
    • The log is automatically saved by Malwarebytes' Anti-Malware and can be viewed by clicking the 'Logs' tab in the interface.
    • Copy and paste the entire report in your next reply.
  • Step 3

    Please run a free online scan with ESET Online Scanner by downloading ESET Smart Installer 'here'. Save it to your Desktop.
    • Double-click esetsmartinstaller_enu.exe to execute the program.
    • Tick 'YES, I accept the Terms of Use'.
    • Click 'Start'.
    • If this is your first time installing the scanner, allow the 'ActiveX Control' to install.
    • Database download may take some time.
    • When done, make sure that the option 'Remove found threats' is ticked. Under the and 'Advanced Settings', please put a check on the following options:
      • Scan for potentially unwanted applications
      • Enable Anti-Stealth Technology
    • Click 'Start'.
    • Wait for the scan to finish.
    • Once it is finished, use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
    • Copy and paste that log as a reply to this topic.
  • Step 4

    Download DDS.scr by sUBs from one of the following links and save it to your Desktop.

    'Link 1'
    'Link 2'
    • Double-click on DDS.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear, DDS.txt and Attach.txt.
    • A window will open instructing you save and post the logs. Save the logs to a convenient place such as your Desktop.
    • Copy the contents of both logs and post in your next reply.
  • In your next post, please provide the following:
    • A Fresh HijackThis (HJT) Log
    • Deckard's System Scanner (DDS) Logs
      • DDS.txt
      • Attach.txt
    • ESET Scan Log
    • Malwarebytes' Anti-Malware Scan Log
  • Format of Response

    As part of my service terms, you are to fill this up every time you respond to your log. Copy and paste the content inside the code box and write directly after the closing tags. Do not add spaces as they are already provided. An exception applies to the numbers, as they are to be written after the # sign.

    Step #1: Change the number accordingly.
    Problems Encountered: Put N/A if the operation went smoothly.

    Link To Requested Logs: Post the links to the logs I have asked you to produce.

  • Code:
    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Link To Requested Logs:[/b][/color]
Reply
#4
HAHAHA... I went over to his house and removed it for him. Case closed, thread closed. We had 295 infections on the laptop lol!!!

[Image: t5BWm.png]
Reply
#5
He should probaly still follow Quintus's steps to make sure it's all gone.
Better to be on the safe side.
[Image: burninglove4.png]
Reply
#6
(05-08-2011, 03:56 PM)Untouch Wrote: He should probaly still follow Quintus's steps to make sure it's all gone.
Better to be on the safe side.

Forgot to mention, I followed all of his steps and including added my own steps too. He is clean damn it.
[Image: t5BWm.png]
Reply
#7
It's up to the HJT squad to decide that though, you aren't a part of that group. That's one of the guidelines that was mentioned for this area of the forum. "Do not try and help other members, although we appreciate your willingness to try. It can be VERY dangerous."
Reply
#8
(05-08-2011, 04:09 PM)Infinity Wrote: It's up to the HJT squad to decide that though, you aren't a part of that group. That's one of the guidelines that was mentioned for this area of the forum. "Do not try and help other members, although we appreciate your willingness to try. It can be VERY dangerous."

To Infinity:

Get In. Get Confident.

I think I pulverized this stupid rogue ware virus by now. Its all good, and I have been team-viewing his laptop, it has been pretty damn fast for a 2 GIG Ram...
[Image: t5BWm.png]
Reply
#9
(05-08-2011, 04:03 PM)The High Roller Wrote: Forgot to mention, I followed all of his steps and including added my own steps too. He is clean damn it.

Please ask him to post new logs here.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hooot.com redirect virus sarasmile 6 2,775 01-22-2012, 01:19 PM
Last Post: RDCA
  Rogue Antivirus Deltron 131 24,153 04-30-2011, 07:28 AM
Last Post: Quintus
  Need Help - Virus Untouch 34 11,513 11-11-2010, 02:22 PM
Last Post: Sam
  [HJT] I got a virus hinchy 3 1,862 10-17-2009, 07:51 PM
Last Post: Skawke

Forum Jump:


Users browsing this thread: 5 Guest(s)