First, I had Avast but the virus wouldn't let me install malaware bytes. I tried everything; renaming it (to winlogon.exe), dl onto flash drive, etc. It basically wouldn't let me install it and that was problem number 1. My second problem was it wouldn't let me run task manager. One thing you should remember is that you can close a program by pressing Alt-F4 instead of task manager. This way you won't have to click on any popups caused by the virus. What worked for me is I rebooted my computer on Safe-Mode with Networking and I was able to run malawarebytes there. After scanning the crap out of the computer, it found a couple viruses. Then I ran Avast again. This time it detected a couple more trojans/viruses that it didn't detect in regular mode. After then, I did a system restore to the earliest date I could find. After all this, I loaded up in regular mode and ran Avast again. Avast suggested I reboot the computer and let Avast do a complete computer scan. I selected yes, and waited for a couple hours. The next time I booted up my computer normal, I noticed the virus was finally completely gone. No more popups, no more error messages. I'm still crossing my fingers and hoping it won't come back. I took me two days to get my computer back to normal. Good luck hope it helps. Here are some links I used. Spoiler http://www.malwarebytes.org/forums/index.php?showtopic=30275 http://www.geekpolice.net/virus-spy...m-pro-won-t-let-me-run-any-program-t16405.htm http://www.geekpolice.net/virus-spyware-malware-removal-f11/antivirus-pro-t16433.htm http://en.kioskea.net/forum/affich-97591-system-security-2009-virus
Download CodeStuff Starter. It'll allow you to stop any processes that start when the computer turns on with out your permisision. I've removed this Malware rogue antivirus program from 5 systems already, and MANY MANY other very similar malware. Malwarebytes should get rid of it once you use codestuff starter. Find it here: http://codestuff.tripod.com/products_starter.html Malwarebytes: http://download.cnet.com/Malwarebyt...4572.html?part=dl-10804572&subj=dl&tag=button Don't forget to rep me. .....i keeed.
^ That's gotta be good STUFF right there, sir. I always trust your help. no lie. And don't be all ghetto asking for REP like the rookies do, man! You get it 'cuz you earn it, not 'cuz you asked for it!!
haha, I know. I added that in with an edit when I fixed a link. I failz...I knowz... EDIT: hahaha....thanks.
Download Malwarebytes and hiJack this. . . In Safe Move look for the Folder [I think it is under c:\Program Files\antiviruspro or some such] Rocket River
oops . . .and delete the folder Clear everything looking suspicious with HiJack this. and run Malwarebytes Rocket River
This will work! To make it even easier: 1. Turn off your PC 2. Turn it back on 3. AS SOON as you can access your start menu, click in that little 'search' box at the bottom, and type "msconfig" - a panel will come up. 4. Select the 'Startup' tab at the top of this panel, then scroll down and deselect the boxes for the spyware program (I think they are called xsys or something similar - look for the ones with the words 'antivir' in the title) That'll stop it from loading. Now just update your spyware/ virus protection, scan your PC and you should be fine. If you're STILL having problems accessing the internet, open your internet connections, and DEselect the 'use a proxy server' option - the program sometimes sets itself as a 'proxy' (which explains why you can't access the internet) Hope that helps.
I suffered from this crap a few weeks back. It had disabled my antivirus programs, would not let me download anything, and ultimately locked me out to the point where I could not boot up in safe mode. I had burned a Kaspersky recovery disk and ran it, but my operating system was screwed by then. I ended up removing the hard drive, hooked it up to an adapter that converted it to an external hard drive. After transferring files over to my other computer, I had to reinstall my operating system to get things to work correctly.
Make sure you know what you're deleting when using HiJack this. You can screw up your computer if you delete the wrong things. I got this same virus while at work. I was reading cf.net but I was also downloading some music so I'll refrain from blaming clutchfans. The way I got rid of antivirus pro was to run combofix. That little program is amazing. It's always done a better job at deleting malware crap off my computer than other programs. The only thing is I had to run it immediately after start up before antivirus pro booted up. I hope this helps.
you guys rule. something is still wrong with the computer, because i can't connect to the internet, but i can now run malware (that i d/l from my personal laptop and transferred by memory stick) and can open programs. and what makes me really happy is that the d*mn antivirus pro warning hasn't showed up again. for the record, i did the msconfig thing. i'm not sure what the internet problem is, but if i can run excel and outlook, and acess files, i can be productive...and i'll let our IT guy identify the rest of it. seriously, thanks guys.
now, just do the system restore...you'll get the network back too. make sure you choose a time before the infection.
I've been seeing this crap for at least a year or two. 2009/Pro is just the latest iteration. The most 'impressive' (if you want to call it that) version of this I've come across had the Windows blue screen of death as a screensaver. So the user would think their system was blue screening all the time. It did a whole bunch of other crap too, and looked exactly like XP's Security Center. Nasty stuff.
right click the desktop icon and hit "explore". now go into each folder and rename any file ending in .exe to a new name. EG "newfile.exe, file.exe, etc" this stops the virus from disabling it
if you know where the file is located you can always use a window boot disk to go into the system reapair and remove the file. I have done this before to some other virus that keeps copying itself after it is deleted.
This **** has been going around at my job. It's also my job to get rid of it. It's a pain. If you try to just run a scan of Malwarebytes, don't bother. It won't work. These viruses/trojans have become more sophisticated with time. Some have been known to disable task manager and prevent your from running anti-malware software. Also, note. Just because you don't get the Antivirus Pro warning pop-up doesn't necessarily mean you're in the clear. If you're able, your best bet is to scan your hard drive externally.
I used those programs, hijackthis and downloaded a trial version of an antivirus program and it seems to have worked of course my antivirus programs of mcafee and symantec did nothing
It probably took your TCP/IP stack when you removed it. I would do nothing less than format and reinstall after you grab your data. If the pro's here say a restore is good enough then I wouldn't argue. Also, Microsoft Security Essentials is the best free anti-virus out there.
Does anybody have a recommendation for a firewall/virus/malware product that prevented this infection from d/l-ing in the first place?
