Antivirus PRO 2008 problem - PLEASE HELP
K1RA
Hi,
Four nights ago I was downloading Hellboy 2 torrent and clicked on the read me doc that came along with it, it told me to go to a site to download some sort of file so my movie will play but instead I got this annoying virus called Antivirus PRO 2008. (don't worry I learnt my lesson!) I'm trying to be cool about this but deep inside I'm panicking as hell and wish this would go away as my PC is very important to me (as to most of us I'm sure). HELP~!!!
I am not the most computer savvy person in the world, and the people around cant help me either
so here I am asking for some online help.
I have AVG and Adaware free editions but they seem to be useless as they did not detect this was coming
Anyway, here's a list of things the virus has done to my PC.
- I can't access control panel.
I don't want to have to reboot my PC because one I don't have the original Windows XP CD to re-install again as Windows XP just came with the laptop pre-installed. Secondly, I am in Japan and it is very hard to get versions of programs that I need and thirdly, I am not computer savvy.
I'm scared to do anything or go on the internet to check even my email account because someone might be watching me, so I'm taking a risk doing this from my infected PC.
So if there are some 'angels' who can help me perform a miracle, I will be forever grateful.
Kindest Regards and thanks for taking time out to read this,
Ricky
P.S. I was recommended to download Avast (free?) and get rid of my AVG and Adaware free editions. Is having more than one antivirus bad in that it slows down my system? Is Avast better? Please advise.
Back to Top
Touch Forum Moderator Hello
Please download Malwarebytes' Anti-Malware:
to your desktop .
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan , then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location.
Copy and Paste that log into your next reply.
Do NOT post your problem in someone elses thread.
Back to Top
K1RA Hi Touch,
Thanks for the reply, but when I try to click on that link, it opens up a new window and I get PCPrivacy Cleaner
Then it quickly changes to a message 'Insecure Internet Activity. Threat of virus attack' with the following message below:
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
oh and I'm running this with internet explorer because my Firefox won't open.
Back to Top
K1RA -UPDATE- Back to Top
K1RA oh now I can't even install the program :( grr problem after problem!!! Back to Top
K1RA ok, seems like all I had to do was click the run it option and not save it to my desktop when at the start of downloading it, saving it and clicking run doesn't work..exe (Rogue.Installer) -> Quarantined and deleted successfully..exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. (Trojan.Vundo) -> Quarantined and deleted successfully. Back to Top
Touch Forum Moderator Good job
Please download Combofix:
And save to the desktop.
Close all other browser windows.
Please connect all your external hard drive/flash drive before running Combofix
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When finished, it will produce a logfile located at C:\combofix.txt.
Post the contents of that log in your next reply with a new hijackthis log.
Please copy and paste your log files. DO NOT add it as an attachment
Do NOT post your problem in someone elses thread.
Back to Top
K1RA Hi Touch,
thanks for that, umm a question before I continue, what is a new highjackthis log as mentioned?
and I quote - "Post the contents of that log in your next reply with a new hijackthis log ."
Thanks for clarifying in advance.
R
Back to Top
Touch Forum Moderator My bad
1. Get this version of Hijackthis from http://danborg.org/spy/hjt/alternativ.exe 2 Save it in a permanent folder of your choice, such as C:\HJT\. To create this specific folder on your hard drive: Double click the 'My Computer' icon on your desktop, then under the category hard disk drives: double click Local Disk:, then select file->New -> Folder and name it HJT 3 Run hijackthis. (alternativ exe). Choose the "Do a system scan and save a log file " option to perform your scan.
HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.
Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.
Do NOT post your problem in someone elses thread.
Back to Top
K1RA COMBOFIX LOG:WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! Back to Top
K1RA Hijackthis log: Back to Top
Touch Forum Moderator Open notepad and copy/paste the text in the quote box below into it:
Quote:
-----------------------------------------------------
KILLALL::
Snapshot::
File::
C:\WINDOWS\system32\xxywxUol.dll
C:\WINDOWS\system32\bdnfpowl.tmp
----------------------------------------------
Save this as CFScript.txt
At this point, You MUST EXIT ALL BROWSERS NOW before continuing!
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
Post new combofix log and tell how things are running ?
Do NOT post your problem in someone elses thread.
Back to Top
K1RA Things seem back to normal now. I'm not taking any chances though, I'm getting rid of AVG and Adaware and downloading Avast, SUPERAntiSpyware and Codomo Firewall for protection. Any advice on my choices Touch?WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! Back to Top
Touch Forum Moderator Avast, SUPERAntiSpyware and Codomo Firewall, sounds like a really good choise to Me
Combolog looks clean.
To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore. To do so, follow these steps: System Restore Please read Tony Klein's excellent article about how to prevent against spyware/hijackers in the future
http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html
Do NOT post your problem in someone elses thread.
Back to Top
K1RA thanks for everything Touch, really appreciate it Back to Top
Touch Forum Moderator If there are any infected files in systemrestore, they will be flushed out/removed in the process
Since your problem appears to be resolved, this thread will now be closed.
If you need this topic reopened, please PM a Moderator and we will reopen it for you
Do NOT post your problem in someone elses thread.
Back to Top
Forum Information Currently it is Saturday, November 21, 2009 3:10 PM (GMT +1)View Active Threads Who's Online This forum has 30334 registered members. Please welcome our newest member, sushil .Details 5 Latest Threads
so here I am asking for some online help.
|