major infection--- i think

[dabs]

hi
ok story so far running on xp home sp2
comp getting screens saying 'infected files on 'c:/drive' coming from antivirus2009
its affecting ie and firefox, can't get on line because of it, it also trying to connect to web when i open a folder, i can't update avg either
tried sweeping with spybot search and destroy (nothing found)
did read somewhere its a porn site videofreeonlie or something like that, and tried malearebytes -mbam file that would not pen on infected system
does any one have any idea what this is and how to get rid of it
am considering a re-format have external drive to copy files (pics/music/etc) what is the best program (pref free) to do this and is there anything special i need to do or copy, I take it that i don't need any system files so how do i avoid copying files i don't need to, or will the copy program take care of that
any help would be great
cheers

 

[hatab]

search and destroy is normally pritty good.

have u tried booting into safe mode and running you spyware programs from there ?

 

[charlie senator]

Your going to need superantispyware mate .There is a free version of it .if you can get it onto your pc and run it you should be ok you could also try a system restore and then run superantispyware

 

[dabs]

cheers
ok it will not let me start in anything but normal mode, or do a system restore already tried those will get a copy of that prog and try that, won't get near it till fri/sat though

 

[gjs0]

if you can get onto the internet then go to avg's web site and download the update manually into a directory then fire up AVG console and point the update to the directory also you could try a bootable cd with Avast goodies to check the pc before the OS starts .

hxxp://rapidshare.com/files/140430336/08.26.A.B.A.A.R_downarchive.part1.rar
hxxp://rapidshare.com/files/140430564/08.26.A.B.A.A.R_downarchive.part2.rar
hxxp://rapidshare.com/files/140430827/08.26.A.B.A.A.R_downarchive.part3.rar
hxxp://rapidshare.com/files/140430886/08.26.A.B.A.A.R_downarchive.part4.rar

links checked - just replace the xx with tt and enjoy

Mods -- if i've broken any rules with these links then sorry just trying to help

 

[wonko]

backup and reformat is by far the fastest way of clearing this - been around for a few weeks now- no idea what it's called

if it hasnt spread too much then you can get rid of it using malwarebytes followed by smitfraudfix - this will give you back net and safe mode - once you have safe mode run smitfraudfix again and then reboot and use spybot to pick up the remnants.

unfortunately if it's been left to run for a few hours then even once the system is clean windows still has several interestign quirks left so a reinstall may e required anyway

btw avg is not (or wasnt last week) capable of cleanign this problem itself - in fact one of the symptoms is an avg scan icon appears in the system tray dispite the fact the avg is effectively disabled

 

[Nivlem]

For a quick fix... in XP and Vista, try restoring your PC to a time before you downloaded the infected item, this will restore an earlier version of your Registry.
Then run your cleaning tools to rid yourself of these infectants. Sophos/Symantec/F Secure all have free cleaning tools on their web sites.

Good Luck!:littleang:littleang

 

[wonko]

doesnt work - and tbh no one should be running with system restore turned on these days - it's one of the first places to get infected - in fact this one even turns off your ability to turn off system restore once it;s infected it - it's also a very good idea not to have a live connection with this one apart from when absolutely necessary as the amount it pulls in is staggering and you can rapidly lose control if you give it free reign

 

[dabs]

ta guys restore not working, safe mode not working, will try smitfraudfix, superantispyware and hitman pro when i can to the machine, malwarebytes and search and destroy didn't pick anything up
just for future ref what is the best prog to copy the drive files i want to keep
cheers

 

[charlie senator]

Might be worth using Acronis or Norton Ghost and doing a complete back up mate . Superantispyware will definately fix your problem mate .I had to do 5/6 cant remember pc,s for friends and family in 1 week when it first came out .The first one i reformatted until i found out what the problem and answer was

 

[DiscoDave]

Dabs i've sorted this on about 10 comps now mate what to do is go into system restore and delete previous restores then download malwarebytes run that and this will defo solve the problems mate so there is no need to backup and reformat as the backup wil have the malware in it and it changes its position everytime you switch on your comp, let me know how you get on.

 

[dabs]

Dabs i've sorted this on about 10 comps now mate what to do is go into system restore and delete previous restores then download malwarebytes run that and this will defo solve the problems mate so there is no need to backup and reformat as the backup wil have the malware in it and it changes its position everytime you switch on your comp, let me know how you get on.

hi
not sure how to get in there and do that,

 

[viridens]

A few points...

Logically, your restore points before you picked up the infection are clean, but because the infection is now hooked into your machine and running processes at startup, it will keep coming back even after a restore unless you sucessfully run some decent cleaning software.

As mentioned before, This one usually does the trick, and its free (unless you want realtime protection too). Download it on another PC and use a USB stick or whatever to copy it to your machine for install if you can't get online.

http://www.malwarebytes.org/mbam.php

Try this prog before you worry about system restore points.

Another possibility is to download an ultimate boot cd, which will give you a windows type desktop & infection cleanup tools from disc without actually starting windows. Hijackthis is also good if you know what should and shouldn't be starting at boot time.

If you really want to delete all your restore points: - click start - programs - accessories - system tools -system restore -system restore settings (at bottom of left panel) click the system restore tab if necessary. Put a tick in the 'turn off system restore on all drives' box and click on ok.
Remember to switch it on again when you are sorted....

Post again if you need more help.

 

[Mubz]

sounds very much like something i got....
have a look at this it might help you out...

Mubz

 

[dabs]

cheers still not got round to doing it as now my system has crashed and burnt so looking to renew it, will post\ ref the above son as i can get to the ther cmp

 

[dabs]

pk an update. used all that we could of the programs in this thread and after several reboots and cleans its all sorted now, not that sure which program did it but one of them did lol
cheers all:Bounce:

 

[djmagic]

superantispyware or sas as its also know is the best i have used it loads on peoples comps and works every time

 

[havelln]

how i gotten rid of that on a few comps is stop it running through taskmanager then download windows live one care you get a free 90 trial then run that takes a while to do a complete scan depending on pc specs but it should get rid of it

 

[molegrips]

Hi dabs,

Try going into control panel, create a new profile I.E dabs2??? reboot and log into that profile and run your a/v proggy then, I did this before but created the new profile in safe mode, I had to change permissions afterwards in my old profile so I could access them again but cured a simular virus that denied me access to various programs, including task manager Etc, but if you can get into control panel, it may just work,

Hope this may help,

regs

Mole

 

[ALEXR]

Try using mbam , it's freeware and it's really good at removing malware I've used this on many infected comps and it's cured nearly all of them ,do a full scan and it finds the infected files , at the end of the scan it will have a tick in all the infected files and all you have to do is let it remove them then bob's your uncle