I got a serious issue with my system. Somehow some trogan/rogue has affected my system. It keeps flashing me virus alert and whenever i try to run any program it says “Application cannot be executed. The file **** is infected…”

Running an MBAM as I type this and it has found nothing as of yet.

I get this popup saying, “Infiltration Alert, your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan - dropper or similar.”

This is making my attempts to do work impossible due to the constant pop ups and unresponsive internet.

PLEASE ADVISE and ASSIST.

My laptop by the way is running windows 7 home premium with avast anti spyware free edition.

also, when the popups come up instructing me to upgrade to this phony antivirus programe, internet explorer comes up on its own, despite me using firefox only.

It’s certainly a rogue. (almost sure)
Which program is giving the pop-ups?

By the way, are you running a full scam from MBAM?

the pop uphas the windows defender shield, other than that I have no idea sorry

also, yes - i’m going through a full MBAM scan

p.s. i just finished a quick scan with super anti spyware and quarantined 24 items - now when it tries to update itself, it comes up with this message, “there was an error trying to retrieve definitions. make sure your firewall is not blocking superantispyware.exe from accessing the internet.”

Hmmm… Visit this link… will help you: http://www.bleepingcomputer.com/virus-removal/
You only need to know which program is blocking your apps to execute.

I couldn’t find it on there, now the MBAM has finished but i can’t even paste it into note, as it wont let me open up notepad.

seriously at a loss here.

Well… try to run this program → http://www.bleepingcomputer.com/download/anti-virus/rkill or http://download.cnet.com/RKill/3000-8022_4-75221743.html?tag=mncol;1.

Read carefully before you do the download.

I tried all the alternate download links for RKILL and none of them can be opened ???

Are you sure? Well visit this link: http://www.bleepingcomputer.com/forums/topic308364.html.

If none of them works, wait for a reply from essexboy (he is a malware expert) and he will help you to get rid of this problem.

none of them work unfortunately, thankyou for the help though silk0 - i appreciate your efforts.

it’s taking about 5 minutes to open a single page now, and the popups are becoming more and more frequent - might have to start replying to this thread on a different comp :-[

fake security warning comes up when i do anything on my laptop now, cant even open up task manager

ok,RKILL finally ran:here is what came up:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 09/01/2011 at 1:56:25.
Operating System: Windows 7 Home Premium

Processes terminated by Rkill or while it was running:

Rkill completed on 09/01/2011 at 1:57:01.

the pop ups have stopped now but everythings still running really slowly - waiting for new MBAM full scan to complete - can anyone whilst I’m here give me some advise as to a good, free firewall and antivirus? atm i use super anti spyware and windows defender (i’ll worry more about this bit after the malware and virus bit of my original post is sorted)

Firewall: Windows Firewall with Advanced Security

• This guide is for Windows Vista/7: -http://www.wilderssecurity.com/showthread.php?s=bf4cbca434742119bfd5df73cb3876a5&t=239750

Any questions regarding Windows 7 firewall, just register at that forum and ask all the questions you see fit. But, first read the thread, as there’s a lot of info.

Antivirus: Well, personally, I’d pick Microsoft Security Essentials because it works together with Windows firewall. But, avast! does offer a few more protection. Both are great, so decide which one would fit your needs.

Considering you’re running Windows 7, there’s a lot you could do to harden the operating system. You may find this interesting: -http://mrwoojoo.com/PGS/PGS_index.htm -http://www.wilderssecurity.com/showthread.php?s=bf4cbca434742119bfd5df73cb3876a5&t=244265

If you had Windows 7 Ultimate, you could go the AppLocker way. Your version lacks it. PGS will allow to apply SRP (Software Restriction Policies), so that only what you deem to be safe is allowed to execute. Your Windows 7 version does allow to apply SRP, but it is needed to use a third-party application, which PGS does that job.

Again, any doubts, read the thread I mentioned above, regarding PGS. Register at the forum and ask what you deem fit,so that you can learn more.

What web browser do you use? We need to take a look on what would be the best way to protect you from becoming infected via the web browser.

Also, are you using a standard user account or administrator account? If the latter, I’d recommend making use of a standard user account.

-edit-

You may also take a look at both this threads:

-http://www.wilderssecurity.com/showthread.php?s=bf4cbca434742119bfd5df73cb3876a5&t=278657
-http://www.wilderssecurity.com/showthread.php?s=bf4cbca434742119bfd5df73cb3876a5&t=278014

You’ll see it mentions administrator account, but the same does apply to standard user accounts!

Again, register to learn more, if you find yourself in such need and ask questions. There’s a lot to learn. To properly secure your system, you first need to know what to protect and how to do it so.

:o I got an XP Machine from my Dad and he was on some a chat room for seniors Bad move , cause he had the antivirus fake shield and started clicking the remove and buy links to stop the pop ups, well you know the rest, executed all the bugs. The Main Problem is your Program Files folder is Locked and access is denied :Work around} Is Make a new Folder Called Program1 and load any new scanners in there) :o Use your Machine Like that Until I find another way to fix the folder, p.s. tried everything MS Dos prompts and safe mode, It can only be corrected buy the ultimate Format C:\ <----- ??? http://download.cnet.com/windows/

Once the main rogue is killed this is a relatively easy problem to cure

Hi lets try this first, if it fails go to Plan B

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

http://oldtimer.geekstogo.com/OTH/OTH_Main.gif

Then select Start OTL. OTL will now run

[*]Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
Select Scan.txt that you downloaded

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

[*]Click the Internet Explorer button, post these logs in your Virus Removal topic.

Plan B

Download Rkill from here : there are several flavours to choose from, if one does not work then try the next

* rkill.com
* rkill.scr
* rkill.pif

Once it is downloaded, double-click on rkill in order to automatically attempt to stop any processes associated with Security Central and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Central when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Central . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of my instructions.

Do not reboot your computer after running rkill as the malware programs will start again.

Then run OTL as above

ok, the popups have just started up again - will start up rkill… anything i should do differently?

the popups are gone now, however, the problem still remains that I can’t start up any applications - for example i tried word, it came up for a second, and then dissapeared. i’ll continue trying rkill.

sorry essex boy i’m really newbish to this, but what is scan.txt? is it another thing to download seperate from otl and oth?

i tried to kill all processes, but then the whole computer froze and i couldnt select otl ??? ??? ???