does anyone have any idea how to get rid of this thing, i’m not a rich man, so there is no credit card threat,but i would like my wife to get her computer back to normal.
and also, why didn’t avast, an anti-virus company, keep this thing out in the first place???
why didn't avast, an anti-virus company, keep this thing out in the first place???No security program have 100% detection....and new version of these bugs are released daily
Try this
read it all before you start
Remove Win 7 Security 2012 (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-win-7-security-2012
if you have no success, follow this guide, attach all logs and Essexboy will help you
http://forum.avast.com/index.php?topic=53253.0
lower left corner > additional options > attach
thanks, i’ll go give it a try
oh yeah, thanks pondus, but another problem is, this computer i’m on is not the infected one, that one wont let me do anything. is there a way to get your suggested program to that computer?
I will PM Essexboy so he can do it the way he wants
o.k., i’m on the infected computer now, but cannot go antwhere in the web with explorer at this time.
also, is it a safe practice to scan with advest while this problem exists?
Hi lets see if we can resolve this… First can you get onto the net on the infected system ?
If so then download these programmes
Download RogueKiller to your desktop
[]Quit all running programs
[]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[]When prompted, type 2 and validate
[]The RKreport.txt shall be generated next to the executable.
[*]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
THEN
If you are using Firefox then right click this next link and select save as, it has a screensaver suffix
Download OTL to your Desktop
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U*.* /s
%Temp%\smtmp\1*.*
%Temp%\smtmp\2*.*
%Temp%\smtmp\3*.*
%Temp%\smtmp\4*.*
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
sorry, the infected computer cannot get on the net, or at least i dont know how to get it there.
Can you run in safe mode with networking ?
If not
Do you have a USB stick ?
If so then copy both programmes to the stick and run them from there on the infected computer