Help! I keep getting pop ups on my desktop advising me that I have worms, trojans etc trying to get in or already infected. The windows look like Windows security firewall notifications. I have run avast and RegCure and have deleted the software from the machine. It is still there. Ultimately it pops up with a “buy now” window. It is now hidden and i cant find it to delete it. It puts icons on my desktop that include three icons to porn sites. What is this and how do I get rid of it? Thanks
post a screen shot next time you get an alert…you downloaded a rogue AV it seems…wait for an expert to come here in this thread to help you get rid of that
in the meantime you can take a look there and see if you recognize yours:
http://roguedatabase.net/index.html
Hi CoolStev, welcome to the forum
http://www.bleepingcomputer.com/virus-removal/remove-malware-defense
Is this what it is?
This article is usually on point on how to remove these rogues, and this one suggests MalwareBytes AntiMalware, who also have a removal guide for this, so I would say it is your best bet
http://www.malwarebytes.org/forums/index.php?showtopic=34889
-Scott-
RegCure is a rogue application and listed by hpHost:
http://hosts-file.net/default.asp?s=www.regcure.com
Malwarebytes is good to remove that infection.
Since you use Fx, it is easier with the Malware Search addon (thanks to DavidR IIRC), as you can just highlight the name, and search the uninstall list of Bleeping Computer. I prefer that over roguedatabase as it also includes removal solution.
I’m no expert BTW
-Scott-
In some cases Malware Defense comes with trojan-rootkit that blocks anti-virus software and MalwareBytes too. You should remove Trojans first. To do this, you can downlaod TDSSKiller tool from http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Then run a full system scan with MalwareBytes anti-malware or SUPERAntispyware. Good luck!
Thank you all for your suggestions. I don’t know how to capture a screen shot and there are several. I will try some suggestions. I had malware bytes and it wouldnt run and downloaded Spybot search and destroy and it wont run either. Thanks techlike99 for the news on that. I will try your suggestion.
As to RegCure being a rogue? are you sure? I downloaded that from c-net i believe and paid for the subscription. what in the heck? Please feel free to help a barely literate user like me. Thanks
If you have Malware defense, it actually deletes mbam.exe,thats why it wont run,in the link posted by scott, there is a detailed description how to remove this virus.There is also a download link for a ’ renamed’ mbam.exe which you should place in C:\program files\Malwarebytes’ Anti-Malware\ folder.
It is important to kill the process before removal, use Rkill ( in the link )
However the fact that it deleted mbam.exe suggests that, ( as someone else said ) There may be another element ( tdss )
So start by running the tdss killer posted by techlike99, then follow the link http://www.bleepingcomputer.com/virus-removal/remove-malware-defenseto the letter