My main computer was hit today by a really nasty virus/trojan
The first thing it did was uninstall - or destroy Malwarebytes
It wont let me run Bitdefender… wont let me reinstall…
I cant boot to Safe Mode…
Avast finds it… but does not seem to be able to get rid of it.
When I let Avast run a boot scan… it detects a file and I get that list
of what I want to do… then it just locks up… no matter what number
I press … nothing happens after that point.
Can I get some help…
This is one of those Fake AV malware thingies… with all the added nasties above
plus it downloads ads and porno stuff… keeps popping up what looks like WIndows warnings about infected files… at one point it would not let me use task manager to end it…
I tried uninstalling it with Add/Remove it just keeps reinstalling itself.
This sounds like it might be beatable. Probably best to go with one thing at a time, though. Being methodical is important, so just do the combofix as suggested by Jtaylor for now.
You can’t copy/paste the chest. You could post a screenshot. (Example below.)
You’d probably need to maximize it, then move the column header as indicated in the pic to view the entire path. And, as indicated, it is only the "infected’’ section of the chest that is of interest.
I have tried several times to get combofix to work…
I cant get it to run… when it starts I get a popup that says
runonce is infected…
I dont know if these popups are real or not… any time I try to run
anything … including avast virus scan … I get one.
I will try a screen print of the virus chest… there are so many trojans
in there it looks like a virus dictionary!
I did a screen print but cannot get paint to run to copy it to…
so I tried excel… it copied but did not save the file… now I cant
fun excel anymore… says infected
Seems I get to use a file/program once then from then on it is blocked
and I get a pop up saying cannot run … file is infected.
There are 25 items in the Chest… mostly trojans…
I am going to try rebooting … maybe I will get somewhere that way.
Delete Combofix. Run a disk cleanup. (Let me know if you need directions)
Download it again, but this time, change the name of it at the “save as” point when downloading:
Download Combofix from any of the links below. You must rename it before saving rename it to Gotcha.exe before saving it to your desktop.
I’m sorry to say, this is sounding fairly bad. Shows symptoms of the Win 32 Vitro, an infector that basically infects everything on the drive when it’s used/opened.
Does the name "Vitro’’ appear in the virus chest at all?
I’d start to look at backing up important files.
If you have anything real important, it may even be better to remove the HD, and taking it to a shop to extract the important files without the OS running, as files could be infected during the backup process otherwise.
The above is just a precaution; we don’t know what is at play, yet.
I dont remember seeing Vitro
I saw something that said Mabolb-tm or something like that
and others… I have shut down the computer cause it was driving me
nuts…
As for files… there is very little on the internal hard drive… I store
everything except the OS on external drives.
I will reboot and list some of the viruses from the chest…
I did try downloading Combofix with a different name… but will try again
with the name you suggest.
Um, forget about the cleanup. If Ccleaner isn’t working, we probably don’t’ want to go messing up system tools, either.
(Normally it’s “Start>all programs>accessories>system tools> >disk cleanup.”) You can try it if you want, then after doing it, see if it is disabled as a result of having run.
Try Combofix as “gotcha.exe”. Do that first.
Try renaming the main exe of the MBAM program, located in C:\Program files\malwarebytes anti malware (It’s called MBAM.exe) to something like Lynn.exe, and see if it will run then. (Probably won’t. Worth a crack.)
Whatever you do, don’t place any of those storage disks back in the infected computer. I’m very glad you have backed up stuff. It makes the prospect of a format and reinstall much less painful. (For you, of course. Won’t hurt me, much.)
You can mess around with trying to fix this if you want, and as long as people here have ideas/help available, or you can just save time if you prefer, do a full format, and reinstall Windows.
Do you have another working computer with a net connection available?
Thing is, until we know for sure what you’re dealing with, it remains unknown (but a possibility) that it could affect the other computers on the home network.
So, at a minimum, at least make sure the other computers are well and truly firewalled inbound from the sick computer.
The sick computer appears to not be able to run any application more than once, if at all. That points to a fairly virulent infection, that Avast is unable to clean. I strongly suspect the infection agent is polymorphic (as Vitro is), that is, it re-codes/renames itself each time it infects something, to (a) make it mmore difficult to fix, and (b) to evade detection.
You do not want any part of that code getting into another computer.
I was doing my weekly TV guide… so I had zaptoit open IMDB TV.com
and a few others…
How can I get that excel spreadsheet to you…
It is 204kb and this system only takes 200kb at a time
It has a complete list of the Avast Chest but I have copied the list
best I can… These are the VIrus/Trojans … do you want me to match them to their respective files?
Sorry… as a last resort … I would not mind reformatting if someone could guide me.
I have all my software discs…
I dont have a full scale OS disc… I have a Dell OEM OS disc… would that work?
I have a bunch of useless software on the sick computer… dont use it so would not
reinstall it… just my CD ROM drive and DVD drive… Nero … Office… that is about all
I use on that computer… Dont use email there…