That’s a common problem. It happened to my sister, while visiting the Blue Mountain greeting card site, and it happened to me while looking for photos of the Alps for my PC jigsaw puzzle program.
It usually takes real work to get rid of the fake AV/ security viruses and sometimes you can’t. You usually have to find it in layers.
First if you didn’t do it already, use control alt delete to display the running processes on your computer, identify the exe file that actually runs the fake antivirus, search your computer for it, and delete it. You could be left having to search down utilities to restore the function of certain kinds of files like html or exe.
Start by first making it possible to see hidden and system files on your computer. In XP one step is in Control Panel, folders options, and the other is a system command done in particular folders. Then run a search of all files on your computer, by date. Have it search for system files and hidden files and folders. Delete all that were created (not updated) when the virus appeared, and since, that you can’t account for. Then make sure you can see your hidden system folders, using both steps, open each system folder, use list view, with details, and add the column for when it was created, and sort by when each file was created, and delete any CREATED since the virus appeared that you can’t account for. You can put them in a separate folder in case you need to put them back, as long as your registry can’t find the pieces to put the virus back together again.
Next, install the free version of Malwarebytes if you don’t have it. If it won’t isntall or won’t work, that’s not good news.
Then, there are utilities online that will help to determine if your master root record or other boot files have been infected. Mine were and no antivirus program ever identified it.
There’s one program in particular that you should be very leery of running. I wish I could recall what it is offhand; I should really get busy and write a proper report about it. Every techno-geek on every help forum seems outright addicted to it. As nearly as I can tell, this is because they think that the beloved computers that you and I rely on to live on, are their personal technogeek playthings for them to experimentally wreck. The problem is that, from the massive reports and complaints about it and the technogeek helpers on the Internet, about half the time it permanently wrecks your computer, or maybe it reversibly wrecks your computer, but that is usually where the “helpers” lose interest in helping. Specifically, it permanently disables your ability to connect to the Internet, and removes your drivers, and it seems to especially dislike printer drivers, and it does all kinds of worse stuff. One thing that I’ve just once seen any technogeek point out, and never while helping someone, is that you must not touch your keyboard, your mouse, or your computer while the thing is running, I guess not even if the screensaver has been on for hours so you don’t even know if the blasted thing is still running, becuase if you do this program will hang, and leave everything it removed or disabled on your computer gone or broken for good. Warning; one of the technogeeks who insisted that I run the thing before he would help me further is on the Avast forums. I decided that a new hard drive and a new install of Windows is a more constructive way and much less wasteful of time way to destroy my computer. That was my brother in law’s advice. If I’m not personally a technogeek I should just wipe the drive and reinstall windows.
If you do reinstall on the same hard drive, you must run fixmbr to recreate the master boot record, because wiping the drive won’t do that, and the master boot record could be infected with the virus.
What people are increasingly actually doing about this threat is getting something like Paradox (probably not exactly its name) and backing up their systems for fast reinstall. Viruses are getting alot more destructive, because they can do more personal data stealing if they infect your root files and you can’t find or remove them. There are a whole bunch of evil geniuses working in Russia and Africa.
Dora