PC infected with Virus

On trying to surf bad website, my Laptope with OS win7 got infected with vius/rogue called “Advanced Windows Security Center”. Just be clear that I’m not always a bad surfer. Both Webroot secure anywhere complete and malwarebuytes which were upto-date didnt detect it. I also ran hitman pro 3 and avast free antiviurs and again both missed it. As these security suites failed to catch this virus both in normal and safe mood, I performed system restore (NOT FACTORY DEFAULT SYSTEM RESTORE)just normal system restore and all the problems caused by this virus disappeared. On checking windows task manager, it appeared to be still running. I realised that it was still there but was just not causing any problems as it used to prior to system restore. I selected it and pressed "end task’ option. My laptope is running normally and I havent noticed any crashes, slowness, etc as I am performing system optimisation with CCleaner, advanced system care and webroot cleaning utility tool. But I read few threads which say system restore doesnot necessary remove virus as it will remian with the uninstalled programmes. Does any one has similar experience with this virus?If so can you please suggest me on how to remove it completely so I can use my PC with complete peace of mind. Any help would be highly appreciated. I also ran superantispywere and it missed it too. I must admit that Malwarebuytes detected around 754 bad registry items in safe mood but couldnot remove them. on commanding it to remove it, my laptope appeared to be frozen. So i quit the process. now is my pc still
infected?
is it ok to do banking stuff in my pc?
Is it ok to do social networking?
will this virus now pose threat to me/
Thanks

Thanks in Advance

I performed system restore (NOT FACTORY DEFAULT SYSTEM RESTORE)just normal system restore and all the problems caused by this virus disappeared
It is not gone,still there.....you have only stopped it from starting up....

Follow this guide and attach the logs…not copy and paste. Then Essexboy or Oldman will clean you
http://forum.avast.com/index.php?topic=53253.0

Watching.

..... advanced system care.....
i am guessing this is advanced system care from IObit..

you may want to uninstall after reading this info about IObit

http://www.malwarebytes.org/forums/index.php?showtopic=29681
http://www.malwarebytes.org/forums/index.php?showtopic=30989
http://www.malwarebytes.org/forums/index.php?showtopic=33217

yes we know about that one, and Oldman will remove it if you attach the logs requested above

but a bit further down in your story you say

....am performing system optimisation with CCleaner, advanced system care and webroot cleaning utility tool. ......

so is this advanced system care from IObit you are talking about ?
http://www.softpedia.com/progScreenshots/Advanced-WindowsCare-Screenshot-23169.html

Still watching and waiting. :slight_smile:

That’s a common problem. It happened to my sister, while visiting the Blue Mountain greeting card site, and it happened to me while looking for photos of the Alps for my PC jigsaw puzzle program.

It usually takes real work to get rid of the fake AV/ security viruses and sometimes you can’t. You usually have to find it in layers.

First if you didn’t do it already, use control alt delete to display the running processes on your computer, identify the exe file that actually runs the fake antivirus, search your computer for it, and delete it. You could be left having to search down utilities to restore the function of certain kinds of files like html or exe.

Start by first making it possible to see hidden and system files on your computer. In XP one step is in Control Panel, folders options, and the other is a system command done in particular folders. Then run a search of all files on your computer, by date. Have it search for system files and hidden files and folders. Delete all that were created (not updated) when the virus appeared, and since, that you can’t account for. Then make sure you can see your hidden system folders, using both steps, open each system folder, use list view, with details, and add the column for when it was created, and sort by when each file was created, and delete any CREATED since the virus appeared that you can’t account for. You can put them in a separate folder in case you need to put them back, as long as your registry can’t find the pieces to put the virus back together again.

Next, install the free version of Malwarebytes if you don’t have it. If it won’t isntall or won’t work, that’s not good news.

Then, there are utilities online that will help to determine if your master root record or other boot files have been infected. Mine were and no antivirus program ever identified it.

There’s one program in particular that you should be very leery of running. I wish I could recall what it is offhand; I should really get busy and write a proper report about it. Every techno-geek on every help forum seems outright addicted to it. As nearly as I can tell, this is because they think that the beloved computers that you and I rely on to live on, are their personal technogeek playthings for them to experimentally wreck. The problem is that, from the massive reports and complaints about it and the technogeek helpers on the Internet, about half the time it permanently wrecks your computer, or maybe it reversibly wrecks your computer, but that is usually where the “helpers” lose interest in helping. Specifically, it permanently disables your ability to connect to the Internet, and removes your drivers, and it seems to especially dislike printer drivers, and it does all kinds of worse stuff. One thing that I’ve just once seen any technogeek point out, and never while helping someone, is that you must not touch your keyboard, your mouse, or your computer while the thing is running, I guess not even if the screensaver has been on for hours so you don’t even know if the blasted thing is still running, becuase if you do this program will hang, and leave everything it removed or disabled on your computer gone or broken for good. Warning; one of the technogeeks who insisted that I run the thing before he would help me further is on the Avast forums. I decided that a new hard drive and a new install of Windows is a more constructive way and much less wasteful of time way to destroy my computer. That was my brother in law’s advice. If I’m not personally a technogeek I should just wipe the drive and reinstall windows.

If you do reinstall on the same hard drive, you must run fixmbr to recreate the master boot record, because wiping the drive won’t do that, and the master boot record could be infected with the virus.

What people are increasingly actually doing about this threat is getting something like Paradox (probably not exactly its name) and backing up their systems for fast reinstall. Viruses are getting alot more destructive, because they can do more personal data stealing if they infect your root files and you can’t find or remove them. There are a whole bunch of evil geniuses working in Russia and Africa.

Dora

The name of that program to look out for is ComboFix.

Dora

1)This is NOT a virus infection, it is a spyware infection!

  1. You no longer have to browse maliciously to get infected. Every website can be compromised. The number 1 monetary fund for every organized crime syndicate and terrorist organization in the world is infections on our computers. Do NOT bank with an infected machine. They are downloading your browser cache and keylogging everything you do. Any password can now be compromised.

  2. I work with the folks at Bleeping Computer. They are usually at the top of the heap with removal procedures.

  3. You will not be able to remove an infection that is memory resident. They have a self defense mode that enables them to stay even when the code is deleted from the hard disk.

  4. Removal will require a combination of events / programs to be effective (rkill, malwarebytes, SAS, combofix, etc.)

email me @ JR@advantage77.com for my infection “scrape” document if your still having issues!

J.R. Guthrie

@J.R. Guthrie,
Television already has the ear and help of a qualified person - oldman - provided he responds to his original post.
Sending users to other forums isn’t what we do here unless that’s required and certainly not the case here.

I saw no response here to use “rkill”, and many times, this is the critical step for success with dealing with Rogueware! “rkill” was written by Lawrence Abrams, president of Bleeping Computer. Lawrence is brilliant, and Bleeping Computer is where you download it and get all the instructions to use it correctly. If we do not give users this information to deal with Rogueware, then I feel we are being somewhat negligent. BTW, Bleeping Computer is listed hundreds of times in the avast! forum. J.R. Guthrie

Oldman is a trained and certified malware remover…so he know all about rkill…if he need it
But first the OP need to attach the logs requested…