I got a message that said backdoor.win32.keystart.cb
I’m not sure where the virus came from it seemed like out of nowhere
Avast removed and quarantined many of the virus files. It seems to
have disabled my webbrowsers. I can’t boot up in safe mode says I am no
longer administrator and can’t make those changes. My desktop has been
permanently changed and I can’t change it to anything else. exe files keep popping up asking for permission to access the internet and I keep asking firewall to block.
microsoft popups keep coming up saying they stopped a virus from executing on my PC
There is still something on my system I don’t seem to be able to remove
The desktop screen is black with a gray box in the center that says the following:
Dangerous Spyware
Many viruses were found on your computer such as: Trojan Horse, passcapture, etc.
Please check up the computer with a special software.
Thank
Anyone seen this before or know how to remove it and fix the system.
Thanks,
John
I think the virus message is a fake- a scam. Don’t download- and especially don’t pay for anything it offers.
First make sure you try a boot time scan with avast! as advised. Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)
Then scan with these free adware/spyware scanners. Download, install and update before the scan.
Thanks for the very speedy reply. Avast is working overtime trying
to handle this virus. I already did a boot scan and avast did not
remove everything.
I’ll get these other downloads and let you know how I get along
The virus damaged mozilla and ie. I was able to download the software through FLOCK.
I was trying togo through regedit to check out if my desktop page was made permanent.
I’m still running through the scans, appears Avast is finding a boatload of viruses and trojans to quarantine.
Anyone know of another way to edit my registry if regedit has been disabled permanently by
whatever I got. I figured I’d broach this question early while I’m still running through all the scans.
If you want to recover the default windows registry “regedit”
simply make a new text file like notepad, then write in >>
Set WshShell = WScript.CreateObject("WScript.Shell")
With WScript.CreateObject("WScript.Shell")
On Error Resume Next
.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
.RegDelete "HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD"
.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr"
.RegDelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr"
End With
Mybox = MsgBox(jobfunc & enab & vbCR & "Restore_Finished!", 4096, t)
then save your text file and modify the extension from (.txt) to (.vbs)
so the text file will be converted to VBscript file…
finally run this Vbscript file…you will be shown a pop-up message telling you " Restore_Finished! ",
Just wanted to send a followup here. I ran the avast boot scan which found approx 12 viruses.
Then ran superantispyware which found approx 370 trojans (NewJuan), registry and cookies I’m now running malaware.
Anything else I should run on the system? Thanks for the info on restoring regedit.
Does anyone know where I should look in regedit for my hijacked desktop? How can I restore the control panel display back to normal? I think I may be able to avoid a complete system wipe which would be great
Can anyone tell me how to reset the safe mode? Now when I try to reboot in safe mode my system won’t allow me to do it and says to me that I am not the admin.
Malwarebytes has been chugging away on my system for 18 hours. Is this normal?
No, a quick scan should take 5 mins, go to C/program files/ malwarebytes antimalware, open and rename mbam.exe to somethimg else, eg, moon.exe,then try rescanning,open program by double clicking on the renamed file
There is not an easy way afik…
Overinstallation can solve the problem and you won’t lose your programs, settings, data, files, etc.
Just choose ‘Repair’ installation of Windows and install ‘over’ the old installation.
Run MBAM again and the detected items should all selected/ticked (if they aren’t selected, select them as all appear good detections), and click the remove selected button, see image.
I’m also noticing as I run Malwarebytes that avast is finding viruses at the same time and adding them to the chest. Is that normal?
I’ve had viuses here and there but this is by far the worst I’ve dealt with personally. I read somewhere here the other day that viruses like onions and ogres have many layers that need to be peeled away. Seems like I’m encountering alot of layers.
By the way, when I finish with Malwarebytes and remove what it finds, what should my next action be?
When I run other security scans I tend to pause the standard shield and this is one of the reasons, any file that both would detect as infected. MBAM opens the file to scan and that causes avast to scan the same file first so you get this ping pong of detections.
However, you should give examples of these MBAM/avast detections, file name and location, etc.
Theoretically you shouldn’t have anything else to do.
Just wanted to say THank you for all of you who gave me a hand.
I didn’t have to reset safe mode or reload windows. Everything appears to be back to normal
on my system. I just have to run a scan on my external drive that was attached at the time.
Do I need to run all 3 virus/malware programs on it?