So recently I got struck by one of those “Vista Home Security 2012” rogue malwares and went through hours of trying to fix it. Being fed up with how nothing seemed to work, I decided to system restore to yesterday. The Vista Home Security 2012 threat is gone, but I have been experiencing consistent “Malicious URL Blocked” warnings from avast for the past few days. http://i696.photobucket.com/albums/vv327/HookedOnRice/Avastwarning1.jpg
I ran Malwarebytes and Avast on quick and full scans. Malwarebytes didn’t seem to pick up anything but Avast came across 4 infected files.
Again, problems arose and the virus chest server apparently was not working. I searched for some solutions, most recommending to reinstall but I didn’t want to risk being unprotected given how much these attacks have already put me through. In the end I decided to delete the files, but one of them appears to be un-deletable as seen in the screenshot above.
Should I try system restoring to a week back or so? Any other fixes or help with this is greatly appreciated. Sick of the crap these viruses will put you though >:(
Some rogue anti viruses(Fake av’s)download and install rootkits on the infected machine.
Let’s have a look.
Download aswMBR from here http://public.avast.com/~gmerek/aswMBR.htm
Run it
Scan
Post the log
Open The Avast Interface.
Click Scan.
Click Boot-Time Scan.
Schedule A Boot-Time Scan (Make Sure In Settings It Checks: All Harddisks, System Drive And Auto-Start Programs (All Users).
Optionally, You Can Change The Sensitivity To Full Where You Will Possibly Get More Results But Some May Be False Positives (Anyway, I Have Mine On Full.)
Ah, looks like i just needed a reboot. WinRAR was acting up for some reason. Got rid of some pesky “This copy of Windows is not genuine” warning in the lower right hand corner of the screen even though it’s legit. Gonna try running tdsskiller now.
Well it is certainly encouraging, monitor you system over the next couple of days for any alerts or strange occurrences and get back to us if you do.
One thing I notice going over your topic again, is that you chose delete as the action in your scan results image.
Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest (a protected area) and investigate.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.