HELP! Virus...

swebb

I have a virus that keeps displaying messages on the bottom right of the screen, telling me I have security warnings - virus etc. It puts a pop up that is scanning my PC and telling me I have viruses and no doubt I'll need to pay to get rid (obviously I cancel).

My own AV is now disabled (Virgin) and pretty much most exe's won't work.

I have tried to download and run the first file referenced in the Malware/Spyware Removal Guide thread. But... the exe won't execute. I'm trying to work my way downwards on the thread for a solution.

In the meantime any help anyone please?

cheers

aliEnRIK

Reboot and keep pressing F8 to get into SAFE MODE WITH NETWORKING

Download MALWAREBYTES (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_malwarebytes_anti_malware/
Open malwarebytes and goto UPDATE and click 'check for updates'. After its updated goto SCANNER and click PERFORM QUICK SCAN then click SCAN
Remove everything thats found (needs to be ticked)
Post the COMPLETE log here AFTER youve deleted everything it finds
If anything was found then do the exact same but run a FULL scan

if it still wont work then run FixExe.reg (to allow malwarebytes etc to run). After clicking YES it will be fixed (Nothing will visually happen)
http://download.bleepingcomputer.com/reg/antivirus-vista-2010/FixExe.reg

And attempt malwarebytes again

assuming it works -
reboot into NORMAL mode

Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
If you get a message that you cant write to the hosts file then Press the SHIFT key, and whilst holding it RIGHT CLICK and select RUN AS (admin)

swebb

In progress now...

swebb

I get a pop up saying:

Windows cannot completet the installation in safe mode. To continue installing windows, restart the computer.

Then it's a restart as usual.

how about if I download the files and boot in normal safe mode after i.e. put the downloaded files in a folder, boot into safe mode and run them from there?

swebb

As I guessed... I can't get into safe mode either.

I've downloaded the files. Can they be run in another mode?

aliEnRIK

Have you run the 'fixexe' file?

swebb

aliEnRIK wrote: »

Have you run the 'fixexe' file?

can I do that in 'normal' mode?

hannoja

Would an online virus scanner/cleaner help..? (if you can get online okay)

BitDefender might be worth a shot, though it hasn't found any 'nasties' on my machine, so I can't vouch for it's 'cleaning' techniques..

Jeff_Bridges_hair

http://www.f-secure.com/en_UK/

a very good online scanner

swebb

I'm running an online scan now which is taking ages... 12 hours to go.

I have also run fixexe BUT!!! it won't run. Message "File regedit.exe is infected by W32/Blaster.worm. Please activate spyware protection to protect your computer" i.e. the same sort of message for pretty much any exe.

HELP!!

aliEnRIK

Everything your dowloading must be getting infected (or its a false message)

Your going to need to use another (none infected) computer

Download the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Burn it to a cheap cd or put ona uSB stick tha has a PROTECTION switch on it (so that when its inserted, your computer cant infect it) and run the program
Turn your anti virus OFF
Click CANCEL to the 'Would you like to read purchase terms now?' message
Click START click OK
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon
***DO NOT UPGRADE TO FULL VERSION***

If you cant run it in either mode then your going to have to create an actual bootable disc (we can get to that later if this fails)

If you cant get onto another computer just now then press CTRL ALT and DEL to bring up TASK MANAGER and try to determine what the nasty is and END THE PROCESS to try to continue with malwarebytes etc