 You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Our main computer which runs Windows XP seems to have been infected with a virus. It won't let me open AVG or any software at all. When I open firefox I am getting a bogus message saying 'internet explorer cannot display the webpage', and millions of pop ups telling me to download something called AV Software, which judging by the spelling and grammar is far from legitimate.
I can't even open the control panel to get to system restore, everytime I try to open anything I just keep getting a box telling me I need to download some bogus AV software.
Oh, and while I'm typing this on my Ubuntu equipped laptop, internet explorer has just opened up on its own and is opening up a variety of porn websites.
The computer is only used by my wife and kids (4 and 11 years old), so no I haven't been looking at anything dodgy!
Help, please!
go into safe mode and sort stuff from there? Reboot and press f8
Do you have much stuff on there that you really would miss/don't have backup copies of ?
If not - wipe the PC and re-install XP - it may be quicker than trying to unpick the current situation and will definitely be more certain.
Oh, and when you re-install it ensure it is well protected.
internet explorer has just opened up on its own and is opening up a variety of porn websites.
Sure it has.. 😉
Safe mode, or can't you do a system restore from the reboot options menu thing?
Right, I've started in safe mode and system restored to tuesday. Seems to have done the trick.
I don't usually use the PC, I was just ripping some CD's for the Mrs, bit of a panic there!
Thanks guys for all your help
Still run the malware program to stop it re-appearing.........(it's free)
Duntstick is wise.
I was just ripping some CD's
oh, is that what they call it now?
😉
duntstick is correct, install malware bytes and the Microsoft Security Essentials virus scanner (or Avast) all of those are free.
I had the same problem recently and a quick google search on my phone gave me the solutions, but pretty much as said above.
This all happened whilst I was away at the seaside for a few days and desperately tring to produce and send a quote. As there was no PC World in Scarborough I went into Curry's and was told some guff about it being unresolvable and would have to do a full system restore.
It actually happened due to my daughter searching for images of the worlds fattest hamster believe it or not - all my dodgy stuff gets Sandboxed, which is a delightful piece of software.
Sorry, just read you got rid of it. But if it comes back ...
I had it a couple of months ago.
Basically all you need is [url= http://www.bleepingcomputer.com/virus-removal/remove-av-security-suite ]AV Virus Suite removal[/url] You need to download rkill and also malware. BUT and this is what i had hassle with was the virus recognized rkill and was making itself delete itself on the scans!
it also disables youre existing antivirus software.
You will notice if you type in av virus suite in the search button the results show up but you will be unable to click the links.
go into internet options via control panel
internet properties
LAN settings
and make sure 'proxy server' is unclicked ( this is what gives you grief getting online)
Personally now you're back I'd back everything up and then reformat the hard drive and reinstall XP. It's not a bad house keeping thing to do every full years anyway. PC will probably run faster as well.
h I went into Curry's and was told some guff about it being unresolvable
Factually accurate, it would have been unsolvable by anyone in Curry's.
Update:
Rebooted PC in safe mode and did system restore back to tuesday - seemed to do the trick - no more nasty pop ups etc. and got rid of all the AV Antivirus boxes
however:
Ran AVG and it found nothing other than tracking cookies
Ran Spybot and it found something called Win32.pornsomethingorother (sorry I didn't make a note of the exact title) - deleted this and ran scan again - found nothing this time
Ran Malwarebytes and it found a Rootkit and 2 trojans - just deleted these and rebooted pc - now running it again to see if it finds anything this time
Now waiting......
Superantispyware is another good one to run
Combofix is the Daddy. Found stuff Malware Bytes, PrevX and MS SE couldn't.
Ran AVG and it found nothing other than tracking cookies
AVG is what caused the problem in the first place - you didn't buy their 'antivirus' fake software did you? Please say no.
AVG did not cause the problem. AVG provide good free antivirus.
Yeah, sorry - a bit pissed - it's AV soft, not AVG. My bad.
Disable AV Soft (temporarily) then download Avast anti-virus and install. When you restart it will do a boot scan before windows loads, (you can make it do a thorough scan which takes something like 30 minutes but you might need to choose this in the options before restarting)
The boot scan seems to catch a lot more stuff than scanning in normal or safe mode.
Then choose to keep either AV Soft or Avast, (not both together) I would go for Avast. Very good and very unintrusive.
OK, everything seems to be working OK again, all scans are not finding anything untoward.
The only issue now seems to be when searching for something using google or bing when you click on a search result it randomly takes me to another search page that I've never heard of. It does this a few times before it lets me go to the actual result.
Why is this?
You need to check that the malware hasn't cofigured a proxy server for your internet connection which could be used to direct you to places you didn't intend.
Go to control panel > internet options > connections > settings
Uncheck any proxy server settings. It is very unlikely that you will need to yse a proxy server at home.
As an extra precaution you could remove your hard drive, mount it in a seperate computer and run a scan that way whilst no operating system or software is running from the infected drive.
Could be a BHO too. In Spybot, put it into Advanced mode, go to Tools and click the 'BHO' option. Look in the list there for anything without a green tick next to it.
(might look slightly different, working from memory here.
Check your HOSTS file too. c:\windows\system32\drivers\etc\hosts - it should just contain a couple of entries unless one of your applications has added "protection" - easiest way is just to delete it.
+1 Malware
Also install Spyware Terminator - also free
If all the above fails, get an account on [url= http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/ ]Tech Support Forum[/url] - you might have to wait a day or two for a reply, but the experts on there really know their stuff and it's possible you'll be sorted without having to do a rebuild/reinstall.
I remembered what I used to finally kill this PITA off. Anyone has this AV Soft bug make sure you run this , it's free (More people who are aware of it the better really)
[url= http://support.kaspersky.com/viruses/solutions?qid=208280684 ]TDSS Killer[/url]
Cougers probably got it, I've also seen malware which changed the DNS settings. PITA.