Help Bad virus

[~WinGz~]

Okay, I went to my normal sites, and went to Digg.

Somehow now I am getting a massive barrage of virus stuff.

Something called Vista Internet Security 2010.

I cannot load up my firefox, my internet explorer, and this fake virus scanner keeps coming up.

Malwarebytes won't load up nor will any of my other programs. I do not how to get rid of this.

I can't even search google to find out because it keeps hijacking it.

Please help.

[Biotoxic_hazard_835]

Have you tried booting into safe mode and running your AV ?

[~WinGz~]

It has me locked out. It looked like a JV.script that ran from my firefox, I have latest version of avast! and its currently running. Just this stupid virus thing won't let me do anything I have to hard shut down, and im afraid itll end up just completely locking me out.

[deep1234]

What AV are you using? You didnt mention it.

[~WinGz~]

Avast! to make things worse it won't let me access my reformatting tools. =/

[Draconian Guppy]

Did you try safemode?

[astrokat]

What OS?

[Reacon]

1. Boot in safe mode with networking. Tap f8 like Mario Party on bootup.

2. Download HijackThis

3. Scan and record logfile

4. Post logfile here

5. ?????

6. PROFIT

EDIT with moar content:

Also, try downloading SDFix, run it, then try MBAM again in safemode. Download Avira Antivir and Super Anti-Spyware.

After has been fix't, download Sandboxie and use it when browsing. Supports x64 now, VERY handy tool. Will isolate anything that hijacks your browser.

EDIT again: *yawn* g2g to bed. I'll leave ya with this post and the rest of Neowin for the night.

EDIT 3....just kidding, no more edits.

[Andrew Lyle Global Moderator]

1. Boot in safe mode with networking. Tap f8 like Mario Party on bootup.

2. Download HijackThis

3. Scan and record logfile

4. Post logfile here

5. ?????

6. PROFIT

That is your best solution!

You also might want to disable some unknown startup items.. (if you don't know how, don't worry about it)

[goretsky Supervisor]

Hello,

Have you considered contacting your anti-malware vendor's technical support department for assistance? They are likely to be very familiar with removing rogue/fake antivirus programs and it will let them get a coy back to their researchers so that detection can be added for it.

Regards,

Aryeh Goretsky

[~WinGz~]

I found the virus removed it.

- Windows Vista Home All updates.

- Firefox Latest Version

- Avast! Anti-Virus

Avast! doesn't have a support number that I saw,

But after removing the virus, it won't let me run any .exe files I have to go around it and run as admin.

Also I stated I cannot even get to google to search out my problem.

I only was able to use neowin because its the only site I had loaded on firefox when this all started.

So if I leave neowin I won't be able to reaccess it.

[Andrew Lyle Global Moderator]

Are you the Administrator on your computer?

Can you also take a screenshot of your taskmanager > Processes and post it here?

[.bin]

Run combofix in Safemode.

End of discussion. :)

[~WinGz~]

Thanks Binary that worked.

Any suggestions for a new Anti-virus since I feel mine wasn't good enough?

[gdodson]

I haven't seen an antivirus that properly blocks that rogue AV crap. In case you're curious, the reason that your programs wouldn't run is because the .exe extension in the registry was set to "secfile" instead of the default "exefile." Most rogue AVs are doing this now.

[~WinGz~]

Thanks dodson,

Yeah those things are BS. I really wish there was a way to permantly block them, but after tonight and ending up with it without dling anything suspicious or going to any of the websites out of the norm.

Idk what happened.

[bjoswald]

This is a good lesson to all those idiots who run without protection intentionally. It doesn't matter what site you go to or how often you go there. Vulnerabilities are patched constantly for a reason, kids! ;)

[~WinGz~]

Exactly this is something anti-virus is good for, except when the Rogue program decides to close it out. ;)

[goretsky Supervisor]

Hello,

I have used this program to fix broken .EXE file assocations. Although the web site is in Italian, the program itself is in English.

Regards,

Aryeh Goretsky

I found the virus removed it.

- Windows Vista Home All updates.

- Firefox Latest Version

- Avast! Anti-Virus

Avast! doesn't have a support number that I saw,

But after removing the virus, it won't let me run any .exe files I have to go around it and run as admin.

Also I stated I cannot even get to google to search out my problem.

I only was able to use neowin because its the only site I had loaded on firefox when this all started.

So if I leave neowin I won't be able to reaccess it.

[.bin]

Glad it worked WinGz, Personally I don't run an Antivirus but I hear NOD32 is an excellent one for both security and performance.

[Owen W Veteran]

I'll go ahead and say that I'm not a fan of Avast as it seems to miss things, and instead often flags things that aren't viruses as bad files. I'd reccomend looking at changing to either Microsoft Security Essentials or NOD32.

@Binary2k, why dont you run antivirus?

[Reacon]

Thanks Binary that worked.

Any suggestions for a new Anti-virus since I feel mine wasn't good enough?

As in my previous post, I've had REALLY good experiences with Avira Antivir. It's free, and has great realtime protection and detection rates. Just enable Data Execution Prevention (a good thing to do anyway) and avnotify won't show ads every time it updates.

Also, SDFix should've worked too :P SDFix/Combofix is great for anything. But also, more likely than not, there are still traces of the worm still on your computer. Look in system32\drivers\etc\ for your HOSTS file. Open it with notepad and make sure there are NO entries EXCEPT 127.0.0.1 and localhost. That was likely where the worm was killing your access to search engines.

[agreenbhm]

+1 for nod32. Search for my thread "where can I download a virus" to find out a bit more.

[SakuraKira]

I'll go ahead and say that I'm not a fan of Avast as it seems to miss things, and instead often flags things that aren't viruses as bad files. I'd reccomend looking at changing to either Microsoft Security Essentials or NOD32.

@Binary2k, why dont you run antivirus?

Ditto for NOD32. I'm using ESET Smart Security though, since Windows firewall doesn't play nice with torrents, including legitimate torrents like World of Warcraft patching.

Glad it worked WinGz, Personally I don't run an Antivirus but I hear NOD32 is an excellent one for both security and performance.

Doesn't this thread show that "safe browsing habits" aren't real protection? =/

[redvamp128]

Okay-- ctl-alt- del then end everything that looks like the virus-- Or you can also use process explorer much quicker-

process explorer

Once you end the task the anitivirus should be able to get rid of it- also you should run the standards-

malewarebytes

spybot search and destroy

I would also goto panda antivirus and use their online scanner (free tool) to make sure it got rid of everything as a second opinion.