Virus/spyware HELP

greentree · 01. Mar 2011, 01:17 PM

Hi, newbie to this forum.I have a question I could use some help with and hope I posted it in the right place.
My pc has been recently infected with some spyware or virus.I can use some of it's programs but not all.I have installed avira(free version) and been using it for a year or so but this virus was able to infect my pc anyway!
The virus will not let me open my avira,system restore,or any helpful programs.Yet I can use my explorer.
I downloaded superspyware but the program won't run;same as avira.
My background is infected with a spyware message and popups with the message,(you have been infected etc. click here to remove etc.) come up continuously.

Any suggestions how I can remove this;get my avira to override this infection?
Thanks for any help!!

Tristan.

MidnightCowboy · 01. Mar 2011, 01:31 PM

You might find some of the information here useful.

http://www.techsupportalert.com/cont...oval-guide.htm

It's also worth bearing in mind for future reference that if you were using a DNS filter and WOT extension you would most likely not have encountered this infection to start with.

Sope · 01. Mar 2011, 03:57 PM

Sounds like you're infected with a fake AV.

Try this website :-
http://realsecurity.web.officelive.c...vemalware.aspx

The author is a member here.
It's very easy to follow.
To begin with, I would recommend you start your PC in "safe mode with networking" and try MalwareBytes first.

Anupam · 01. Mar 2011, 04:07 PM

Quote:

Originally Posted by greentree

My background is infected with a spyware message and popups with the message,(you have been infected etc. click here to remove etc.) come up continuously.

Some more details about this might help. What is the name of the program which is giving these messages? As Sope said, you seem to be infected with some sort of fake AV, or fake antispyware program. Providing with the name might help in finding a special removal tool for it, or will help in searching on Google for a removal procedure for that program.

Please provide the exact messages, and the name of program from which they originate.

You can try MalwareBytes Antimalware. Download it, and change the setup name to something like MBAM.cmd. Then try running it in safe mode.

J_L · 01. Mar 2011, 09:31 PM

Download the Kaspersky Resuce Disk and boot from it. Update the virus definitions, then scan.

If you cannot update (which usually means non-ethernet connection), try Dr.Web LiveCD. This one doesn't require updates, because daily definitions are included in the download.

Then scan with Hitman Pro, Malwarebytes, SUPERAntiSpyware, and Avira to remove whatever's left.

bo.elam · 02. Mar 2011, 07:38 AM

Hi greentree, first thing you should do is find out the name of the
Rogue/Fake anti virus that infected you, once you do that, you
might be able to find specific instructions on the proper way for
getting rid of it by using Google. Most likely Malwarebytes name
will come up since it is a very good program for detecting and
eliminating the type of virus that infected you. Normal Anti viruses
like Avira, Avast or any of them basically don't do nothing against
this kind of malware. If you are able to download the MBAM file
but can not run it, then change the name as it was suggested.
You might have to try different names in order to get it done. Do
this in safe mode. If you are not able to download the MBAM its
because the Fake anti virus is blocking the download. If that
happens, go the Malwarebytes forum and search for the instructions
to download MBAM with a random name, it should be easy to find.

Avoiding getting infected by something like this, its easy. Next time,
kill all of your browser processes, reboot and you should be OK.
Even better, start using Sandboxie every time you use your browser
and you ll play with the fake instead of the Fake playing with you.

Take care and good luck.

Bo

greentree · 02. Mar 2011, 01:09 PM

Thanks for all the replies!The name of this spyware I think is System Tool.It is acting like a fake spyware/virus remover-cleaner.It tells me Windows has detected spyware etc. but this message does not come from Windows.
Messages keep popping up asking me to click here to remove infection etc.It even asks me to activate my antivirus,which of course it promptly blocks!
Yeah they're playing with me,but I will get started using some of these suggestions and see if I can turn the tables.Thanks all!Awesome site here!!
Tristan.

MidnightCowboy · 02. Mar 2011, 02:08 PM

This should be what you need:

http://www.webtlk.com/2010/12/21/how...tem-tool-2011/

Anupam · 02. Mar 2011, 02:43 PM

Here is a more complete guide from BleepingComputer :

http://www.bleepingcomputer.com/viru...ve-system-tool

Although, it is explained in detail, but please follow the instructions carefully.

You can also try this removal tool, which is specially designed to remove fake security software. Its called Remove Fake Antivirus, and is available here :

http://freeofvirus.blogspot.com/2009...ivirus-10.html

Although, System Tool is not mentioned in its list, but as can be seen from the BleepingComputer link, System Tool is from the family of SecurityTool, and Remove Fake Antivirus removes that.

But, I will suggest to try the first method from BleepingComputer first.

deya · 02. Mar 2011, 08:07 PM

Seems that greentree isn't the only one experiencing this at the moment. See this BBC link.

It's being triggered by clicking on ads on certain websites. So if you're an ad clicker just be warned.

01. Mar 2011, 01:17 PM	#1 (permalink)
greentree Member Join Date: Mar 2011 Posts: 4	Virus/spyware HELP Hi, newbie to this forum.I have a question I could use some help with and hope I posted it in the right place. My pc has been recently infected with some spyware or virus.I can use some of it's programs but not all.I have installed avira(free version) and been using it for a year or so but this virus was able to infect my pc anyway! The virus will not let me open my avira,system restore,or any helpful programs.Yet I can use my explorer. I downloaded superspyware but the program won't run;same as avira. My background is infected with a spyware message and popups with the message,(you have been infected etc. click here to remove etc.) come up continuously. Any suggestions how I can remove this;get my avira to override this infection? Thanks for any help!! Tristan.

01. Mar 2011, 01:31 PM	#2 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 9,250	You might find some of the information here useful. http://www.techsupportalert.com/cont...oval-guide.htm It's also worth bearing in mind for future reference that if you were using a DNS filter and WOT extension you would most likely not have encountered this infection to start with. __________________ Knows nothing and cares even less

02. Mar 2011, 01:09 PM	#7 (permalink)
greentree Member Join Date: Mar 2011 Posts: 4	spyware Thanks for all the replies!The name of this spyware I think is System Tool.It is acting like a fake spyware/virus remover-cleaner.It tells me Windows has detected spyware etc. but this message does not come from Windows. Messages keep popping up asking me to click here to remove infection etc.It even asks me to activate my antivirus,which of course it promptly blocks! Yeah they're playing with me,but I will get started using some of these suggestions and see if I can turn the tables.Thanks all!Awesome site here!! Tristan.

02. Mar 2011, 02:08 PM	#8 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 9,250	This should be what you need: http://www.webtlk.com/2010/12/21/how...tem-tool-2011/ __________________ Knows nothing and cares even less

02. Mar 2011, 02:43 PM	#9 (permalink)
Anupam Moderator Join Date: Jul 2008 Location: India Posts: 9,484	Here is a more complete guide from BleepingComputer : http://www.bleepingcomputer.com/viru...ve-system-tool Although, it is explained in detail, but please follow the instructions carefully. You can also try this removal tool, which is specially designed to remove fake security software. Its called Remove Fake Antivirus, and is available here : http://freeofvirus.blogspot.com/2009...ivirus-10.html Although, System Tool is not mentioned in its list, but as can be seen from the BleepingComputer link, System Tool is from the family of SecurityTool, and Remove Fake Antivirus removes that. But, I will suggest to try the first method from BleepingComputer first. __________________ Anupam

01. Mar 2011, 03:57 PM	#3 (permalink)
Sope Senior Member Join Date: Feb 2009 Location: Wales, UK Posts: 809	Sounds like you're infected with a fake AV. Try this website :- http://realsecurity.web.officelive.c...vemalware.aspx The author is a member here. It's very easy to follow. To begin with, I would recommend you start your PC in "safe mode with networking" and try MalwareBytes first.

01. Mar 2011, 09:31 PM	#5 (permalink)
J_L Co-Author, Best Free Security List Join Date: Dec 2008 Posts: 1,475	Download the Kaspersky Resuce Disk and boot from it. Update the virus definitions, then scan. If you cannot update (which usually means non-ethernet connection), try Dr.Web LiveCD. This one doesn't require updates, because daily definitions are included in the download. Then scan with Hitman Pro, Malwarebytes, SUPERAntiSpyware, and Avira to remove whatever's left.

02. Mar 2011, 07:38 AM	#6 (permalink)
bo.elam Senior Member Join Date: Nov 2009 Posts: 1,224	Hi greentree, first thing you should do is find out the name of the Rogue/Fake anti virus that infected you, once you do that, you might be able to find specific instructions on the proper way for getting rid of it by using Google. Most likely Malwarebytes name will come up since it is a very good program for detecting and eliminating the type of virus that infected you. Normal Anti viruses like Avira, Avast or any of them basically don't do nothing against this kind of malware. If you are able to download the MBAM file but can not run it, then change the name as it was suggested. You might have to try different names in order to get it done. Do this in safe mode. If you are not able to download the MBAM its because the Fake anti virus is blocking the download. If that happens, go the Malwarebytes forum and search for the instructions to download MBAM with a random name, it should be easy to find. Avoiding getting infected by something like this, its easy. Next time, kill all of your browser processes, reboot and you should be OK. Even better, start using Sandboxie every time you use your browser and you ll play with the fake instead of the Fake playing with you. Take care and good luck. Bo

02. Mar 2011, 08:07 PM	#10 (permalink)
deya Senior Member Join Date: Oct 2009 Location: UK Posts: 528	Seems that greentree isn't the only one experiencing this at the moment. See this BBC link. It's being triggered by clicking on ads on certain websites. So if you're an ad clicker just be warned.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode