Gizmo's Freeware Forum

Gizmo's Freeware Forum (https://www.techsupportalert.com/freeware-forum/)
-   General Computer Support (https://www.techsupportalert.com/freeware-forum/general-computer-support/)
-   -   Virus/spyware HELP (https://www.techsupportalert.com/freeware-forum/general-computer-support/6576-virus-spyware-help.html)

greentree 01. Mar 2011 02:17 PM

Virus/spyware HELP
 
Hi, newbie to this forum.I have a question I could use some help with and hope I posted it in the right place.
My pc has been recently infected with some spyware or virus.I can use some of it's programs but not all.I have installed avira(free version) and been using it for a year or so but this virus was able to infect my pc anyway!
The virus will not let me open my avira,system restore,or any helpful programs.Yet I can use my explorer.
I downloaded superspyware but the program won't run;same as avira.
My background is infected with a spyware message and popups with the message,(you have been infected etc. click here to remove etc.) come up continuously.

Any suggestions how I can remove this;get my avira to override this infection?
Thanks for any help!!

Tristan.

MidnightCowboy 01. Mar 2011 02:31 PM

You might find some of the information here useful.

http://www.techsupportalert.com/cont...oval-guide.htm

It's also worth bearing in mind for future reference that if you were using a DNS filter and WOT extension you would most likely not have encountered this infection to start with.

Sope 01. Mar 2011 04:57 PM

Sounds like you're infected with a fake AV.

Try this website :-
http://realsecurity.web.officelive.c...vemalware.aspx

The author is a member here.
It's very easy to follow.
To begin with, I would recommend you start your PC in "safe mode with networking" and try MalwareBytes first.

Anupam 01. Mar 2011 05:07 PM

Quote:

Originally Posted by greentree (Post 47363)
My background is infected with a spyware message and popups with the message,(you have been infected etc. click here to remove etc.) come up continuously.

Some more details about this might help. What is the name of the program which is giving these messages? As Sope said, you seem to be infected with some sort of fake AV, or fake antispyware program. Providing with the name might help in finding a special removal tool for it, or will help in searching on Google for a removal procedure for that program.

Please provide the exact messages, and the name of program from which they originate.

You can try MalwareBytes Antimalware. Download it, and change the setup name to something like MBAM.cmd. Then try running it in safe mode.

J_L 01. Mar 2011 10:31 PM

Download the Kaspersky Resuce Disk and boot from it. Update the virus definitions, then scan.

If you cannot update (which usually means non-ethernet connection), try Dr.Web LiveCD. This one doesn't require updates, because daily definitions are included in the download.

Then scan with Hitman Pro, Malwarebytes, SUPERAntiSpyware, and Avira to remove whatever's left.

bo.elam 02. Mar 2011 08:38 AM

Hi greentree, first thing you should do is find out the name of the
Rogue/Fake anti virus that infected you, once you do that, you
might be able to find specific instructions on the proper way for
getting rid of it by using Google. Most likely Malwarebytes name
will come up since it is a very good program for detecting and
eliminating the type of virus that infected you. Normal Anti viruses
like Avira, Avast or any of them basically don't do nothing against
this kind of malware. If you are able to download the MBAM file
but can not run it, then change the name as it was suggested.
You might have to try different names in order to get it done. Do
this in safe mode. If you are not able to download the MBAM its
because the Fake anti virus is blocking the download. If that
happens, go the Malwarebytes forum and search for the instructions
to download MBAM with a random name, it should be easy to find.


Avoiding getting infected by something like this, its easy. Next time,
kill all of your browser processes, reboot and you should be OK.
Even better, start using Sandboxie every time you use your browser
and you ll play with the fake instead of the Fake playing with you.

Take care and good luck.

Bo

greentree 02. Mar 2011 02:09 PM

spyware
 
Thanks for all the replies!The name of this spyware I think is System Tool.It is acting like a fake spyware/virus remover-cleaner.It tells me Windows has detected spyware etc. but this message does not come from Windows.
Messages keep popping up asking me to click here to remove infection etc.It even asks me to activate my antivirus,which of course it promptly blocks!
Yeah they're playing with me,but I will get started using some of these suggestions and see if I can turn the tables.Thanks all!Awesome site here!!
Tristan.

MidnightCowboy 02. Mar 2011 03:08 PM

This should be what you need:

http://www.webtlk.com/2010/12/21/how...tem-tool-2011/

Anupam 02. Mar 2011 03:43 PM

Here is a more complete guide from BleepingComputer :

http://www.bleepingcomputer.com/viru...ve-system-tool

Although, it is explained in detail, but please follow the instructions carefully.

You can also try this removal tool, which is specially designed to remove fake security software. Its called Remove Fake Antivirus, and is available here :

http://freeofvirus.blogspot.com/2009...ivirus-10.html

Although, System Tool is not mentioned in its list, but as can be seen from the BleepingComputer link, System Tool is from the family of SecurityTool, and Remove Fake Antivirus removes that.

But, I will suggest to try the first method from BleepingComputer first.

deya 02. Mar 2011 09:07 PM

Seems that greentree isn't the only one experiencing this at the moment. See this BBC link.

It's being triggered by clicking on ads on certain websites. So if you're an ad clicker just be warned.


All times are GMT +1. The time now is 06:04 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.