Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Freeware Forum > General Computer Support

Reply
 
Thread Tools Display Modes
Old 01. Mar 2011, 02:17 PM   #1 (permalink)
Member
 
Join Date: Mar 2011
Posts: 4
Default Virus/spyware HELP

Hi, newbie to this forum.I have a question I could use some help with and hope I posted it in the right place.
My pc has been recently infected with some spyware or virus.I can use some of it's programs but not all.I have installed avira(free version) and been using it for a year or so but this virus was able to infect my pc anyway!
The virus will not let me open my avira,system restore,or any helpful programs.Yet I can use my explorer.
I downloaded superspyware but the program won't run;same as avira.
My background is infected with a spyware message and popups with the message,(you have been infected etc. click here to remove etc.) come up continuously.

Any suggestions how I can remove this;get my avira to override this infection?
Thanks for any help!!

Tristan.
greentree is offline   Reply With Quote
Old 01. Mar 2011, 02:31 PM   #2 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,190
Default

You might find some of the information here useful.

http://www.techsupportalert.com/cont...oval-guide.htm

It's also worth bearing in mind for future reference that if you were using a DNS filter and WOT extension you would most likely not have encountered this infection to start with.
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 01. Mar 2011, 04:57 PM   #3 (permalink)
Senior Member
 
Join Date: Feb 2009
Location: Wales, UK
Posts: 1,174
Default

Sounds like you're infected with a fake AV.

Try this website :-
http://realsecurity.web.officelive.c...vemalware.aspx

The author is a member here.
It's very easy to follow.
To begin with, I would recommend you start your PC in "safe mode with networking" and try MalwareBytes first.
Sope is offline   Reply With Quote
Old 01. Mar 2011, 05:07 PM   #4 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,276
Default

Quote:
Originally Posted by greentree View Post
My background is infected with a spyware message and popups with the message,(you have been infected etc. click here to remove etc.) come up continuously.
Some more details about this might help. What is the name of the program which is giving these messages? As Sope said, you seem to be infected with some sort of fake AV, or fake antispyware program. Providing with the name might help in finding a special removal tool for it, or will help in searching on Google for a removal procedure for that program.

Please provide the exact messages, and the name of program from which they originate.

You can try MalwareBytes Antimalware. Download it, and change the setup name to something like MBAM.cmd. Then try running it in safe mode.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 01. Mar 2011, 10:31 PM   #5 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 2,003
Default

Download the Kaspersky Resuce Disk and boot from it. Update the virus definitions, then scan.

If you cannot update (which usually means non-ethernet connection), try Dr.Web LiveCD. This one doesn't require updates, because daily definitions are included in the download.

Then scan with Hitman Pro, Malwarebytes, SUPERAntiSpyware, and Avira to remove whatever's left.
J_L is offline   Reply With Quote
Old 02. Mar 2011, 08:38 AM   #6 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

Hi greentree, first thing you should do is find out the name of the
Rogue/Fake anti virus that infected you, once you do that, you
might be able to find specific instructions on the proper way for
getting rid of it by using Google. Most likely Malwarebytes name
will come up since it is a very good program for detecting and
eliminating the type of virus that infected you. Normal Anti viruses
like Avira, Avast or any of them basically don't do nothing against
this kind of malware. If you are able to download the MBAM file
but can not run it, then change the name as it was suggested.
You might have to try different names in order to get it done. Do
this in safe mode. If you are not able to download the MBAM its
because the Fake anti virus is blocking the download. If that
happens, go the Malwarebytes forum and search for the instructions
to download MBAM with a random name, it should be easy to find.


Avoiding getting infected by something like this, its easy. Next time,
kill all of your browser processes, reboot and you should be OK.
Even better, start using Sandboxie every time you use your browser
and you ll play with the fake instead of the Fake playing with you.

Take care and good luck.

Bo
bo.elam is offline   Reply With Quote
Old 02. Mar 2011, 02:09 PM   #7 (permalink)
Member
 
Join Date: Mar 2011
Posts: 4
Default spyware

Thanks for all the replies!The name of this spyware I think is System Tool.It is acting like a fake spyware/virus remover-cleaner.It tells me Windows has detected spyware etc. but this message does not come from Windows.
Messages keep popping up asking me to click here to remove infection etc.It even asks me to activate my antivirus,which of course it promptly blocks!
Yeah they're playing with me,but I will get started using some of these suggestions and see if I can turn the tables.Thanks all!Awesome site here!!
Tristan.
greentree is offline   Reply With Quote
Old 02. Mar 2011, 03:08 PM   #8 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,190
Default

This should be what you need:

http://www.webtlk.com/2010/12/21/how...tem-tool-2011/
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 02. Mar 2011, 03:43 PM   #9 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,276
Default

Here is a more complete guide from BleepingComputer :

http://www.bleepingcomputer.com/viru...ve-system-tool

Although, it is explained in detail, but please follow the instructions carefully.

You can also try this removal tool, which is specially designed to remove fake security software. Its called Remove Fake Antivirus, and is available here :

http://freeofvirus.blogspot.com/2009...ivirus-10.html

Although, System Tool is not mentioned in its list, but as can be seen from the BleepingComputer link, System Tool is from the family of SecurityTool, and Remove Fake Antivirus removes that.

But, I will suggest to try the first method from BleepingComputer first.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 02. Mar 2011, 09:07 PM   #10 (permalink)
Senior Member
 
deya's Avatar
 
Join Date: Oct 2009
Location: UK
Posts: 1,486
Default

Seems that greentree isn't the only one experiencing this at the moment. See this BBC link.

It's being triggered by clicking on ads on certain websites. So if you're an ad clicker just be warned.
deya is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 09:30 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.