Ok, I got attacked by a virus a few days ago. It popped up like a Windows Security Warning, requesting a scan to check for problems. I didn't realize it was a scam until a screen popped up saying that I could fix the problem if I bought this certain program. Upon seeing that I did emergency shutdown, rebooted in safemode and reverted to a couple day old restore point. I've run about 4 or 5 anti virus, malware programs. Everything seemed to be fine. But I started to notice a few problems. Windows keeps trying to load Internet Explorer. I run Mozilla. Mozilla kept diverting pages when I searched for things. I have since disabled IE and completely stripped Firefox out and reloaded it. I've even deleted the parts of IE that I could find, yet Windows still tries to run it. (How do you uninstall that stupid POS?) Next, I noticed that my background images are frozen on one. It's not rotating. So I checked the file where I keep linked to the Theme background photo changer and it is no longer accessible. The pics are still there, but when I click on the folder it says, "Folder is empty". THEN, I have an external hard drive. I go to Computer and it shows that I have 49 gigs of 297 left. Which is what it is supposed to be at. But when I click on it to open, it also gives me the "Folder is empty"message. All the data is there, I can even still run all the music off of it through WMD. Does anyone know how to get rid of these problems without erasing everything?
Download a program called rkill. Also download Malwarebytes. Install the latter. Restart in safe mode. Run rkill, which will shut down the bullshit security warnings. Then run a full scan on Malwarebytes, which should ick it up and fix it. If you don't run rkill first then the scan will not properly work. Should be ok after that. If not, you may have more then one virus. I believe a program called combofix can get rid of google redirects, but what I have set out above wrked for me when I had one of those security warning viruses.
Nope. No good, Rkill requires a program buy in. And I've already run Malwarebytes, did it again and ran the Combofix which didn't do anything. So I still has teh problemz.
When I had an attack a few weeks ago I ran Malwarebytes and something called 'doctorweb' http://drweb.com/?lng=en
Sounds like you picked up "Windows Internet Security". You need to edit your registry, also find the folder it's in as well. I picked that one up too. You'll need to delete the file, and also there's an exe. file with a random name. So first delete the file that keeps running, then delete the random file. Then edit the registry for the named file.
STEP ONE: Download MalwareBytes Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free Download rkill (It's free): http://www.technibble.com/rkill-repa...l-of-the-week/ Download Spybot Search & Destroy: http://www.safer-networking.org/index2.html STEP TWO: Startup in Safe Mode. Run rkill (you'll see a window pop up for a brief second and disappear) Install AntiMalware Bytes. Run a scan If it finds something, let AMB get rid of it. Install Spybot S&D Run a scan. If it finds something, let SS&D get rid of it. Enable Tea Timer from the options menu in Spybot S&D Restart your computer in normal mode. Enjoy pain free computing.
All based on my limited non-expert experience cleaning up an infection anti-virus and anti-malware simply couldn't deal with: Start in safe mode. If you can run the task manager, do so. You might be able to easily identify the offending process. Right click on the process, open file location, shut the process down, backup just in case you have the wrong file, and manually delete the infected file. If you're not sure which process is the offending process you can try shutting down non-critical processes one at a time until the symptoms stop. Autoruns for Windows is a very useful tool. It will show you everything that automatically runs at normal system startup and will let you edit the registry with the click of a box so that things don't automatically start up. If the infection is particularly nasty and changed account permissions so that you can't use the task manager or edit the registry you may have to use the "Administrator" account in safe mode. In Windows XP this is an account that appears at the login screen for safe mode automatically. In Windows7 and Vista the account has to be specifically enabled.
Rkill is VERY free. The link I gave you takes you right to it. It's freeware. I use it, it works. It kills the malware processes and lets MBAM and Spybot do it's job. By the way, TeaTimer is very important. It's essentially a low level registry guard, that prevents malware from modifying your registry settings. By doing that, you eliminate about 99.9% of a malware program's effectiveness. I highly recommend you install it once you resolve the issue you're having.
The redirects had me go to something similar, but not the ones you all were pointing out. I got the real rkill...ran it... And it didn't do anything, I've cleaned the computer in safe mode multiple times, ran Spybot Seek & Destroy, Adaware, AVG, Advanced System Care, MalwareBytes... Doctorweb... I've tried looking for stuff to uninstall, but I don't recognize the oddballs. I'm still getting the Google redirects, and those two folders/drives are still listed and "folder is empty".
Other half had this, I ended up backing up everything and nuking the system which is the best advice I can give. Be careful when backing up, it sets your files to hidden, so if you back everything up to external without updating your folder settings you'll think you've got an empty directory.
If you're still getting Google redirects, you'll have to delete your hosts file and replace it with an uninfected version. Now, if you follow my steps and do the following to the HOSTS file, you should have no problems. If you don't follow my steps, you'll keep running around in circles unless you just wipe the entire drive and start from scratch. STEP ONE: Download MalwareBytes Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free Download rkill (It's free): http://www.technibble.com/rkill-repa...l-of-the-week/ Download Spybot Search & Destroy: http://www.safer-networking.org/index2.html STEP TWO: Startup in Safe Mode. Run rkill (you'll see a window pop up for a brief second and disappear) Install AntiMalware Bytes. Run a deep scan If it finds something, let AMB get rid of it. Install Spybot S&D Run a scan. If it finds something, let SS&D get rid of it. Enable Tea Timer from the options menu in Spybot S&D Delete your HOSTS file: C:\Windows\System32\Drivers\etc\HOSTS Replace it with this one (whichever OS you have): Windows XP HOSTS File Windows Vista HOSTS File Windows 7 HOSTS File Restart your computer in normal mode. Go to the RUN command in your startup menu, and type: attrib /d /s -h -s [FONT="] [/FONT]That will unhide every file on your system.[FONT="] [/FONT] Follow every step above, and it should fix the problem.
This post needs to be in its own thread and stickied with the following note: Downloading rKill, Malwarebytes and Spybot Search & Destroy may require use of an external computer and a thumb drive.
I have't been able to get in the internet from my computer. Oddly, Yahoo Messenger and Utorrent work. Presently, i am backing up my files, and have the System Recovery discs out. I did save that Hosts file though. Thanks John.
Oh, and it turns out that my external drive, All the virus did was make the files Hidden and changed the "ownership". Mentalist showed me where to download a "Take Ownership" program.
Ok, Mozilla Firefox, Internet Explorer (8 and 9) and Safari no longer work on my computer. They immediately crash upon openning. But Opera does work. I've looked at the details of the listed problem for the first three crashers, and it says: Problem Event name: BEX Fault module name: StackHash_0a9e or: Problem Event Name: Appcrash Fault Module name: SHLWAPI.dll Does that means anything to anyone? And, do you know how to fix it?
