Virus

[Dalziel]

Help please. I have a computer virus that gives me a red screen and
has diabled my Control panel, Regedit, Run, etc commands.
It has also put a "Virus alert!" message next to the time in the tray
bar.
It doesn't let me select 'properties' from the desktop to revert the
screen to the original colours.
I cannot tell what virus it is except that it has a mesage saying
'activate antispyware'.
I have AVG and Spybot and Malwarebytes Anti-malware but this did not
prevent it from installing!!
Grateful for any help.

Thanks

Dalziel

 

[JS]

Virus Removal Info
Provided by: Malke - MS MVP:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

JS
http://www.pagestart.com

 

[The Real Truth MVP]

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm

 

[Patrick Keenan]

Help please. I have a computer virus that gives me a red screen and
has diabled my Control panel, Regedit, Run, etc commands.
It has also put a "Virus alert!" message next to the time in the tray
bar.
It doesn't let me select 'properties' from the desktop to revert the
screen to the original colours.
I cannot tell what virus it is except that it has a mesage saying
'activate antispyware'.
I have AVG and Spybot and Malwarebytes Anti-malware but this did not
prevent it from installing!!
Grateful for any help.

Thanks

Dalziel

The antispyware app the message is referring to IS the malware. You will
probably find a couple of new links or shortcuts on the Start menu to
these - delete them, they are there to encourage you to re-infect the
system.

This kind of thing is easy to fix if you can attach the drive to another
system and scan it from there. It's a lot harder if you have to rely on a
running system - expect to make several passes before you can start to get
control.

Boot in Safe Mode to the Administrator account, then use msconfig to locate
and disable the startup entries that are causing the problem. They
shouldn't be hard to identify.

Delete all of the contents of all of the Temporary Internet Files and temp
folders. Empty the recycle bin.

Locate the name of the app and the Program Files folder it's installed to.
In Safe Mode as Administrator, you can change the name of that folder - I
usually add an X to the beginning of the folder name so it's easy to find
later, when you go back to delete it. This will prevent the malware in
that folder from launching, and allow you to increase the control YOU have.
Expect to find it in more than one place; do not stop looking after you find
that one folder. There are often added entries under the Program Files \
Common Files folder.

HTH
-pk

 

[Dalziel]

Virus Removal Info
Provided by:  Malke - MS MVP:http://www.elephantboycomputers.com/page2.html#Removing_Malware

JShttp://www.pagestart.com

Thanks Malke

But I think the virus does not allow me to go to the links uopu
mention! Anywhere else is fine except the links to the removal of
malware!

Regards

Dalziel

 

[Dalziel]

The antispyware app the message is referring to IS the malware.   You will
probably find a couple of new links or shortcuts on the Start menu to
these - delete them, they are there to encourage you to re-infect the
system.

This kind of thing is easy to fix if you can attach the drive to another
system and scan it from there. It's a lot harder if you have to rely on a
running system - expect to make several passes before you can start to get
control.

Boot in Safe Mode to the Administrator account, then use msconfig to locate
and disable the startup entries that are causing the problem.   They
shouldn't be hard to identify.

Delete all of the contents of all of the Temporary Internet Files and temp
folders.  Empty the recycle bin.

Locate the name of the app and the Program Files folder it's installed to..
In Safe Mode as Administrator, you can change the name of that folder - I
usually add an X to the beginning of the folder name so it's easy to find
later, when you go back to delete it.    This will prevent the malware in
that folder from launching, and allow you to increase the control YOU have.
Expect to find it in more than one place; do not stop looking after you find
that one folder.   There are often added entries under the Program Files \
Common Files folder.

HTH
-pk

Thanks PK

I used Pcbutts Remove-it and it worked to a degree. Still leaves a
white screen and wont let me go to any malware removal sites!!

Regards

Dalziel

 

[nass]

Thanks PK

I used Pcbutts Remove-it and it worked to a degree. Still leaves a
white screen and wont let me go to any malware removal sites!!

Regards

Dalziel

Run a thorough scan by doing the following steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
http://www.malwarebytes.org/rr-update/rr-free-setup.exe
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Comodo BOClean : Anti-Malware Version 4.27
http://www.comodo.com/boclean/boclean.html

If you wish to send me your Hijackthis log I will be happy to help you
further or send to one of many forums on the internet!
Download Hijackthis and send me the log.
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
my address is : to_you_ross(at remove this and repalce with the
obvious)yahoo.co.uk ( _ is underscore)

Run disk clean up on your Drive.
You can download this tool o run clean up:
http://www.ccleaner.com/download/builds/downloading-slim
HTH,
nass

 

[The Real Truth MVP]

You should be able to change your desktop background now. I just updated the
program last night about 11pm eastern time. If you ran it before that time
then download it again and run it again. If you ran it after that time then
if the problem is still there then run my diagnostic tool called
whatslivern. That file after a few seconds, when complete, will generate a
log file. That log file will be saved in the same directory you ran the
program from, using the email link and the bottom of my page send me a copy
of that log file. http://pcbutts1.com/downloads/tools/tools.htm

--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/

The antispyware app the message is referring to IS the malware. You will
probably find a couple of new links or shortcuts on the Start menu to
these - delete them, they are there to encourage you to re-infect the
system.

This kind of thing is easy to fix if you can attach the drive to another
system and scan it from there. It's a lot harder if you have to rely on a
running system - expect to make several passes before you can start to get
control.

Boot in Safe Mode to the Administrator account, then use msconfig to
locate
and disable the startup entries that are causing the problem. They
shouldn't be hard to identify.

Delete all of the contents of all of the Temporary Internet Files and temp
folders. Empty the recycle bin.

Locate the name of the app and the Program Files folder it's installed to.
In Safe Mode as Administrator, you can change the name of that folder - I
usually add an X to the beginning of the folder name so it's easy to find
later, when you go back to delete it. This will prevent the malware in
that folder from launching, and allow you to increase the control YOU
have.
Expect to find it in more than one place; do not stop looking after you
find
that one folder. There are often added entries under the Program Files \
Common Files folder.

HTH
-pk

Thanks PK

I used Pcbutts Remove-it and it worked to a degree. Still leaves a
white screen and wont let me go to any malware removal sites!!

Regards

Dalziel

 

[Patrick Keenan]

The antispyware app the message is referring to IS the malware. You will
probably find a couple of new links or shortcuts on the Start menu to
these - delete them, they are there to encourage you to re-infect the
system.

This kind of thing is easy to fix if you can attach the drive to another
system and scan it from there. It's a lot harder if you have to rely on a
running system - expect to make several passes before you can start to get
control.

Boot in Safe Mode to the Administrator account, then use msconfig to
locate
and disable the startup entries that are causing the problem. They
shouldn't be hard to identify.

Delete all of the contents of all of the Temporary Internet Files and temp
folders. Empty the recycle bin.

Locate the name of the app and the Program Files folder it's installed to.
In Safe Mode as Administrator, you can change the name of that folder - I
usually add an X to the beginning of the folder name so it's easy to find
later, when you go back to delete it. This will prevent the malware in
that folder from launching, and allow you to increase the control YOU
have.
Expect to find it in more than one place; do not stop looking after you
find
that one folder. There are often added entries under the Program Files \
Common Files folder.

HTH
-pk

Thanks PK

I used Pcbutts Remove-it and it worked to a degree. Still leaves a
white screen and wont let me go to any malware removal sites!!

Regards

Dalziel
==============

As I said, don't expect to fix this in one pass..

HTH
-pk

 

[Twayne]

Thanks PK

I used Pcbutts Remove-it and it worked to a degree. Still leaves a
white screen and wont let me go to any malware removal sites!!

Regards

Dalziel

Try using the IP for the sites instead of the site URL. e.g.
Symantec.com is 206.204.52.31 and will take you right there. This
almost always works for blocks like you have.

Free AVG is: http://77.67.44.202/ if that's the one your'e using. Else
use any whois to look up their IP.

HTH

Twayne

 

[Twayne]

Thanks Malke

But I think the virus does not allow me to go to the links uopu
mention! Anywhere else is fine except the links to the removal of
malware!

Regards

Dalziel

As I mentioned in an earlier post, use the IP instead of the URL; that
almost always works. If you need any particular IP let us know; they're
easy to look up. Just use any whois service is probably easiest one.