close

Privacy guaranteed - Your email is not shared with anyone.

Welcome to Glock Talk

Why should YOU join our Glock forum?

  • Converse with other Glock Enthusiasts
  • Learn about the latest hunting products
  • Becoming a member is FREE and EASY

If you consider yourself a beginner or an avid shooter, the Glock Talk community is your place to discuss self defense, concealed carry, reloading, target shooting, and all things Glock.

Virus Help!

Discussion in 'Tech Talk' started by nathanours, Oct 11, 2010.

  1. nathanours

    nathanours Texan

    So one of my computers running Windows 7 got infected by a trojan I think.

    It keeps popping up some "Anti Spy Safeguard" thing that i never installed, and I can't get rid of it!

    It wont let me have internet access saying that it is "unsafe"

    Any ideas for removing it?

    ETA: this particular machine has AVG on it, and it still somehow got through
     
    Last edited: Oct 11, 2010
  2. GenX

    GenX

    555
    77
    Aug 8, 2009
    Idaho
    I thought windows 7 had great security? I have always had good luck with avast and malwarebytes.
     


  3. Goodspeed(TPF)

    Goodspeed(TPF)

    902
    0
    Jul 30, 2009
    Sh
  4. IndyGunFreak

    IndyGunFreak

    25,914
    1,151
    Jan 26, 2001
    Indiana
    :wavey::rock::bowdown::poke:

    Where you been man? Haven't saw you around in a while...

    IGF
     
  5. GenX

    GenX

    555
    77
    Aug 8, 2009
    Idaho
    I don't post much. Rarely have anything useful to post. Plus work, house maintenance and family rearin' knocks me on my butt.
     
  6. nathanours

    nathanours Texan

    So more info, its called Trojan horse SHeur3.BFAY according to AVG, and AVG can't remove it... I'll give malwarebytes a try now. AVG says that "the object is inaccessible" when it tries to remove/quarantine it
     
    Last edited: Oct 11, 2010
  7. First, back up all of your stuff.

    If it's difficult to do because of the virus, boot into safe mode; shut off your computer, then turn back on and keep hitting the "F8" button until you get the prompt to boot into safe mode.

    Next, if malwarebytes doesn't remove it, just reinstall windows. You will spend far, far less time that way and your computer will run better than it was before anyway.
     
  8. Linux3

    Linux3

    1,399
    0
    Dec 31, 2008
    Yes but....
    If he backs up all his stuff most likely that 'stuff' is infected too.

    I manage a few email lists for some clubs in the area and we are having major out breaks that are just going round and round.

    My suggestion is wipe and re-install saving NOTHING. And then meditate on why you are using such an insecure O.S.
     
  9. GIockGuy24

    GIockGuy24 Bring M&M's

    4,037
    5
    Jul 14, 2005
    With Amber Lamps
    SuperAntiSpyware is suppose to take care of that one.There is a portable version and an installable version of SAS.

    Portable version. Can put it on a CD or USB drive with another computer if the installable version won't install.

    http://www.superantispyware.com/portablescanner.html

    installable version

    http://www.superantispyware.com/download.html

    http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

    Avira Antivir Rescue CD is a very good tool. Make a CD with it and boot the computer with the CD. It's a large download.

    Make CD with Windows

    http://www.avira.com/en/support-download-avira-antivir-rescue-system

    or write CD iso directly.

    http://www.avira.com/en/support-download-avira-antivir-rescue-system

    Also install and run Malwarebytes.

    http://www.filehippo.com/download_malwarebytes_anti_malware/
     
  10. Goodspeed(TPF)

    Goodspeed(TPF)

    902
    0
    Jul 30, 2009
    Sh
    I used to run AVG on most of my PCs (I have over 30) now I run Avast. It can happen to the best of them. Malwarebytes should take care of that issue for you. I still have AVG on a couple PCs and honestly there really is not much difference in overhead between the two programs. Keep us posted. -Goodspeed
     
  11. Pierre!

    Pierre! NRA Life Member

    3,990
    161
    Jun 20, 2003
    Lovin Sparks Nv!
    Never Ever waste your time scanning if you are not in SAFE MODE. It is no use.

    Get into SAFE MODE with Networking. Update your signature files. Scan with AVG, then with Malware bytes.

    If you have a rootkit, you will have to use something like Darik's Boot N Nuke on it, then reinstall.

    Data typically does not get infected. Backit up even if it is infected. You can scan the drive from another hard drive when the virus hasn't loaded.

    Don't listen to everything the Linux Fan Boys say...:cool:

    In the future, keep your UAC on High. It isn't that tough to work with, bout the same as working with Linux. :rofl:
     

  12. Wow. I really hope you never provide tech support to anyone. You won't be in business long telling people they have to completely delete everything on their computer and start from scratch.
     
  13. IndyGunFreak

    IndyGunFreak

    25,914
    1,151
    Jan 26, 2001
    Indiana
    While I'm a fan of nuking an infected OS(is it ever actually gone?)... Saving individual files should be safe(Music, pics, Doc's.. etc..).
     
  14. Sgt. Schultz

    Sgt. Schultz Annoying Member

    I agree with Drjones and IGF hat has to be the worst advice I've seen posted in a while!

    OP you can safely move all of your data, music, pictures e-mail etc ... to a external drive or flash drive and then scan it on a clean machine before moving it back to your clean reinstall.
     
  15. nathanours

    nathanours Texan

    So I have been running malwarebytes and every time I re-run it, it finds on average of 15 more infected files to delete.

    I don't get it. How do they keep coming back? The definitions are up to date, and I'm running full scans (not the smart scan) and I've done it maybe 8 times now.

    The first two times it caught like 75-80 things and now its settled down to like 15 ish each time.

    Does the virus (trojan or whatever) keep reinstalling itself?

    And I've got Ubuntu on my other machine, I just need one with Windows for some of my college issued software for classes. Running a secure os on this system isn't really an option.

    Also, it used to be a vista machine, but we got a free 7 upgrade from the college (from a download link). How would I reinstall Windows without the disc?
     
    Last edited: Oct 12, 2010
  16. IndyGunFreak

    IndyGunFreak

    25,914
    1,151
    Jan 26, 2001
    Indiana
    Update Definitions
    Boot safe mode w/o Networking
    Run scans again

    IGF
     
  17. If Malwarebytes doesn't get rid of it, try safe mode and look for an executable in one of the Application/Local Data folders. On the system I cleaned last week, it was named "hotfix.exe".

    Also check registry - software/microsoft/windows nt/current version/winlogon...some stuff hiding there as well.

    And be sure to check the hosts file.

    Was very nasty.
     
    Last edited: Oct 12, 2010
  18. GIockGuy24

    GIockGuy24 Bring M&M's

    4,037
    5
    Jul 14, 2005
    With Amber Lamps
    SuperAntiSpyware may do better than Malwarebytes. Try it and then make the Avira rescue CD and boot the computer with it, that way nothing in Windows is running at the time of the scan.

    Some people claim success with IObit Security 360, which is from a questionable Chinese company. It's easy enough to uninstall after using it for those that don't like the company.

    http://majorgeeks.com/IObit_Security_360_d6088.html
     
  19. Sgt. Schultz

    Sgt. Schultz Annoying Member

    Boot to safe mode with networking and update malwarebytes, SuperAntiSpyware and any other tool you are using to clean the system. Now clean out all temp folders, do a disk cleanup, run CCleaner, etc ... turn off system restore and delete all restore points (if this does work you wont need them anyway) and then reboot to safe mode w/o networking and run the utilities.


    .
     
    Last edited: Oct 12, 2010
  20. nathanours

    nathanours Texan

    Thanks I'll try the safe mode thing. I tried Super Anti Spyware, and it didn't even find anything. How to you turn off system restore in Windows 7?

    Also I've got CCleaner, will that clean out all temp folders and do a disk cleanup, or is there more I should do?

    I killed the process hotfix.exe at some point so its definitely the same thing.

    What should I look for in the registry under "software/microsoft/windows nt/current version/winlogon..." ? Should I just google everything I see in there to see if it's harmful and if so delete it?

    And how do I check the hosts file exactly?