close

Privacy guaranteed - Your email is not shared with anyone.

Virus Help!

Discussion in 'Tech Talk' started by nathanours, Oct 11, 2010.


  1. nathanours

    nathanours
    Expand Collapse
    Texan

    Joined:
    Mar 5, 2009
    3,511
    93
    Location:
    Colorado by way of Texas
    So one of my computers running Windows 7 got infected by a trojan I think.

    It keeps popping up some "Anti Spy Safeguard" thing that i never installed, and I can't get rid of it!

    It wont let me have internet access saying that it is "unsafe"

    Any ideas for removing it?

    ETA: this particular machine has AVG on it, and it still somehow got through
     

    Wanna kill these ads? We can help!
    #1 nathanours, Oct 11, 2010
    Last edited: Oct 11, 2010
  2. GenX

    GenX
    Expand Collapse

    Joined:
    Aug 8, 2009
    508
    38
    Location:
    Idaho
    I thought windows 7 had great security? I have always had good luck with avast and malwarebytes.
     

  3. Goodspeed(TPF)

    Goodspeed(TPF)
    Expand Collapse

    Joined:
    Jul 30, 2009
    902
    0
    Location:
    Sh
  4. IndyGunFreak

    IndyGunFreak
    Expand Collapse
    KO Windows

    Joined:
    Jan 26, 2001
    25,557
    816
    Location:
    Indiana
    :wavey::rock::bowdown::poke:

    Where you been man? Haven't saw you around in a while...

    IGF
     
  5. GenX

    GenX
    Expand Collapse

    Joined:
    Aug 8, 2009
    508
    38
    Location:
    Idaho
    I don't post much. Rarely have anything useful to post. Plus work, house maintenance and family rearin' knocks me on my butt.
     
  6. nathanours

    nathanours
    Expand Collapse
    Texan

    Joined:
    Mar 5, 2009
    3,511
    93
    Location:
    Colorado by way of Texas
    So more info, its called Trojan horse SHeur3.BFAY according to AVG, and AVG can't remove it... I'll give malwarebytes a try now. AVG says that "the object is inaccessible" when it tries to remove/quarantine it
     
    #6 nathanours, Oct 11, 2010
    Last edited: Oct 11, 2010
  7. Drjones

    Drjones
    Expand Collapse

    Joined:
    Sep 28, 2002
    6,117
    1
    Location:
    CA, just outside the United States
    First, back up all of your stuff.

    If it's difficult to do because of the virus, boot into safe mode; shut off your computer, then turn back on and keep hitting the "F8" button until you get the prompt to boot into safe mode.

    Next, if malwarebytes doesn't remove it, just reinstall windows. You will spend far, far less time that way and your computer will run better than it was before anyway.
     
  8. Linux3

    Linux3
    Expand Collapse

    Joined:
    Dec 31, 2008
    1,399
    0
    Yes but....
    If he backs up all his stuff most likely that 'stuff' is infected too.

    I manage a few email lists for some clubs in the area and we are having major out breaks that are just going round and round.

    My suggestion is wipe and re-install saving NOTHING. And then meditate on why you are using such an insecure O.S.
     
  9. GIockGuy24

    GIockGuy24
    Expand Collapse
    Bring M&M's

    Joined:
    Jul 14, 2005
    4,037
    5
    Location:
    With Amber Lamps
    SuperAntiSpyware is suppose to take care of that one.There is a portable version and an installable version of SAS.

    Portable version. Can put it on a CD or USB drive with another computer if the installable version won't install.

    http://www.superantispyware.com/portablescanner.html

    installable version

    http://www.superantispyware.com/download.html

    http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

    Avira Antivir Rescue CD is a very good tool. Make a CD with it and boot the computer with the CD. It's a large download.

    Make CD with Windows

    http://www.avira.com/en/support-download-avira-antivir-rescue-system

    or write CD iso directly.

    http://www.avira.com/en/support-download-avira-antivir-rescue-system

    Also install and run Malwarebytes.

    http://www.filehippo.com/download_malwarebytes_anti_malware/
     
  10. Goodspeed(TPF)

    Goodspeed(TPF)
    Expand Collapse

    Joined:
    Jul 30, 2009
    902
    0
    Location:
    Sh
    I used to run AVG on most of my PCs (I have over 30) now I run Avast. It can happen to the best of them. Malwarebytes should take care of that issue for you. I still have AVG on a couple PCs and honestly there really is not much difference in overhead between the two programs. Keep us posted. -Goodspeed
     
  11. Pierre!

    Pierre!
    Expand Collapse
    NRA Life Member

    Joined:
    Jun 20, 2003
    3,907
    92
    Location:
    Lovin Sparks Nv!
    Never Ever waste your time scanning if you are not in SAFE MODE. It is no use.

    Get into SAFE MODE with Networking. Update your signature files. Scan with AVG, then with Malware bytes.

    If you have a rootkit, you will have to use something like Darik's Boot N Nuke on it, then reinstall.

    Data typically does not get infected. Backit up even if it is infected. You can scan the drive from another hard drive when the virus hasn't loaded.

    Don't listen to everything the Linux Fan Boys say...:cool:

    In the future, keep your UAC on High. It isn't that tough to work with, bout the same as working with Linux. :rofl:
     
  12. Drjones

    Drjones
    Expand Collapse

    Joined:
    Sep 28, 2002
    6,117
    1
    Location:
    CA, just outside the United States

    Wow. I really hope you never provide tech support to anyone. You won't be in business long telling people they have to completely delete everything on their computer and start from scratch.
     
  13. IndyGunFreak

    IndyGunFreak
    Expand Collapse
    KO Windows

    Joined:
    Jan 26, 2001
    25,557
    816
    Location:
    Indiana
    While I'm a fan of nuking an infected OS(is it ever actually gone?)... Saving individual files should be safe(Music, pics, Doc's.. etc..).
     
  14. Sgt. Schultz

    Sgt. Schultz
    Expand Collapse
    Annoying Member

    Joined:
    May 21, 2004
    2,195
    8
    Location:
    West Columbia, South Carolina
    I agree with Drjones and IGF hat has to be the worst advice I've seen posted in a while!

    OP you can safely move all of your data, music, pictures e-mail etc ... to a external drive or flash drive and then scan it on a clean machine before moving it back to your clean reinstall.
     
  15. nathanours

    nathanours
    Expand Collapse
    Texan

    Joined:
    Mar 5, 2009
    3,511
    93
    Location:
    Colorado by way of Texas
    So I have been running malwarebytes and every time I re-run it, it finds on average of 15 more infected files to delete.

    I don't get it. How do they keep coming back? The definitions are up to date, and I'm running full scans (not the smart scan) and I've done it maybe 8 times now.

    The first two times it caught like 75-80 things and now its settled down to like 15 ish each time.

    Does the virus (trojan or whatever) keep reinstalling itself?

    And I've got Ubuntu on my other machine, I just need one with Windows for some of my college issued software for classes. Running a secure os on this system isn't really an option.

    Also, it used to be a vista machine, but we got a free 7 upgrade from the college (from a download link). How would I reinstall Windows without the disc?
     
    #15 nathanours, Oct 12, 2010
    Last edited: Oct 12, 2010
  16. IndyGunFreak

    IndyGunFreak
    Expand Collapse
    KO Windows

    Joined:
    Jan 26, 2001
    25,557
    816
    Location:
    Indiana
    Update Definitions
    Boot safe mode w/o Networking
    Run scans again

    IGF
     
  17. RMD

    RMD
    Expand Collapse

    Joined:
    Jun 1, 2009
    1,088
    1
    Location:
    20K dm above the shore
    If Malwarebytes doesn't get rid of it, try safe mode and look for an executable in one of the Application/Local Data folders. On the system I cleaned last week, it was named "hotfix.exe".

    Also check registry - software/microsoft/windows nt/current version/winlogon...some stuff hiding there as well.

    And be sure to check the hosts file.

    Was very nasty.
     
    #17 RMD, Oct 12, 2010
    Last edited: Oct 12, 2010
  18. GIockGuy24

    GIockGuy24
    Expand Collapse
    Bring M&M's

    Joined:
    Jul 14, 2005
    4,037
    5
    Location:
    With Amber Lamps
    SuperAntiSpyware may do better than Malwarebytes. Try it and then make the Avira rescue CD and boot the computer with it, that way nothing in Windows is running at the time of the scan.

    Some people claim success with IObit Security 360, which is from a questionable Chinese company. It's easy enough to uninstall after using it for those that don't like the company.

    http://majorgeeks.com/IObit_Security_360_d6088.html
     
  19. Sgt. Schultz

    Sgt. Schultz
    Expand Collapse
    Annoying Member

    Joined:
    May 21, 2004
    2,195
    8
    Location:
    West Columbia, South Carolina
    Boot to safe mode with networking and update malwarebytes, SuperAntiSpyware and any other tool you are using to clean the system. Now clean out all temp folders, do a disk cleanup, run CCleaner, etc ... turn off system restore and delete all restore points (if this does work you wont need them anyway) and then reboot to safe mode w/o networking and run the utilities.


    .
     
    #19 Sgt. Schultz, Oct 12, 2010
    Last edited: Oct 12, 2010
  20. nathanours

    nathanours
    Expand Collapse
    Texan

    Joined:
    Mar 5, 2009
    3,511
    93
    Location:
    Colorado by way of Texas
    Thanks I'll try the safe mode thing. I tried Super Anti Spyware, and it didn't even find anything. How to you turn off system restore in Windows 7?

    Also I've got CCleaner, will that clean out all temp folders and do a disk cleanup, or is there more I should do?

    I killed the process hotfix.exe at some point so its definitely the same thing.

    What should I look for in the registry under "software/microsoft/windows nt/current version/winlogon..." ? Should I just google everything I see in there to see if it's harmful and if so delete it?

    And how do I check the hosts file exactly?
     
Loading...
Similar Threads Forum Date
Google Redirect Virus..Help Tech Talk Jul 6, 2010
Stubborn Virus Help Tech Talk Mar 17, 2010
Virus removal help Tech Talk Apr 26, 2009
PC Virus HELP Tech Talk Nov 3, 2007
Virus help.... Tech Talk May 24, 2006
Duty Gear at CopsPlus