Its been quite a long time since Ive been hit with a strong virus. Oh Ive had them before and I have small viruses here and there, but now I somehow got myself into some deep shit.
Twas browsing around n such, and I all of a sudden started to get pop up windows saying that some file had been infected. Thought it was nothing, and closed it. It comes back, so I close it again and try to open a program just to be safe and sure enough, a message came up saying that it was 'infected'. So now I turn to anyone who knows what I can do to get rid of this annoyance. Since it gives me a "your file has been infected" bullshit everytime I try to open a program, I can't run my Spybot Search & Destroy along with some other programs.
Anyone with the knowledge of what I have and the steps to get rid of this virus will have my thanks. If you want pictures of the warning and such, let me know and I'll post them.
Every time I get a severe virus (has happened 2 times so far), I just start windows in error free mode (if that's what it's called in English), I backup all my important stuff and reinstall windows. I don't know any better solution... :-\
i had that before, i just turned my computer off
Start Windows in safe mode and run your anti-virus or whatever crap-removal software you prefer while in safe-mode. See if that helps.
The reason you would want to do it in safe mode, is because when windows boots up into safe mode, it only loads the bare minimal essentials to just get the computer up and running. No networking (unless specified), no video drivers, heck, half the stuff you can't even do in safe-mode, it full-on disables some parts of windows. So hopefully booting it into safe mode will disable the virus as well, and allow you to run a scan and get rid of it.
Did some google searching for you and found this
Here is what I did to stop the virus from running... when the virus starts to run. Press down the Alt key then hit F4 . This shuts down any program ....then I was able to use my anti virus software.
Edit: Heres one other thing
Backup everything important on disk, including your copy of norton (if you don't already have a disk for it). If you have a recovery disk or a copy of windows put it in the computer and choose to reformat the C: drive. Then install a new copy of windows. Before you restore anything you backed up, install norton and let it fully update. Once norton is updated, you can restore your files. Even if the virus winds up on the disk with the backed up files, norton will recognize it and block it from doing any damage.
I assume norton can be exchanged for any anti virus program.
Good god, if you have Norton, that's the FIRST virus you should remove...
And holy crap are people clueless. Scotty's advice is the one, and ONLY one you should be following. Reinstalling Windows is the LAST thing you should ever do, especially for something as minor as a virus.
An option is to open Task Manager, and kill the process for the virus. It won't delete the virus, but it will get it to stop blocking your programs. If it blocks Task Manager, well, you can either start the computer up in safe mode, as Scotty suggested, or, alternatively, you could do what I did to a virus I had just like this on the family computer, and just hit Ctrl-Alt-Delete and double click on MalwareBytes the moment your desktop appears when you start the computer up. This managed to let the programs open before the virus turned on. Mind you, if your computer starts up quickly (unlike my family room computer), this may or may not work.
Either way you choose, once you get it to stop blocking your programs, you can run Spybot, MalwareBytes, or whatever, and remove it.
By any chance, is this virus "Antivirus Soft"? <_<
You could always try a System restore. Supposing the Virus hasn't blocked that capability, it usually works. Pretty easy too.
And yes, Chaos is right. The first virus to get rid of is Norton. It ACTUALLY reduces your cpu speeds. It doesen't just use cpu, it REDUCES IT's SPEEDS. Atleast thats what it did last time I checked, but it's been years. Either way, Norton antivirus is CRAP, go get a good freebie like AVG or Avast!
Quote from: Chaos on February 24, 2010, 01:13:51 PM
Good god, if you have Norton, that's the FIRST virus you should remove...
And holy crap are people clueless. Scotty's advice is the one, and ONLY one you should be following. Reinstalling Windows is the LAST thing you should ever do, especially for something as minor as a virus.
An option is to open Task Manager, and kill the process for the virus. It won't delete the virus, but it will get it to stop blocking your programs. If it blocks Task Manager, well, you can either start the computer up in safe mode, as Scotty suggested, or, alternatively, you could do what I did to a virus I had just like this on the family computer, and just hit Ctrl-Alt-Delete and double click on MalwareBytes the moment your desktop appears when you start the computer up. This managed to let the programs open before the virus turned on. Mind you, if your computer starts up quickly (unlike my family room computer), this may or may not work.
Either way you choose, once you get it to stop blocking your programs, you can run Spybot, MalwareBytes, or whatever, and remove it.
By any chance, is this virus "Antivirus Soft"? <_<
Indeed it is, sorry I should have been more clear but the stupid thing kept giving fake pop up warnings saying that some file was infected or some shit while I was typing.
Anyways before I posted this I did google for a solution and tried it. It didn't work. I either failed it and only deleted certain files, or this is an 'updated' version of Anitvirus Soft- the guide I was following was made in 2004. So I really have no idea.
I'm running a program called rkill.com to stop the damn thing from making pop-ups and not letting me be able to open things like IE and such, so it's no longer hurting my computer, but it's still in it. And it will come back if I restart without re-running rkill.com again.
Antivirus Soft? I just dealt with that one on a client's pc. Malwarebytes and a couple others didn't do anything to remove it..
IIRC, it creates a file in your profile, so, if XP.. C:\Documents and Settings\username\Local Settings\Application Data\random letters\letterssftav.exe where random is just that.. sdjklfsd\skdsfesftav.exe for example..
Just delete that file and I was fine.. You may have to enter into Safe Mode to delete it. I was able to open task manager before that file was loaded after rebooting and once it did start, go to the processes tab in task manager and find the process ending in sftav.exe and end it. After that, you should be able to delete it.
If you use internet explorer, that may not work still.. this apparently forces you to use a proxy server. You'd just have to go into the internet options > connections tab > lan settings > uncheck use proxy server for lan..
Quote from: igufed on February 24, 2010, 05:34:13 PM
Antivirus Soft? I just dealt with that one on a client's pc. Malwarebytes and a couple others didn't do anything to remove it..
IIRC, it creates a file in your profile, so, if XP.. C:\Documents and Settings\username\Local Settings\Application Data\random letters\letterssftav.exe where random is just that.. sdjklfsd\skdsfesftav.exe for example..
Just delete that file and I was fine.. You may have to enter into Safe Mode to delete it. I was able to open task manager before that file was loaded after rebooting and once it did start, go to the processes tab in task manager and find the process ending in sftav.exe and end it. After that, you should be able to delete it.
If you use internet explorer, that may not work still.. this apparently forces you to use a proxy server. You'd just have to go into the internet options > connections tab > lan settings > uncheck use proxy server for lan..
Hm, well I'm running Malwarebyte's Anti-Malware again in safe mode right now to see if I can get anything else by pure luck. In the mean time I'm in my Application Data folder but I don't see a folder with random letters.
Like I said Its possible I screwed up the guide I was following and only deleted certain files and folders, but not the base of the virus. I have the "show hidden files/folders" option on as well. There is a odd looking file, but it's just one file, called "PnkBstrK". I'm no computer wizz, but something does look odd how it's the only file not in a folder.
Plus it was put into the Application Data folder on the 16th of Feb., but I only experienced the virus just yesterday.
Are you the only one who uses this PC? It only creates this file in the person who was logged in when it got infected's profile. So, if someone has their own login for the PC, it could be in their profile.
I've had some pretty bad viruses and such. My last being a rootkit that embedded it self inside some of my basic system files. At the time of this incident I had Norton and after researching I found out Norton was actually as bad as people were saying it is. It'd probably be best for you to actually identify the virus first using the methods other people have used. I've had some pretty strange virus names for mine. Mostly consisting of random letters or a single letter as an executable file.. A few even attempting to seem as though it had the name of a system process. If you aren't able to find out what the name of the virus is or how to remove it while in safe mode there are probably some people on here that could recommend you some that might be able to. When I had the rootkit that attached to my system folder it was better for me to just reformat rather than attempt to fix it. That's also an option if all else fails for you. :P
Quote from: DarkBlade325 on February 24, 2010, 04:02:46 PM
Quote from: Chaos on February 24, 2010, 01:13:51 PM
By any chance, is this virus "Antivirus Soft"? <_<
Indeed it is, sorry I should have been more clear but the stupid thing kept giving fake pop up warnings saying that some file was infected or some shit while I was typing.
That's what I thought. That's the exact one my family room comp had. Also recently received an e-mail from my aunt about it:
Quote
I just did battle with a virus called Antivirus Soft. NUMEROUS pop-ups telling my that my computer was infected with all kinds of viruses and I should activate antivirus software. The pop ups won't go away and many look legitimate. I was getting Porn sites, Viagra commericals. Apparently it is a virus that wants you to buy their antivirus software to save you from all of that because if you click on anything you get to a page that advertises Antivirus Soft. I think if you bought this you are buying a virus that scans your computer for pin numbers, logons etc.
It was a nightmare trying to get rid of it. But I did find a website that tells how to. http://deletemalware.blogspot.com/2010/01/how-to-remove-antivirus-soft-fake.html
I booted up in "Safe Mode with Networking" and then I restored my computer to an earlier date when I knew things were working fine. Malware and Spybot wouldn't download, my antivirus and Windows Defender didn't catch it. I found out you can use Malware and Spybot but you have to download it and save it under an "alias" . The link tells how to do it. The restore worked fine for me.
I read the readers comments at the bottom of the web page and many of them said they got it from MySpace or FaceBook. That is why I am sending you this, I know you are FaceBook peoples (well, Christian isn't). I don't want you to get infected like I just did.
Not sure it was FaceBook but I was on it yesterday and today things went kablooey.
Jan/Mom
Quote from: Chaos on February 24, 2010, 01:13:51 PM
Reinstalling Windows is the LAST thing you should ever do, especially for something as minor as a virus.
Why? You get rid of all the crap you have on the computer and it will run better overall. You don't need to use loads of anti malware software and read guides etc. and you can be sure that the virus is gone.
Chaos, (I don't know why I'm pointing at you in this topic) i will say sometimes malware fixes don't work and only make it seem there gone for a short time. I have a way that is faster than trying to fix it the old way. :)
If you have kept your data (files you made) on a different partition/drive and windows/programs on another it makes it a lot easier. Just make an image (with something like Clonezilla/Norton Ghost/ect) of your windows/programs partition/drive like once a month and when your comp starts acting wired for any reason just takes 5 mins to reinstall your windows/programs image.
This is like system restore on windows but is safer because the malware cant infect your image because its not on the same drive unlike system restore. Assuming you place your image on an external HDD or DVDs that's not connected to a comp.
And this way i found (I did not come up with this) is a lot faster than reinstalling windows for most people. (I know you were not suggesting that but I'm just saying to anyone like old me :P)
Now i do suggest reinstalling windows like every 2-3 years just because windows gets slow over time. But i think you would agree with that.
Cool idea, eh?
But non the less the best fix is not to get it at all. And that's easy to do. :D
Yes, that would be another good way of doing it.
Quote from: Chaos on February 24, 2010, 07:28:21 PM
Yes, that would be another good way of doing it.
chaos i felt like i accomplish something from you saying that.
Sorry to burst your bubble ART but I tried the alternate version of that link Chao's quoted about. Send my thanks to your aunt, Chaos!
Well anyways used that HijackThis program and deleted some of the files by force. No longer am I getting those infected pop ups, no more porn pop ups (you will be missed), and I can use IE again without having to uncheck the proxy option every 4 minutes. Not like that really matters though since I use Firefox.
Though I only could find a couple of files it was wanting me to delete, not all of them. So I feel that traces of the virus may still be in my computer. But for now it's good. I'll be running like 48 different scans to see what I get. Thanks guys. If you have any other tips let me know.
Run CCleaner.
Quote from: DarkBlade325 on February 24, 2010, 07:55:23 PM
Sorry to burst your bubble ART but I tried the alternate version of that link Chao's quoted about. Send my thanks to your aunt, Chaos!
HEY! you did not burst my bubble! :D I made my bubble with chaos just saying that would also work!
But you fixed your comp also and that good also!
Quote from: ARTgames on February 24, 2010, 07:37:52 PM
Quote from: Chaos on February 24, 2010, 07:28:21 PM
Yes, that would be another good way of doing it.
chaos i felt like i accomplish something from you saying that.
/applaud
dude, that's quite an honor!
oh well i did not mean it that way. I meant i made my first post at chaos that was not part of an argument. You know i always seem to start those.
I agree with what is logical. Assuming I understood what you were saying correctly, your method sounds like a perfectly simple and effective method. Alas, it requires a bit of foresight to actually do it before your computer is borked, but that is neither here nor there.
Quote from: Chaos on February 24, 2010, 10:11:03 PM
I agree with what is logical. Assuming I understood what you were saying correctly, your method sounds like a perfectly simple and effective method. Alas, it requires a bit of foresight to actually do it before your computer is borked, but that is neither here nor there.
that is true! and you fixed that with your aints email!