Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: What is privacy protection? Fake virus program?

10 Dec 2011   #51
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Please follow the steps in post #38.


My System SpecsSystem Spec
.
10 Dec 2011   #52
killjoy

Win7 32 bit
 
 

What's he going to do when he gets the virus off? Go through life without a hosts file? Who needs windows update anyways right? He's too far gone. What are you going to do, analyze all his processes one by one? Ask for a readout of his services to make sure their running properly, from Australia?

But suit yourself.
My System SpecsSystem Spec
10 Dec 2011   #53
executiV

Windows 7
 
 

Just want to let you both know I GREATLY appreciate your help.

I am still working on this and it seems best to do the re-install as killjoy recommended. Are you willing to explain how I accomplish that, I have very little experience with this as you can see.
My System SpecsSystem Spec
.

10 Dec 2011   #54
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Quote   Quote: Originally Posted by killjoy View Post
What's he going to do when he gets the virus off? Go through life without a hosts file? Who needs windows update anyways right? He's too far gone. What are you going to do, analyze all his processes one by one? Ask for a readout of his services to make sure their running properly, from Australia?

But suit yourself.
Relax Killjoy - its easy to fix any re-directions and reset the hosts file using the Microsoft FixIt tool, if its even required....even from Australia.

You haven't read through the entire thread, perhaps you should.

A reinstall seems to be the preferred option, so over to you.

Regards,
Golden
My System SpecsSystem Spec
10 Dec 2011   #55
executiV

Windows 7
 
 

I am still attempting to download Rkill, something on the "clean" computer stops the download process though. Should I turn off Windows firewall?

EDIT: I just checked and the good computer uses Windows XP and not Windows 7
My System SpecsSystem Spec
10 Dec 2011   #56
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by executiV View Post
I am still attempting to download Rkill, something on the "clean" computer stops the download process though. Should I turn off Windows firewall?

EDIT: I just checked and the good computer uses Windows XP and not Windows 7
Hi, executiV.

The Privacy Protection rogue often comes bundled with the TDSS rootkit infection. As a result, if you are going to attempt to clean your computer, I suggest the first step be TDSSKiller:

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C.
  • Copy and paste the contents of that file in your next reply.


As to RKill, it doesn't make a difference that the clean computer is running Windows XP. Try this direct download link for the eXplore.exe named version of RKill eXplorer.

  • Save rkill either directly to the USB stick or to your XP machine and transfer to the USB stick. Then transfer it to the desktop of the infected computer.
  • Double-click rkill to run.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave rkill on the Desktop until otherwise advised.
  • Do NOT restart your computer after running rkill as the malware program(s) will start again.
Note: If you you receive security warnings about rkill, please ignore and allow the download to continue.

If you haven't yet, you need to follow the same procedure MBAM.
My System SpecsSystem Spec
10 Dec 2011   #57
executiV

Windows 7
 
 

Thanks Corrine,

I have been working on it, all I have that seemed to complete was the rKill, here is what showed up after that:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 12/10/2011 at 23:20:15.
Operating System: Windows (TM) Vista Ultimate

Processes terminated by Rkill or while it was running:
F:\malwarebytes\kap.2
C:\Users\2~1\AppData\Local\Temp\2375665\5742018.exe

Rkill completed on 12/10/2011 at 23:20:18.

The Kaspersky scan didn't come up with anything, on the malwarebytes it said 2700 or so threats found, I didn't purchase it to clean the unit, though.

I also attempted a system restore after finally getting the unit to start in Safe Mode, I'm not sure if it is clean yet though.
My System SpecsSystem Spec
10 Dec 2011   #58
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Hi,

2,700 infections! You better post the log file here so we can see what is lurking on your system...

You don't need to purchase Malwarebytes in order to get it to clean your system. Use it to clean whatever it can after posting the logfile here. Follow Corinne's suggestions about TDSSKiller and then post back here.

Regards,
Golden
My System SpecsSystem Spec
11 Dec 2011   #59
executiV

Windows 7
 
 

I attached the screen I have after running Windows Defender. The malware appears to still be in the system because the time/Date displayed in theDefender screen I attached was when the issue occured. Notce it says 'Action Taken: Permit' this leads em to believe the Privacy Protection malware is still in my computer

Still working on the other anti-malware programs etc.

EDIT: I'm attaching the window I see after using the tdsskiller link from post #56

Also I'm attaching the screen I thought said I have 2700 infections, it is the ARO 2011 screnshot


Attached Files
File Type: docx Windows Defender Screen.docx (144.7 KB, 3 views)
File Type: docx TDSSKILLER SCREEN.docx (315.2 KB, 2 views)
File Type: docx ARO 2011 Screeen.docx (563.3 KB, 2 views)
My System SpecsSystem Spec
11 Dec 2011   #60
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Hold on a second - Malwarebytes is NOT Aro2011! Aro2011 is a registry cleaner - forget Aro2011 alltogether, just steer clear of that. Registry cleaners, with the exception of one or two cause more problems than they claim to fix.

Run a full scan with Malwarebytes, then post that log.

Regards,
Golden
My System SpecsSystem Spec
Reply

 What is privacy protection? Fake virus program?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Think I got a virus - fake user?
My browser seems to have been redirected to a malicious website. NOD32 gave me a warning = blocked website. But I think it was to late. A few minutes later I got a pop up saying that my drive was no longer accessible. The another saying it could not load the drivers for the new hardware. But all...
System Security
Infection by fake AV virus
Visiting a friend who is massively infected by fake AV scan. All of his files are hidden and nothing will run. I just ran bootable Windows Defender Offline which appears to have found nothing. System Restore is infected back a few days although there are more points to go back further. Any...
System Security
Fake Windows 7 anti-virus
First off, i'm sorry if this is not in the right place. Ok, 2nd off I am very good about not getting viruses, I haven't had one in years & yes I am running a legit virus scanning program. I woke up this morning and logged onto my PC & all of a sudden it started going absolutely crazy, now I...
System Security
Fake Anti-virus cant remove
My brother accidently installed a fake antivirus. It wont let him get on the internet, run basically any program (even taskmgr) or do much anything unless he "activates the antivirus" by buying it. Iv tried running Remove Fake Antivirus 1.72, full system scans with Spy Sweeper and MSE. Nothing...
System Security
Fake virus warning (javascript)
Accidentally I clicked somewhere...got this thing, screenshot attached below. Dont try to go to the website anyway, I am not sure if it really contain any malware. But, this is a peculiar example of Virus warning site, possible of newer type. For the newbies, dont click anything if these appears...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:05.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App